[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 15 08:10:28 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2bba8e31 by security tracker role at 2020-01-15T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,14 @@
-CVE-2020-7053 [drm/i915: Fix use-after-free when destroying GEM context]
+CVE-2020-7058 (** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execut ...)
+ TODO: check
+CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a d ...)
+ TODO: check
+CVE-2020-7056
+ RESERVED
+CVE-2020-7055
+ RESERVED
+CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in li ...)
+ TODO: check
+CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...)
- linux 5.2.6-1
NOTE: https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/
CVE-2020-7052
@@ -3267,10 +3277,10 @@ CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection ex
NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/
CVE-2020-5503
RESERVED
-CVE-2020-5502
- RESERVED
-CVE-2020-5501
- RESERVED
+CVE-2020-5502 (phpBB 3.2.8 allows a CSRF attack that can approve pending group member ...)
+ TODO: check
+CVE-2020-5501 (phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. ...)
+ TODO: check
CVE-2020-5500
RESERVED
CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...)
@@ -17126,118 +17136,118 @@ CVE-2020-0658
RESERVED
CVE-2020-0657
RESERVED
-CVE-2020-0656
- RESERVED
+CVE-2020-0656 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ TODO: check
CVE-2020-0655
RESERVED
-CVE-2020-0654
- RESERVED
-CVE-2020-0653
- RESERVED
-CVE-2020-0652
- RESERVED
-CVE-2020-0651
- RESERVED
-CVE-2020-0650
- RESERVED
+CVE-2020-0654 (A security feature bypass vulnerability exists in Microsoft OneDrive A ...)
+ TODO: check
+CVE-2020-0653 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2020-0652 (A remote code execution vulnerability exists in Microsoft Office softw ...)
+ TODO: check
+CVE-2020-0651 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2020-0650 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
CVE-2020-0649
RESERVED
CVE-2020-0648
RESERVED
-CVE-2020-0647
- RESERVED
-CVE-2020-0646
- RESERVED
+CVE-2020-0647 (A spoofing vulnerability exists when Office Online does not validate o ...)
+ TODO: check
+CVE-2020-0646 (A remote code execution vulnerability exists when the Microsoft .NET F ...)
+ TODO: check
CVE-2020-0645
RESERVED
-CVE-2020-0644
- RESERVED
-CVE-2020-0643
- RESERVED
-CVE-2020-0642
- RESERVED
-CVE-2020-0641
- RESERVED
-CVE-2020-0640
- RESERVED
-CVE-2020-0639
- RESERVED
-CVE-2020-0638
- RESERVED
-CVE-2020-0637
- RESERVED
-CVE-2020-0636
- RESERVED
-CVE-2020-0635
- RESERVED
-CVE-2020-0634
- RESERVED
-CVE-2020-0633
- RESERVED
-CVE-2020-0632
- RESERVED
-CVE-2020-0631
- RESERVED
-CVE-2020-0630
- RESERVED
-CVE-2020-0629
- RESERVED
-CVE-2020-0628
- RESERVED
-CVE-2020-0627
- RESERVED
-CVE-2020-0626
- RESERVED
-CVE-2020-0625
- RESERVED
-CVE-2020-0624
- RESERVED
-CVE-2020-0623
- RESERVED
-CVE-2020-0622
- RESERVED
-CVE-2020-0621
- RESERVED
-CVE-2020-0620
- RESERVED
+CVE-2020-0644 (An elevation of privilege vulnerability exists when Microsoft Windows ...)
+ TODO: check
+CVE-2020-0643 (An information disclosure vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0642 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
+CVE-2020-0641 (An elevation of privilege vulnerability exists in Windows Media Servic ...)
+ TODO: check
+CVE-2020-0640 (A remote code execution vulnerability exists when Internet Explorer im ...)
+ TODO: check
+CVE-2020-0639 (An information disclosure vulnerability exists in the Windows Common L ...)
+ TODO: check
+CVE-2020-0638 (An elevation of privilege vulnerability exists in the way the Update N ...)
+ TODO: check
+CVE-2020-0637 (An information disclosure vulnerability exists when Remote Desktop Web ...)
+ TODO: check
+CVE-2020-0636 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0635 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
+ TODO: check
+CVE-2020-0634 (An elevation of privilege vulnerability exists when the Windows Common ...)
+ TODO: check
+CVE-2020-0633 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0632 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0631 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0630 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0629 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0628 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0627 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0626 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0625 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0624 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
+CVE-2020-0623 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0622 (An information disclosure vulnerability exists when the Microsoft Wind ...)
+ TODO: check
+CVE-2020-0621 (A security feature bypass vulnerability exists in Windows 10 when thir ...)
+ TODO: check
+CVE-2020-0620 (An elevation of privilege vulnerability exists when Microsoft Cryptogr ...)
+ TODO: check
CVE-2020-0619
RESERVED
CVE-2020-0618
RESERVED
-CVE-2020-0617
- RESERVED
-CVE-2020-0616
- RESERVED
-CVE-2020-0615
- RESERVED
-CVE-2020-0614
- RESERVED
-CVE-2020-0613
- RESERVED
-CVE-2020-0612
- RESERVED
-CVE-2020-0611
- RESERVED
-CVE-2020-0610
- RESERVED
-CVE-2020-0609
- RESERVED
-CVE-2020-0608
- RESERVED
-CVE-2020-0607
- RESERVED
-CVE-2020-0606
- RESERVED
-CVE-2020-0605
- RESERVED
+CVE-2020-0617 (A denial of service vulnerability exists when Microsoft Hyper-V Virtua ...)
+ TODO: check
+CVE-2020-0616 (A denial of service vulnerability exists when Windows improperly handl ...)
+ TODO: check
+CVE-2020-0615 (An information disclosure vulnerability exists in the Windows Common L ...)
+ TODO: check
+CVE-2020-0614 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0613 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-0612 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...)
+ TODO: check
+CVE-2020-0611 (A remote code execution vulnerability exists in the Windows Remote Des ...)
+ TODO: check
+CVE-2020-0610 (A remote code execution vulnerability exists in Windows Remote Desktop ...)
+ TODO: check
+CVE-2020-0609 (A remote code execution vulnerability exists in Windows Remote Desktop ...)
+ TODO: check
+CVE-2020-0608 (An information disclosure vulnerability exists when the win32k compone ...)
+ TODO: check
+CVE-2020-0607 (An information disclosure vulnerability exists in the way that Microso ...)
+ TODO: check
+CVE-2020-0606 (A remote code execution vulnerability exists in .NET software when the ...)
+ TODO: check
+CVE-2020-0605 (A remote code execution vulnerability exists in .NET software when the ...)
+ TODO: check
CVE-2020-0604
RESERVED
-CVE-2020-0603
- RESERVED
-CVE-2020-0602
- RESERVED
-CVE-2020-0601
- RESERVED
+CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core software ...)
+ TODO: check
+CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core improperly ...)
+ TODO: check
+CVE-2020-0601 (A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32. ...)
+ TODO: check
CVE-2019-18779
RESERVED
CVE-2019-18778
@@ -22319,9 +22329,9 @@ CVE-2019-17152
CVE-2019-17151 (This vulnerability allows remote attackers redirect users to an extern ...)
NOT-FOR-US: Tencent WeChat
CVE-2019-17150
- RESERVED
+ REJECTED
CVE-2019-17149
- RESERVED
+ REJECTED
CVE-2019-17148 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Parallels
CVE-2019-17147 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -23396,8 +23406,8 @@ CVE-2019-16785 (Waitress through version 1.3.1 implemented a "MAY" part of the R
[jessie] - waitress <no-dsa> (Minor issue)
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p
NOTE: https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba
-CVE-2019-16784
- RESERVED
+CVE-2019-16784 (In PyInstaller before version 3.6, only on Windows, a local privilege ...)
+ TODO: check
CVE-2019-16783
RESERVED
CVE-2019-16782 (There's a possible information leak / session hijack vulnerability in ...)
@@ -66555,7 +66565,8 @@ CVE-2019-2226 (In device_class_to_int of device_class.cc, there is a possible ou
NOT-FOR-US: Android
CVE-2019-2225 (When pairing with a Bluetooth device, it may be possible to pair a mal ...)
NOT-FOR-US: Android
-CVE-2019-2224 (In ReadMATImage of mat.c, there is a possible out of bounds write due ...)
+CVE-2019-2224
+ REJECTED
NOTE: Duplicate of CVE-2019-15140, reported to MITRE
CVE-2019-2223 (In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bo ...)
NOT-FOR-US: Android Media Framework
@@ -68421,8 +68432,8 @@ CVE-2018-19876 (cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c,
NOTE: and became vulnerable with freetype 2.9 which allows to define a different allocator. Partially
NOTE: fixed in https://gitlab.freedesktop.org/cairo/cairo/commit/c3659d7ef662b55949307ece7b1f613a7dc32620
NOTE: https://gitlab.freedesktop.org/cairo/cairo/commit/90e85c2493fdfa3551f202ff10282463f1e36645
-CVE-2018-1002104
- RESERVED
+CVE-2018-1002104 (Versions < 1.5 of the Kubernetes ingress default backend, which han ...)
+ TODO: check
CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Das ...)
NOT-FOR-US: minikube
CVE-2018-1002102 (Improper validation of URL redirection in the Kubernetes API server in ...)
@@ -162275,7 +162286,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi
CVE-2017-5716
REJECTED
CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and indir ...)
- {DSA-4213-1 DSA-4188-1 DSA-4187-1 DLA-1497-1 DLA-1422-1 DLA-1369-1}
+ {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-1497-1 DLA-1422-1 DLA-1369-1}
- linux 4.15.11-1
- intel-microcode 3.20180425.1
[stretch] - intel-microcode 3.20180425.1~deb9u1
@@ -187396,8 +187407,8 @@ CVE-2016-6594 (Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5
NOT-FOR-US: Blue Coat
CVE-2016-6593 (A code-execution vulnerability exists during startup in jhi.dll and ot ...)
NOT-FOR-US: Symantec VIP Access
-CVE-2016-6592
- RESERVED
+CVE-2016-6592 (A vulnerability was found in Symantec Norton Download Manager versions ...)
+ TODO: check
CVE-2016-6591 (A security bypass vulnerability exists in Symantec Norton App Lock 1.0 ...)
NOT-FOR-US: Symantec
CVE-2016-6590 (A privilege escalation vulnerability exists when loading DLLs during b ...)
@@ -301580,11 +301591,9 @@ CVE-2011-3204 (hammerhead.cc in Hammerhead 2.1.4 allows local users to write to
[lenny] - hammerhead <no-dsa> (Minor issue)
[squeeze] - hammerhead <no-dsa> (Minor issue)
NOTE: https://launchpad.net/bugs/826679
-CVE-2011-3203 [Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution]
- RESERVED
+CVE-2011-3203 (A Code Execution vulnerability exists the attachment parameter to inde ...)
NOT-FOR-US: Jcow
-CVE-2011-3202 [Jcow CMS 4.2 <= | Cross Site Scripting]
- RESERVED
+CVE-2011-3202 (A Cross-Site Scripting (XSS) vulnerability exists in the g parameter t ...)
NOT-FOR-US: Jcow
CVE-2011-3201 (GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...)
- evolution <unfixed> (unimportant)
@@ -301646,8 +301655,7 @@ CVE-2011-3185 (gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assiste
CVE-2011-3184 (The msn_httpconn_parse_data function in httpconn.c in the MSN protocol ...)
- pidgin 2.10.0-1 (unimportant)
NOTE: Only exploitable by a malicious MSN server to crash the client
-CVE-2011-3183
- RESERVED
+CVE-2011-3183 (A Cross-Site Scripting (XSS) vulnerability exists in the rcID paramete ...)
NOT-FOR-US: Concrete CMS
CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the mall ...)
{DSA-2408-1}
@@ -302513,11 +302521,9 @@ CVE-2011-2936 (Elgg through 1.7.10 has a SQL injection vulnerability ...)
- elgg <itp> (bug #526197)
CVE-2011-2935 (Elgg through 1.7.10 has XSS ...)
- elgg <itp> (bug #526197)
-CVE-2011-2934
- RESERVED
+CVE-2011-2934 (A Cross Site Request Forgery (CSRF) vulnerability exists in the admini ...)
NOT-FOR-US: WebsiteBaker
-CVE-2011-2933
- RESERVED
+CVE-2011-2933 (An Arbitrary File Upload vulnerability exists in admin/media/upload.ph ...)
NOT-FOR-US: WebsiteBaker
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...)
{DSA-2655-1}
@@ -303215,11 +303221,9 @@ CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote D
- busybox 1:1.20.0-3 (unimportant; bug #635548)
NOTE: the default action script of busybox is not vulnerable to this attack
NOTE: fixed in 1.20 (experimental). default script in udeb may be vulnerable.
-CVE-2011-2715
- RESERVED
+CVE-2011-2715 (An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0 ...)
NOT-FOR-US: Drupal data module
-CVE-2011-2714
- RESERVED
+CVE-2011-2714 (A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6 ...)
NOT-FOR-US: Drupal data module
CVE-2011-2713 (oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows u ...)
{DSA-2315-1}
@@ -303241,8 +303245,7 @@ CVE-2011-2708
REJECTED
CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Lin ...)
- linux-2.6 <not-affected> (xtensa arch not used in Debian)
-CVE-2011-2706
- RESERVED
+CVE-2011-2706 (A Cross-Site Scripting (XSS) vulnerability exists in the reorder admin ...)
NOT-FOR-US: sNews
CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby ...)
{DLA-235-1 DLA-88-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bba8e3177569193b91c23172d66c4aa1abb3db3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bba8e3177569193b91c23172d66c4aa1abb3db3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200115/e104b2ab/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list