[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 4 08:10:24 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e14fbeef by security tracker role at 2020-01-04T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,219 @@
+CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...)
+ TODO: check
+CVE-2020-5498
+ RESERVED
+CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect throug ...)
+ TODO: check
+CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...)
+ TODO: check
+CVE-2020-5495
+ RESERVED
+CVE-2020-5494
+ RESERVED
+CVE-2020-5493
+ RESERVED
+CVE-2020-5492
+ RESERVED
+CVE-2020-5491
+ RESERVED
+CVE-2020-5490
+ RESERVED
+CVE-2020-5489
+ RESERVED
+CVE-2020-5488
+ RESERVED
+CVE-2020-5487
+ RESERVED
+CVE-2020-5486
+ RESERVED
+CVE-2020-5485
+ RESERVED
+CVE-2020-5484
+ RESERVED
+CVE-2020-5483
+ RESERVED
+CVE-2020-5482
+ RESERVED
+CVE-2020-5481
+ RESERVED
+CVE-2020-5480
+ RESERVED
+CVE-2020-5479
+ RESERVED
+CVE-2020-5478
+ RESERVED
+CVE-2020-5477
+ RESERVED
+CVE-2020-5476
+ RESERVED
+CVE-2020-5475
+ RESERVED
+CVE-2020-5474
+ RESERVED
+CVE-2020-5473
+ RESERVED
+CVE-2020-5472
+ RESERVED
+CVE-2020-5471
+ RESERVED
+CVE-2020-5470
+ RESERVED
+CVE-2020-5469
+ RESERVED
+CVE-2020-5468
+ RESERVED
+CVE-2020-5467
+ RESERVED
+CVE-2020-5466
+ RESERVED
+CVE-2020-5465
+ RESERVED
+CVE-2020-5464
+ RESERVED
+CVE-2020-5463
+ RESERVED
+CVE-2020-5462
+ RESERVED
+CVE-2020-5461
+ RESERVED
+CVE-2020-5460
+ RESERVED
+CVE-2020-5459
+ RESERVED
+CVE-2020-5458
+ RESERVED
+CVE-2020-5457
+ RESERVED
+CVE-2020-5456
+ RESERVED
+CVE-2020-5455
+ RESERVED
+CVE-2020-5454
+ RESERVED
+CVE-2020-5453
+ RESERVED
+CVE-2020-5452
+ RESERVED
+CVE-2020-5451
+ RESERVED
+CVE-2020-5450
+ RESERVED
+CVE-2020-5449
+ RESERVED
+CVE-2020-5448
+ RESERVED
+CVE-2020-5447
+ RESERVED
+CVE-2020-5446
+ RESERVED
+CVE-2020-5445
+ RESERVED
+CVE-2020-5444
+ RESERVED
+CVE-2020-5443
+ RESERVED
+CVE-2020-5442
+ RESERVED
+CVE-2020-5441
+ RESERVED
+CVE-2020-5440
+ RESERVED
+CVE-2020-5439
+ RESERVED
+CVE-2020-5438
+ RESERVED
+CVE-2020-5437
+ RESERVED
+CVE-2020-5436
+ RESERVED
+CVE-2020-5435
+ RESERVED
+CVE-2020-5434
+ RESERVED
+CVE-2020-5433
+ RESERVED
+CVE-2020-5432
+ RESERVED
+CVE-2020-5431
+ RESERVED
+CVE-2020-5430
+ RESERVED
+CVE-2020-5429
+ RESERVED
+CVE-2020-5428
+ RESERVED
+CVE-2020-5427
+ RESERVED
+CVE-2020-5426
+ RESERVED
+CVE-2020-5425
+ RESERVED
+CVE-2020-5424
+ RESERVED
+CVE-2020-5423
+ RESERVED
+CVE-2020-5422
+ RESERVED
+CVE-2020-5421
+ RESERVED
+CVE-2020-5420
+ RESERVED
+CVE-2020-5419
+ RESERVED
+CVE-2020-5418
+ RESERVED
+CVE-2020-5417
+ RESERVED
+CVE-2020-5416
+ RESERVED
+CVE-2020-5415
+ RESERVED
+CVE-2020-5414
+ RESERVED
+CVE-2020-5413
+ RESERVED
+CVE-2020-5412
+ RESERVED
+CVE-2020-5411
+ RESERVED
+CVE-2020-5410
+ RESERVED
+CVE-2020-5409
+ RESERVED
+CVE-2020-5408
+ RESERVED
+CVE-2020-5407
+ RESERVED
+CVE-2020-5406
+ RESERVED
+CVE-2020-5405
+ RESERVED
+CVE-2020-5404
+ RESERVED
+CVE-2020-5403
+ RESERVED
+CVE-2020-5402
+ RESERVED
+CVE-2020-5401
+ RESERVED
+CVE-2020-5400
+ RESERVED
+CVE-2020-5399
+ RESERVED
+CVE-2020-5398
+ RESERVED
+CVE-2020-5397
+ RESERVED
+CVE-2020-5396
+ RESERVED
+CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...)
+ TODO: check
+CVE-2019-20334 (In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# ...)
+ TODO: check
+CVE-2015-9540 (Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open red ...)
+ TODO: check
+CVE-2014-10398 (Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank ...)
+ TODO: check
CVE-2020-5394
RESERVED
CVE-2020-5393
@@ -3792,8 +4008,8 @@ CVE-2019-19961
CVE-2019-19960 (In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist sid ...)
- wolfssl 4.3.0+dfsg-1
NOTE: https://github.com/wolfSSL/wolfssl/commit/5ee9f9c7a23f8ed093fe1e42bc540727e96cebb8 (v4.3.0-stable)
-CVE-2019-19959
- RESERVED
+CVE-2019-19959 (ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT ...)
+ TODO: check
CVE-2019-19958 (In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/str ...)
NOT-FOR-US: libIEC61850
CVE-2019-19957 (In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_ac ...)
@@ -28977,10 +29193,10 @@ CVE-2019-13768
CVE-2019-13767
RESERVED
- chromium <unfixed>
-CVE-2019-13766
- RESERVED
-CVE-2019-13765
- RESERVED
+CVE-2019-13766 (Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 ...)
+ TODO: check
+CVE-2019-13765 (Use-after-free in content delivery manager in Google Chrome prior to 7 ...)
+ TODO: check
CVE-2019-13764 (Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 al ...)
- chromium 79.0.3945.79-1
CVE-2019-13763 (Insufficient policy enforcement in payments in Google Chrome prior to ...)
@@ -42771,18 +42987,18 @@ CVE-2019-9543 (An issue was discovered in Poppler 0.74.0. A recursive function c
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <postponed> (Minor issue; revisit when fixed upstream)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/730
-CVE-2019-9542
- RESERVED
-CVE-2019-9541
- RESERVED
-CVE-2019-9540
- RESERVED
-CVE-2019-9539
- RESERVED
-CVE-2019-9538
- RESERVED
-CVE-2019-9537
- RESERVED
+CVE-2019-9542 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
+ TODO: check
+CVE-2019-9541 (: Information Exposure vulnerability in itemlookup.asp of Telos Automa ...)
+ TODO: check
+CVE-2019-9540 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
+ TODO: check
+CVE-2019-9539 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
+ TODO: check
+CVE-2019-9538 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
+ TODO: check
+CVE-2019-9537 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
+ TODO: check
CVE-2019-9536 (Apple iPhone 3GS bootrom malloc implementation returns a non-NULL poin ...)
NOT-FOR-US: Apple iPhone 3GS
CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with tmux's c ...)
@@ -52321,12 +52537,12 @@ CVE-2019-5848 (Incorrect font handling in autofill in Google Chrome prior to 75.
CVE-2019-5847 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
-CVE-2019-5846
- RESERVED
-CVE-2019-5845
- RESERVED
-CVE-2019-5844
- RESERVED
+CVE-2019-5846 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...)
+ TODO: check
+CVE-2019-5845 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...)
+ TODO: check
+CVE-2019-5844 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...)
+ TODO: check
CVE-2019-5843 (Out of bounds memory access in JavaScript in Google Chrome prior to 74 ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
@@ -57285,8 +57501,8 @@ CVE-2019-3770
RESERVED
CVE-2019-3769
RESERVED
-CVE-2019-3768
- RESERVED
+CVE-2019-3768 (RSA Authentication Manager versions prior to 8.4 P7 contain an XML Ent ...)
+ TODO: check
CVE-2019-3767 (Dell ImageAssist versions prior to 8.7.15 contain an information discl ...)
NOT-FOR-US: Dell ImageAssist
CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction ...)
@@ -233621,8 +233837,8 @@ CVE-2014-8519 (Unspecified vulnerability in McAfee Network Data Loss Prevention
NOT-FOR-US: McAfee
CVE-2014-8518 (The (1) Removable Media and (2) CD and DVD encryption offsite access o ...)
NOT-FOR-US: McAfee
-CVE-2014-8516
- RESERVED
+CVE-2014-8516 (Unrestricted file upload vulnerability in Visual Mining NetCharts Serv ...)
+ TODO: check
CVE-2014-8515 (The web interface in BitTorrent allows remote attackers to execute arb ...)
NOT-FOR-US: uTorrent
CVE-2014-8514 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Elec ...)
@@ -234120,8 +234336,8 @@ CVE-2014-8339 (SQL injection vulnerability in midroll.php in Nuevolab Nuevoplaye
NOT-FOR-US: Nuevolabs Nuevoplayer for clipshare
CVE-2014-8338
RESERVED
-CVE-2014-8337
- RESERVED
+CVE-2014-8337 (Unrestricted file upload vulnerability in includes/classes/uploadify-v ...)
+ TODO: check
CVE-2014-8336 (The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugi ...)
NOT-FOR-US: WP-DBManager plugin for WordPress
CVE-2014-8335 ((1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager ( ...)
@@ -240913,8 +241129,7 @@ CVE-2014-5518
RESERVED
CVE-2014-5517
RESERVED
-CVE-2014-5516
- RESERVED
+CVE-2014-5516 (Cross-site request forgery (CSRF) vulnerability in the Storefront Appl ...)
NOT-FOR-US: KonaKart
CVE-2014-5515
RESERVED
@@ -241973,8 +242188,8 @@ CVE-2014-5142
RESERVED
CVE-2014-5141
RESERVED
-CVE-2014-5140
- RESERVED
+CVE-2014-5140 (The bindReplace function in the query factory in includes/classes/data ...)
+ TODO: check
CVE-2014-5139 (The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 befo ...)
{DSA-2998-1}
- openssl 1.0.1i-1
@@ -244272,8 +244487,8 @@ CVE-2014-4198
RESERVED
CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS ...)
NOT-FOR-US: Bank Soft Systems
-CVE-2014-4196
- RESERVED
+CVE-2014-4196 (Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Syste ...)
+ TODO: check
CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in zero_view_article.php in Z ...)
NOT-FOR-US: ZeroCMS
CVE-2014-4194 (SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1. ...)
@@ -276956,8 +277171,8 @@ CVE-2012-5880
RESERVED
CVE-2012-5879 (An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician ( ...)
NOT-FOR-US: McAfee Virtual Technician
-CVE-2012-5878
- RESERVED
+CVE-2012-5878 (Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 a ...)
+ TODO: check
CVE-2012-5877 (Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a ...)
NOT-FOR-US: Nero MediaHome
CVE-2012-5876 (Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHo ...)
@@ -277403,8 +277618,8 @@ CVE-2012-5695 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bul
NOT-FOR-US: Smartphone Pentest Framework
CVE-2012-5694 (Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pen ...)
NOT-FOR-US: Smartphone Pentest Framework
-CVE-2012-5693
- RESERVED
+CVE-2012-5693 (Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows r ...)
+ TODO: check
CVE-2012-5692 (Unspecified vulnerability in admin/sources/base/core.php in Invision P ...)
NOT-FOR-US: Invision Power Board
CVE-2012-5691 (Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealP ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e14fbeefaf08092b022af4e69cb50b6b52c9411e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e14fbeefaf08092b022af4e69cb50b6b52c9411e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200104/75d8c8c9/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list