[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Nov 30 08:10:42 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f8038d4a by security tracker role at 2019-11-30T08:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,349 @@
+CVE-2020-1884
+ RESERVED
+CVE-2020-1883
+ RESERVED
+CVE-2020-1882
+ RESERVED
+CVE-2020-1881
+ RESERVED
+CVE-2020-1880
+ RESERVED
+CVE-2020-1879
+ RESERVED
+CVE-2020-1878
+ RESERVED
+CVE-2020-1877
+ RESERVED
+CVE-2020-1876
+ RESERVED
+CVE-2020-1875
+ RESERVED
+CVE-2020-1874
+ RESERVED
+CVE-2020-1873
+ RESERVED
+CVE-2020-1872
+ RESERVED
+CVE-2020-1871
+ RESERVED
+CVE-2020-1870
+ RESERVED
+CVE-2020-1869
+ RESERVED
+CVE-2020-1868
+ RESERVED
+CVE-2020-1867
+ RESERVED
+CVE-2020-1866
+ RESERVED
+CVE-2020-1865
+ RESERVED
+CVE-2020-1864
+ RESERVED
+CVE-2020-1863
+ RESERVED
+CVE-2020-1862
+ RESERVED
+CVE-2020-1861
+ RESERVED
+CVE-2020-1860
+ RESERVED
+CVE-2020-1859
+ RESERVED
+CVE-2020-1858
+ RESERVED
+CVE-2020-1857
+ RESERVED
+CVE-2020-1856
+ RESERVED
+CVE-2020-1855
+ RESERVED
+CVE-2020-1854
+ RESERVED
+CVE-2020-1853
+ RESERVED
+CVE-2020-1852
+ RESERVED
+CVE-2020-1851
+ RESERVED
+CVE-2020-1850
+ RESERVED
+CVE-2020-1849
+ RESERVED
+CVE-2020-1848
+ RESERVED
+CVE-2020-1847
+ RESERVED
+CVE-2020-1846
+ RESERVED
+CVE-2020-1845
+ RESERVED
+CVE-2020-1844
+ RESERVED
+CVE-2020-1843
+ RESERVED
+CVE-2020-1842
+ RESERVED
+CVE-2020-1841
+ RESERVED
+CVE-2020-1840
+ RESERVED
+CVE-2020-1839
+ RESERVED
+CVE-2020-1838
+ RESERVED
+CVE-2020-1837
+ RESERVED
+CVE-2020-1836
+ RESERVED
+CVE-2020-1835
+ RESERVED
+CVE-2020-1834
+ RESERVED
+CVE-2020-1833
+ RESERVED
+CVE-2020-1832
+ RESERVED
+CVE-2020-1831
+ RESERVED
+CVE-2020-1830
+ RESERVED
+CVE-2020-1829
+ RESERVED
+CVE-2020-1828
+ RESERVED
+CVE-2020-1827
+ RESERVED
+CVE-2020-1826
+ RESERVED
+CVE-2020-1825
+ RESERVED
+CVE-2020-1824
+ RESERVED
+CVE-2020-1823
+ RESERVED
+CVE-2020-1822
+ RESERVED
+CVE-2020-1821
+ RESERVED
+CVE-2020-1820
+ RESERVED
+CVE-2020-1819
+ RESERVED
+CVE-2020-1818
+ RESERVED
+CVE-2020-1817
+ RESERVED
+CVE-2020-1816
+ RESERVED
+CVE-2020-1815
+ RESERVED
+CVE-2020-1814
+ RESERVED
+CVE-2020-1813
+ RESERVED
+CVE-2020-1812
+ RESERVED
+CVE-2020-1811
+ RESERVED
+CVE-2020-1810
+ RESERVED
+CVE-2020-1809
+ RESERVED
+CVE-2020-1808
+ RESERVED
+CVE-2020-1807
+ RESERVED
+CVE-2020-1806
+ RESERVED
+CVE-2020-1805
+ RESERVED
+CVE-2020-1804
+ RESERVED
+CVE-2020-1803
+ RESERVED
+CVE-2020-1802
+ RESERVED
+CVE-2020-1801
+ RESERVED
+CVE-2020-1800
+ RESERVED
+CVE-2020-1799
+ RESERVED
+CVE-2020-1798
+ RESERVED
+CVE-2020-1797
+ RESERVED
+CVE-2020-1796
+ RESERVED
+CVE-2020-1795
+ RESERVED
+CVE-2020-1794
+ RESERVED
+CVE-2020-1793
+ RESERVED
+CVE-2020-1792
+ RESERVED
+CVE-2020-1791
+ RESERVED
+CVE-2020-1790
+ RESERVED
+CVE-2020-1789
+ RESERVED
+CVE-2020-1788
+ RESERVED
+CVE-2020-1787
+ RESERVED
+CVE-2020-1786
+ RESERVED
+CVE-2020-1785
+ RESERVED
+CVE-2019-19466
+ RESERVED
+CVE-2019-19465
+ RESERVED
+CVE-2019-19464 (The CBC Gem application before 9.24.1 for Android and before 9.26.0 fo ...)
+ TODO: check
+CVE-2019-19463 (The Anhui Huami Mi Fit application before 4.0.11 for Android has an Un ...)
+ TODO: check
+CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows ...)
+ TODO: check
+CVE-2019-19461
+ RESERVED
+CVE-2019-19460
+ RESERVED
+CVE-2019-19459
+ RESERVED
+CVE-2019-19458
+ RESERVED
+CVE-2019-19457
+ RESERVED
+CVE-2019-19456
+ RESERVED
+CVE-2019-19455
+ RESERVED
+CVE-2019-19454
+ RESERVED
+CVE-2019-19453
+ RESERVED
+CVE-2019-19452
+ RESERVED
+CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename argument ...)
+ TODO: check
+CVE-2019-19450
+ RESERVED
+CVE-2019-19449
+ RESERVED
+CVE-2019-19448
+ RESERVED
+CVE-2019-19447
+ RESERVED
+CVE-2019-19446
+ RESERVED
+CVE-2019-19445
+ RESERVED
+CVE-2019-19444
+ RESERVED
+CVE-2019-19443
+ RESERVED
+CVE-2019-19442
+ RESERVED
+CVE-2019-19441
+ RESERVED
+CVE-2019-19440
+ RESERVED
+CVE-2019-19439
+ RESERVED
+CVE-2019-19438
+ RESERVED
+CVE-2019-19437
+ RESERVED
+CVE-2019-19436
+ RESERVED
+CVE-2019-19435
+ RESERVED
+CVE-2019-19434
+ RESERVED
+CVE-2019-19433
+ RESERVED
+CVE-2019-19432
+ RESERVED
+CVE-2019-19431
+ RESERVED
+CVE-2019-19430
+ RESERVED
+CVE-2019-19429
+ RESERVED
+CVE-2019-19428
+ RESERVED
+CVE-2019-19427
+ RESERVED
+CVE-2019-19426
+ RESERVED
+CVE-2019-19425
+ RESERVED
+CVE-2019-19424
+ RESERVED
+CVE-2019-19423
+ RESERVED
+CVE-2019-19422
+ RESERVED
+CVE-2019-19421
+ RESERVED
+CVE-2019-19420
+ RESERVED
+CVE-2019-19419
+ RESERVED
+CVE-2019-19418
+ RESERVED
+CVE-2019-19417
+ RESERVED
+CVE-2019-19416
+ RESERVED
+CVE-2019-19415
+ RESERVED
+CVE-2019-19414
+ RESERVED
+CVE-2019-19413
+ RESERVED
+CVE-2019-19412
+ RESERVED
+CVE-2019-19411
+ RESERVED
+CVE-2019-19410
+ RESERVED
+CVE-2019-19409
+ RESERVED
+CVE-2019-19408
+ RESERVED
+CVE-2019-19407
+ RESERVED
+CVE-2019-19406
+ RESERVED
+CVE-2019-19405
+ RESERVED
+CVE-2019-19404
+ RESERVED
+CVE-2019-19403
+ RESERVED
+CVE-2019-19402
+ RESERVED
+CVE-2019-19401
+ RESERVED
+CVE-2019-19400
+ RESERVED
+CVE-2019-19399
+ RESERVED
+CVE-2019-19398
+ RESERVED
+CVE-2019-19397
+ RESERVED
+CVE-2019-19396 (illumos, as used in OmniOS Community Edition before r151030y, allows a ...)
+ TODO: check
+CVE-2019-19395
+ RESERVED
+CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with unsalte ...)
+ TODO: check
CVE-2020-1784
RESERVED
CVE-2020-1783
@@ -43838,10 +44184,10 @@ CVE-2019-5311 (An issue was discovered in YUNUCMS V1.1.8. app/index/controller/S
NOT-FOR-US: YUNUCMS
CVE-2019-5310 (YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because craft ...)
NOT-FOR-US: YUNUCMS
-CVE-2019-5309
- RESERVED
-CVE-2019-5308
- RESERVED
+CVE-2019-5309 (Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P ...)
+ TODO: check
+CVE-2019-5308 (Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3 ...)
+ TODO: check
CVE-2019-5307 (Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01 ...)
NOT-FOR-US: Huawei
CVE-2019-5306 (There is a Factory Reset Protection (FRP) bypass security vulnerabilit ...)
@@ -43914,14 +44260,14 @@ CVE-2019-5273
RESERVED
CVE-2019-5272
RESERVED
-CVE-2019-5271
- RESERVED
+CVE-2019-5271 (There is an information leak vulnerability in Huawei smart speaker Myn ...)
+ TODO: check
CVE-2019-5270
RESERVED
-CVE-2019-5269
- RESERVED
-CVE-2019-5268
- RESERVED
+CVE-2019-5269 (Some Huawei home routers have an improper authorization vulnerability. ...)
+ TODO: check
+CVE-2019-5268 (Some Huawei home routers have an input validation vulnerability. Due t ...)
+ TODO: check
CVE-2019-5267
RESERVED
CVE-2019-5266
@@ -43930,8 +44276,8 @@ CVE-2019-5265
RESERVED
CVE-2019-5264
RESERVED
-CVE-2019-5263
- RESERVED
+CVE-2019-5263 (HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and ear ...)
+ TODO: check
CVE-2019-5262
RESERVED
CVE-2019-5261
@@ -43962,8 +44308,8 @@ CVE-2019-5249
RESERVED
CVE-2019-5248
RESERVED
-CVE-2019-5247
- RESERVED
+CVE-2019-5247 (Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A lo ...)
+ TODO: check
CVE-2019-5246 (Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0 ...)
NOT-FOR-US: Huawei
CVE-2019-5245 (HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulner ...)
@@ -43992,8 +44338,8 @@ CVE-2019-5234
RESERVED
CVE-2019-5233 (Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(S ...)
NOT-FOR-US: Huawei
-CVE-2019-5232
- RESERVED
+CVE-2019-5232 (There is a use of insufficiently random values vulnerability in Huawei ...)
+ TODO: check
CVE-2019-5231 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E18 ...)
NOT-FOR-US: Huawei
CVE-2019-5230 (P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte ...)
@@ -44002,14 +44348,14 @@ CVE-2019-5229 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C
NOT-FOR-US: P30 smartphones
CVE-2019-5228 (Certain detection module of P30, P30 Pro, Honor V20 smartphone whith V ...)
NOT-FOR-US: Huawei
-CVE-2019-5227
- RESERVED
+CVE-2019-5227 (P30, P30 Pro, Mate 20 smartphones with software of versions earlier th ...)
+ TODO: check
CVE-2019-5226 (P30, P30 Pro, Mate 20 smartphones with software of versions earlier th ...)
TODO: check
CVE-2019-5225 (P30, Mate 20, P30 Pro smartphones with software of versions earlier th ...)
TODO: check
-CVE-2019-5224
- RESERVED
+CVE-2019-5224 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E19 ...)
+ TODO: check
CVE-2019-5223 (PCManager 9.1.3.1 has an improper authentication vulnerability. The ce ...)
NOT-FOR-US: PCManager
CVE-2019-5222 (There is an information disclosure vulnerability on Secure Input of ce ...)
@@ -44020,8 +44366,8 @@ CVE-2019-5220 (There is a Factory Reset Protection (FRP) bypass vulnerability on
NOT-FOR-US: Huawei
CVE-2019-5219 (There is a double free vulnerability on certain drivers of Huawei Mate ...)
NOT-FOR-US: Huawei
-CVE-2019-5218
- RESERVED
+CVE-2019-5218 (There is an insufficient authentication vulnerability in Huawei Band 2 ...)
+ TODO: check
CVE-2019-5217 (There is an information disclosure vulnerability on Mate 9 Pro Huawei ...)
NOT-FOR-US: Huawei
CVE-2019-5216 (There is a race condition vulnerability on Huawei Honor V10 smartphone ...)
@@ -44032,12 +44378,12 @@ CVE-2019-5214 (There is a use after free vulnerability on certain driver compone
NOT-FOR-US: Huawei
CVE-2019-5213 (Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0. ...)
NOT-FOR-US: Honor play smartphones
-CVE-2019-5212
- RESERVED
-CVE-2019-5211
- RESERVED
-CVE-2019-5210
- RESERVED
+CVE-2019-5212 (There is an improper access control vulnerability in Huawei Share. The ...)
+ TODO: check
+CVE-2019-5211 (The Huawei Share function of P20 phones with versions earlier than Emi ...)
+ TODO: check
+CVE-2019-5210 (Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.19 ...)
+ TODO: check
CVE-2019-5209
RESERVED
CVE-2019-5208
@@ -125614,7 +125960,7 @@ CVE-2017-12947 (classes\controller\admin\modals.php in the Easy Modal plugin bef
NOT-FOR-US: Easy Modal plugin for WordPress
CVE-2017-12946 (classes\controller\admin\modals.php in the Easy Modal plugin before 2. ...)
NOT-FOR-US: Easy Modal plugin for WordPress
-CVE-2017-12945 (Insufficient validation of user-supplied input for the Solstice Pod ne ...)
+CVE-2017-12945 (Insufficient validation of user-supplied input for the Solstice Pod be ...)
NOT-FOR-US: Solstice Pod
CVE-2017-12944 (The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mish ...)
{DSA-4100-1 DLA-1093-1}
@@ -211244,8 +211590,7 @@ CVE-2015-2926 (Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent
CVE-2014-9714 (Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveA ...)
- hhvm 3.11.0+dfsg-1
NOTE: https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34
-CVE-2015-3406 [unsigned files interpreted as signed in some circumstances]
- RESERVED
+CVE-2015-3406 (The PGP signature parsing in Module::Signature before 0.74 allows remo ...)
{DSA-3261-1 DLA-264-1}
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
@@ -214554,8 +214899,7 @@ CVE-2015-1856 (OpenStack Object Storage (Swift) before 2.3.0, when allow_version
[jessie] - swift 2.2.0-1+deb8u1
[wheezy] - swift <no-dsa> (Minor issue)
NOTE: https://launchpad.net/bugs/1430645
-CVE-2015-1855 [OpenSSL extension hostname matching implementation violates RFC 6125]
- RESERVED
+CVE-2015-1855 (verify_certificate_identity in the OpenSSL extension in Ruby before 2. ...)
{DSA-3247-1 DSA-3246-1 DSA-3245-1 DLA-235-1 DLA-224-1}
- ruby1.8 <removed>
- ruby1.9.1 <removed>
@@ -215235,8 +215579,7 @@ CVE-2015-XXXX [Linux ASLR mmap weakness: Reducing entropy by half]
NOTE: powerpc affected from v2.6.30 to 3.2 (pending for 3.2.70)
NOTE: Fix for arm64: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d6c763afab
NOTE: Fix for ppc: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?fa8cbaaf5a68
-CVE-2015-2060 [directory traversal; related to overlong utf-8 encoding for /]
- RESERVED
+CVE-2015-2060 (cabextract before 1.6 does not properly check for leading slashes when ...)
- cabextract 1.6-1 (bug #778753)
[jessie] - cabextract <no-dsa> (Minor issue)
[wheezy] - cabextract <no-dsa> (Minor issue)
@@ -218366,8 +218709,7 @@ CVE-2015-0838 (Buffer overflow in the C implementation of the apply_delta functi
{DSA-3206-1 DLA-231-1}
- dulwich 0.10.1-1 (bug #780958)
[jessie] - dulwich 0.9.7-3
-CVE-2015-0837 [data-dependent timing variations in modular exponentiation]
- RESERVED
+CVE-2015-0837 (The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.1 ...)
{DSA-3185-1 DSA-3184-1 DLA-190-1 DLA-175-1}
- libgcrypt11 <removed>
- libgcrypt20 1.6.3-2
@@ -235779,8 +236121,7 @@ CVE-2014-3593 (Eval injection vulnerability in luci 0.26.0 allows remote authent
NOT-FOR-US: Luci
CVE-2014-3592 (OpenShift Origin: Improperly validated team names could allow stored X ...)
NOT-FOR-US: OpenShift Origin
-CVE-2014-3591 [sidechannel attack on Elgamal]
- RESERVED
+CVE-2014-3591 (Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciph ...)
{DSA-3185-1 DSA-3184-1 DLA-190-1 DLA-175-1}
- libgcrypt11 <removed>
- libgcrypt20 1.6.3-2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8038d4a8dbfa2442c5ddbe523a19289930d4414
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8038d4a8dbfa2442c5ddbe523a19289930d4414
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191130/bf9861aa/attachment.html>
More information about the debian-security-tracker-commits
mailing list