From de33f261a80c91ba5e6dac5b04335e558ca5ac01 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 30 Jan 2020 20:11:31 +0000 Subject: automatic update --- data/CVE/2013.list | 40 ++++++++-------- data/CVE/2014.list | 7 ++- data/CVE/2019.list | 15 +++--- data/CVE/2020.list | 134 +++++++++++++++++++++++++++++++++++++++++++---------- 4 files changed, 142 insertions(+), 54 deletions(-) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index e2f330c11f..3033d92545 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -14839,10 +14839,10 @@ CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: http://www.videolan.org/security/sa1301.html NOTE: The freetype issue is a harmless NULL deref and won't be fixed -CVE-2013-1867 - RESERVED -CVE-2013-1866 - RESERVED +CVE-2013-1867 (Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerabi ...) + TODO: check +CVE-2013-1866 (OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerab ...) + TODO: check CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocatio ...) - keystone (only affects folsom) NOTE: fixed in experimental with keystone/2012.2.3-2 @@ -15797,8 +15797,8 @@ CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packa NOTE: Lack of a security feature, not a vulnerability CVE-2013-1632 RESERVED -CVE-2013-1631 - RESERVED +CVE-2013-1631 (Verax NMS prior to 2.1.0 leaks connection details when any user execut ...) + TODO: check CVE-2013-1630 (pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repos ...) NOT-FOR-US: pyshop CVE-2013-1629 (pip before 1.3 uses HTTP to retrieve packages from the PyPI repository ...) @@ -16612,12 +16612,12 @@ CVE-2013-1354 RESERVED CVE-2013-1353 RESERVED -CVE-2013-1352 - RESERVED -CVE-2013-1351 - RESERVED -CVE-2013-1350 - RESERVED +CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a ...) + TODO: check +CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted passwo ...) + TODO: check +CVE-2013-1350 (Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities ...) + TODO: check CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 al ...) NOT-FOR-US: openSIS CVE-2013-1348 (The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attacke ...) @@ -18263,10 +18263,10 @@ CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in Perc NOT-FOR-US: Percipient Studios ImageGen CVE-2013-0740 (Open redirect vulnerability in Dell OpenManage Server Administrator (O ...) NOT-FOR-US: Dell OpenManage Server Administrator -CVE-2013-0739 - RESERVED -CVE-2013-0738 - RESERVED +CVE-2013-0739 (Chamilo 1.9.4 has XSS due to improper validation of user-supplied inpu ...) + TODO: check +CVE-2013-0738 (Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blo ...) + TODO: check CVE-2013-0737 (Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier a ...) NOT-FOR-US: BoltWire CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Ming ...) @@ -18291,8 +18291,8 @@ CVE-2013-0727 (Multiple untrusted search path vulnerabilities in Global Mapper 1 NOT-FOR-US: Global Mapper CVE-2013-0726 (Stack-based buffer overflow in the ERM_convert_to_correct_webpath func ...) NOT-FOR-US: ERDAS ER Viewer -CVE-2013-0725 - RESERVED +CVE-2013-0725 (ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary c ...) + TODO: check CVE-2013-0724 (PHP remote file inclusion vulnerability in includes/generate-pdf.php i ...) NOT-FOR-US: Wordpress plugin ecommerce Shop Styling CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsh ...) @@ -19280,8 +19280,8 @@ CVE-2013-0293 (oVirt Node: Lock screen accepts F2 to drop to shell causing privi CVE-2013-0292 (The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib b ...) - dbus-glib 0.100.1-1 (bug #700638; high) [squeeze] - dbus-glib 0.88-2.1+squeeze1 -CVE-2013-0291 - RESERVED +CVE-2013-0291 (NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disc ...) + TODO: check CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux k ...) - linux (Introduced in 3.4, fixed in 3.8) - linux-2.6 (Introduced in 3.4) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 4b26b34674..dd1f2bb90f 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -17069,8 +17069,8 @@ CVE-2014-3721 RESERVED CVE-2014-3720 RESERVED -CVE-2014-3718 - RESERVED +CVE-2014-3718 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.c ...) + TODO: check CVE-2014-3713 RESERVED CVE-2014-3712 (Katello allows remote attackers to cause a denial of service (memory c ...) @@ -18123,8 +18123,7 @@ CVE-2014-3775 (libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pi [squeeze] - libgadu (Vulnerable code not present) CVE-2014-3749 (SQL injection vulnerability in Construtiva CIS Manager allows remote a ...) NOT-FOR-US: Construtiva CIS Manager CMS -CVE-2014-3719 - RESERVED +CVE-2014-3719 (Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex L ...) NOT-FOR-US: ALEPH500 Integrated library management system CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for 64-bit ARM g ...) - xen (Only ARM systems are affected from Xen 4.4 onwards) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 85b2c7ed11..6447d44974 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -151,6 +151,7 @@ CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlS [jessie] - libxml2 (Minor issue) NOTE: Proposed merge request: https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...) + {DLA-2088-1} - libsolv 0.6.36-2 (bug #949611) [buster] - libsolv (Minor issue) [stretch] - libsolv (Minor issue) @@ -983,8 +984,8 @@ CVE-2019-20052 (A memory leak was discovered in Mat_VarCalloc in mat.c in matio CVE-2019-20051 (A floating-point exception was discovered in PackLinuxElf::elf_hash in ...) - upx-ucl (unimportant) NOTE: https://github.com/upx/upx/issues/313 -CVE-2019-20050 - RESERVED +CVE-2019-20050 (Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerab ...) + TODO: check CVE-2019-20054 (In the Linux kernel before 5.0.6, there is a NULL pointer dereference ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 @@ -3170,7 +3171,7 @@ CVE-2019-19236 RESERVED CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 note ...) NOT-FOR-US: ASUS -CVE-2019-19234 (In Sudo through 1.8.29, the fact that a user has been blocked (e.g., b ...) +CVE-2019-19234 (** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been b ...) - sudo (bug #947225) [buster] - sudo (Minor issue) [stretch] - sudo (Minor issue) @@ -3178,7 +3179,7 @@ CVE-2019-19234 (In Sudo through 1.8.29, the fact that a user has been blocked (e NOTE: https://www.sudo.ws/devel.html#1.8.30b2 CVE-2019-19233 RESERVED -CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer ...) +CVE-2019-19232 (** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Ru ...) - sudo (bug #947225) [buster] - sudo (Minor issue) [stretch] - sudo (Minor issue) @@ -4315,6 +4316,7 @@ CVE-2019-18794 CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/inde ...) NOT-FOR-US: Parallels Plesk Panel CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to bypass/ev ...) + {DLA-2087-1} - suricata NOTE: https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b (master-4.1.x) NOTE: https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006 (suricata-5.0.1) @@ -4687,6 +4689,7 @@ CVE-2019-18627 CVE-2019-18626 RESERVED CVE-2019-18625 (An issue was discovered in Suricata 5.0.0. It was possible to bypass/e ...) + {DLA-2087-1} - suricata NOTE: https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 (suricata-5.0.1) NOTE: https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 (master-4.1.x) @@ -7760,8 +7763,8 @@ CVE-2019-17275 RESERVED CVE-2019-17274 RESERVED -CVE-2019-17273 - RESERVED +CVE-2019-17273 (E-Series SANtricity OS Controller Software version 11.60.0 is suscepti ...) + TODO: check CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are suscept ...) NOT-FOR-US: ONTAP CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 545393b8cf..b1395540aa 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,91 @@ +CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...) + TODO: check +CVE-2020-8491 + RESERVED +CVE-2020-8490 + RESERVED +CVE-2020-8489 + RESERVED +CVE-2020-8488 + RESERVED +CVE-2020-8487 + RESERVED +CVE-2020-8486 + RESERVED +CVE-2020-8485 + RESERVED +CVE-2020-8484 + RESERVED +CVE-2020-8483 + RESERVED +CVE-2020-8482 + RESERVED +CVE-2020-8481 + RESERVED +CVE-2020-8480 + RESERVED +CVE-2020-8479 + RESERVED +CVE-2020-8478 + RESERVED +CVE-2020-8477 + RESERVED +CVE-2020-8476 + RESERVED +CVE-2020-8475 + RESERVED +CVE-2020-8474 + RESERVED +CVE-2020-8473 + RESERVED +CVE-2020-8472 + RESERVED +CVE-2020-8471 + RESERVED +CVE-2020-8470 + RESERVED +CVE-2020-8469 + RESERVED +CVE-2020-8468 + RESERVED +CVE-2020-8467 + RESERVED +CVE-2020-8466 + RESERVED +CVE-2020-8465 + RESERVED +CVE-2020-8464 + RESERVED +CVE-2020-8463 + RESERVED +CVE-2020-8462 + RESERVED +CVE-2020-8461 + RESERVED +CVE-2020-8460 + RESERVED +CVE-2020-8459 + RESERVED +CVE-2020-8458 + RESERVED +CVE-2020-8457 + RESERVED +CVE-2020-8456 + RESERVED +CVE-2020-8455 + RESERVED +CVE-2020-8454 + RESERVED +CVE-2020-8453 + RESERVED +CVE-2020-8452 + RESERVED +CVE-2020-8451 + RESERVED +CVE-2020-8450 + RESERVED +CVE-2020-8449 + RESERVED CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) @@ -1084,26 +1172,26 @@ CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SA NOT-FOR-US: Eaton devices CVE-2020-7914 RESERVED -CVE-2020-7913 - RESERVED -CVE-2020-7912 - RESERVED -CVE-2020-7911 - RESERVED -CVE-2020-7910 - RESERVED -CVE-2020-7909 - RESERVED -CVE-2020-7908 - RESERVED +CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...) + TODO: check +CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could ...) + TODO: check +CVE-2020-7911 (In JetBrains TeamCity before 2019.2, several user-level pages were vul ...) + TODO: check +CVE-2020-7910 (JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack ...) + TODO: check +CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwords co ...) + TODO: check +CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...) + TODO: check CVE-2020-7907 RESERVED -CVE-2020-7906 - RESERVED -CVE-2020-7905 - RESERVED -CVE-2020-7904 - RESERVED +CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...) + TODO: check +CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...) + TODO: check +CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...) + TODO: check CVE-2020-7903 RESERVED CVE-2020-7902 @@ -6593,8 +6681,8 @@ CVE-2020-5235 RESERVED CVE-2020-5234 RESERVED -CVE-2020-5233 - RESERVED +CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...) + TODO: check CVE-2020-5232 RESERVED CVE-2020-5231 @@ -13294,13 +13382,11 @@ CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Mal NOT-FOR-US: Apache NiFi CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...) NOT-FOR-US: Apache Superset -CVE-2020-1931 - RESERVED +CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2 -CVE-2020-1930 - RESERVED +CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3 -- cgit v1.2.3