[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 27 21:10:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a3b94f1 by security tracker role at 2020-04-27T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,27 @@
-CVE-2020-12272
+CVE-2020-12283
RESERVED
+CVE-2020-12282
+ RESERVED
+CVE-2020-12281
+ RESERVED
+CVE-2020-12280
+ RESERVED
+CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
+ TODO: check
+CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
+ TODO: check
+CVE-2020-12277
+ RESERVED
+CVE-2020-12276
+ RESERVED
+CVE-2020-12275
+ RESERVED
+CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...)
+ TODO: check
+CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...)
+ TODO: check
+CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...)
+ TODO: check
CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...)
NOT-FOR-US: SFOS
CVE-2020-12270 (React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alpha ...)
@@ -12,10 +34,10 @@ CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before
NOTE: https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextM ...)
TODO: check
-CVE-2019-20790
- RESERVED
-CVE-2020-12266
- RESERVED
+CVE-2019-20790 (OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, ...)
+ TODO: check
+CVE-2020-12266 (An issue was discovered on WAVLINK WL-WN579G3 M79X3.V5030.180719, WL-W ...)
+ TODO: check
CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...)
TODO: check
CVE-2020-12264
@@ -65,8 +87,8 @@ CVE-2020-12244
RESERVED
CVE-2020-12243
RESERVED
-CVE-2020-12242
- RESERVED
+CVE-2020-12242 (Valve Source allows local users to gain privileges by writing to the / ...)
+ TODO: check
CVE-2020-12241
RESERVED
CVE-2020-12240
@@ -273,16 +295,16 @@ CVE-2020-12140
RESERVED
CVE-2020-12139
RESERVED
-CVE-2020-12138
- RESERVED
+CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact ...)
+ TODO: check
CVE-2020-12136
RESERVED
CVE-2020-12135 (bson before 0.8 incorrectly uses int rather than size_t for many varia ...)
TODO: check
CVE-2020-12134 (Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishand ...)
NOT-FOR-US: Nanometrics Centaur / TitanSMA
-CVE-2020-12133
- RESERVED
+CVE-2020-12133 (The Apros Evolution, ConsciusMap, and Furukawa provisioning systems th ...)
+ TODO: check
CVE-2020-12132 (Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS ...)
NOT-FOR-US: Fifthplay
CVE-2020-12131 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parame ...)
@@ -307,8 +329,8 @@ CVE-2020-12122
RESERVED
CVE-2020-12121
RESERVED
-CVE-2020-12120
- RESERVED
+CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...)
+ TODO: check
CVE-2020-12119
RESERVED
CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...)
@@ -471,8 +493,8 @@ CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Re
NOT-FOR-US: Catch Breadcrumb plugin for WordPress
CVE-2020-12053
RESERVED
-CVE-2020-12052
- RESERVED
+CVE-2020-12052 (Grafana version < 6.7.3 is vulnerable for annotation popup XSS. ...)
+ TODO: check
CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows remote ...)
NOT-FOR-US: MediaWiki extension
CVE-2020-12050
@@ -704,8 +726,8 @@ CVE-2020-11943
RESERVED
CVE-2020-11942
RESERVED
-CVE-2020-11941
- RESERVED
+CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...)
+ TODO: check
CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...)
TODO: check
CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...)
@@ -840,22 +862,22 @@ CVE-2018-21176
RESERVED
CVE-2018-21175
RESERVED
-CVE-2018-21174
- RESERVED
-CVE-2018-21173
- RESERVED
-CVE-2018-21172
- RESERVED
-CVE-2018-21171
- RESERVED
-CVE-2018-21170
- RESERVED
-CVE-2018-21169
- RESERVED
-CVE-2018-21168
- RESERVED
-CVE-2018-21167
- RESERVED
+CVE-2018-21174 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21173 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21172 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21171 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21170 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21169 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2018-21168 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ TODO: check
+CVE-2018-21167 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...)
+ TODO: check
CVE-2018-21166 (Certain NETGEAR devices are affected by denial of service. This affect ...)
NOT-FOR-US: Netgear
CVE-2018-21165 (Certain NETGEAR devices are affected by denial of service. This affect ...)
@@ -870,28 +892,28 @@ CVE-2018-21161 (Certain NETGEAR devices are affected by incorrect configuration
NOT-FOR-US: Netgear
CVE-2018-21160 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. ...)
NOT-FOR-US: Netgear
-CVE-2018-21159
- RESERVED
-CVE-2018-21158
- RESERVED
-CVE-2018-21157
- RESERVED
-CVE-2018-21156
- RESERVED
-CVE-2018-21155
- RESERVED
-CVE-2018-21154
- RESERVED
-CVE-2018-21153
- RESERVED
-CVE-2018-21152
- RESERVED
+CVE-2018-21159 (NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect config ...)
+ TODO: check
+CVE-2018-21158 (NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect config ...)
+ TODO: check
+CVE-2018-21157 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2018-21156 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ TODO: check
+CVE-2018-21155 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ TODO: check
+CVE-2018-21154 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2018-21153 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ TODO: check
+CVE-2018-21152 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
CVE-2018-21151 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
NOT-FOR-US: Netgear
CVE-2018-21150 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
-CVE-2018-21149
- RESERVED
+CVE-2018-21149 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
CVE-2018-21148 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
CVE-2018-21147 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
@@ -988,22 +1010,22 @@ CVE-2018-21102 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. ...)
NOT-FOR-US: Netgear
CVE-2018-21101 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
NOT-FOR-US: Netgear
-CVE-2018-21100
- RESERVED
-CVE-2018-21099
- RESERVED
-CVE-2018-21098
- RESERVED
-CVE-2018-21097
- RESERVED
-CVE-2018-21096
- RESERVED
-CVE-2018-21095
- RESERVED
-CVE-2018-21094
- RESERVED
-CVE-2018-21093
- RESERVED
+CVE-2018-21100 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
+CVE-2018-21099 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
+CVE-2018-21098 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
+ TODO: check
+CVE-2018-21097 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2018-21096 (Certain NETGEAR devices are affected by CSRF. This affects WAC120 befo ...)
+ TODO: check
+CVE-2018-21095 (Certain NETGEAR devices are affected by stored XSS. This affects SRR60 ...)
+ TODO: check
+CVE-2018-21094 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2018-21093 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
CVE-2017-18852 (Certain NETGEAR devices are affected by CSRF and authentication bypass ...)
NOT-FOR-US: NETGEAR
CVE-2017-18851 (Certain NETGEAR devices are affected by command injection by an authen ...)
@@ -1452,8 +1474,7 @@ CVE-2020-11871
RESERVED
CVE-2020-11870
RESERVED
-CVE-2020-11869 [integer overflow in ati_2d_blt() in hw/display/ati-2d.c could lead to DoS]
- RESERVED
+CVE-2020-11869 (An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way i ...)
- qemu <unfixed>
[buster] - qemu <not-affected> (Vulnerable code introduced later)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -1595,18 +1616,18 @@ CVE-2020-11824
RESERVED
CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored ...)
- dolibarr <removed>
-CVE-2020-11822
- RESERVED
-CVE-2020-11821
- RESERVED
+CVE-2020-11822 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the appli ...)
+ TODO: check
+CVE-2020-11821 (In Rukovoditel 2.5.2, users' passwords and usernames are stored in a c ...)
+ TODO: check
CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
NOT-FOR-US: Rukovoditel
CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file lo ...)
NOT-FOR-US: Rukovoditel
CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF at ...)
NOT-FOR-US: Rukovoditel
-CVE-2020-11817
- RESERVED
+CVE-2020-11817 (In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the s ...)
+ TODO: check
CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
NOT-FOR-US: Rukovoditel
CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to the serve ...)
@@ -1619,8 +1640,7 @@ CVE-2020-11812 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability b
NOT-FOR-US: Rukovoditel
CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to the serve ...)
NOT-FOR-US: qdPM
-CVE-2020-11810
- RESERVED
+CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...)
- openvpn 2.4.9-1 (low)
[buster] - openvpn <no-dsa> (Minor issue)
[stretch] - openvpn <no-dsa> (Minor issue)
@@ -3071,8 +3091,8 @@ CVE-2020-11422
RESERVED
CVE-2020-11421
RESERVED
-CVE-2020-11420
- RESERVED
+CVE-2020-11420 (UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker ...)
+ TODO: check
CVE-2020-11419
RESERVED
CVE-2020-11418
@@ -3081,8 +3101,8 @@ CVE-2020-11417
RESERVED
CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. ...)
NOT-FOR-US: JetBrains Space
-CVE-2020-11415
- RESERVED
+CVE-2020-11415 (An issue was discovered in Sonatype Nexus Repository Manager 2.x befor ...)
+ TODO: check
CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...)
NOT-FOR-US: Progress Telerik UI
CVE-2020-11413
@@ -3969,10 +3989,10 @@ CVE-2020-10999
RESERVED
CVE-2020-10998
RESERVED
-CVE-2020-10997
- RESERVED
-CVE-2020-10996
- RESERVED
+CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the command li ...)
+ TODO: check
+CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.42. ...)
+ TODO: check
CVE-2020-10995
RESERVED
CVE-2020-10994
@@ -5037,8 +5057,8 @@ CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173
CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...)
NOT-FOR-US: Docker Desktop on Windows
-CVE-2020-10664
- RESERVED
+CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 ...)
+ TODO: check
CVE-2020-10663 [Unsafe Object Creation Vulnerability in JSON (Additional fix to CVE-2013-0269]
RESERVED
- ruby-json 2.3.0+dfsg-1
@@ -5126,8 +5146,8 @@ CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified b
NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
-CVE-2020-10647
- RESERVED
+CVE-2020-10647 (Wind River VxWorks tftp client library, as distributed in VxWorks 5.5 ...)
+ TODO: check
CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...)
NOT-FOR-US: Fuji Electric V-Server Lite
CVE-2020-10645
@@ -7648,12 +7668,10 @@ CVE-2020-9491
RESERVED
CVE-2020-9490
RESERVED
-CVE-2020-9489 [Denial of Service (DOS) Vulnerabilities in Some o Apache Tika's Parsers]
- RESERVED
+CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in Tika' ...)
- tika <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1
-CVE-2020-9488 [Improper validation of certificate with host mismatch in Apache Log4j SMTP appender]
- RESERVED
+CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j ...)
- apache-log4j2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1
NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819
@@ -8163,8 +8181,8 @@ CVE-2020-9296
RESERVED
CVE-2020-9295
RESERVED
-CVE-2020-9294
- RESERVED
+CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...)
+ TODO: check
CVE-2020-9293
RESERVED
CVE-2020-9292
@@ -8655,16 +8673,16 @@ CVE-2020-9074
RESERVED
CVE-2020-9073
RESERVED
-CVE-2020-9072
- RESERVED
+CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...)
+ TODO: check
CVE-2020-9071
RESERVED
CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...)
NOT-FOR-US: Huawei
CVE-2020-9069
RESERVED
-CVE-2020-9068
- RESERVED
+CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...)
+ TODO: check
CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...)
NOT-FOR-US: Huawei
CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169 ...)
@@ -12878,6 +12896,7 @@ CVE-2019-20384 (Gentoo Portage through 2.3.84 allows local users to place a Troj
CVE-2019-20383
RESERVED
CVE-2019-20382 (QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle. ...)
+ {DSA-4665-1}
- qemu 1:4.2-1
[stretch] - qemu <postponed> (Minor, can be fixed along in future DSA)
[jessie] - qemu <postponed> (Minor, can be fixed along in future DLA)
@@ -13115,8 +13134,8 @@ CVE-2020-7137
RESERVED
CVE-2020-7136
RESERVED
-CVE-2020-7135
- RESERVED
+CVE-2020-7135 (A potential security vulnerability has been identified in the disk dri ...)
+ TODO: check
CVE-2020-7134 (A remote access to sensitive data vulnerability was discovered in HPE ...)
NOT-FOR-US: HPE
CVE-2020-7133 (A unauthorized remote access vulnerability was discovered in HPE IOT + ...)
@@ -21087,8 +21106,8 @@ CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. Wh
NOT-FOR-US: Intelbras
CVE-2019-20003 (Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored ...)
NOT-FOR-US: Feldtech easescreen Crystal 9.0 Web-Services
-CVE-2019-20002
- RESERVED
+CVE-2019-20002 (Formula Injection exists in the export feature in SolarWinds WebHelpDe ...)
+ TODO: check
CVE-2019-20001
RESERVED
CVE-2019-20000 (The malware scan function in BullGuard Premium Protection 20.0.371.8 h ...)
@@ -21492,28 +21511,24 @@ CVE-2020-3904 (Multiple memory corruption issues were addressed with improved st
CVE-2020-3903 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2020-3902 (An input validation issue was addressed with improved input validation ...)
- RESERVED
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3901 (A type confusion issue was addressed with improved memory handling. Th ...)
- RESERVED
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3900 (A memory corruption issue was addressed with improved memory handling. ...)
- RESERVED
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3899 (A memory consumption issue was addressed with improved memory handling ...)
- RESERVED
- webkit2gtk 2.28.2-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -21529,7 +21544,6 @@ CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-ma
NOTE: https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch
TODO: add commit once pushed to the https://github.com/apple/cups repo
CVE-2020-3897 (A type confusion issue was addressed with improved memory handling. Th ...)
- RESERVED
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -21538,14 +21552,12 @@ CVE-2020-3897 (A type confusion issue was addressed with improved memory handlin
CVE-2020-3896
RESERVED
CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...)
- RESERVED
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3894 (A race condition was addressed with additional validation. This issue ...)
- RESERVED
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -21568,7 +21580,6 @@ CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issu
CVE-2020-3886
RESERVED
CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is ...)
- RESERVED
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -26404,6 +26415,7 @@ CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder
CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which ...)
NOT-FOR-US: Palo Alto Networks
CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...)
+ {DSA-4665-1}
- qemu 1:4.1-2
- qemu-kvm <removed>
- libslirp 4.2.0-2
@@ -26747,8 +26759,7 @@ CVE-2020-1954 (Apache CXF has the ability to integrate with JMX by registering a
CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML ...)
- commons-configuration2 2.7-1 (bug #954713)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1
-CVE-2020-1952
- RESERVED
+CVE-2020-1952 (An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. W ...)
NOT-FOR-US: Apache IoTDB
CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite loop in ...)
{DLA-2161-1}
@@ -27066,8 +27077,8 @@ CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C
NOT-FOR-US: Huawei
CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)
NOT-FOR-US: Huawei
-CVE-2020-1880
- RESERVED
+CVE-2020-1880 (Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00 ...)
+ TODO: check
CVE-2020-1879 (There is an improper integrity checking vulnerability on some huawei p ...)
NOT-FOR-US: Huawei
CVE-2020-1878 (Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D ...)
@@ -27136,8 +27147,8 @@ CVE-2020-1847
RESERVED
CVE-2020-1846
RESERVED
-CVE-2020-1845
- RESERVED
+CVE-2020-1845 (Huawei PCManager product with versions earlier than 10.0.5.53 have a l ...)
+ TODO: check
CVE-2020-1844 (PCManager with versions earlier than 10.0.5.51 have a privilege escala ...)
NOT-FOR-US: Huawei
CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...)
@@ -27212,14 +27223,14 @@ CVE-2020-1809
RESERVED
CVE-2020-1808
RESERVED
-CVE-2020-1807
- RESERVED
-CVE-2020-1806
- RESERVED
-CVE-2020-1805
- RESERVED
-CVE-2020-1804
- RESERVED
+CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...)
+ TODO: check
+CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
+ TODO: check
+CVE-2020-1805 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
+ TODO: check
+CVE-2020-1804 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
+ TODO: check
CVE-2020-1803 (Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C63 ...)
NOT-FOR-US: Huawei
CVE-2020-1802 (There is an insufficient integrity validation vulnerability in several ...)
@@ -29349,8 +29360,8 @@ CVE-2019-18825 (Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200
NOT-FOR-US: Barco ClickShare Huddle devices
CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Missing ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
-CVE-2019-18823
- RESERVED
+CVE-2019-18823 (HTCondor up to and including stable series 8.8.6 and development serie ...)
+ TODO: check
CVE-2019-18822 (A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allo ...)
NOT-FOR-US: ZOOM Call Recording
CVE-2019-18821 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCu ...)
@@ -33256,8 +33267,8 @@ CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has
- libidn2-0 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420
NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c
-CVE-2019-18223
- RESERVED
+CVE-2019-18223 (ZOOM International Call Recording 6.3.1 suffers from multiple authenti ...)
+ TODO: check
CVE-2019-18222 (The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 a ...)
- mbedtls 2.16.4-1
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
@@ -42442,8 +42453,8 @@ CVE-2019-15236
RESERVED
CVE-2019-15235 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an att ...)
NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
-CVE-2019-15234
- RESERVED
+CVE-2019-15234 (SHAREit through 4.0.6.177 does not check the full message length from ...)
+ TODO: check
CVE-2019-15233 (The Live:Text Box macro in the Old Street Live Input Macros app before ...)
NOT-FOR-US: Old Street Live Input Macros app for Confluence
CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMediaSer ...)
@@ -43252,6 +43263,7 @@ CVE-2019-15036 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCi
CVE-2019-15035 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Pro ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2019-15034 (hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient ...)
+ {DSA-4665-1}
- qemu 1:4.1-1
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
@@ -43545,8 +43557,8 @@ CVE-2019-14942 [Insecure Cookie Handling on GitLab Pages]
[experimental] - gitlab 11.11.8+dfsg-1
- gitlab 12.6.8-3 (bug #934708)
NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
-CVE-2019-14941
- RESERVED
+CVE-2019-14941 (SHAREit through 4.0.6.177 does not check the body length from the rece ...)
+ TODO: check
CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a user of ...)
NOT-FOR-US: Storage Performance Development Kit
CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for N ...)
@@ -53404,7 +53416,7 @@ CVE-2019-12070
CVE-2019-12069
RESERVED
CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg ...)
- {DLA-1927-1}
+ {DSA-4665-1 DLA-1927-1}
- qemu 1:4.1-2 (low)
[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
- qemu-kvm <removed>
@@ -73932,8 +73944,8 @@ CVE-2019-4731
RESERVED
CVE-2019-4730
RESERVED
-CVE-2019-4729
- RESERVED
+CVE-2019-4729 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
+ TODO: check
CVE-2019-4728
RESERVED
CVE-2019-4727
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a3b94f1f29e115f9f3f07e41d79400d31f52ab4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a3b94f1f29e115f9f3f07e41d79400d31f52ab4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200427/b098df07/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list