[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 11 20:10:29 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
810ec168 by security tracker role at 2020-02-11T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2020-8884
+ RESERVED
+CVE-2020-8883
+ RESERVED
+CVE-2020-8882
+ RESERVED
+CVE-2020-8881
+ RESERVED
+CVE-2020-8880
+ RESERVED
+CVE-2020-8879
+ RESERVED
+CVE-2020-8878
+ RESERVED
+CVE-2020-8877
+ RESERVED
+CVE-2020-8876
+ RESERVED
+CVE-2020-8875
+ RESERVED
+CVE-2020-8874
+ RESERVED
+CVE-2020-8873
+ RESERVED
+CVE-2020-8872
+ RESERVED
+CVE-2020-8871
+ RESERVED
+CVE-2020-8870
+ RESERVED
+CVE-2020-8869
+ RESERVED
+CVE-2020-8868
+ RESERVED
+CVE-2020-8867
+ RESERVED
+CVE-2020-8866
+ RESERVED
+CVE-2020-8865
+ RESERVED
+CVE-2020-8864
+ RESERVED
+CVE-2020-8863
+ RESERVED
+CVE-2020-8862
+ RESERVED
+CVE-2020-8861
+ RESERVED
+CVE-2020-8860
+ RESERVED
+CVE-2020-8859
+ RESERVED
+CVE-2020-8858
+ RESERVED
+CVE-2020-8857
+ RESERVED
+CVE-2020-8856
+ RESERVED
+CVE-2020-8855
+ RESERVED
+CVE-2020-8854
+ RESERVED
+CVE-2020-8853
+ RESERVED
+CVE-2020-8852
+ RESERVED
+CVE-2020-8851
+ RESERVED
+CVE-2020-8850
+ RESERVED
+CVE-2020-8849
+ RESERVED
+CVE-2020-8848
+ RESERVED
+CVE-2020-8847
+ RESERVED
+CVE-2020-8846
+ RESERVED
+CVE-2020-8845
+ RESERVED
+CVE-2020-8844
+ RESERVED
+CVE-2020-8843
+ RESERVED
+CVE-2020-8842
+ RESERVED
+CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...)
+ TODO: check
+CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...)
+ TODO: check
+CVE-2020-8839
+ RESERVED
+CVE-2015-9542
+ RESERVED
CVE-2020-8838
RESERVED
CVE-2020-8837
@@ -16,8 +110,8 @@ CVE-2020-8831
RESERVED
CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 ...)
NOT-FOR-US: Prismview
-CVE-2017-18642
- RESERVED
+CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB parameters ove ...)
+ TODO: check
CVE-2020-8830
RESERVED
CVE-2020-8829
@@ -519,8 +613,8 @@ CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer
{DLA-2097-1}
- ppp <unfixed> (bug #950618)
NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
-CVE-2020-8596
- RESERVED
+CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...)
+ TODO: check
CVE-2020-8595
RESERVED
CVE-2020-8594
@@ -899,8 +993,8 @@ CVE-2020-8431
RESERVED
CVE-2020-8430
RESERVED
-CVE-2020-8429
- RESERVED
+CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not ...)
+ TODO: check
CVE-2020-8427
RESERVED
CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...)
@@ -3579,8 +3673,8 @@ CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC servi
CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded res ...)
- nomad 0.10.3+dfsg1-1
NOTE: https://github.com/hashicorp/nomad/issues/7002
-CVE-2020-7217
- RESERVED
+CVE-2020-7217 (An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0. ...)
+ TODO: check
CVE-2020-7216 (An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and e ...)
NOT-FOR-US: openSUSE wicked
CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7.90.99 ...)
@@ -5364,160 +5458,124 @@ CVE-2020-6419
RESERVED
CVE-2020-6418
RESERVED
-CVE-2020-6417
- RESERVED
+CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome prior to 80 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6416
- RESERVED
+CVE-2020-6416 (Insufficient data validation in streams in Google Chrome prior to 80.0 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6415
- RESERVED
+CVE-2020-6415 (Inappropriate implementation in JavaScript in Google Chrome prior to 8 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6414
- RESERVED
+CVE-2020-6414 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6413
- RESERVED
+CVE-2020-6413 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6412
- RESERVED
+CVE-2020-6412 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6411
- RESERVED
+CVE-2020-6411 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6410
- RESERVED
+CVE-2020-6410 (Insufficient policy enforcement in navigation in Google Chrome prior t ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6409
- RESERVED
+CVE-2020-6409 (Inappropriate implementation in Omnibox in Google Chrome prior to 80.0 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6408
- RESERVED
+CVE-2020-6408 (Insufficient policy enforcement in CORS in Google Chrome prior to 80.0 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6407
RESERVED
-CVE-2020-6406
- RESERVED
+CVE-2020-6406 (Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6405
- RESERVED
+CVE-2020-6405 (Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 al ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6404
- RESERVED
+CVE-2020-6404 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6403
- RESERVED
+CVE-2020-6403 (Incorrect implementation in Omnibox in Google Chrome on iOS prior to 8 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6402
- RESERVED
+CVE-2020-6402 (Insufficient policy enforcement in downloads in Google Chrome on OS X ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6401
- RESERVED
+CVE-2020-6401 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6400
- RESERVED
+CVE-2020-6400 (Inappropriate implementation in CORS in Google Chrome prior to 80.0.39 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6399
- RESERVED
+CVE-2020-6399 (Insufficient policy enforcement in AppCache in Google Chrome prior to ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6398
- RESERVED
+CVE-2020-6398 (Use of uninitialized data in PDFium in Google Chrome prior to 80.0.398 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6397
- RESERVED
+CVE-2020-6397 (Inappropriate implementation in sharing in Google Chrome prior to 80.0 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6396
- RESERVED
+CVE-2020-6396 (Inappropriate implementation in Skia in Google Chrome prior to 80.0.39 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6395
- RESERVED
+CVE-2020-6395 (Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.8 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6394
- RESERVED
+CVE-2020-6394 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6393
- RESERVED
+CVE-2020-6393 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6392
- RESERVED
+CVE-2020-6392 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6391
- RESERVED
+CVE-2020-6391 (Insufficient validation of untrusted input in Blink in Google Chrome p ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6390
- RESERVED
+CVE-2020-6390 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6389
- RESERVED
+CVE-2020-6389 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6388
- RESERVED
+CVE-2020-6388 (Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.8 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6387
- RESERVED
+CVE-2020-6387 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6386
RESERVED
-CVE-2020-6385
- RESERVED
+CVE-2020-6385 (Insufficient policy enforcement in storage in Google Chrome prior to 8 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6384
RESERVED
CVE-2020-6383
RESERVED
-CVE-2020-6382
- RESERVED
+CVE-2020-6382 (Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 al ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6381
- RESERVED
+CVE-2020-6381 (Integer overflow in JavaScript in Google Chrome on ChromeOS and Androi ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6380
- RESERVED
+CVE-2020-6380 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
{DSA-4606-1}
- chromium 79.0.3945.130-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6379
- RESERVED
+CVE-2020-6379 (Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a ...)
{DSA-4606-1}
- chromium 79.0.3945.130-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6378
- RESERVED
+CVE-2020-6378 (Use after free in speech in Google Chrome prior to 79.0.3945.130 allow ...)
{DSA-4606-1}
- chromium 79.0.3945.130-1
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -6642,30 +6700,30 @@ CVE-2020-5833
RESERVED
CVE-2020-5832
RESERVED
-CVE-2020-5831
- RESERVED
-CVE-2020-5830
- RESERVED
-CVE-2020-5829
- RESERVED
-CVE-2020-5828
- RESERVED
-CVE-2020-5827
- RESERVED
-CVE-2020-5826
- RESERVED
-CVE-2020-5825
- RESERVED
-CVE-2020-5824
- RESERVED
-CVE-2020-5823
- RESERVED
-CVE-2020-5822
- RESERVED
-CVE-2020-5821
- RESERVED
-CVE-2020-5820
- RESERVED
+CVE-2020-5831 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
+ TODO: check
+CVE-2020-5830 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
+ TODO: check
+CVE-2020-5829 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
+ TODO: check
+CVE-2020-5828 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
+ TODO: check
+CVE-2020-5827 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
+ TODO: check
+CVE-2020-5826 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
+ TODO: check
+CVE-2020-5825 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
+ TODO: check
+CVE-2020-5824 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
+ TODO: check
+CVE-2020-5823 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
+ TODO: check
+CVE-2020-5822 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
+ TODO: check
+CVE-2020-5821 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
+ TODO: check
+CVE-2020-5820 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
+ TODO: check
CVE-2020-5819
RESERVED
CVE-2020-5818
@@ -7246,8 +7304,8 @@ CVE-2020-5531
RESERVED
CVE-2020-5530
RESERVED
-CVE-2020-5529
- RESERVED
+CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...)
+ TODO: check
CVE-2020-5528 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...)
- movabletype-opensource <removed>
CVE-2020-5527
@@ -11658,12 +11716,12 @@ CVE-2020-3937 (SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 201912
NOT-FOR-US: SysJust Syuan-Gu-Da-Shih
CVE-2020-3936
RESERVED
-CVE-2020-3935
- RESERVED
-CVE-2020-3934
- RESERVED
-CVE-2020-3933
- RESERVED
+CVE-2020-3935 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
+ TODO: check
+CVE-2020-3934 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
+ TODO: check
+CVE-2020-3933 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
+ TODO: check
CVE-2020-3932
RESERVED
CVE-2020-3931
@@ -18247,12 +18305,12 @@ CVE-2019-19197 (IOCTL Handling in the kyrld.sys driver in Kyrol Internet Securit
NOT-FOR-US: Kyrol Internet Security
CVE-2019-19196
RESERVED
-CVE-2019-19195
- RESERVED
+CVE-2019-19195 (The Bluetooth Low Energy implementation on Microchip Technology BluSDK ...)
+ TODO: check
CVE-2019-19194
RESERVED
-CVE-2019-19193
- RESERVED
+CVE-2019-19193 (The Bluetooth Low Energy peripheral implementation on Texas Instrument ...)
+ TODO: check
CVE-2019-19192
RESERVED
CVE-2019-19191 (Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file ...)
@@ -23116,8 +23174,8 @@ CVE-2019-18212 (XMLLanguageService.java in XML Language Server (aka lsp4xml) bef
NOT-FOR-US: XML Language Server (aka lsp4xml)
CVE-2019-18211 (An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTok ...)
NOT-FOR-US: Orckestra C1 CMS
-CVE-2019-18210
- RESERVED
+CVE-2019-18210 (** DISPUTED ** Persistent XSS in /course/modedit.php of Moodle through ...)
+ TODO: check
CVE-2019-18209 (templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser doe ...)
- etherpad-lite <itp> (bug #576998)
CVE-2019-18208
@@ -25778,14 +25836,14 @@ CVE-2019-17522 (A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 v
NOT-FOR-US: Hotaru CMS
CVE-2019-17521 (An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerab ...)
NOT-FOR-US: Landing-CMS
-CVE-2019-17520
- RESERVED
+CVE-2019-17520 (The Bluetooth Low Energy implementation on Texas Instruments SDK throu ...)
+ TODO: check
CVE-2019-17519
RESERVED
-CVE-2019-17518
- RESERVED
-CVE-2019-17517
- RESERVED
+CVE-2019-17518 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...)
+ TODO: check
+CVE-2019-17517 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...)
+ TODO: check
CVE-2019-17516
RESERVED
CVE-2019-17515 (The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPre ...)
@@ -26711,8 +26769,8 @@ CVE-2019-17139 (This vulnerability allows remote attackers to execute arbitrary
NOT-FOR-US: Foxit
CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: Foxit
-CVE-2019-17137
- RESERVED
+CVE-2019-17137 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ TODO: check
CVE-2019-17136 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit PhantomPDF
CVE-2019-17135 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -26899,10 +26957,10 @@ CVE-2019-17063 (In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF fi
NOT-FOR-US: Snowtide PDFxStream
CVE-2019-17062 (An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x befor ...)
NOT-FOR-US: OXID eShop
-CVE-2019-17061
- RESERVED
-CVE-2019-17060
- RESERVED
+CVE-2019-17061 (The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 ...)
+ TODO: check
+CVE-2019-17060 (The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z ( ...)
+ TODO: check
CVE-2019-17059 (A shell injection vulnerability on the Sophos Cyberoam firewall applia ...)
NOT-FOR-US: Sophos
CVE-2019-17058 (Footy Tipping Software AFL Web Edition 2019 allows arbitrary file uplo ...)
@@ -34787,8 +34845,8 @@ CVE-2019-14516 (The mAadhaar application 1.2.7 for Android lacks SSL Certificate
NOT-FOR-US: mAadhaar application for Android
CVE-2019-14515
RESERVED
-CVE-2019-14514
- RESERVED
+CVE-2019-14514 (An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. ...)
+ TODO: check
CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attacker con ...)
{DLA-1921-1}
- dnsmasq 2.76-1
@@ -36938,8 +36996,8 @@ CVE-2019-13948 (SyGuestBook A5 Version 1.2 allows stored XSS because the isValid
NOT-FOR-US: SyGuestBook A5
CVE-2019-13947 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
NOT-FOR-US: Siemens
-CVE-2019-13946
- RESERVED
+CVE-2019-13946 (A vulnerability has been identified in Development/Evaluation Kits for ...)
+ TODO: check
CVE-2019-13945 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
NOT-FOR-US: Siemens
CVE-2019-13944 (A vulnerability has been identified in EN100 Ethernet module DNP3 vari ...)
@@ -36948,10 +37006,10 @@ CVE-2019-13943 (A vulnerability has been identified in EN100 Ethernet module DNP
NOT-FOR-US: Siemens
CVE-2019-13942 (A vulnerability has been identified in EN100 Ethernet module DNP3 vari ...)
NOT-FOR-US: Siemens
-CVE-2019-13941
- RESERVED
-CVE-2019-13940
- RESERVED
+CVE-2019-13941 (A vulnerability has been identified in OZW672 (All versions < V10.0 ...)
+ TODO: check
+CVE-2019-13940 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
+ TODO: check
CVE-2019-13939 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
NOT-FOR-US: Nucleus
CVE-2019-13938
@@ -36978,12 +37036,12 @@ CVE-2019-13928
RESERVED
CVE-2019-13927 (A vulnerability has been identified in Desigo PX automation controller ...)
NOT-FOR-US: Siemens
-CVE-2019-13926
- RESERVED
-CVE-2019-13925
- RESERVED
-CVE-2019-13924
- RESERVED
+CVE-2019-13926 (A vulnerability has been identified in SCALANCE S602 (All versions > ...)
+ TODO: check
+CVE-2019-13925 (A vulnerability has been identified in SCALANCE S602 (All versions > ...)
+ TODO: check
+CVE-2019-13924 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+ TODO: check
CVE-2019-13923 (A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gat ...)
NOT-FOR-US: Siemens
CVE-2019-13922 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -39628,10 +39686,10 @@ CVE-2019-13324 (This vulnerability allows remote attackers to execute arbitrary
NOT-FOR-US: Foxit Studio Photo
CVE-2019-13323 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit Studio Photo
-CVE-2019-13322
- RESERVED
-CVE-2019-13321
- RESERVED
+CVE-2019-13322 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2019-13321 (This vulnerability allows network adjacent attackers to execute arbitr ...)
+ TODO: check
CVE-2019-13320 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit Reader
CVE-2019-13319 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -58610,8 +58668,8 @@ CVE-2019-6746 (This vulnerability allows remote attackers to disclose sensitive
NOT-FOR-US: Foxit Studio Photo
CVE-2019-6745
REJECTED
-CVE-2019-6744
- RESERVED
+CVE-2019-6744 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
CVE-2019-6743 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Xiaomi Mi6 Browser
CVE-2019-6742 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -58965,7 +59023,7 @@ CVE-2019-6577 (A vulnerability has been identified in SIMATIC HMI Comfort Panels
NOT-FOR-US: Siemens
CVE-2019-6576 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
NOT-FOR-US: Siemens
-CVE-2019-6575 (A vulnerability has been identified in SIMATIC CP443-1 OPC UA (incl. S ...)
+CVE-2019-6575 (A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All ve ...)
NOT-FOR-US: Siemens
CVE-2019-6574 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 ...)
NOT-FOR-US: Siemens
@@ -90474,8 +90532,8 @@ CVE-2018-14555
RESERVED
CVE-2018-14554
RESERVED
-CVE-2018-14553
- RESERVED
+CVE-2018-14553 (gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL point ...)
+ TODO: check
CVE-2016-10728 (An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error p ...)
{DLA-1508-1}
- suricata 3.1.2-1
@@ -194954,8 +195012,8 @@ CVE-2016-5712
RESERVED
CVE-2016-5711 (NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a ...)
NOT-FOR-US: NetApp
-CVE-2016-5710
- RESERVED
+CVE-2016-5710 (NetApp Snap Creator Framework before 4.3P1 allows remote authenticated ...)
+ TODO: check
CVE-2016-5709 (SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encrypti ...)
NOT-FOR-US: SolarWinds
CVE-2016-5708
@@ -216313,8 +216371,8 @@ CVE-2014-9756 (The psf_fwrite function in file_io.c in libsndfile allows attacke
- libsndfile 1.0.25-10 (bug #804447)
[jessie] - libsndfile 1.0.25-9.1+deb8u1
NOTE: https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
-CVE-2014-9753
- RESERVED
+CVE-2014-9753 (confirm.php in ATutor 2.2 and earlier allows remote attackers to bypas ...)
+ TODO: check
CVE-2014-9752 (Unrestricted file upload vulnerability in mods/_core/properties/lib/co ...)
NOT-FOR-US: ATutor
CVE-2015-7758 (Gummi 0.6.5 allows local users to write to arbitrary files via a symli ...)
@@ -216461,8 +216519,7 @@ CVE-2014-9749 (Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest
NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=4066
NOTE: http://bazaar.launchpad.net/~squid/squid/3.4/revision/13211 (Squid 3.4)
NOTE: http://bazaar.launchpad.net/~squid/squid/3.5/revision/13735 (Squid 3.5)
-CVE-2014-9748
- RESERVED
+CVE-2014-9748 (The uv_rwlock_t fallback implementation for Windows XP and Server 2003 ...)
- libuv 1.7.4-1 (unimportant)
- nodejs 4.0.0~dfsg-1 (unimportant)
NOTE: Only affects Windows
@@ -231883,7 +231940,7 @@ CVE-2015-2296 (The resolve_redirects function in sessions.py in requests 2.1.0 t
CVE-2015-2289 (Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entri ...)
- serendipity <removed>
CVE-2015-2287
- RESERVED
+ REJECTED
CVE-2015-2286 (lms/templates/footer-edx-new.html in Open edX edx-platform before 2015 ...)
NOT-FOR-US: Open edX
CVE-2015-2285 (The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart ...)
@@ -242531,8 +242588,8 @@ CVE-2014-8349 (Cross-site scripting (XSS) vulnerability in Liferay Portal Enterp
NOT-FOR-US: Liferay Portal
CVE-2014-8348
RESERVED
-CVE-2014-8347
- RESERVED
+CVE-2014-8347 (An Authentication Bypass vulnerability exists in the MatchPasswordData ...)
+ TODO: check
CVE-2014-8346 (The Remote Controls feature on Samsung mobile devices does not validat ...)
NOT-FOR-US: Samsung mobile devices
CVE-2014-8345
@@ -243664,7 +243721,7 @@ CVE-2014-7972
CVE-2014-7971
RESERVED
CVE-2014-7969
- RESERVED
+ REJECTED
CVE-2014-7966
RESERVED
CVE-2014-7965
@@ -247295,8 +247352,8 @@ CVE-2014-6449 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35,
NOT-FOR-US: Juniper Junos OS
CVE-2014-6448 (Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before ...)
NOT-FOR-US: Juniper
-CVE-2014-6447
- RESERVED
+CVE-2014-6447 (Multiple vulnerabilities exist in Juniper Junos J-Web error handling t ...)
+ TODO: check
CVE-2014-6446 (The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPre ...)
NOT-FOR-US: WordPress plugin Infusionsoft Gravity Forms
CVE-2014-6445 (Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmi ...)
@@ -253596,10 +253653,10 @@ CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterpris
- centreon-web <itp> (bug #913903)
CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon ...)
- centreon-web <itp> (bug #913903)
-CVE-2014-3827
- RESERVED
-CVE-2014-3826
- RESERVED
+CVE-2014-3827 (Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka M ...)
+ TODO: check
+CVE-2014-3826 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows ...)
+ TODO: check
CVE-2014-3825 (The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1 ...)
NOT-FOR-US: Juniper Junos
CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in the Juni ...)
@@ -258662,8 +258719,7 @@ CVE-2014-2053 (getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 a
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
- wordpress 3.9.2+dfsg-1 (bug #757312)
NOTE: https://core.trac.wordpress.org/changeset/29390
-CVE-2014-2052
- RESERVED
+CVE-2014-2052 (Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x bef ...)
- owncloud 6.0.2+dfsg-1
NOTE: owncloud advisory does not mention details for ZendFramework
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
@@ -264431,14 +264487,12 @@ CVE-2014-0150 (Integer overflow in the virtio_net_handle_mac function in hw/net/
- qemu-kvm <removed>
CVE-2014-0149 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss W ...)
NOT-FOR-US: JBoss Seam
-CVE-2014-0148
- RESERVED
+CVE-2014-0148 (Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to ...)
- qemu 2.0.0+dfsg-1 (bug #742730)
[squeeze] - qemu <not-affected> (vhdx support introduced in 1.5)
[wheezy] - qemu <not-affected> (vhdx support introduced in 1.5)
- qemu-kvm <not-affected> (vhdx support introduced in 1.5)
-CVE-2014-0147
- RESERVED
+CVE-2014-0147 (Qemu before 1.6.2 block diver for the various disk image formats used ...)
{DSA-3045-1 DSA-3044-1}
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
@@ -264457,8 +264511,7 @@ CVE-2014-0145 (Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0
- qemu-kvm <removed>
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
-CVE-2014-0144
- RESERVED
+CVE-2014-0144 (QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various ...)
{DSA-3045-1 DSA-3044-1}
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
@@ -266054,7 +266107,7 @@ CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production
CVE-2013-6500
REJECTED
CVE-2013-6499 [loading a module relative to the cwd]
- RESERVED
+ REJECTED
- libmp3-info-perl <unfixed> (bug #777230; unimportant)
[jessie] - libmp3-info-perl <no-dsa> (Minor issue)
[wheezy] - libmp3-info-perl <no-dsa> (Minor issue)
@@ -267414,8 +267467,8 @@ CVE-2013-5990 (Unspecified vulnerability in JustSystems Ichitaro 2006 through 20
NOT-FOR-US: JustSystems Ichitaro
CVE-2013-5989
REJECTED
-CVE-2013-5988
- RESERVED
+CVE-2013-5988 (A Cross-site Scripting (XSS) vulnerability exists in the All in One SE ...)
+ TODO: check
CVE-2013-5987 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...)
- nvidia-graphics-drivers 304.117-1 (bug #735271)
[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -267504,8 +267557,8 @@ CVE-2013-5947
RESERVED
CVE-2013-5946 (The runShellCmd function in systemCheck.htm in D-Link DSR-150 with fir ...)
NOT-FOR-US: D-Link
-CVE-2013-5945
- RESERVED
+CVE-2013-5945 (Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware ...)
+ TODO: check
CVE-2013-5944 (The integrated web server on Siemens SCALANCE X-200 switches with firm ...)
NOT-FOR-US: web server on Siemens switches
CVE-2013-5959 (Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 ...)
@@ -268584,8 +268637,7 @@ CVE-2013-5584
RESERVED
CVE-2013-5583 (Cross-site scripting (XSS) vulnerability in libraries/idna_convert/exa ...)
NOT-FOR-US: Joomla!
-CVE-2013-5582
- RESERVED
+CVE-2013-5582 (Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory loc ...)
NOT-FOR-US: Ammyy Admin
CVE-2013-5581
RESERVED
@@ -271011,8 +271063,7 @@ CVE-2013-4536
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4535
- RESERVED
+CVE-2013-4535 (The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7 ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -271364,8 +271415,8 @@ CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not
[squeeze] - openldap <no-dsa> (Minor issue)
NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=7723
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490
-CVE-2013-4448
- RESERVED
+CVE-2013-4448 (echoping through 6.0.2 has buffer overflow vulnerabilities ...)
+ TODO: check
CVE-2013-4447 (Cross-site scripting (XSS) vulnerability in the API in the Simplenews ...)
NOT-FOR-US: Simplenews Drupal contributed module
CVE-2013-4446 (The _json_decode function in plugins/context_reaction_block.inc in the ...)
@@ -272002,13 +272053,12 @@ CVE-2013-4270 (The net_ctl_permissions function in net/sysctl_net.c in the Linux
NOTE: Introduced with http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cff109768b2d9c03095848f4cd4b0754117262aa
NOTE: Fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2433c8f094a008895e66f25bd1773cdb01c91d01
CVE-2013-4269
- RESERVED
+ REJECTED
- ajaxplorer <itp> (bug #668381)
CVE-2013-4268
- RESERVED
+ REJECTED
- ajaxplorer <itp> (bug #668381)
-CVE-2013-4267
- RESERVED
+CVE-2013-4267 (Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary ...)
- ajaxplorer <itp> (bug #668381)
CVE-2013-4266
REJECTED
@@ -272938,8 +272988,8 @@ CVE-2013-3944 (Stack-based buffer overflow in the MrSID plugin (MrSID.dll) befor
NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView
CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6. ...)
NOT-FOR-US: DotNetNukeDot
-CVE-2013-3942
- RESERVED
+CVE-2013-3942 (Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vul ...)
+ TODO: check
CVE-2013-3941 (Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbi ...)
NOT-FOR-US: XnView
CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in Microsoft W ...)
@@ -273538,8 +273588,8 @@ CVE-2013-3686 (cgi-bin/operator/param in AirLive WL2600CAM and possibly other ca
CVE-2013-3685
RESERVED
NOT-FOR-US: Sprite Software's backup softare for Android
-CVE-2013-3684
- RESERVED
+CVE-2013-3684 (NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php fil ...)
+ TODO: check
CVE-2013-3683
RESERVED
CVE-2013-3682
@@ -277560,8 +277610,7 @@ CVE-2013-2122 (The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not
NOT-FOR-US: Edit Limit Drupal contributed module
CVE-2013-2121 (Eval injection vulnerability in the create method in the Bookmarks con ...)
- foreman <itp> (bug #663101)
-CVE-2013-2120 [weak generated passwords]
- RESERVED
+CVE-2013-2120 (The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste ...)
- kdeplasma-addons 4:5.3.2-2 (low; bug #710497)
[jessie] - kdeplasma-addons <no-dsa> (Minor issue)
[wheezy] - kdeplasma-addons <no-dsa> (Minor issue)
@@ -277791,8 +277840,7 @@ CVE-2013-2058 (The host_start function in drivers/usb/chipidea/host.c in the Lin
- linux 3.8-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2013/05/03/2
-CVE-2013-2057
- RESERVED
+CVE-2013-2057 (YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Includ ...)
NOT-FOR-US: YaBB
CVE-2013-2056 (The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Sate ...)
NOT-FOR-US: RHN Satellite
@@ -278764,8 +278812,8 @@ CVE-2013-1762 (stunnel 4.21 through 4.54, when CONNECT protocol negotiation and
- stunnel4 3:4.53-1.1 (bug #702267)
CVE-2013-1761
RESERVED
-CVE-2013-1760
- RESERVED
+CVE-2013-1760 (The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnera ...)
+ TODO: check
CVE-2013-1759 (Cross-site scripting (XSS) vulnerability in the Responsive Logo Slides ...)
NOT-FOR-US: WordPress plugin responsive-logo-slideshow
CVE-2013-1758 (Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plu ...)
@@ -279451,8 +279499,8 @@ CVE-2013-1609 (Multiple unquoted Windows search path vulnerabilities in the (1)
NOT-FOR-US: Symantec
CVE-2013-1608 (Directory traversal vulnerability in the Management Console on the Sym ...)
NOT-FOR-US: Symantec
-CVE-2013-1607
- RESERVED
+CVE-2013-1607 (Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability ...)
+ TODO: check
CVE-2013-1606 (Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT ...)
NOT-FOR-US: Ubiquiti UBNT AirCam
CVE-2013-1605 (Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 ...)
@@ -280264,10 +280312,10 @@ CVE-2013-1362 (Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plu
[squeeze] - nagios-nrpe <no-dsa> (Minor issue)
CVE-2013-1361 (Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with ...)
NOT-FOR-US: Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software
-CVE-2013-1360
- RESERVED
-CVE-2013-1359
- RESERVED
+CVE-2013-1360 (An Authentication Bypass vulnerability exists in DELL SonicWALL Global ...)
+ TODO: check
+CVE-2013-1359 (An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyz ...)
+ TODO: check
CVE-2013-1358
RESERVED
CVE-2013-1357
@@ -281603,8 +281651,8 @@ CVE-2013-0805 (Multiple cross-site scripting (XSS) vulnerabilities in the search
NOT-FOR-US: IT Operations Portal
CVE-2013-0804 (The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP ...)
NOT-FOR-US: GroupWise
-CVE-2013-0803
- RESERVED
+CVE-2013-0803 (A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload ...)
+ TODO: check
CVE-2012-6497 (The Authlogic gem for Ruby on Rails, when used with certain versions b ...)
{DSA-2597-1}
- ruby-activerecord-3.2 3.2.6-3
@@ -282555,8 +282603,8 @@ CVE-2013-0519 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Inter
NOT-FOR-US: IBM
CVE-2013-0518 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fi ...)
NOT-FOR-US: IBM
-CVE-2013-0517
- RESERVED
+CVE-2013-0517 (A Command Execution Vulnerability exists in IBM Sterling External Auth ...)
+ TODO: check
CVE-2013-0516
REJECTED
CVE-2013-0515
@@ -289089,8 +289137,7 @@ CVE-2012-4521 [rejected dupe assignment]
CVE-2012-4520 (The django.http.HttpRequest.get_host function in Django 1.3.x before 1 ...)
{DSA-2634-1}
- python-django 1.4.2-1 (bug #691145)
-CVE-2012-4519
- RESERVED
+CVE-2012-4519 (Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS. ...)
NOT-FOR-US: Zenphoto
CVE-2012-4518 (ibacm 1.0.7 creates files with world-writable permissions, which allow ...)
NOT-FOR-US: ibacm
@@ -310702,7 +310749,7 @@ CVE-2011-1598 (The bcm_release function in net/can/bcm.c in the Linux kernel bef
CVE-2011-1597 (OpenVAS Manager v2.0.3 allows plugin remote code execution. ...)
NOT-FOR-US: OpenVAS Manager
CVE-2011-1596
- RESERVED
+ REJECTED
NOT-FOR-US: ** REJECT ** (regular bug in gnome-screensaver-dialog)
CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in disk. ...)
- rdesktop 1.7.0-1 (low; bug #623552)
@@ -330183,8 +330230,7 @@ CVE-2009-4069 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5
- gforge 4.7.3-2
CVE-2009-4068
RESERVED
-CVE-2009-4067
- RESERVED
+CVE-2009-4067 (Buffer overflow in the auerswald_probe function in the Auerswald Linux ...)
{DSA-2310-1}
- linux-2.6 2.6.28-1 (low)
NOTE: Driver was removed in 2.6.27
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/810ec16800658df9f2548e289063d58c5756983b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/810ec16800658df9f2548e289063d58c5756983b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200211/4a58482c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list