[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 8 08:10:28 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d162b9fc by security tracker role at 2020-02-08T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-8813
+ RESERVED
+CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert m ...)
+ TODO: check
+CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated ...)
+ TODO: check
+CVE-2020-8810
+ RESERVED
+CVE-2020-8809
+ RESERVED
+CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...)
+ TODO: check
+CVE-2020-8807
+ RESERVED
+CVE-2020-8806
+ RESERVED
+CVE-2020-8805
+ RESERVED
+CVE-2020-8804
+ RESERVED
+CVE-2020-8803
+ RESERVED
+CVE-2020-8802
+ RESERVED
+CVE-2020-8801
+ RESERVED
+CVE-2020-8800
+ RESERVED
+CVE-2020-8799
+ RESERVED
+CVE-2020-8798
+ RESERVED
+CVE-2020-8797
+ RESERVED
+CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...)
+ TODO: check
+CVE-2020-8795
+ RESERVED
CVE-2020-8794
RESERVED
CVE-2020-8793
@@ -4459,12 +4497,12 @@ CVE-2020-6772
RESERVED
CVE-2020-6771
RESERVED
-CVE-2020-6770
- RESERVED
-CVE-2020-6769
- RESERVED
-CVE-2020-6768
- RESERVED
+CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...)
+ TODO: check
+CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...)
+ TODO: check
+CVE-2020-6768 (A path traversal vulnerability in the Bosch Video Management System (B ...)
+ TODO: check
CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management System (B ...)
NOT-FOR-US: Bosch
CVE-2020-6766
@@ -17510,8 +17548,7 @@ CVE-2020-1710
CVE-2020-1709
RESERVED
NOT-FOR-US: openshift
-CVE-2020-1708
- RESERVED
+CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all openshi ...)
NOT-FOR-US: openshift
CVE-2020-1707
RESERVED
@@ -17533,8 +17570,7 @@ CVE-2020-1702
CVE-2020-1701
RESERVED
NOT-FOR-US: KubeVirt
-CVE-2020-1700
- RESERVED
+CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...)
- ceph 14.2.7-1
[stretch] - ceph <not-affected> (Vulnerable code introduced later)
[jessie] - ceph <not-affected> (Vulnerable code introduced later)
@@ -17585,8 +17621,8 @@ CVE-2019-19358
RESERVED
CVE-2019-19357
RESERVED
-CVE-2019-19356
- RESERVED
+CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE ...)
+ TODO: check
CVE-2019-19355
RESERVED
NOT-FOR-US: openshift
@@ -26474,10 +26510,10 @@ CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive
NOT-FOR-US: Foxit
CVE-2019-17137
RESERVED
-CVE-2019-17136
- RESERVED
-CVE-2019-17135
- RESERVED
+CVE-2019-17136 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-17135 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2019-17134 (Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 ...)
- octavia 4.0.0-6 (bug #941897)
[buster] - octavia <no-dsa> (Minor issue in regular setups, can be fixed via point release)
@@ -39306,10 +39342,10 @@ CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote
NOT-FOR-US: dbell Wi-Fi Smart Video Doorbell
CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has ...)
NOT-FOR-US: SalesAgility SuiteCRM
-CVE-2019-13334
- RESERVED
-CVE-2019-13333
- RESERVED
+CVE-2019-13334 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-13333 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2019-13332 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit Reader
CVE-2019-13331 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -39803,8 +39839,8 @@ CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a networ
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6f5d8671225dc77190647f18a27a0d156d4ca97a
-CVE-2019-13163
- RESERVED
+CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. This affect ...)
+ TODO: check
CVE-2019-13162
RESERVED
CVE-2019-13161 (An issue was discovered in Asterisk Open Source through 13.27.0, 14.x ...)
@@ -44569,20 +44605,15 @@ CVE-2019-11486 (The Siemens R3964 line discipline driver in drivers/tty/n_r3964.
NOTE: Upstream commits marks driver as BROKEN and can be considered fixed starting
NOTE: from versions including this commit (or backport) or versions which disable
NOTE: CONFIG_R3964 already.
-CVE-2019-11485
- RESERVED
+CVE-2019-11485 (Sander Bos discovered Apport's lock file was in a world-writable direc ...)
NOT-FOR-US: Apport
-CVE-2019-11484
- RESERVED
+CVE-2019-11484 (Kevin Backhouse discovered an integer overflow in bson_ensure_space, a ...)
NOT-FOR-US: whoopsie
-CVE-2019-11483
- RESERVED
+CVE-2019-11483 (Sander Bos discovered Apport mishandled crash dumps originating from c ...)
NOT-FOR-US: Apport
-CVE-2019-11482
- RESERVED
+CVE-2019-11482 (Sander Bos discovered a time of check to time of use (TOCTTOU) vulnera ...)
NOT-FOR-US: Apport
-CVE-2019-11481
- RESERVED
+CVE-2019-11481 (Kevin Backhouse discovered that apport would read a user-supplied conf ...)
NOT-FOR-US: Apport
CVE-2019-11480
RESERVED
@@ -181396,7 +181427,7 @@ CVE-2016-9654
REJECTED
CVE-2016-9653
REJECTED
-CVE-2016-9652 (Unspecified vulnerabilities in Google Chrome before 55.0.2883.75. ...)
+CVE-2016-9652 (Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883 ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -237928,7 +237959,7 @@ CVE-2014-9556 (Integer overflow in the qtmd_decompress function in libmspack 0.4
[squeeze] - cabextract <no-dsa> (Minor issue)
NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2012-6686
- RESERVED
+ REJECTED
CVE-2012-6685 [ruby-nokogiri XXE]
RESERVED
{DLA-229-1}
@@ -312084,14 +312115,11 @@ CVE-2011-1087 (Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-as
[lenny] - vlc <no-dsa> (Minor issue)
NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
NOTE: obscure exploit scenario
-CVE-2011-1086
- RESERVED
+CVE-2011-1086 (Cross-site scripting (XSS) vulnerability in admin/system.html in Openf ...)
NOT-FOR-US: openfiler
-CVE-2011-1085
- RESERVED
+CVE-2011-1085 (CSRF vulnerability in Smoothwall Express 3. ...)
NOT-FOR-US: smoothwall
-CVE-2011-1084
- RESERVED
+CVE-2011-1084 (A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. ...)
NOT-FOR-US: smoothwall
CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and earlier does ...)
- linux-2.6 3.2.9-1 (low)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d162b9fc22b280303a1aee8a1c05544686f1b99a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d162b9fc22b280303a1aee8a1c05544686f1b99a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200208/0f805a28/attachment.html>
More information about the debian-security-tracker-commits
mailing list