[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 18 08:10:27 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dbacfe80 by security tracker role at 2020-02-18T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -647,8 +647,8 @@ CVE-2020-8770
RESERVED
CVE-2020-8769
RESERVED
-CVE-2020-8768
- RESERVED
+CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...)
+ TODO: check
CVE-2020-8767
RESERVED
CVE-2020-8766
@@ -2281,12 +2281,12 @@ CVE-2020-8014
RESERVED
CVE-2020-8013
RESERVED
-CVE-2020-8012
- RESERVED
-CVE-2020-8011
- RESERVED
-CVE-2020-8010
- RESERVED
+CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+ TODO: check
+CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+ TODO: check
+CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+ TODO: check
CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...)
NOT-FOR-US: AVB MOTU devices
CVE-2020-8008
@@ -2449,8 +2449,8 @@ CVE-2020-7961
RESERVED
CVE-2020-7960
RESERVED
-CVE-2020-7959
- RESERVED
+CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...)
+ TODO: check
CVE-2020-7958
RESERVED
CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...)
@@ -4420,6 +4420,7 @@ CVE-2020-7062
CVE-2020-7061
RESERVED
CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings, ...)
+ {DSA-4626-1}
- php7.4 7.4.2-7
- php7.3 <unfixed>
- php7.0 <removed>
@@ -4427,6 +4428,7 @@ CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodi
NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
NOTE: PHP Bug: http://bugs.php.net/79037
CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP ...)
+ {DSA-4626-1}
- php7.4 7.4.2-7
- php7.3 <unfixed>
- php7.0 <removed>
@@ -7726,8 +7728,8 @@ CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo Ap
NOT-FOR-US: ilbo App
CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI500 ...)
NOT-FOR-US: Mitsubishi
-CVE-2020-5530
- RESERVED
+CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy Property Listi ...)
+ TODO: check
CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...)
- htmlunit <removed>
NOTE: https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28
@@ -12349,6 +12351,7 @@ CVE-2020-3869
RESERVED
CVE-2020-3868
RESERVED
+ {DSA-4627-1}
- webkit2gtk 2.26.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -12356,6 +12359,7 @@ CVE-2020-3868
NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
CVE-2020-3867
RESERVED
+ {DSA-4627-1}
- webkit2gtk 2.26.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -12365,6 +12369,7 @@ CVE-2020-3866
RESERVED
CVE-2020-3865
RESERVED
+ {DSA-4627-1}
- webkit2gtk 2.26.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -12372,6 +12377,7 @@ CVE-2020-3865
NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
CVE-2020-3864
RESERVED
+ {DSA-4627-1}
- webkit2gtk 2.26.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -12381,6 +12387,7 @@ CVE-2020-3863
RESERVED
CVE-2020-3862
RESERVED
+ {DSA-4627-1}
- webkit2gtk 2.26.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -17604,8 +17611,8 @@ CVE-2020-1884
RESERVED
CVE-2020-1883
RESERVED
-CVE-2020-1882
- RESERVED
+CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...)
+ TODO: check
CVE-2020-1881
RESERVED
CVE-2020-1880
@@ -17624,8 +17631,8 @@ CVE-2020-1874
RESERVED
CVE-2020-1873
RESERVED
-CVE-2020-1872
- RESERVED
+CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E ...)
+ TODO: check
CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...)
NOT-FOR-US: Huawei
CVE-2020-1870
@@ -17652,18 +17659,18 @@ CVE-2020-1860
RESERVED
CVE-2020-1859
RESERVED
-CVE-2020-1858
- RESERVED
-CVE-2020-1857
- RESERVED
-CVE-2020-1856
- RESERVED
-CVE-2020-1855
- RESERVED
+CVE-2020-1858 (Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V ...)
+ TODO: check
+CVE-2020-1857 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+ TODO: check
+CVE-2020-1856 (Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG ...)
+ TODO: check
+CVE-2020-1855 (Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-55 ...)
+ TODO: check
CVE-2020-1854
RESERVED
-CVE-2020-1853
- RESERVED
+CVE-2020-1853 (GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. ...)
+ TODO: check
CVE-2020-1852
RESERVED
CVE-2020-1851
@@ -17682,12 +17689,12 @@ CVE-2020-1845
RESERVED
CVE-2020-1844
RESERVED
-CVE-2020-1843
- RESERVED
-CVE-2020-1842
- RESERVED
-CVE-2020-1841
- RESERVED
+CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...)
+ TODO: check
+CVE-2020-1842 (Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version ...)
+ TODO: check
+CVE-2020-1841 (Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6 ...)
+ TODO: check
CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...)
NOT-FOR-US: Huawei
CVE-2020-1839
@@ -17708,14 +17715,14 @@ CVE-2020-1832
RESERVED
CVE-2020-1831
RESERVED
-CVE-2020-1830
- RESERVED
-CVE-2020-1829
- RESERVED
-CVE-2020-1828
- RESERVED
-CVE-2020-1827
- RESERVED
+CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+ TODO: check
+CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...)
+ TODO: check
+CVE-2020-1828 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+ TODO: check
+CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+ TODO: check
CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...)
NOT-FOR-US: Huawei
CVE-2020-1825
@@ -17736,18 +17743,18 @@ CVE-2020-1818
RESERVED
CVE-2020-1817
RESERVED
-CVE-2020-1816
- RESERVED
-CVE-2020-1815
- RESERVED
-CVE-2020-1814
- RESERVED
+CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+ TODO: check
+CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+ TODO: check
+CVE-2020-1814 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
+ TODO: check
CVE-2020-1813
RESERVED
-CVE-2020-1812
- RESERVED
-CVE-2020-1811
- RESERVED
+CVE-2020-1812 (HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P ...)
+ TODO: check
+CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...)
+ TODO: check
CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...)
NOT-FOR-US: Huawei
CVE-2020-1809
@@ -17786,12 +17793,12 @@ CVE-2020-1793
RESERVED
CVE-2020-1792
RESERVED
-CVE-2020-1791
- RESERVED
-CVE-2020-1790
- RESERVED
-CVE-2020-1789
- RESERVED
+CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...)
+ TODO: check
+CVE-2020-1790 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...)
+ TODO: check
+CVE-2020-1789 (Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with ve ...)
+ TODO: check
CVE-2020-1788 (Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P ...)
NOT-FOR-US: Huawei
CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...)
@@ -18272,8 +18279,7 @@ CVE-2020-1695
RESERVED
CVE-2020-1694
RESERVED
-CVE-2020-1693
- RESERVED
+CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...)
NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...)
- moodle <removed>
@@ -18392,8 +18398,8 @@ CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0
NOT-FOR-US: Wikibase Wikidata Query Service GUI
CVE-2019-19326
RESERVED
-CVE-2019-19325
- RESERVED
+CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows ...)
+ TODO: check
CVE-2019-19324
RESERVED
CVE-2019-19323
@@ -46558,13 +46564,14 @@ CVE-2019-11052
CVE-2019-11051
RESERVED
CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
- {DLA-2050-1}
+ {DSA-4626-1 DLA-2050-1}
- php7.3 <unfixed>
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
NOTE: PHP Bug: http://bugs.php.net/78793
CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ...)
+ {DSA-4626-1}
- php7.3 <unfixed>
- php7.0 <removed>
- php5 <removed>
@@ -46574,21 +46581,21 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when su
CVE-2019-11048
RESERVED
CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
- {DLA-2050-1}
+ {DSA-4626-1 DLA-2050-1}
- php7.3 <unfixed>
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
NOTE: PHP Bug: http://bugs.php.net/78910
CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...)
- {DLA-2050-1}
+ {DSA-4626-1 DLA-2050-1}
- php7.3 <unfixed>
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
NOTE: PHP Bug: http://bugs.php.net/78878
CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...)
- {DLA-2050-1}
+ {DSA-4626-1 DLA-2050-1}
- php7.3 <unfixed>
- php7.0 <removed>
- php5 <removed>
@@ -47322,8 +47329,8 @@ CVE-2019-10792
RESERVED
CVE-2019-10791
RESERVED
-CVE-2019-10790
- RESERVED
+CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding additional proper ...)
+ TODO: check
CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...)
NOT-FOR-US: curling.js
CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute arbitrary ...)
@@ -91022,6 +91029,7 @@ CVE-2018-14555
CVE-2018-14554
RESERVED
CVE-2018-14553 (gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL point ...)
+ {DLA-2106-1}
- libgd2 <unfixed> (low; bug #951287)
[buster] - libgd2 <no-dsa> (Minor issue)
[stretch] - libgd2 <no-dsa> (Minor issue)
@@ -210188,8 +210196,7 @@ CVE-2015-8763 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote
CVE-2015-8762 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attac ...)
- freeradius <not-affected> (Affects 3.0 up to 3.0.8)
NOTE: http://freeradius.org/security.html#eap-pwd-2015
-CVE-2015-8751
- RESERVED
+CVE-2015-8751 (Integer overflow in the jas_matrix_create function in JasPer allows co ...)
- jasper 1.900.1-5.1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294039
NOTE: In 1.900.1-5.1 this issue was fixed as part of the patch for CVE-2008-3520
@@ -243992,8 +243999,7 @@ CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/fi
[wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html
-CVE-2014-8089 [ZF2014-06: SQL injection vector when manually quoting values for sqlsrv extension, using null byte]
- RESERVED
+CVE-2014-8089 (SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x bef ...)
{DSA-3265-1 DLA-251-1}
- zendframework 1.12.9+dfsg-1
NOTE: http://framework.zend.com/security/advisory/ZF2014-06
@@ -245946,8 +245952,7 @@ CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 1.0
CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windo ...)
- twiki <removed>
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
-CVE-2014-7236
- RESERVED
+CVE-2014-7236 (Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6 ...)
- twiki <removed>
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Rec ...)
@@ -251322,8 +251327,8 @@ CVE-2014-4983
RESERVED
CVE-2014-4982 (LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection ...)
NOT-FOR-US: LPAR2RRD
-CVE-2014-4981
- RESERVED
+CVE-2014-4981 (LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitra ...)
+ TODO: check
CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for Nes ...)
NOT-FOR-US: Tenable Web UI for Nessus
CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or c ...)
@@ -259497,8 +259502,7 @@ CVE-2014-1948 (OpenStack Image Registry and Delivery Service (Glance) 2013.2 thr
- glance 2013.2.2-1 (bug #738924)
[wheezy] - glance <not-affected> (Only affects Havana)
NOTE: https://launchpad.net/bugs/1275062
-CVE-2014-1947 [Buffer overflow vulnerability]
- RESERVED
+CVE-2014-1947 (Stack-based buffer overflow in the WritePSDImage function in coders/ps ...)
{DSA-2898-1}
- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
NOTE: http://web.archive.org/web/20090120112751/http://trac.imagemagick.org:80/changeset/13736
@@ -294939,7 +294943,7 @@ CVE-2012-2417 (PyCrypto before 2.6 does not produce appropriate prime numbers wh
CVE-2012-2413 (Cross-site scripting (XSS) vulnerability in the ja_purity template for ...)
NOT-FOR-US: Joomla template
CVE-2012-2412
- RESERVED
+ REJECTED
CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealP ...)
NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2410 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlaye ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbacfe80f7e004b39679cf4e35ea786d6b4bac96
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbacfe80f7e004b39679cf4e35ea786d6b4bac96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200218/63018353/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list