[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 17 20:10:33 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc61daf8 by security tracker role at 2020-01-17T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -731,8 +731,8 @@ CVE-2020-6864
RESERVED
CVE-2020-6863
RESERVED
-CVE-2020-6862
- RESERVED
+CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Informati ...)
+ TODO: check
CVE-2020-6861
RESERVED
CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...)
@@ -3834,8 +3834,8 @@ CVE-2020-5399
RESERVED
CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...)
TODO: check
-CVE-2020-5397
- RESERVED
+CVE-2020-5397 (Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ...)
+ TODO: check
CVE-2020-5396
RESERVED
CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...)
@@ -7209,8 +7209,8 @@ CVE-2020-3942
RESERVED
CVE-2020-3941 (The repair operation of VMware Tools for Windows 10.x.y has a race con ...)
NOT-FOR-US: VMware Tools for Windows
-CVE-2020-3940
- RESERVED
+CVE-2020-3940 (VMware Workspace ONE SDK and dependent mobile application updates addr ...)
+ TODO: check
CVE-2019-20149 (ctorName in index.js in kind-of v6.0.2 allows external user input to o ...)
- node-kind-of 6.0.3+dfsg-1 (bug #948095)
[buster] - node-kind-of <no-dsa> (Minor issue; can be fixed via point release)
@@ -7588,8 +7588,8 @@ CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
NOT-FOR-US: ezXML
CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the ...)
NOT-FOR-US: Intelbras
-CVE-2019-20003
- RESERVED
+CVE-2019-20003 (Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored ...)
+ TODO: check
CVE-2019-20002
RESERVED
CVE-2019-20001
@@ -7665,11 +7665,13 @@ CVE-2019-19977 (libESMTP through 1.0.6 mishandles domain copying into a fixed-si
NOTE: https://github.com/Kirin-say/Vulnerabilities/blob/master/Stack_Overflow_in_libesmtp.md
NOTE: NTLM support not enabled in the Debian builds.
CVE-2019-19966 (In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_e ...)
+ {DLA-2068-1}
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.184-1
NOTE: https://git.kernel.org/linus/dea37a97265588da604c6ba80160a287b72c7bfd
CVE-2019-19965 (In the Linux kernel through 5.4.6, there is a NULL pointer dereference ...)
+ {DLA-2068-1}
- linux <unfixed>
NOTE: https://git.kernel.org/linus/f70267f379b5e5e11bdc5d72a56bf17e5feed01f
CVE-2019-19964
@@ -7745,6 +7747,7 @@ CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overfl
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c (7.x)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54 (6.x)
CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks of unin ...)
+ {DLA-2068-1}
- linux 5.4.8-1
NOTE: https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9
CVE-2019-19946
@@ -7809,6 +7812,7 @@ CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35
CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quo ...)
+ {DLA-2068-1}
- linux 5.3.9-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425
@@ -9913,6 +9917,7 @@ CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is a use-after-free (read)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711
CVE-2019-19767 (The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as d ...)
+ {DLA-2068-1}
- linux 5.3.15-1
NOTE: https://git.kernel.org/linus/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
CVE-2019-19766 (The Bitwarden server through 1.32.0 has a potentially unwanted KDF. ...)
@@ -12850,9 +12855,11 @@ CVE-2019-19539
CVE-2019-19538
RESERVED
CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...)
+ {DLA-2068-1}
- linux 5.2.17-1
NOTE: https://git.kernel.org/linus/303911cfc5b95d33687d9046133ff184cf5043ff
CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...)
+ {DLA-2068-1}
- linux 5.2.9-1
[buster] - linux 4.19.67-1
NOTE: https://git.kernel.org/linus/ead16e53c2f0ed946d82d4037c630e2f60f4ab69
@@ -12862,19 +12869,24 @@ CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/30a8beeb3042f49d0537b7050fd21b490166a3d9
CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can ...)
+ {DLA-2068-1}
- linux 5.3.15-1
NOTE: https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd
CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...)
+ {DLA-2068-1}
- linux 5.3.7-1
NOTE: https://git.kernel.org/linus/a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1
CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...)
+ {DLA-2068-1}
- linux 5.3.9-1
NOTE: https://git.kernel.org/linus/d9d4b1e46d9543a82c23f6df03f4ad697dab361b
CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...)
+ {DLA-2068-1}
- linux 5.2.9-1
[buster] - linux 4.19.67-1
NOTE: https://git.kernel.org/linus/fc05481b2fcabaaeccf63e32ac1baab54e5b6963
CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...)
+ {DLA-2068-1}
- linux 5.2.17-1
NOTE: https://git.kernel.org/linus/c52873e5a1ef72f845526d9f6a50704433f9c625
CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that ...)
@@ -12888,6 +12900,7 @@ CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/edc4746f253d907d048de680a621e121517f484b
CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...)
+ {DLA-2068-1}
- linux 5.2.17-1
NOTE: https://git.kernel.org/linus/6d4472d7bec39917b54e4e80245784ea5d60ce49
NOTE: https://git.kernel.org/linus/9c09b214f30e3c11f9b0b03f89442df03643794d
@@ -12901,9 +12914,11 @@ CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7fd25e6fc035f4b04b75bca6d7e8daa069603a76
CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that ...)
+ {DLA-2068-1}
- linux 5.3.15-1
NOTE: https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86
CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...)
+ {DLA-2068-1}
- linux 5.3.7-1
NOTE: https://git.kernel.org/linus/44efc269db7929f6275a1fa927ef082e533ecde0
CVE-2019-19522 (OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey aut ...)
@@ -13877,8 +13892,7 @@ CVE-2019-19341 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2,
NOT-FOR-US: Ansible Tower
CVE-2019-19340 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...)
NOT-FOR-US: Ansible Tower
-CVE-2019-19339
- RESERVED
+CVE-2019-19339 (It was found that the Red Hat Enterprise Linux 8 kpatch update did not ...)
NOT-FOR-US: Red Hat specific kpatch update which was incomplete to address CVE-2018-12207
CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)]
RESERVED
@@ -13902,6 +13916,7 @@ CVE-2019-19333 (In all versions of libyang before 1.0-r5, a stack-based buffer o
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d
CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kernel, ver ...)
+ {DLA-2068-1}
- linux 5.4.6-1
NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e
CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service ...)
@@ -14219,6 +14234,7 @@ CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius Solar Inverter devices befo
CVE-2019-19228 (Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attacke ...)
NOT-FOR-US: Fronius Solar Inverter devices
CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1, there is a ...)
+ {DLA-2068-1}
- linux 5.2.6-1
NOTE: https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc
CVE-2019-19226
@@ -14626,6 +14642,7 @@ CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function i
- linux 5.3.9-1 (unimportant)
NOTE: https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/ ...)
+ {DLA-2068-1}
- linux <unfixed>
CVE-2019-19065 (A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi ...)
- linux 5.3.9-1
@@ -14637,6 +14654,7 @@ CVE-2019-19064 (** DISPUTED ** A memory leak in the fsl_lpspi_probe() function i
CVE-2019-19063 (Two memory leaks in the rtl_usb_probe() function in drivers/net/wirele ...)
- linux 5.4.8-1 (unimportant)
CVE-2019-19062 (A memory leak in the crypto_report() function in crypto/crypto_user_ba ...)
+ {DLA-2068-1}
- linux 5.4.6-1
CVE-2019-19061 (A memory leak in the adis_update_scan_mode_burst() function in drivers ...)
- linux 5.3.9-1 (unimportant)
@@ -14655,8 +14673,10 @@ CVE-2019-19058 (A memory leak in the alloc_sgtable() function in drivers/net/wir
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b4b814fec1a5a849383f7b3886b654a13abbda7d
CVE-2019-19057 (Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drive ...)
+ {DLA-2068-1}
- linux 5.4.8-1
CVE-2019-19056 (A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drive ...)
+ {DLA-2068-1}
- linux <unfixed>
CVE-2019-19055 (** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() ...)
- linux 5.4.6-1 (unimportant)
@@ -14673,9 +14693,11 @@ CVE-2019-19053 (A memory leak in the rpmsg_eptdev_write_iter() function in drive
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19052 (A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_ ...)
+ {DLA-2068-1}
- linux 5.3.15-1
NOTE: https://git.kernel.org/linus/fb5be6a7b4863ecc44963bb80ca614584b6c7817
CVE-2019-19051 (A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/ ...)
+ {DLA-2068-1}
- linux 5.3.15-1
NOTE: https://git.kernel.org/linus/6f3ef5c25cc762687a7341c18cbea5af54461407
CVE-2019-19050 (A memory leak in the crypto_reportstat() function in crypto/crypto_use ...)
@@ -21167,6 +21189,7 @@ CVE-2019-17668 (Samsung Galaxy S10 and Note10 devices allow unlock operations vi
CVE-2019-17667 (Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML inj ...)
NOT-FOR-US: Comtech H8 Heights Remote Gateway devices
CVE-2019-17666 (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Lin ...)
+ {DLA-2068-1}
- linux 5.3.9-1
NOTE: https://lkml.org/lkml/2019/10/16/1226
CVE-2019-17665 (NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it load ...)
@@ -21229,10 +21252,10 @@ CVE-2019-17637
RESERVED
CVE-2019-17636
RESERVED
-CVE-2019-17635
- RESERVED
-CVE-2019-17634
- RESERVED
+CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...)
+ TODO: check
+CVE-2019-17634 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cros ...)
+ TODO: check
CVE-2019-17633 (For Eclipse Che versions 6.16 to 7.3.0, with both authentication and T ...)
NOT-FOR-US: Eclipse Che
CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...)
@@ -22675,18 +22698,19 @@ CVE-2019-17131 (vBulletin before 5.5.4 allows clickjacking. ...)
CVE-2019-17130 (vBulletin through 5.5.4 mishandles external URLs within the /core/vb/v ...)
NOT-FOR-US: vBulletin
CVE-2019-17133 (In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/w ...)
+ {DLA-2068-1}
- linux 5.3.9-1
NOTE: https://marc.info/?l=linux-wireless&m=157018270915487&w=2
CVE-2019-17129
RESERVED
CVE-2019-17128 (Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection ...)
NOT-FOR-US: Netreo OmniCenter
-CVE-2019-17127
- RESERVED
+CVE-2019-17127 (A Stored Client Side Template Injection (CSTI) with Angular was discov ...)
+ TODO: check
CVE-2019-17126
RESERVED
-CVE-2019-17125
- RESERVED
+CVE-2019-17125 (A Reflected Client Side Template Injection (CSTI) with Angular was dis ...)
+ TODO: check
CVE-2019-17124 (Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. ...)
NOT-FOR-US: Kramer VIAware
CVE-2019-17123 (The eGain Web Email API 11+ allows spoofed messages because the fromNa ...)
@@ -22855,18 +22879,23 @@ CVE-2019-17058 (Footy Tipping Software AFL Web Edition 2019 allows arbitrary fil
CVE-2019-17057 (Footy Tipping Software AFL Web Edition 2019 allows XSS. ...)
NOT-FOR-US: Footy Tipping Software AFL Web Edition
CVE-2019-17056 (llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module i ...)
+ {DLA-2068-1}
- linux 5.3.7-1
NOTE: https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104
CVE-2019-17055 (base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network ...)
+ {DLA-2068-1}
- linux 5.3.7-1
NOTE: https://git.kernel.org/linus/b91ee4aa2a2199ba4d4650706c272985a5a32d80
CVE-2019-17054 (atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module ...)
+ {DLA-2068-1}
- linux 5.3.7-1
NOTE: https://git.kernel.org/linus/6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac
CVE-2019-17053 (ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 netw ...)
+ {DLA-2068-1}
- linux 5.3.7-1
NOTE: https://git.kernel.org/linus/e69dbd4619e7674c1679cba49afd9dd9ac347eef
CVE-2019-17052 (ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the ...)
+ {DLA-2068-1}
- linux 5.3.7-1
NOTE: https://git.kernel.org/linus/0614e2b73768b502fc32a75349823356d98aae2c
CVE-2019-17051 (Evernote before 7.13 GA on macOS allows code execution because the com ...)
@@ -23855,6 +23884,7 @@ CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML mutation
[stretch] - dompurify.js <ignored> (Minor issue)
NOTE: https://research.securitum.com/dompurify-bypass-using-mxss/
CVE-2019-16746 (An issue was discovered in net/wireless/nl80211.c in the Linux kernel ...)
+ {DLA-2068-1}
- linux 5.3.7-1
NOTE: https://marc.info/?l=linux-wireless&m=156901391225058&w=2
CVE-2019-16727
@@ -26308,10 +26338,10 @@ CVE-2019-15857
RESERVED
CVE-2019-15856
RESERVED
-CVE-2019-15855
- RESERVED
-CVE-2019-15854
- RESERVED
+CVE-2019-15855 (An issue was discovered in Maarch RM before 2.5. A path traversal vuln ...)
+ TODO: check
+CVE-2019-15854 (An issue was discovered in Maarch RM before 2.5. A privilege escalatio ...)
+ TODO: check
CVE-2019-15853
RESERVED
CVE-2019-15852
@@ -27372,6 +27402,7 @@ CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web requ
CVE-2019-15506 (An issue was discovered in Kaseya Virtual System Administrator (VSA) t ...)
NOT-FOR-US: Kaseya Virtual System Administrator (VSA)
CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...)
+ {DLA-2068-1}
- linux 5.2.17-1
CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2 ...)
- linux 5.2.17-1
@@ -28062,6 +28093,7 @@ CVE-2019-15292 (An issue was discovered in the Linux kernel before 5.0.9. There
- linux 4.19.37-1
[stretch] - linux 4.9.184-1
CVE-2019-15291 (An issue was discovered in the Linux kernel through 5.2.9. There is a ...)
+ {DLA-2068-1}
- linux 5.3.15-1
NOTE: https://www.openwall.com/lists/oss-security/2019/08/20/2
CVE-2019-15290
@@ -28141,6 +28173,7 @@ CVE-2019-15218 (An issue was discovered in the Linux kernel before 5.1.8. There
[stretch] - linux 4.9.184-1
NOTE: https://git.kernel.org/linus/31e0456de5be379b10fea0fa94a681057114a96e
CVE-2019-15217 (An issue was discovered in the Linux kernel before 5.2.3. There is a N ...)
+ {DLA-2068-1}
- linux 5.2.6-1
NOTE: https://git.kernel.org/linus/5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e
CVE-2019-15216 (An issue was discovered in the Linux kernel before 5.0.14. There is a ...)
@@ -28727,6 +28760,7 @@ CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel throug
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike@gmail.com/T/#u
CVE-2019-15098 (drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2. ...)
+ {DLA-2068-1}
- linux 5.3.7-1
NOTE: https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u
CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux k ...)
@@ -29378,6 +29412,7 @@ CVE-2019-14903
CVE-2019-14902
RESERVED
CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all versions 3.x.x ...)
+ {DLA-2068-1}
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/2
CVE-2019-14900
@@ -29388,12 +29423,15 @@ CVE-2019-14898 [RHEL-7 specific incompete fix issue for CVE-2019-11599]
RESERVED
- linux <not-affected> (RHEL-7 specific incomplete fix for CVE-2019-11599)
CVE-2019-14897 (A stack-based buffer overflow was found in the Linux kernel, version k ...)
+ {DLA-2068-1}
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
CVE-2019-14896 (A heap-based buffer overflow vulnerability was found in the Linux kern ...)
+ {DLA-2068-1}
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
CVE-2019-14895 (A heap-based buffer overflow was discovered in the Linux kernel, all v ...)
+ {DLA-2068-1}
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
CVE-2019-14894
@@ -30274,8 +30312,8 @@ CVE-2019-14631
RESERVED
CVE-2019-14630
RESERVED
-CVE-2019-14629
- RESERVED
+CVE-2019-14629 (Improper permissions in Intel(R) DAAL before version 2020 Gold may all ...)
+ TODO: check
CVE-2019-14628
RESERVED
CVE-2019-14627
@@ -30302,15 +30340,14 @@ CVE-2019-14617
RESERVED
CVE-2019-14616
RESERVED
-CVE-2019-14615
- RESERVED
+CVE-2019-14615 (Insufficient control flow in certain data structures for some Intel(R) ...)
- linux <unfixed>
[jessie] - linux <not-affected> (Driver doesn't support this hardware)
NOTE: https://git.kernel.org/linus/bc8a76a152c5f9ef3b48104154a65a68a8b76946
CVE-2019-14614
RESERVED
-CVE-2019-14613
- RESERVED
+CVE-2019-14613 (Improper access control in driver for Intel(R) VTune(TM) Amplifier for ...)
+ TODO: check
CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow a privil ...)
NOT-FOR-US: Intel
CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a privilege ...)
@@ -30335,18 +30372,18 @@ CVE-2019-14603 (Improper permissions in the installer for the License Server sof
NOT-FOR-US: Intel
CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR Driver vers ...)
NOT-FOR-US: Nuvoton* CIR Driver
-CVE-2019-14601
- RESERVED
-CVE-2019-14600
- RESERVED
+CVE-2019-14601 (Improper permissions in the installer for Intel(R) RWC 3 for Windows b ...)
+ TODO: check
+CVE-2019-14600 (Uncontrolled search path element in the installer for Intel(R) SNMP Su ...)
+ TODO: check
CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier ...)
NOT-FOR-US: Intel
CVE-2019-14598
RESERVED
CVE-2019-14597
RESERVED
-CVE-2019-14596
- RESERVED
+CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset Device S ...)
+ TODO: check
CVE-2019-14595
RESERVED
CVE-2019-14594
@@ -41959,12 +41996,12 @@ CVE-2019-10960 (Zebra Industrial Printers All Versions, Zebra printers are shipp
NOT-FOR-US: Zebra Industrial Printers
CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build ...)
NOT-FOR-US: BD Alaris Gateway
-CVE-2019-10958
- RESERVED
-CVE-2019-10957
- RESERVED
-CVE-2019-10956
- RESERVED
+CVE-2019-10958 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...)
+ TODO: check
+CVE-2019-10957 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...)
+ TODO: check
+CVE-2019-10956 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...)
+ TODO: check
CVE-2019-10955 (In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versi ...)
NOT-FOR-US: Rockwell Automation
CVE-2019-10954 (An attacker could send crafted SMTP packets to cause a denial-of-servi ...)
@@ -43831,6 +43868,7 @@ CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as the
CVE-2019-10221
RESERVED
CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a rel ...)
+ {DLA-2068-1}
- linux 5.3.9-1
CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml validat ...)
- libhibernate-validator-java <unfixed> (bug #948235)
@@ -61613,16 +61651,16 @@ CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Ent
- squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root)
CVE-2019-3687
RESERVED
-CVE-2019-3686
- RESERVED
+CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...)
+ TODO: check
CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...)
- osc <not-affected> (Affects 0.165.x only, bug #941667)
CVE-2019-3684 (SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a71 ...)
NOT-FOR-US: SUSE Manager
-CVE-2019-3683
- RESERVED
-CVE-2019-3682
- RESERVED
+CVE-2019-3683 (The keystone-json-assignment package in SUSE Openstack Cloud 8 before ...)
+ TODO: check
+CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7 ...)
+ TODO: check
CVE-2019-3681
RESERVED
CVE-2019-3680
@@ -66891,6 +66929,7 @@ CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory co
CVE-2019-2216
RESERVED
CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an ...)
+ {DLA-2068-1}
- linux 4.15.4-1
NOTE: Fixed by: https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f
CVE-2019-2214 (In binder_transaction of binder.c, there is a possible out of bounds w ...)
@@ -355849,7 +355888,7 @@ CVE-2007-6072
CVE-2007-6071
RESERVED
CVE-2007-6070
- RESERVED
+ REJECTED
CVE-2007-6069
RESERVED
CVE-2007-6068
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc61daf80b88f5b6f2e420d96bd2c96a8e27667c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc61daf80b88f5b6f2e420d96bd2c96a8e27667c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200117/30d260b5/attachment.html>
More information about the debian-security-tracker-commits
mailing list