[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Apr 16 21:10:32 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0424abb6 by security tracker role at 2020-04-16T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,107 @@
-CVE-2020-11827
+CVE-2020-11862
 	RESERVED
-CVE-2020-11826
+CVE-2020-11861
 	RESERVED
-CVE-2020-11825
+CVE-2020-11860
 	RESERVED
-CVE-2020-11824
+CVE-2020-11859
 	RESERVED
-CVE-2020-11823
+CVE-2020-11858
 	RESERVED
-CVE-2020-11822
+CVE-2020-11857
 	RESERVED
-CVE-2020-11821
+CVE-2020-11856
 	RESERVED
-CVE-2020-11820
+CVE-2020-11855
 	RESERVED
-CVE-2020-11819
+CVE-2020-11854
 	RESERVED
-CVE-2020-11818
+CVE-2020-11853
 	RESERVED
-CVE-2020-11817
+CVE-2020-11852
+	RESERVED
+CVE-2020-11851
+	RESERVED
+CVE-2020-11850
+	RESERVED
+CVE-2020-11849
+	RESERVED
+CVE-2020-11848
+	RESERVED
+CVE-2020-11847
+	RESERVED
+CVE-2020-11846
+	RESERVED
+CVE-2020-11845
+	RESERVED
+CVE-2020-11844
+	RESERVED
+CVE-2020-11843
+	RESERVED
+CVE-2020-11842
+	RESERVED
+CVE-2020-11841
+	RESERVED
+CVE-2020-11840
+	RESERVED
+CVE-2020-11839
+	RESERVED
+CVE-2020-11838
+	RESERVED
+CVE-2020-11837
+	RESERVED
+CVE-2020-11836
+	RESERVED
+CVE-2020-11835
+	RESERVED
+CVE-2020-11834
+	RESERVED
+CVE-2020-11833
+	RESERVED
+CVE-2020-11832
+	RESERVED
+CVE-2020-11831
+	RESERVED
+CVE-2020-11830
+	RESERVED
+CVE-2020-11829
 	RESERVED
-CVE-2020-11816
+CVE-2020-11828
 	RESERVED
-CVE-2020-11815
+CVE-2020-11827
 	RESERVED
-CVE-2020-11814
+CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...)
+	TODO: check
+CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...)
+	TODO: check
+CVE-2020-11824
 	RESERVED
-CVE-2020-11813
+CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored  ...)
+	TODO: check
+CVE-2020-11822
 	RESERVED
-CVE-2020-11812
+CVE-2020-11821
 	RESERVED
-CVE-2020-11811
+CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
+	TODO: check
+CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file lo ...)
+	TODO: check
+CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF at ...)
+	TODO: check
+CVE-2020-11817
 	RESERVED
+CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
+	TODO: check
+CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to the serve ...)
+	TODO: check
+CVE-2020-11814 (A Host Header Injection vulnerability in qdPM 9.1 may allow an attacke ...)
+	TODO: check
+CVE-2020-11813 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the confi ...)
+	TODO: check
+CVE-2020-11812 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
+	TODO: check
+CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to the serve ...)
+	TODO: check
 CVE-2020-11810
 	RESERVED
 CVE-2020-11809
@@ -70,6 +140,7 @@ CVE-2020-11794
 	RESERVED
 CVE-2020-11793 [A memory corruption issue was addressed with improved memory handling]
 	RESERVED
+	{DSA-4658-1}
 	- webkit2gtk 2.28.1-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -203,100 +274,100 @@ CVE-2019-20730
 	RESERVED
 CVE-2019-20729
 	RESERVED
-CVE-2019-20728
-	RESERVED
-CVE-2019-20727
-	RESERVED
-CVE-2019-20726
-	RESERVED
-CVE-2019-20725
-	RESERVED
-CVE-2019-20724
-	RESERVED
-CVE-2019-20723
-	RESERVED
-CVE-2019-20722
-	RESERVED
-CVE-2019-20721
-	RESERVED
-CVE-2019-20720
-	RESERVED
-CVE-2019-20719
-	RESERVED
-CVE-2019-20718
-	RESERVED
-CVE-2019-20717
-	RESERVED
-CVE-2019-20716
-	RESERVED
-CVE-2019-20715
-	RESERVED
-CVE-2019-20714
-	RESERVED
-CVE-2019-20713
-	RESERVED
-CVE-2019-20712
-	RESERVED
-CVE-2019-20711
-	RESERVED
-CVE-2019-20710
-	RESERVED
-CVE-2019-20709
-	RESERVED
-CVE-2019-20708
-	RESERVED
-CVE-2019-20707
-	RESERVED
-CVE-2019-20706
-	RESERVED
-CVE-2019-20705
-	RESERVED
-CVE-2019-20704
-	RESERVED
-CVE-2019-20703
-	RESERVED
-CVE-2019-20702
-	RESERVED
-CVE-2019-20701
-	RESERVED
-CVE-2019-20700
-	RESERVED
-CVE-2019-20699
-	RESERVED
-CVE-2019-20698
-	RESERVED
-CVE-2019-20697
-	RESERVED
-CVE-2019-20696
-	RESERVED
-CVE-2019-20695
-	RESERVED
-CVE-2019-20694
-	RESERVED
-CVE-2019-20693
-	RESERVED
-CVE-2019-20692
-	RESERVED
-CVE-2019-20691
-	RESERVED
-CVE-2019-20690
-	RESERVED
-CVE-2019-20689
-	RESERVED
-CVE-2019-20688
-	RESERVED
-CVE-2019-20687
-	RESERVED
-CVE-2019-20686
-	RESERVED
-CVE-2019-20685
-	RESERVED
-CVE-2019-20684
-	RESERVED
-CVE-2019-20683
-	RESERVED
-CVE-2019-20682
-	RESERVED
+CVE-2019-20728 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+	TODO: check
+CVE-2019-20727 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20726 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20725 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20724 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20723 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20722 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20721 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2019-20720 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
+	TODO: check
+CVE-2019-20719 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+	TODO: check
+CVE-2019-20718 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20717 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+	TODO: check
+CVE-2019-20716 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20715 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
+	TODO: check
+CVE-2019-20714 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
+	TODO: check
+CVE-2019-20713 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20712 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+	TODO: check
+CVE-2019-20711 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20710 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20709 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20708 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20707 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20706 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20705 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20704 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20703 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20702 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20701 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20700 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20699 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+	TODO: check
+CVE-2019-20698 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+	TODO: check
+CVE-2019-20697 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20696 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+	TODO: check
+CVE-2019-20695 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+	TODO: check
+CVE-2019-20694 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+	TODO: check
+CVE-2019-20693 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+	TODO: check
+CVE-2019-20692 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20691 (Certain NETGEAR devices are affected by CSRF. This affects D3600 befor ...)
+	TODO: check
+CVE-2019-20690 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+	TODO: check
+CVE-2019-20689 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20688 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2019-20687 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+	TODO: check
+CVE-2019-20686 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+	TODO: check
+CVE-2019-20685 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20684 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20683 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2019-20682 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
 CVE-2019-20681 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
 	NOT-FOR-US: Netgear
 CVE-2019-20680 (Certain NETGEAR devices are affected by command injection by an authen ...)
@@ -2325,8 +2396,8 @@ CVE-2020-11009
 	RESERVED
 CVE-2020-11008
 	RESERVED
-CVE-2020-11007
-	RESERVED
+CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller based versi ...)
+	TODO: check
 CVE-2020-11006
 	RESERVED
 CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...)
@@ -3248,7 +3319,7 @@ CVE-2020-10709
 CVE-2020-10708
 	RESERVED
 CVE-2020-10707
-	RESERVED
+	REJECTED
 CVE-2020-10706
 	RESERVED
 CVE-2020-10705
@@ -11251,8 +11322,8 @@ CVE-2020-7226 (CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS
 	NOT-FOR-US: cryptacular
 CVE-2020-7225
 	RESERVED
-CVE-2020-7224
-	RESERVED
+CVE-2020-7224 (The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows ...)
+	TODO: check
 CVE-2020-7223
 	RESERVED
 CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06- ...)
@@ -11483,16 +11554,16 @@ CVE-2020-7116
 	RESERVED
 CVE-2020-7115
 	RESERVED
-CVE-2020-7114
-	RESERVED
-CVE-2020-7113
-	RESERVED
+CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the same ne ...)
+	TODO: check
+CVE-2020-7113 (A vulnerability was found when an attacker, while communicating with t ...)
+	TODO: check
 CVE-2020-7112
 	RESERVED
-CVE-2020-7111
-	RESERVED
-CVE-2020-7110
-	RESERVED
+CVE-2020-7111 (A server side injection vulnerability exists which could allow an auth ...)
+	TODO: check
+CVE-2020-7110 (ClearPass is vulnerable to Stored Cross Site Scripting by allowing a m ...)
+	TODO: check
 CVE-2020-7109 (The Elementor Page Builder plugin before 2.8.4 for WordPress does not  ...)
 	NOT-FOR-US: Elementor Page Builder plugin for WordPress
 CVE-2020-7108 (The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ...)
@@ -18196,8 +18267,8 @@ CVE-2020-4349
 	RESERVED
 CVE-2020-4348
 	RESERVED
-CVE-2020-4347
-	RESERVED
+CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subjec ...)
+	TODO: check
 CVE-2020-4346
 	RESERVED
 CVE-2020-4345
@@ -18214,8 +18285,8 @@ CVE-2020-4340
 	RESERVED
 CVE-2020-4339
 	RESERVED
-CVE-2020-4338
-	RESERVED
+CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...)
+	TODO: check
 CVE-2020-4337
 	RESERVED
 CVE-2020-4336
@@ -18370,8 +18441,8 @@ CVE-2020-4262
 	RESERVED
 CVE-2020-4261
 	RESERVED
-CVE-2020-4260
-	RESERVED
+CVE-2020-4260 (IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permi ...)
+	TODO: check
 CVE-2020-4259
 	RESERVED
 CVE-2020-4258
@@ -20407,12 +20478,11 @@ CVE-2020-3655
 	RESERVED
 CVE-2020-3654
 	RESERVED
-CVE-2020-3653
-	RESERVED
-CVE-2020-3652
-	RESERVED
-CVE-2020-3651
-	RESERVED
+CVE-2020-3653 (Possible buffer over-read in windows wlan driver function due to lack  ...)
+	TODO: check
+CVE-2020-3652 (Possible buffer over-read issue in windows x86 wlan driver function wh ...)
+	TODO: check
+CVE-2020-3651 (Active command timeout since WM status change cmd is not removed from  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3650
 	RESERVED
@@ -24266,17 +24336,13 @@ CVE-2020-2182
 	RESERVED
 CVE-2020-2181
 	RESERVED
-CVE-2020-2180
-	RESERVED
+CVE-2020-2180 (Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML p ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2179
-	RESERVED
+CVE-2020-2179 (Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2178
-	RESERVED
+CVE-2020-2178 (Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2177
-	RESERVED
+CVE-2020-2177 (Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in  ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2020-2176 (Multiple form validation endpoints in Jenkins useMango Runner Plugin 1 ...)
 	NOT-FOR-US: Jenkins plugin
@@ -24968,8 +25034,7 @@ CVE-2019-19519 (In OpenBSD 6.6, local users can use the su -L option to achieve
 	NOT-FOR-US: OpenBSD
 CVE-2019-19518 (CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, relat ...)
 	NOT-FOR-US: CA Automic Sysload
-CVE-2020-1964
-	RESERVED
+CVE-2020-1964 (It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-inc ...)
 	NOT-FOR-US: Apache Heron
 CVE-2020-1963
 	RESERVED
@@ -25757,8 +25822,8 @@ CVE-2020-1765 (An improper control of parameters allows the spoofing of the from
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/
 	NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6)
 	NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5)
-CVE-2019-19394
-	RESERVED
+CVE-2019-19394 (Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x bef ...)
+	TODO: check
 CVE-2019-19393
 	RESERVED
 CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...)
@@ -27267,8 +27332,8 @@ CVE-2019-18950
 	RESERVED
 CVE-2019-18949 (SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaSc ...)
 	NOT-FOR-US: SnowHaze
-CVE-2019-18948
-	RESERVED
+CVE-2019-18948 (An issue was found in Arista EOS. Specific malformed ARP packets can i ...)
+	TODO: check
 CVE-2019-18947
 	RESERVED
 CVE-2019-18946
@@ -45032,19 +45097,15 @@ CVE-2019-14137
 	RESERVED
 CVE-2019-14136
 	RESERVED
-CVE-2019-14135
-	RESERVED
+CVE-2019-14135 (Possible integer overflow to buffer overflow in WLAN while parsing non ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14134
-	RESERVED
+CVE-2019-14134 (Possible out of bound access in WLAN handler when the received value o ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14133
 	RESERVED
-CVE-2019-14132
-	RESERVED
+CVE-2019-14132 (Buffer over-write when this 0-byte buffer is typecasted to some other  ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14131
-	RESERVED
+CVE-2019-14131 (Out of bound write can occur in radio measurement request if STA recei ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14130
 	RESERVED
@@ -45052,8 +45113,7 @@ CVE-2019-14129
 	RESERVED
 CVE-2019-14128
 	RESERVED
-CVE-2019-14127
-	RESERVED
+CVE-2019-14127 (Possible buffer overflow while playing mkv clip due to lack of validat ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14126
 	RESERVED
@@ -45063,8 +45123,7 @@ CVE-2019-14124
 	RESERVED
 CVE-2019-14123
 	RESERVED
-CVE-2019-14122
-	RESERVED
+CVE-2019-14122 (Memory failure in SKB if it fails to to add the requested padding to t ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14121
 	RESERVED
@@ -45076,24 +45135,19 @@ CVE-2019-14118
 	RESERVED
 CVE-2019-14117
 	RESERVED
-CVE-2019-14116
-	RESERVED
+CVE-2019-14116 (Privilege escalation by using an altered debug policy image can occur  ...)
+	TODO: check
 CVE-2019-14115
 	RESERVED
-CVE-2019-14114
-	RESERVED
+CVE-2019-14114 (Buffer overflow in WLAN firmware while parsing GTK IE containing GTK k ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14113
-	RESERVED
+CVE-2019-14113 (Buffer overflow can occur in In WLAN firmware while unwraping data usi ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14112
-	RESERVED
+CVE-2019-14112 (Potential buffer overflow while processing CBF frames due to lack of c ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14111
-	RESERVED
+CVE-2019-14111 (Possible buffer overflow while handling NAN reception of NMF in Snapdr ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14110
-	RESERVED
+CVE-2019-14110 (Buffer overflow can occur in function wlan firmware while copying asso ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14109
 	RESERVED
@@ -45103,11 +45157,9 @@ CVE-2019-14107
 	RESERVED
 CVE-2019-14106
 	RESERVED
-CVE-2019-14105
-	RESERVED
+CVE-2019-14105 (Kernel was reading the CSL defined reserved field as uint16 instead of ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14104
-	RESERVED
+CVE-2019-14104 (Slab-out-of-bounds access can occur if the context pointer is invalid  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14103
 	RESERVED
@@ -45165,8 +45217,7 @@ CVE-2019-14077
 	RESERVED
 CVE-2019-14076
 	RESERVED
-CVE-2019-14075
-	RESERVED
+CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to lack of ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14074
 	RESERVED
@@ -45176,8 +45227,7 @@ CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an alr
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14071 (Compromised reset handler may bypass access control due to AC config i ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14070
-	RESERVED
+CVE-2019-14070 (Possible use after free issue in pcm volume controls due to race condi ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14069
 	RESERVED
@@ -45251,8 +45301,7 @@ CVE-2019-14035
 	RESERVED
 CVE-2019-14034 (Use after free while processing eeprom query as there is a chance to n ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14033
-	RESERVED
+CVE-2019-14033 (Multiple Read overflows issue due to improper length check while decod ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14032 (Memory use after free issue in audio due to lack of resource control i ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -45274,20 +45323,15 @@ CVE-2019-14024 (Possible stack-use-after-scope issue in NFC usecase for card emu
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14023 (String format issue will occur while processing HLOS data as there is  ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14022
-	RESERVED
+CVE-2019-14022 (Error occurs While extracting the ipv6_header having an invalid length ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14021
-	RESERVED
+CVE-2019-14021 (Possible buffer overrun when processing EFS filename and payload sent  ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14020
-	RESERVED
+CVE-2019-14020 (Multiple Read overflows issue due to improper length check while decod ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14019
-	RESERVED
+CVE-2019-14019 (Multiple Read overflows issue due to improper length check while decod ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14018
-	RESERVED
+CVE-2019-14018 (Possible out of bound array access as there is no check on carrier ind ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14017 (Heap buffer overflow can occur while parsing invalid MKV clip which is ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -45299,21 +45343,17 @@ CVE-2019-14014 (Possible buffer overflow when byte array receives incorrect inpu
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14013 (While parsing invalid super index table, elements within super index t ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14012
-	RESERVED
+CVE-2019-14012 (Possibility of null pointer deference as the array of video codecs fro ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14011
-	RESERVED
+CVE-2019-14011 (Multiple Read overflows issue due to improper length check while decod ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14010 (The device may enter into error state when some tool or application ge ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14009
-	RESERVED
+CVE-2019-14009 (Out of bound memory access while processing TZ command handler due to  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14008 (Possible null pointer dereference issue in location assistance data pr ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14007
-	RESERVED
+CVE-2019-14007 (Due to the use of non-time-constant comparison functions there is issu ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14006 (Buffer overflow occur while playing the clip which is nonstandard due  ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -45325,8 +45365,7 @@ CVE-2019-14003 (Null pointer exception can happen while parsing invalid MKV clip
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14002 (APKs without proper permission may bind to CallEnhancementService and  ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14001
-	RESERVED
+CVE-2019-14001 (Wrong public key usage from existing oem_keystore for hash generation  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14000 (Lack of check that the RX FIFO write index that is read from shared RA ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -51811,8 +51850,8 @@ CVE-2019-12001
 	RESERVED
 CVE-2019-12000
 	RESERVED
-CVE-2019-11999
-	RESERVED
+CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE OpenCal ...)
+	TODO: check
 CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote vulnerabili ...)
 	NOT-FOR-US: HPE Superdome Flex Server
 CVE-2019-11997 (A potential security vulnerability has been identified in HPE enhanced ...)
@@ -55838,23 +55877,17 @@ CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in PostScript
 	NOT-FOR-US: Qualcomm
 CVE-2019-10626
 	RESERVED
-CVE-2019-10625
-	RESERVED
+CVE-2019-10625 (Out of bound access in diag services when DCI command buffer reallocat ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10624
-	RESERVED
+CVE-2019-10624 (While handling the vendor command there is an integer truncation issue ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10623
-	RESERVED
+CVE-2019-10623 (Possible integer overflow can happen in host driver while processing u ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10622
-	RESERVED
+CVE-2019-10622 (Out of bound memory access can happen while parsing ADSP message due t ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10621
-	RESERVED
+CVE-2019-10621 (Use after free issue when MAP and UNMAP calls at same time as data str ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10620
-	RESERVED
+CVE-2019-10620 (Kernel memory error in debug module due to improper check of user data ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10619
 	RESERVED
@@ -55874,14 +55907,11 @@ CVE-2019-10612 (UTCB object has a function pointer called by the reaper to deall
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10611 (Buffer overflow can occur while processing clip due to lack of check o ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10610
-	RESERVED
+CVE-2019-10610 (Possible buffer over read when trying to process SDP message Video med ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10609
-	RESERVED
+CVE-2019-10609 (Out of bound write can happen due to lack of check of array index valu ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10608
-	RESERVED
+CVE-2019-10608 (Information disclosure issue occurs as there is no binding between the ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10607 (Out of bounds memcpy can occur by providing the embedded NULL characte ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -55919,11 +55949,9 @@ CVE-2019-10591 (Null pointer dereference can happen when parsing udta atom which
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10590 (Out of bound access while parsing dts atom, which is non-standard as i ...)
 	NOT-FOR-US: Snapdragon
-CVE-2019-10589
-	RESERVED
+CVE-2019-10589 (Lack of length check of response buffer can lead to buffer over-flow w ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10588
-	RESERVED
+CVE-2019-10588 (Copying RTCP messages into the output buffer without checking the dest ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10587 (Possible Stack overflow can occur when processing a large SDP body or  ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -55949,11 +55977,9 @@ CVE-2019-10577 (Improper input validation while processing SIP URI received from
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10576
 	RESERVED
-CVE-2019-10575
-	RESERVED
+CVE-2019-10575 (Wlan binary which is not signed with OEMs RoT is working on secure dev ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10574
-	RESERVED
+CVE-2019-10574 (Lack of boundary checks for data offsets received from HLOS can lead t ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10573
 	RESERVED
@@ -55989,8 +56015,7 @@ CVE-2019-10558 (While transferring data from APPS to DSP, Out of bound in FastRP
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10557 (Out-of-bound read in the wireless driver in the Linux kernel due to la ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10556
-	RESERVED
+CVE-2019-10556 (Missing length check before copying the data from kernel space to user ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10555 (Buffer overflow can occur due to usage of wrong datatype and missing l ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -56000,8 +56025,7 @@ CVE-2019-10553 (Multiple Read overflows due to improper length checks while deco
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10552 (Multiple Buffer Over-read issue can happen due to improper length chec ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10551
-	RESERVED
+CVE-2019-10551 (String error while processing non standard SIP messages received can l ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10550 (Buffer Over-read when UE is trying to process the message received for ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -56009,8 +56033,7 @@ CVE-2019-10549 (Null pointer dereference issue can happen due to improper valida
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10548 (While trying to obtain datad ipc handle during DPL initialization, Hea ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10547
-	RESERVED
+CVE-2019-10547 (When issuing IOCTL calls to ION, Memory leak can occur due to failure  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10546 (Buffer overflow can occur in WLAN firmware while parsing beacon/probe_ ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -56058,8 +56081,7 @@ CVE-2019-10525 (Buffer overflow during SIB read when network configures complete
 	NOT-FOR-US: Snapdragon
 CVE-2019-10524 (Lack of check for a negative value returned for get_clk is wrongly int ...)
 	NOT-FOR-US: Snapdragon
-CVE-2019-10523
-	RESERVED
+CVE-2019-10523 (Target specific data is being sent to remote server and leads to infor ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10522 (While playing the clip which is nonstandard buffer overflow can occur  ...)
 	NOT-FOR-US: Snapdragon
@@ -56139,8 +56161,7 @@ CVE-2019-10485 (Infinite loop while decoding compressed data can lead to overrun
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10484 (Use after free issue occurs when command destructors access dynamicall ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10483
-	RESERVED
+CVE-2019-10483 (Side channel issue in QTEE due to usage of non-time-constant compariso ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10482 (Due to the use of non-time-constant comparison functions there is issu ...)
 	NOT-FOR-US: Snapdragon
@@ -72137,8 +72158,8 @@ CVE-2019-4764
 	REJECTED
 CVE-2019-4763
 	REJECTED
-CVE-2019-4762
-	RESERVED
+CVE-2019-4762 (IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to  ...)
+	TODO: check
 CVE-2019-4761
 	RESERVED
 CVE-2019-4760
@@ -217949,7 +217970,7 @@ CVE-2016-1423 (A vulnerability in the display of email messages in the Messages
 	NOT-FOR-US: Cisco ESA
 CVE-2016-1422
 	RESERVED
-CVE-2016-1421 (The web application on Cisco IP 8800 devices allows remote attackers t ...)
+CVE-2016-1421 (A vulnerability in the web application for Cisco IP Phones could allow ...)
 	NOT-FOR-US: Cisco
 CVE-2016-1420 (The installation component on Cisco Application Policy Infrastructure  ...)
 	NOT-FOR-US: Cisco



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0424abb6a2b89c0d1d8defb481a2eee284a1afed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0424abb6a2b89c0d1d8defb481a2eee284a1afed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200416/d7aa7761/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list