[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 7 08:10:23 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3a76124d by security tracker role at 2020-02-07T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-8782
+ RESERVED
+CVE-2020-8781
+ RESERVED
+CVE-2020-8780
+ RESERVED
+CVE-2020-8779
+ RESERVED
+CVE-2020-8778
+ RESERVED
+CVE-2020-8777
+ RESERVED
+CVE-2020-8776
+ RESERVED
CVE-2020-8775
RESERVED
CVE-2020-8774
@@ -240,12 +254,12 @@ CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allow
NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress
CVE-2020-8657 (An issue was discovered in EyesOfNetwork 5.3. The installation uses th ...)
NOT-FOR-US: EyesOfNetwork (EON)
-CVE-2020-8656
- RESERVED
-CVE-2020-8655
- RESERVED
-CVE-2020-8654
- RESERVED
+CVE-2020-8656 (An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2. ...)
+ TODO: check
+CVE-2020-8655 (An issue was discovered in EyesOfNetwork 5.3. The sudoers configuratio ...)
+ TODO: check
+CVE-2020-8654 (An issue was discovered in EyesOfNetwork 5.3. An authenticated web use ...)
+ TODO: check
CVE-2020-8653
RESERVED
CVE-2020-8652
@@ -256,8 +270,8 @@ CVE-2020-8650
RESERVED
CVE-2020-8646
RESERVED
-CVE-2020-8645
- RESERVED
+CVE-2020-8645 (An issue was discovered in Simplejobscript.com SJS through 1.66. There ...)
+ TODO: check
CVE-2020-8644 (PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. ...)
NOT-FOR-US: PlaySMS
CVE-2020-8643
@@ -4433,8 +4447,8 @@ CVE-2020-6762
RESERVED
CVE-2020-6761
RESERVED
-CVE-2020-6760
- RESERVED
+CVE-2020-6760 (Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS com ...)
+ TODO: check
CVE-2020-6759
RESERVED
CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in ...)
@@ -25183,15 +25197,15 @@ CVE-2019-17591
CVE-2019-17590 (The csrf_callback function in the CSRF Magic library through 2016-03-2 ...)
NOT-FOR-US: CSRF Magic library
CVE-2019-17589
- RESERVED
+ REJECTED
CVE-2019-17588
- RESERVED
+ REJECTED
CVE-2019-17587
- RESERVED
+ REJECTED
CVE-2019-17586
- RESERVED
+ REJECTED
CVE-2019-17585
- RESERVED
+ REJECTED
CVE-2019-17584 (The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which all ...)
NOT-FOR-US: Meinberg SyncBox/PTP/PTPv2 devices
CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of se ...)
@@ -25227,7 +25241,7 @@ CVE-2019-17571 (Included in Log4j 1.2 is a SocketServer class that is vulnerable
NOTE: should upgrade to Log4j 2.x.
NOTE: Fixed by https://src.fedoraproject.org/rpms/log4j12/c/d4c817c458d69dcc629a7271999d178b0dcb7c74?branch=master
CVE-2019-17570 (An untrusted deserialization was found in the org.apache.xmlrpc.parser ...)
- {DLA-2078-1}
+ {DSA-4619-1 DLA-2078-1}
- libxmlrpc3-java <removed> (bug #949089)
NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/1
NOTE: Proposed patch: https://bugzilla.redhat.com/show_bug.cgi?id=1775193
@@ -36286,8 +36300,8 @@ CVE-2019-14090
RESERVED
CVE-2019-14089
RESERVED
-CVE-2019-14088
- RESERVED
+CVE-2019-14088 (Possible use after free issue while CRM is accessing the link pointer ...)
+ TODO: check
CVE-2019-14087
RESERVED
CVE-2019-14086
@@ -36336,54 +36350,54 @@ CVE-2019-14065
RESERVED
CVE-2019-14064
RESERVED
-CVE-2019-14063
- RESERVED
+CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...)
+ TODO: check
CVE-2019-14062
RESERVED
CVE-2019-14061
RESERVED
-CVE-2019-14060
- RESERVED
+CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...)
+ TODO: check
CVE-2019-14059
RESERVED
CVE-2019-14058
RESERVED
-CVE-2019-14057
- RESERVED
+CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv file due t ...)
+ TODO: check
CVE-2019-14056
RESERVED
-CVE-2019-14055
- RESERVED
+CVE-2019-14055 (Possibility of use-after-free and double free because of not marking b ...)
+ TODO: check
CVE-2019-14054
RESERVED
CVE-2019-14053
RESERVED
CVE-2019-14052
RESERVED
-CVE-2019-14051
- RESERVED
+CVE-2019-14051 (Subsequent additions performed during Module loading while allocating ...)
+ TODO: check
CVE-2019-14050
RESERVED
-CVE-2019-14049
- RESERVED
+CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocation whi ...)
+ TODO: check
CVE-2019-14048
RESERVED
CVE-2019-14047
RESERVED
-CVE-2019-14046
- RESERVED
+CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...)
+ TODO: check
CVE-2019-14045
RESERVED
-CVE-2019-14044
- RESERVED
+CVE-2019-14044 (Out of bound access due to access of uninitialized memory segment in a ...)
+ TODO: check
CVE-2019-14043
RESERVED
CVE-2019-14042
RESERVED
-CVE-2019-14041
- RESERVED
-CVE-2019-14040
- RESERVED
+CVE-2019-14041 (During listener modified response processing, a buffer overrun occurs ...)
+ TODO: check
+CVE-2019-14040 (Using memory after being freed in qsee due to wrong implementation can ...)
+ TODO: check
CVE-2019-14039
RESERVED
CVE-2019-14038
@@ -36458,8 +36472,7 @@ CVE-2019-14004 (Buffer overflow occurs while processing invalid MKV clip, which
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14003 (Null pointer exception can happen while parsing invalid MKV clip where ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14002
- RESERVED
+CVE-2019-14002 (APKs without proper permission may bind to CallEnhancementService and ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14001
RESERVED
@@ -47027,8 +47040,8 @@ CVE-2019-10592 (Possible integer overflow while multiplying two integers of 32 b
NOT-FOR-US: Snapdragon
CVE-2019-10591
RESERVED
-CVE-2019-10590
- RESERVED
+CVE-2019-10590 (Out of bound access while parsing dts atom, which is non-standard as i ...)
+ TODO: check
CVE-2019-10589
RESERVED
CVE-2019-10588
@@ -47073,8 +47086,8 @@ CVE-2019-10569
RESERVED
CVE-2019-10568
RESERVED
-CVE-2019-10567
- RESERVED
+CVE-2019-10567 (There is a way to deceive the GPU kernel driver into thinking there is ...)
+ TODO: check
CVE-2019-10566 (Buffer overflow can occur in wlan module if supported rates or extende ...)
NOT-FOR-US: Snapdragon
CVE-2019-10565 (Double free issue can happen when sensor power settings is freed by so ...)
@@ -51650,6 +51663,7 @@ CVE-2019-9280 (In keyguard, there is a possible escalation of privilege due to i
CVE-2019-9279 (In the wifi hotspot service, there is a possible denial of service due ...)
NOT-FOR-US: Android
CVE-2019-9278 (In libexif, there is a possible out of bounds write due to an integer ...)
+ {DSA-4618-1}
- libexif 0.6.21-6 (bug #945948)
NOTE: https://android.googlesource.com/platform/external/libexif/+/a5e8e5812a11ec9686294de8a5d68aaf2ab72475%5E%21/#F0
NOTE: https://github.com/libexif/libexif/issues/26
@@ -58882,9 +58896,9 @@ CVE-2019-6481 (Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Fa
CVE-2019-6480
RESERVED
CVE-2019-6479
- RESERVED
+ REJECTED
CVE-2019-6478
- RESERVED
+ REJECTED
CVE-2019-6477 (With pipelining enabled each incoming query on a TCP connection requir ...)
- bind9 1:9.11.14+dfsg-1 (bug #945171)
[buster] - bind9 <no-dsa> (Minor issue; can be fixed via point release)
@@ -273364,8 +273378,8 @@ CVE-2013-3640 (Cross-site scripting (XSS) vulnerability in the Instant Web Publi
NOT-FOR-US: FileMaker Pro
CVE-2013-3639 (Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 ...)
NOT-FOR-US: Xaraya
-CVE-2013-3638
- RESERVED
+CVE-2013-3638 (SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remo ...)
+ TODO: check
CVE-2013-3637
RESERVED
CVE-2013-3636
@@ -273515,8 +273529,8 @@ CVE-2013-3570
RESERVED
CVE-2013-3569
RESERVED
-CVE-2013-3568
- RESERVED
+CVE-2013-3568 (Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT11 ...)
+ TODO: check
CVE-2013-3567 (Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterpri ...)
{DSA-2715-1}
- puppet 3.2.2-1 (bug #712745)
@@ -273525,8 +273539,8 @@ CVE-2013-3566
CVE-2013-3565 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interf ...)
- vlc 2.0.7-1 (unimportant)
NOTE: Negligible impact
-CVE-2013-3564
- RESERVED
+CVE-2013-3564 (The web interface in VideoLAN VLC media player before 2.0.7 has no acc ...)
+ TODO: check
CVE-2013-3563 (Stack-based buffer overflow in db_netserver in Lianja SQL Server befor ...)
NOT-FOR-US: Lianja SQL Server
CVE-2013-3562 (Multiple integer signedness errors in the tvb_unmasked function in epa ...)
@@ -275617,10 +275631,10 @@ CVE-2013-2686 (main/http.c in the HTTP server in Asterisk Open Source 1.8.x befo
CVE-2013-2685 (Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk ...)
- asterisk <not-affected> (H264 code not yet present)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-20901
-CVE-2013-2684
- RESERVED
-CVE-2013-2683
- RESERVED
+CVE-2013-2684 (Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devic ...)
+ TODO: check
+CVE-2013-2683 (Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disc ...)
+ TODO: check
CVE-2013-2682 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vuln ...)
TODO: check
CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass V ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a76124d31245807b204db32abd00e1024ccd6d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a76124d31245807b204db32abd00e1024ccd6d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200207/43eecf85/attachment.html>
More information about the debian-security-tracker-commits
mailing list