[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 9 08:10:38 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1d49d659 by security tracker role at 2020-01-09T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2020-6639
+ RESERVED
+CVE-2020-6638
+ RESERVED
+CVE-2020-6637
+ RESERVED
+CVE-2020-6636
+ RESERVED
+CVE-2020-6635
+ RESERVED
+CVE-2020-6634
+ RESERVED
+CVE-2020-6633
+ RESERVED
+CVE-2020-6632 (In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a Q ...)
+ TODO: check
+CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2020-6629 (Ming (aka libming) 0.4.8 has z NULL pointer dereference in the functio ...)
+ TODO: check
+CVE-2020-6628 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the func ...)
+ TODO: check
+CVE-2020-6627
+ RESERVED
+CVE-2020-6626
+ RESERVED
+CVE-2020-6625 (jhead through 3.04 has a heap-based buffer over-read in Get32s when ca ...)
+ TODO: check
+CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_DQT in ...)
+ TODO: check
+CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
+ TODO: check
+CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
+ TODO: check
+CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...)
+ TODO: check
+CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
+ TODO: check
+CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...)
+ TODO: check
+CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
+ TODO: check
+CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
+ TODO: check
+CVE-2020-6616
+ RESERVED
+CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...)
+ TODO: check
+CVE-2020-6614 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read ...)
+ TODO: check
+CVE-2020-6613 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_searc ...)
+ TODO: check
+CVE-2020-6612 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_comp ...)
+ TODO: check
+CVE-2020-6611 (GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_own ...)
+ TODO: check
+CVE-2020-6610 (GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation i ...)
+ TODO: check
+CVE-2020-6609 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_page ...)
+ TODO: check
+CVE-2020-6608
+ RESERVED
+CVE-2020-6607
+ RESERVED
+CVE-2020-6606
+ RESERVED
+CVE-2020-6605
+ RESERVED
+CVE-2020-6604
+ RESERVED
+CVE-2020-6603
+ RESERVED
+CVE-2020-6602
+ RESERVED
+CVE-2020-6601
+ RESERVED
+CVE-2020-6600
+ RESERVED
+CVE-2020-6599
+ RESERVED
+CVE-2020-6598
+ RESERVED
+CVE-2020-6597
+ RESERVED
+CVE-2020-6596
+ RESERVED
+CVE-2020-6595
+ RESERVED
+CVE-2020-6594
+ RESERVED
+CVE-2020-6593
+ RESERVED
+CVE-2020-6592
+ RESERVED
+CVE-2020-6591
+ RESERVED
+CVE-2020-6590
+ RESERVED
+CVE-2020-6589
+ RESERVED
+CVE-2020-6588
+ RESERVED
+CVE-2020-6587
+ RESERVED
+CVE-2020-6586
+ RESERVED
+CVE-2020-6585
+ RESERVED
+CVE-2020-6584
+ RESERVED
+CVE-2019-20371
+ RESERVED
+CVE-2019-20370
+ RESERVED
+CVE-2019-20369
+ RESERVED
+CVE-2019-20368
+ RESERVED
CVE-2020-6583 (BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be ...)
NOT-FOR-US: BigProf Online Invoicing System (OIS)
CVE-2020-6582
@@ -2228,7 +2348,9 @@ CVE-2020-5506
RESERVED
CVE-2020-5505
RESERVED
-CVE-2020-5504 (A SQL injection flaw has been discovered in the user accounts page. A ma...)
+CVE-2020-5504
+ RESERVED
+ {DLA-2060-1}
- phpmyadmin <unfixed>
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983
NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b
@@ -2860,8 +2982,8 @@ CVE-2020-5207
RESERVED
CVE-2020-5206
RESERVED
-CVE-2020-5205
- RESERVED
+CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...)
+ TODO: check
CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...)
NOT-FOR-US: uftpd
CVE-2020-5203
@@ -21133,7 +21255,7 @@ CVE-2019-17153
RESERVED
CVE-2019-17152
RESERVED
-CVE-2019-17151 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+CVE-2019-17151 (This vulnerability allows remote attackers redirect users to an extern ...)
NOT-FOR-US: Tencent WeChat
CVE-2019-17150
RESERVED
@@ -21439,75 +21561,61 @@ CVE-2019-17026
- firefox 72.0.1-1 (bug #948452)
- firefox-esr 68.4.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026
-CVE-2019-17025
- RESERVED
+CVE-2019-17025 (Mozilla developers reported memory safety bugs present in Firefox 71. ...)
- firefox 72.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17025
-CVE-2019-17024
- RESERVED
+CVE-2019-17024 (Mozilla developers reported memory safety bugs present in Firefox 71 a ...)
- firefox 72.0-1
- firefox-esr 68.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17024
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17024
-CVE-2019-17023
- RESERVED
+CVE-2019-17023 (After a HelloRetryRequest has been sent, the client may negotiate a lo ...)
- firefox 72.0-1
- nss 2:3.49-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023
NOTE: https://hg.mozilla.org/projects/nss/rev/d64102b76a437f24d98a20480dcc9f1655143e7c
NOTE: https://hg.mozilla.org/projects/nss/rev/8a2bd40e7f89a796cf24a0ff7cfb67c6e69c5c78
-CVE-2019-17022
- RESERVED
+CVE-2019-17022 (When pasting a <style> tag from the clipboard into a ric ...)
- firefox 72.0-1
- firefox-esr 68.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17022
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17022
-CVE-2019-17021
- RESERVED
+CVE-2019-17021 (During the initialization of a new content process, a race condition o ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17021
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17021
-CVE-2019-17020
- RESERVED
+CVE-2019-17020 (If an XML file is served with a Content Security Policy and the XML fi ...)
- firefox 72.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17020
-CVE-2019-17019
- RESERVED
+CVE-2019-17019 (When Python was installed on Windows, a python file being served with ...)
- firefox <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17019
-CVE-2019-17018
- RESERVED
+CVE-2019-17018 (When in Private Browsing Mode on Windows 10, the Windows keyboard may ...)
- firefox <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17018
-CVE-2019-17017
- RESERVED
+CVE-2019-17017 (Due to a missing case handling object types, a type confusion vulnerab ...)
- firefox 72.0-1
- firefox-esr 68.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17017
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17017
-CVE-2019-17016
- RESERVED
+CVE-2019-17016 (When pasting a <style> tag from the clipboard into a ric ...)
- firefox 72.0-1
- firefox-esr 68.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17016
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17016
-CVE-2019-17015
- RESERVED
+CVE-2019-17015 (During the initialization of a new content process, a pointer offset c ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17015
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17015
-CVE-2019-17014
- RESERVED
+CVE-2019-17014 (If an image had not loaded correctly (such as when it is not actually ...)
- firefox 71.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014
-CVE-2019-17013
- RESERVED
+CVE-2019-17013 (Mozilla developers reported memory safety bugs present in Firefox 70. ...)
- firefox 71.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013
-CVE-2019-17012
- RESERVED
+CVE-2019-17012 (Mozilla developers reported memory safety bugs present in Firefox 70 a ...)
{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
- firefox 71.0-1
- firefox-esr 68.3.0esr-1
@@ -21515,8 +21623,7 @@ CVE-2019-17012
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17012
-CVE-2019-17011
- RESERVED
+CVE-2019-17011 (Under certain conditions, when retrieving a document from a DocShell i ...)
{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
- firefox 71.0-1
- firefox-esr 68.3.0esr-1
@@ -21524,8 +21631,7 @@ CVE-2019-17011
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17011
-CVE-2019-17010
- RESERVED
+CVE-2019-17010 (Under certain conditions, when checking the Resist Fingerprinting pref ...)
{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
- firefox 71.0-1
- firefox-esr 68.3.0esr-1
@@ -21533,16 +21639,14 @@ CVE-2019-17010
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17010
-CVE-2019-17009
- RESERVED
+CVE-2019-17009 (When running, the updater service wrote status and log files to an unr ...)
- firefox <not-affected> (Updater not used in Debian packages)
- firefox-esr <not-affected> (Updater not used in Debian packages)
- thunderbird <not-affected> (Updater not used in Debian packages)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17009
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17009
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17009
-CVE-2019-17008
- RESERVED
+CVE-2019-17008 (When using nested workers, a use-after-free could occur during worker ...)
{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
- firefox 71.0-1
- firefox-esr 68.3.0esr-1
@@ -21567,8 +21671,7 @@ CVE-2019-17006 [Check length of inputs for cryptographic primitives]
NOTE: Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
NOTE: https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34
NOTE: https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe
-CVE-2019-17005
- RESERVED
+CVE-2019-17005 (The plain text serializer used a fixed-size array for the number of &l ...)
{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
- firefox 71.0-1
- firefox-esr 68.3.0esr-1
@@ -21580,16 +21683,13 @@ CVE-2019-17004
RESERVED
CVE-2019-17003
RESERVED
-CVE-2019-17002
- RESERVED
+CVE-2019-17002 (If upgrade-insecure-requests was specified in the Content Security Pol ...)
- firefox 70.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002
-CVE-2019-17001
- RESERVED
+CVE-2019-17001 (A Content-Security-Policy that blocks in-line scripts could be bypasse ...)
- firefox 70.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17001
-CVE-2019-17000
- RESERVED
+CVE-2019-17000 (An object tag with a data URI did not correctly inherit the document's ...)
- firefox 70.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17000
CVE-2019-16999 (CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status ...)
@@ -22200,8 +22300,8 @@ CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in
[stretch] - waitress <no-dsa> (Minor issue)
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
NOTE: https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017
-CVE-2019-16788
- RESERVED
+CVE-2019-16788 (In WordPress versions from 3.7 to 5.3.0, authenticated users who do no ...)
+ TODO: check
CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...)
- waitress 1.4.1-1 (bug #947306)
[buster] - waitress <no-dsa> (Minor issue)
@@ -22256,8 +22356,8 @@ CVE-2019-16774 (In phpfastcache before 5.1.3, there is a possible object injecti
NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4 (5.0.13)
NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/82a84adff6e8fc9b564c616d0fdc9238ae2e86c3 (4.3.18)
NOTE: Affected phpfastcache code is not used in kopano-webapp-plugin-files.
-CVE-2019-16773
- RESERVED
+CVE-2019-16773 (In WordPress versions from 3.7 to 5.3.0, the function wp_targeted_link ...)
+ TODO: check
CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is vulnerable to ...)
NOT-FOR-US: serialize-to-js Node package
CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable ...)
@@ -37950,12 +38050,10 @@ CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffe
[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present; D6_OPTION_PD_EXCLUDE support added later)
NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8
NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b
-CVE-2019-11765
- RESERVED
+CVE-2019-11765 (A compromised content process could send a message to the parent proce ...)
- firefox 70.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765
-CVE-2019-11764
- RESERVED
+CVE-2019-11764 (Mozilla developers and community members reported memory safety bugs p ...)
{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
@@ -37963,8 +38061,7 @@ CVE-2019-11764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11764
-CVE-2019-11763
- RESERVED
+CVE-2019-11763 (Failure to correctly handle null bytes when processing HTML entities r ...)
{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
@@ -37972,8 +38069,7 @@ CVE-2019-11763
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11763
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763
-CVE-2019-11762
- RESERVED
+CVE-2019-11762 (If two same-origin documents set document.domain differently to become ...)
{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
@@ -37981,8 +38077,7 @@ CVE-2019-11762
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762
-CVE-2019-11761
- RESERVED
+CVE-2019-11761 (By using a form with a data URI it was possible to gain access to the ...)
{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
@@ -37990,8 +38085,7 @@ CVE-2019-11761
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761
-CVE-2019-11760
- RESERVED
+CVE-2019-11760 (A fixed-size stack buffer could overflow in nrappkit when doing WebRTC ...)
{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
@@ -37999,8 +38093,7 @@ CVE-2019-11760
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11760
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11760
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11760
-CVE-2019-11759
- RESERVED
+CVE-2019-11759 (An attacker could have caused 4 bytes of HMAC output to be written pas ...)
{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
@@ -38008,14 +38101,12 @@ CVE-2019-11759
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11759
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11759
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11759
-CVE-2019-11758
- RESERVED
+CVE-2019-11758 (Mozilla community member Philipp reported a memory safety bug present ...)
- firefox-esr <not-affected> (Only an issue in combination with 360 Total Security)
- thunderbird <not-affected> (Only an issue in combination with 360 Total Security)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11758
-CVE-2019-11757
- RESERVED
+CVE-2019-11757 (When following the value's prototype chain, it was possible to retain ...)
{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
@@ -38023,8 +38114,7 @@ CVE-2019-11757
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757
-CVE-2019-11756
- RESERVED
+CVE-2019-11756 (Improper refcounting of soft token session objects could cause a use-a ...)
- firefox 71.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756
CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption layer and a ...)
@@ -38097,8 +38187,7 @@ CVE-2019-11746 (A use-after-free vulnerability can occur while manipulating vide
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11746
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
-CVE-2019-11745 [Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate]
- RESERVED
+CVE-2019-11745 (When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa ...)
{DSA-4579-1 DLA-2008-1}
- nss 2:3.47.1-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
@@ -39514,8 +39603,8 @@ CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allow
NOT-FOR-US: Cloud Foundry
CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set to log ...)
NOT-FOR-US: Cloud Foundry UAA Release
-CVE-2019-11292
- RESERVED
+CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2. ...)
+ TODO: check
CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior ...)
- rabbitmq-server <unfixed> (bug #945601)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
@@ -44503,8 +44592,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confus
- firefox-esr 60.6.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813
-CVE-2019-9812
- RESERVED
+CVE-2019-9812 (Given a compromised sandboxed content process due to a separate vulner ...)
{DSA-4516-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
@@ -264550,8 +264638,8 @@ CVE-2013-4794
RESERVED
CVE-2013-4793 (The update function in umbraco.webservices/templates/templateService.c ...)
NOT-FOR-US: Umbraco
-CVE-2011-5266
- RESERVED
+CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...)
+ TODO: check
CVE-2013-4792
RESERVED
CVE-2013-4791
@@ -278868,14 +278956,14 @@ CVE-2012-6071 (nuSOAP before 0.7.3-5 does not properly check the hostname of a c
[squeeze] - nusoap <no-dsa> (Minor issue)
CVE-2012-6070 (Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may ...)
- falconpl 0.9.6.9-git20120606-2 (bug #696681)
-CVE-2011-5250
- RESERVED
+CVE-2011-5250 (Snare for Linux before 1.7.0 has CSRF in the web interface. ...)
+ TODO: check
CVE-2011-5249 (Cross-site scripting (XSS) vulnerability in the events page in the Sys ...)
NOT-FOR-US: SNARE
CVE-2011-5248
RESERVED
-CVE-2011-5247
- RESERVED
+CVE-2011-5247 (Snare for Linux before 1.7.0 has password disclosure because the rende ...)
+ TODO: check
CVE-2009-5133
RESERVED
CVE-2012-6069 (Directory traversal vulnerability in the Runtime Toolkit in CODESYS Ru ...)
@@ -294424,8 +294512,8 @@ CVE-2011-5020
CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in Textpat ...)
- textpattern <unfixed> (low)
[squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which becomes inaccessible after installation)
-CVE-2011-5018
- RESERVED
+CVE-2011-5018 (Koala Framework before 2011-11-21 has XSS via the request_uri paramete ...)
+ TODO: check
CVE-2011-5017
RESERVED
CVE-2011-5016
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d49d6599ef675f1caf9c60360c938a4a72b7b4e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d49d6599ef675f1caf9c60360c938a4a72b7b4e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200109/a0894d72/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list