[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 17 21:10:30 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83ae0d13 by security tracker role at 2020-04-17T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,29 @@
-CVE-2020-11875
+CVE-2020-11885
RESERVED
-CVE-2020-11874
+CVE-2020-11884
RESERVED
-CVE-2020-11873
+CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...)
+ TODO: check
+CVE-2020-11882
+ RESERVED
+CVE-2020-11881
RESERVED
+CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...)
+ TODO: check
+CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...)
+ TODO: check
+CVE-2020-11878 (The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4 ...)
+ TODO: check
+CVE-2020-11877 (airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 a ...)
+ TODO: check
+CVE-2020-11876 (airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash o ...)
+ TODO: check
+CVE-2020-11875 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ TODO: check
+CVE-2020-11874 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ TODO: check
+CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
+ TODO: check
CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication ...)
TODO: check
CVE-2020-11871
@@ -30,40 +50,40 @@ CVE-2020-11864
RESERVED
CVE-2020-11863
RESERVED
-CVE-2019-20785
- RESERVED
-CVE-2019-20784
- RESERVED
-CVE-2019-20783
- RESERVED
-CVE-2019-20782
- RESERVED
+CVE-2019-20785 (An issue was discovered on LG mobile devices with Android OS 8.0 and 8 ...)
+ TODO: check
+CVE-2019-20784 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
+CVE-2019-20783 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
+CVE-2019-20782 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
CVE-2019-20781
RESERVED
-CVE-2019-20780
- RESERVED
-CVE-2019-20779
- RESERVED
-CVE-2019-20778
- RESERVED
-CVE-2019-20777
- RESERVED
-CVE-2019-20776
- RESERVED
-CVE-2019-20775
- RESERVED
-CVE-2019-20774
- RESERVED
-CVE-2019-20773
- RESERVED
-CVE-2019-20772
- RESERVED
-CVE-2019-20771
- RESERVED
-CVE-2019-20770
- RESERVED
-CVE-2019-20769
- RESERVED
+CVE-2019-20780 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
+CVE-2019-20779 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
+CVE-2019-20778 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
+CVE-2019-20777 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
+CVE-2019-20776 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
+CVE-2019-20775 (An issue was discovered on LG mobile devices with Android OS 9.0 (Qual ...)
+ TODO: check
+CVE-2019-20774 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
+CVE-2019-20773 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
+CVE-2019-20772 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
+CVE-2019-20771 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ TODO: check
+CVE-2019-20770 (An issue was discovered on LG mobile devices with Android OS 9.0 softw ...)
+ TODO: check
+CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG P ...)
+ TODO: check
CVE-2020-11862
RESERVED
CVE-2020-11861
@@ -204,8 +224,7 @@ CVE-2020-11795
RESERVED
CVE-2020-11794
RESERVED
-CVE-2020-11793 [A memory corruption issue was addressed with improved memory handling]
- RESERVED
+CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKi ...)
{DSA-4658-1}
- webkit2gtk 2.28.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -2631,8 +2650,8 @@ CVE-2020-10949
RESERVED
CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) ...)
NOT-FOR-US: Jon Hedley AlienForm2
-CVE-2020-10947
- RESERVED
+CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...)
+ TODO: check
CVE-2020-10946
RESERVED
CVE-2020-10945
@@ -3147,8 +3166,8 @@ CVE-2020-10815
RESERVED
CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...)
TODO: check
-CVE-2020-10813
- RESERVED
+CVE-2020-10813 (A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to cr ...)
+ TODO: check
CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...)
- hdf5 <undetermined>
NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4
@@ -4184,8 +4203,8 @@ CVE-2020-10379
RESERVED
CVE-2020-10378
RESERVED
-CVE-2020-10377
- RESERVED
+CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...)
+ TODO: check
CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...)
NOT-FOR-US: Technicolor
CVE-2020-10375
@@ -4542,8 +4561,8 @@ CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Th
NOT-FOR-US: D-Link
CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...)
NOT-FOR-US: Responsive FileManager
-CVE-2020-10211
- RESERVED
+CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...)
+ TODO: check
CVE-2020-10210
RESERVED
CVE-2020-10209
@@ -4637,7 +4656,7 @@ CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a c
CVE-2020-10179
RESERVED
CVE-2020-10178
- RESERVED
+ REJECTED
CVE-2020-10177
RESERVED
CVE-2020-10176
@@ -6065,8 +6084,8 @@ CVE-2020-9525
RESERVED
CVE-2020-9524
RESERVED
-CVE-2020-9523
- RESERVED
+CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...)
+ TODO: check
CVE-2020-9522
RESERVED
CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus Service M ...)
@@ -11701,20 +11720,20 @@ CVE-2020-7087
RESERVED
CVE-2020-7086
RESERVED
-CVE-2020-7085
- RESERVED
-CVE-2020-7084
- RESERVED
-CVE-2020-7083
- RESERVED
-CVE-2020-7082
- RESERVED
-CVE-2020-7081
- RESERVED
-CVE-2020-7080
- RESERVED
-CVE-2020-7079
- RESERVED
+CVE-2020-7085 (A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 ...)
+ TODO: check
+CVE-2020-7084 (A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versi ...)
+ TODO: check
+CVE-2020-7083 (An intager overflow vulnerability in the Autodesk FBX-SDK versions 201 ...)
+ TODO: check
+CVE-2020-7082 (A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 ...)
+ TODO: check
+CVE-2020-7081 (A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 ...)
+ TODO: check
+CVE-2020-7080 (A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019. ...)
+ TODO: check
+CVE-2020-7079 (An improper signature validation vulnerability in Autodesk Dynamo BIM ...)
+ TODO: check
CVE-2020-7078
RESERVED
CVE-2020-7077
@@ -14898,26 +14917,26 @@ CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulner
NOT-FOR-US: Grandstream
CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...)
NOT-FOR-US: Grandstream
-CVE-2020-5737
- RESERVED
+CVE-2020-5737 (Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated re ...)
+ TODO: check
CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...)
NOT-FOR-US: Amcrest
CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer overflo ...)
NOT-FOR-US: Amcrest
CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, unauth ...)
NOT-FOR-US: SolarWinds
-CVE-2020-5733
- RESERVED
-CVE-2020-5732
- RESERVED
-CVE-2020-5731
- RESERVED
-CVE-2020-5730
- RESERVED
-CVE-2020-5729
- RESERVED
-CVE-2020-5728
- RESERVED
+CVE-2020-5733 (In OpenMRS 2.9 and prior, the export functionality of the Data Exchang ...)
+ TODO: check
+CVE-2020-5732 (In OpenMRS 2.9 and prior, he import functionality of the Data Exchange ...)
+ TODO: check
+CVE-2020-5731 (In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page ...)
+ TODO: check
+CVE-2020-5730 (In OpenMRS 2.9 and prior, the sessionLocation parameter for the login ...)
+ TODO: check
+CVE-2020-5729 (In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitra ...)
+ TODO: check
+CVE-2020-5728 (OpenMRS 2.9 and prior copies "Referrer" header values into an html ele ...)
+ TODO: check
CVE-2020-5727
RESERVED
CVE-2020-5726 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...)
@@ -15875,7 +15894,7 @@ CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), ha
NOT-FOR-US: MH-WikiBot
CVE-2020-5301 [Fix source code disclosure on case-insensitive file systems. See SSPSA 202004-01.]
RESERVED
- - simplesamlphp <not-affected> (Windows-only issue)
+ - simplesamlphp <not-affected> (Windows-only issue)
CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect ...)
NOT-FOR-US: ORY Hydra
CVE-2020-5299
@@ -18483,8 +18502,8 @@ CVE-2020-4279
RESERVED
CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Sp ...)
NOT-FOR-US: IBM
-CVE-2020-4277
- RESERVED
+CVE-2020-4277 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive i ...)
+ TODO: check
CVE-2020-4276 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...)
NOT-FOR-US: IBM
CVE-2020-4275
@@ -26021,8 +26040,7 @@ CVE-2020-1752 [use-after-free in glob() function when expanding ~user]
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25414
NOTE: Introduced in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f2962a71959fd254a7a223437ca4b63b9e81130c (2.14)
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c
-CVE-2020-1751 [array overflow in backtrace on powerpc]
- RESERVED
+CVE-2020-1751 (An out-of-bounds write vulnerability was found in glibc before 2.31 wh ...)
- glibc 2.30-3
[buster] - glibc <no-dsa> (Minor issue)
[stretch] - glibc <no-dsa> (Minor issue)
@@ -32553,48 +32571,37 @@ CVE-2020-0084 (In several functions of NotificationManagerService.java, there ar
NOT-FOR-US: Android
CVE-2020-0083 (In setRequirePmfInternal of sta_network.cpp, there is a possible defau ...)
NOT-FOR-US: Android
-CVE-2020-0082
- RESERVED
+CVE-2020-0082 (In ExternalVibration of ExternalVibration.java, there is a possible ac ...)
NOT-FOR-US: Android
-CVE-2020-0081
- RESERVED
+CVE-2020-0081 (In finalize of AssetManager.java, there is possible memory corruption ...)
NOT-FOR-US: Android
-CVE-2020-0080
- RESERVED
+CVE-2020-0080 (In onOpActiveChanged and related methods of AppOpsControllerImpl.java, ...)
NOT-FOR-US: Android
-CVE-2020-0079
- RESERVED
-CVE-2020-0078
- RESERVED
-CVE-2020-0077
- RESERVED
+CVE-2020-0079 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...)
+ TODO: check
+CVE-2020-0078 (In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bou ...)
+ TODO: check
+CVE-2020-0077 (In authorize_enroll of the FPC IRIS TrustZone app, there is a possible ...)
NOT-FOR-US: Android
-CVE-2020-0076
- RESERVED
+CVE-2020-0076 (In get_auth_result of the FPC IRIS TrustZone app, there is a possible ...)
NOT-FOR-US: Android
-CVE-2020-0075
- RESERVED
+CVE-2020-0075 (In set_shared_key of the FPC IRIS TrustZone app, there is a possible o ...)
NOT-FOR-US: Android
CVE-2020-0074
RESERVED
-CVE-2020-0073
- RESERVED
+CVE-2020-0073 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...)
NOT-FOR-US: Android
-CVE-2020-0072
- RESERVED
+CVE-2020-0072 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...)
NOT-FOR-US: Android
-CVE-2020-0071
- RESERVED
+CVE-2020-0071 (In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a pos ...)
NOT-FOR-US: Android
-CVE-2020-0070
- RESERVED
+CVE-2020-0070 (In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possibl ...)
NOT-FOR-US: Android
CVE-2020-0069 (In the ioctl handlers of the Mediatek Command Queue driver, there is a ...)
NOT-FOR-US: Mediatek components for Android
-CVE-2020-0068
- RESERVED
-CVE-2020-0067 [f2fs: fix to avoid memory leakage in f2fs_listxattr]
- RESERVED
+CVE-2020-0068 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...)
+ TODO: check
+CVE-2020-0067 (In f2fs_xattr_generic_list of xattr.c, there is a possible out of boun ...)
- linux 5.5.13-1
NOTE: https://git.kernel.org/linus/688078e7f36c293dae25b338ddc9e0a2790f6e06
CVE-2020-0066 (In the netlink driver, there is a possible out of bounds write due to ...)
@@ -51924,10 +51931,10 @@ CVE-2019-12004
RESERVED
CVE-2019-12003
RESERVED
-CVE-2019-12002
- RESERVED
-CVE-2019-12001
- RESERVED
+CVE-2019-12002 (A remote session reuse vulnerability leading to access restriction byp ...)
+ TODO: check
+CVE-2019-12001 (A remote session reuse vulnerability leading to access restriction byp ...)
+ TODO: check
CVE-2019-12000
RESERVED
CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE OpenCal ...)
@@ -68692,8 +68699,8 @@ CVE-2019-6205 (A memory corruption issue was addressed with improved lock state
NOT-FOR-US: Apple
CVE-2019-6204 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
-CVE-2019-6203
- RESERVED
+CVE-2019-6203 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2019-6202 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2019-6201 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -72263,8 +72270,8 @@ CVE-2019-4751
RESERVED
CVE-2019-4750
RESERVED
-CVE-2019-4749
- RESERVED
+CVE-2019-4749 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2019-4748
RESERVED
CVE-2019-4747
@@ -72473,8 +72480,8 @@ CVE-2019-4646
RESERVED
CVE-2019-4645 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
NOT-FOR-US: IBM
-CVE-2019-4644
- RESERVED
+CVE-2019-4644 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2019-4643
RESERVED
CVE-2019-4642
@@ -72869,8 +72876,8 @@ CVE-2019-4448 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.
NOT-FOR-US: IBM
CVE-2019-4447 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1 ...)
NOT-FOR-US: IBM
-CVE-2019-4446
- RESERVED
+CVE-2019-4446 (IBM Maximo Asset Management 7.6 could allow an authenticated user perf ...)
+ TODO: check
CVE-2019-4445
RESERVED
CVE-2019-4444 (IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user regi ...)
@@ -80346,8 +80353,7 @@ CVE-2019-2058 (In libAACdec, there is a possible out of bounds read. This could
NOT-FOR-US: Android
CVE-2019-2057
RESERVED
-CVE-2019-2056
- RESERVED
+CVE-2019-2056 (There is a possible disclosure of RAM using a shared crypto key due to ...)
NOT-FOR-US: Android
CVE-2019-2055 (In libxaac, there is a possible out of bounds write due to a missing b ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83ae0d1387f1172745843af6f9e63013d53de67c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83ae0d1387f1172745843af6f9e63013d53de67c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200417/7a125cee/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list