[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Feb 8 08:10:28 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d162b9fc by security tracker role at 2020-02-08T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-8813
+	RESERVED
+CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert m ...)
+	TODO: check
+CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated  ...)
+	TODO: check
+CVE-2020-8810
+	RESERVED
+CVE-2020-8809
+	RESERVED
+CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...)
+	TODO: check
+CVE-2020-8807
+	RESERVED
+CVE-2020-8806
+	RESERVED
+CVE-2020-8805
+	RESERVED
+CVE-2020-8804
+	RESERVED
+CVE-2020-8803
+	RESERVED
+CVE-2020-8802
+	RESERVED
+CVE-2020-8801
+	RESERVED
+CVE-2020-8800
+	RESERVED
+CVE-2020-8799
+	RESERVED
+CVE-2020-8798
+	RESERVED
+CVE-2020-8797
+	RESERVED
+CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before  ...)
+	TODO: check
+CVE-2020-8795
+	RESERVED
 CVE-2020-8794
 	RESERVED
 CVE-2020-8793
@@ -4459,12 +4497,12 @@ CVE-2020-6772
 	RESERVED
 CVE-2020-6771
 	RESERVED
-CVE-2020-6770
-	RESERVED
-CVE-2020-6769
-	RESERVED
-CVE-2020-6768
-	RESERVED
+CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...)
+	TODO: check
+CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...)
+	TODO: check
+CVE-2020-6768 (A path traversal vulnerability in the Bosch Video Management System (B ...)
+	TODO: check
 CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management System (B ...)
 	NOT-FOR-US: Bosch
 CVE-2020-6766
@@ -17510,8 +17548,7 @@ CVE-2020-1710
 CVE-2020-1709
 	RESERVED
 	NOT-FOR-US: openshift
-CVE-2020-1708
-	RESERVED
+CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all openshi ...)
 	NOT-FOR-US: openshift
 CVE-2020-1707
 	RESERVED
@@ -17533,8 +17570,7 @@ CVE-2020-1702
 CVE-2020-1701
 	RESERVED
 	NOT-FOR-US: KubeVirt
-CVE-2020-1700
-	RESERVED
+CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...)
 	- ceph 14.2.7-1
 	[stretch] - ceph <not-affected> (Vulnerable code introduced later)
 	[jessie] - ceph <not-affected> (Vulnerable code introduced later)
@@ -17585,8 +17621,8 @@ CVE-2019-19358
 	RESERVED
 CVE-2019-19357
 	RESERVED
-CVE-2019-19356
-	RESERVED
+CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE ...)
+	TODO: check
 CVE-2019-19355
 	RESERVED
 	NOT-FOR-US: openshift
@@ -26474,10 +26510,10 @@ CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive
 	NOT-FOR-US: Foxit
 CVE-2019-17137
 	RESERVED
-CVE-2019-17136
-	RESERVED
-CVE-2019-17135
-	RESERVED
+CVE-2019-17136 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2019-17135 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2019-17134 (Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0  ...)
 	- octavia 4.0.0-6 (bug #941897)
 	[buster] - octavia <no-dsa> (Minor issue in regular setups, can be fixed via point release)
@@ -39306,10 +39342,10 @@ CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote
 	NOT-FOR-US: dbell Wi-Fi Smart Video Doorbell
 CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has  ...)
 	NOT-FOR-US: SalesAgility SuiteCRM
-CVE-2019-13334
-	RESERVED
-CVE-2019-13333
-	RESERVED
+CVE-2019-13334 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2019-13333 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2019-13332 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2019-13331 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -39803,8 +39839,8 @@ CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a networ
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6f5d8671225dc77190647f18a27a0d156d4ca97a
-CVE-2019-13163
-	RESERVED
+CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. This affect ...)
+	TODO: check
 CVE-2019-13162
 	RESERVED
 CVE-2019-13161 (An issue was discovered in Asterisk Open Source through 13.27.0, 14.x  ...)
@@ -44569,20 +44605,15 @@ CVE-2019-11486 (The Siemens R3964 line discipline driver in drivers/tty/n_r3964.
 	NOTE: Upstream commits marks driver as BROKEN and can be considered fixed starting
 	NOTE: from versions including this commit (or backport) or versions which disable
 	NOTE: CONFIG_R3964 already.
-CVE-2019-11485
-	RESERVED
+CVE-2019-11485 (Sander Bos discovered Apport's lock file was in a world-writable direc ...)
 	NOT-FOR-US: Apport
-CVE-2019-11484
-	RESERVED
+CVE-2019-11484 (Kevin Backhouse discovered an integer overflow in bson_ensure_space, a ...)
 	NOT-FOR-US: whoopsie
-CVE-2019-11483
-	RESERVED
+CVE-2019-11483 (Sander Bos discovered Apport mishandled crash dumps originating from c ...)
 	NOT-FOR-US: Apport
-CVE-2019-11482
-	RESERVED
+CVE-2019-11482 (Sander Bos discovered a time of check to time of use (TOCTTOU) vulnera ...)
 	NOT-FOR-US: Apport
-CVE-2019-11481
-	RESERVED
+CVE-2019-11481 (Kevin Backhouse discovered that apport would read a user-supplied conf ...)
 	NOT-FOR-US: Apport
 CVE-2019-11480
 	RESERVED
@@ -181396,7 +181427,7 @@ CVE-2016-9654
 	REJECTED
 CVE-2016-9653
 	REJECTED
-CVE-2016-9652 (Unspecified vulnerabilities in Google Chrome before 55.0.2883.75. ...)
+CVE-2016-9652 (Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883 ...)
 	{DSA-3731-1}
 	- chromium-browser 55.0.2883.75-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -237928,7 +237959,7 @@ CVE-2014-9556 (Integer overflow in the qtmd_decompress function in libmspack 0.4
 	[squeeze] - cabextract <no-dsa> (Minor issue)
 	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
 CVE-2012-6686
-	RESERVED
+	REJECTED
 CVE-2012-6685 [ruby-nokogiri XXE]
 	RESERVED
 	{DLA-229-1}
@@ -312084,14 +312115,11 @@ CVE-2011-1087 (Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-as
 	[lenny] - vlc <no-dsa> (Minor issue)
 	NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
 	NOTE: obscure exploit scenario
-CVE-2011-1086
-	RESERVED
+CVE-2011-1086 (Cross-site scripting (XSS) vulnerability in admin/system.html in Openf ...)
 	NOT-FOR-US: openfiler
-CVE-2011-1085
-	RESERVED
+CVE-2011-1085 (CSRF vulnerability in Smoothwall Express 3. ...)
 	NOT-FOR-US: smoothwall
-CVE-2011-1084
-	RESERVED
+CVE-2011-1084 (A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. ...)
 	NOT-FOR-US: smoothwall
 CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and earlier does ...)
 	- linux-2.6 3.2.9-1 (low)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d162b9fc22b280303a1aee8a1c05544686f1b99a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d162b9fc22b280303a1aee8a1c05544686f1b99a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200208/0f805a28/attachment.html>


More information about the debian-security-tracker-commits mailing list