[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 22 08:10:26 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
53ea6f13 by security tracker role at 2020-01-22T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,673 @@
+CVE-2020-7802
+ RESERVED
+CVE-2020-7801
+ RESERVED
+CVE-2020-7800
+ RESERVED
+CVE-2020-7799
+ RESERVED
+CVE-2020-7798
+ RESERVED
+CVE-2020-7797
+ RESERVED
+CVE-2020-7796
+ RESERVED
+CVE-2020-7795
+ RESERVED
+CVE-2020-7794
+ RESERVED
+CVE-2020-7793
+ RESERVED
+CVE-2020-7792
+ RESERVED
+CVE-2020-7791
+ RESERVED
+CVE-2020-7790
+ RESERVED
+CVE-2020-7789
+ RESERVED
+CVE-2020-7788
+ RESERVED
+CVE-2020-7787
+ RESERVED
+CVE-2020-7786
+ RESERVED
+CVE-2020-7785
+ RESERVED
+CVE-2020-7784
+ RESERVED
+CVE-2020-7783
+ RESERVED
+CVE-2020-7782
+ RESERVED
+CVE-2020-7781
+ RESERVED
+CVE-2020-7780
+ RESERVED
+CVE-2020-7779
+ RESERVED
+CVE-2020-7778
+ RESERVED
+CVE-2020-7777
+ RESERVED
+CVE-2020-7776
+ RESERVED
+CVE-2020-7775
+ RESERVED
+CVE-2020-7774
+ RESERVED
+CVE-2020-7773
+ RESERVED
+CVE-2020-7772
+ RESERVED
+CVE-2020-7771
+ RESERVED
+CVE-2020-7770
+ RESERVED
+CVE-2020-7769
+ RESERVED
+CVE-2020-7768
+ RESERVED
+CVE-2020-7767
+ RESERVED
+CVE-2020-7766
+ RESERVED
+CVE-2020-7765
+ RESERVED
+CVE-2020-7764
+ RESERVED
+CVE-2020-7763
+ RESERVED
+CVE-2020-7762
+ RESERVED
+CVE-2020-7761
+ RESERVED
+CVE-2020-7760
+ RESERVED
+CVE-2020-7759
+ RESERVED
+CVE-2020-7758
+ RESERVED
+CVE-2020-7757
+ RESERVED
+CVE-2020-7756
+ RESERVED
+CVE-2020-7755
+ RESERVED
+CVE-2020-7754
+ RESERVED
+CVE-2020-7753
+ RESERVED
+CVE-2020-7752
+ RESERVED
+CVE-2020-7751
+ RESERVED
+CVE-2020-7750
+ RESERVED
+CVE-2020-7749
+ RESERVED
+CVE-2020-7748
+ RESERVED
+CVE-2020-7747
+ RESERVED
+CVE-2020-7746
+ RESERVED
+CVE-2020-7745
+ RESERVED
+CVE-2020-7744
+ RESERVED
+CVE-2020-7743
+ RESERVED
+CVE-2020-7742
+ RESERVED
+CVE-2020-7741
+ RESERVED
+CVE-2020-7740
+ RESERVED
+CVE-2020-7739
+ RESERVED
+CVE-2020-7738
+ RESERVED
+CVE-2020-7737
+ RESERVED
+CVE-2020-7736
+ RESERVED
+CVE-2020-7735
+ RESERVED
+CVE-2020-7734
+ RESERVED
+CVE-2020-7733
+ RESERVED
+CVE-2020-7732
+ RESERVED
+CVE-2020-7731
+ RESERVED
+CVE-2020-7730
+ RESERVED
+CVE-2020-7729
+ RESERVED
+CVE-2020-7728
+ RESERVED
+CVE-2020-7727
+ RESERVED
+CVE-2020-7726
+ RESERVED
+CVE-2020-7725
+ RESERVED
+CVE-2020-7724
+ RESERVED
+CVE-2020-7723
+ RESERVED
+CVE-2020-7722
+ RESERVED
+CVE-2020-7721
+ RESERVED
+CVE-2020-7720
+ RESERVED
+CVE-2020-7719
+ RESERVED
+CVE-2020-7718
+ RESERVED
+CVE-2020-7717
+ RESERVED
+CVE-2020-7716
+ RESERVED
+CVE-2020-7715
+ RESERVED
+CVE-2020-7714
+ RESERVED
+CVE-2020-7713
+ RESERVED
+CVE-2020-7712
+ RESERVED
+CVE-2020-7711
+ RESERVED
+CVE-2020-7710
+ RESERVED
+CVE-2020-7709
+ RESERVED
+CVE-2020-7708
+ RESERVED
+CVE-2020-7707
+ RESERVED
+CVE-2020-7706
+ RESERVED
+CVE-2020-7705
+ RESERVED
+CVE-2020-7704
+ RESERVED
+CVE-2020-7703
+ RESERVED
+CVE-2020-7702
+ RESERVED
+CVE-2020-7701
+ RESERVED
+CVE-2020-7700
+ RESERVED
+CVE-2020-7699
+ RESERVED
+CVE-2020-7698
+ RESERVED
+CVE-2020-7697
+ RESERVED
+CVE-2020-7696
+ RESERVED
+CVE-2020-7695
+ RESERVED
+CVE-2020-7694
+ RESERVED
+CVE-2020-7693
+ RESERVED
+CVE-2020-7692
+ RESERVED
+CVE-2020-7691
+ RESERVED
+CVE-2020-7690
+ RESERVED
+CVE-2020-7689
+ RESERVED
+CVE-2020-7688
+ RESERVED
+CVE-2020-7687
+ RESERVED
+CVE-2020-7686
+ RESERVED
+CVE-2020-7685
+ RESERVED
+CVE-2020-7684
+ RESERVED
+CVE-2020-7683
+ RESERVED
+CVE-2020-7682
+ RESERVED
+CVE-2020-7681
+ RESERVED
+CVE-2020-7680
+ RESERVED
+CVE-2020-7679
+ RESERVED
+CVE-2020-7678
+ RESERVED
+CVE-2020-7677
+ RESERVED
+CVE-2020-7676
+ RESERVED
+CVE-2020-7675
+ RESERVED
+CVE-2020-7674
+ RESERVED
+CVE-2020-7673
+ RESERVED
+CVE-2020-7672
+ RESERVED
+CVE-2020-7671
+ RESERVED
+CVE-2020-7670
+ RESERVED
+CVE-2020-7669
+ RESERVED
+CVE-2020-7668
+ RESERVED
+CVE-2020-7667
+ RESERVED
+CVE-2020-7666
+ RESERVED
+CVE-2020-7665
+ RESERVED
+CVE-2020-7664
+ RESERVED
+CVE-2020-7663
+ RESERVED
+CVE-2020-7662
+ RESERVED
+CVE-2020-7661
+ RESERVED
+CVE-2020-7660
+ RESERVED
+CVE-2020-7659
+ RESERVED
+CVE-2020-7658
+ RESERVED
+CVE-2020-7657
+ RESERVED
+CVE-2020-7656
+ RESERVED
+CVE-2020-7655
+ RESERVED
+CVE-2020-7654
+ RESERVED
+CVE-2020-7653
+ RESERVED
+CVE-2020-7652
+ RESERVED
+CVE-2020-7651
+ RESERVED
+CVE-2020-7650
+ RESERVED
+CVE-2020-7649
+ RESERVED
+CVE-2020-7648
+ RESERVED
+CVE-2020-7647
+ RESERVED
+CVE-2020-7646
+ RESERVED
+CVE-2020-7645
+ RESERVED
+CVE-2020-7644
+ RESERVED
+CVE-2020-7643
+ RESERVED
+CVE-2020-7642
+ RESERVED
+CVE-2020-7641
+ RESERVED
+CVE-2020-7640
+ RESERVED
+CVE-2020-7639
+ RESERVED
+CVE-2020-7638
+ RESERVED
+CVE-2020-7637
+ RESERVED
+CVE-2020-7636
+ RESERVED
+CVE-2020-7635
+ RESERVED
+CVE-2020-7634
+ RESERVED
+CVE-2020-7633
+ RESERVED
+CVE-2020-7632
+ RESERVED
+CVE-2020-7631
+ RESERVED
+CVE-2020-7630
+ RESERVED
+CVE-2020-7629
+ RESERVED
+CVE-2020-7628
+ RESERVED
+CVE-2020-7627
+ RESERVED
+CVE-2020-7626
+ RESERVED
+CVE-2020-7625
+ RESERVED
+CVE-2020-7624
+ RESERVED
+CVE-2020-7623
+ RESERVED
+CVE-2020-7622
+ RESERVED
+CVE-2020-7621
+ RESERVED
+CVE-2020-7620
+ RESERVED
+CVE-2020-7619
+ RESERVED
+CVE-2020-7618
+ RESERVED
+CVE-2020-7617
+ RESERVED
+CVE-2020-7616
+ RESERVED
+CVE-2020-7615
+ RESERVED
+CVE-2020-7614
+ RESERVED
+CVE-2020-7613
+ RESERVED
+CVE-2020-7612
+ RESERVED
+CVE-2020-7611
+ RESERVED
+CVE-2020-7610
+ RESERVED
+CVE-2020-7609
+ RESERVED
+CVE-2020-7608
+ RESERVED
+CVE-2020-7607
+ RESERVED
+CVE-2020-7606
+ RESERVED
+CVE-2020-7605
+ RESERVED
+CVE-2020-7604
+ RESERVED
+CVE-2020-7603
+ RESERVED
+CVE-2020-7602
+ RESERVED
+CVE-2020-7601
+ RESERVED
+CVE-2020-7600
+ RESERVED
+CVE-2020-7599
+ RESERVED
+CVE-2020-7598
+ RESERVED
+CVE-2020-7597
+ RESERVED
+CVE-2020-7596
+ RESERVED
+CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
+ TODO: check
+CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...)
+ TODO: check
+CVE-2020-7593
+ RESERVED
+CVE-2020-7592
+ RESERVED
+CVE-2020-7591
+ RESERVED
+CVE-2020-7590
+ RESERVED
+CVE-2020-7589
+ RESERVED
+CVE-2020-7588
+ RESERVED
+CVE-2020-7587
+ RESERVED
+CVE-2020-7586
+ RESERVED
+CVE-2020-7585
+ RESERVED
+CVE-2020-7584
+ RESERVED
+CVE-2020-7583
+ RESERVED
+CVE-2020-7582
+ RESERVED
+CVE-2020-7581
+ RESERVED
+CVE-2020-7580
+ RESERVED
+CVE-2020-7579
+ RESERVED
+CVE-2020-7578
+ RESERVED
+CVE-2020-7577
+ RESERVED
+CVE-2020-7576
+ RESERVED
+CVE-2020-7575
+ RESERVED
+CVE-2020-7574
+ RESERVED
+CVE-2020-7573
+ RESERVED
+CVE-2020-7572
+ RESERVED
+CVE-2020-7571
+ RESERVED
+CVE-2020-7570
+ RESERVED
+CVE-2020-7569
+ RESERVED
+CVE-2020-7568
+ RESERVED
+CVE-2020-7567
+ RESERVED
+CVE-2020-7566
+ RESERVED
+CVE-2020-7565
+ RESERVED
+CVE-2020-7564
+ RESERVED
+CVE-2020-7563
+ RESERVED
+CVE-2020-7562
+ RESERVED
+CVE-2020-7561
+ RESERVED
+CVE-2020-7560
+ RESERVED
+CVE-2020-7559
+ RESERVED
+CVE-2020-7558
+ RESERVED
+CVE-2020-7557
+ RESERVED
+CVE-2020-7556
+ RESERVED
+CVE-2020-7555
+ RESERVED
+CVE-2020-7554
+ RESERVED
+CVE-2020-7553
+ RESERVED
+CVE-2020-7552
+ RESERVED
+CVE-2020-7551
+ RESERVED
+CVE-2020-7550
+ RESERVED
+CVE-2020-7549
+ RESERVED
+CVE-2020-7548
+ RESERVED
+CVE-2020-7547
+ RESERVED
+CVE-2020-7546
+ RESERVED
+CVE-2020-7545
+ RESERVED
+CVE-2020-7544
+ RESERVED
+CVE-2020-7543
+ RESERVED
+CVE-2020-7542
+ RESERVED
+CVE-2020-7541
+ RESERVED
+CVE-2020-7540
+ RESERVED
+CVE-2020-7539
+ RESERVED
+CVE-2020-7538
+ RESERVED
+CVE-2020-7537
+ RESERVED
+CVE-2020-7536
+ RESERVED
+CVE-2020-7535
+ RESERVED
+CVE-2020-7534
+ RESERVED
+CVE-2020-7533
+ RESERVED
+CVE-2020-7532
+ RESERVED
+CVE-2020-7531
+ RESERVED
+CVE-2020-7530
+ RESERVED
+CVE-2020-7529
+ RESERVED
+CVE-2020-7528
+ RESERVED
+CVE-2020-7527
+ RESERVED
+CVE-2020-7526
+ RESERVED
+CVE-2020-7525
+ RESERVED
+CVE-2020-7524
+ RESERVED
+CVE-2020-7523
+ RESERVED
+CVE-2020-7522
+ RESERVED
+CVE-2020-7521
+ RESERVED
+CVE-2020-7520
+ RESERVED
+CVE-2020-7519
+ RESERVED
+CVE-2020-7518
+ RESERVED
+CVE-2020-7517
+ RESERVED
+CVE-2020-7516
+ RESERVED
+CVE-2020-7515
+ RESERVED
+CVE-2020-7514
+ RESERVED
+CVE-2020-7513
+ RESERVED
+CVE-2020-7512
+ RESERVED
+CVE-2020-7511
+ RESERVED
+CVE-2020-7510
+ RESERVED
+CVE-2020-7509
+ RESERVED
+CVE-2020-7508
+ RESERVED
+CVE-2020-7507
+ RESERVED
+CVE-2020-7506
+ RESERVED
+CVE-2020-7505
+ RESERVED
+CVE-2020-7504
+ RESERVED
+CVE-2020-7503
+ RESERVED
+CVE-2020-7502
+ RESERVED
+CVE-2020-7501
+ RESERVED
+CVE-2020-7500
+ RESERVED
+CVE-2020-7499
+ RESERVED
+CVE-2020-7498
+ RESERVED
+CVE-2020-7497
+ RESERVED
+CVE-2020-7496
+ RESERVED
+CVE-2020-7495
+ RESERVED
+CVE-2020-7494
+ RESERVED
+CVE-2020-7493
+ RESERVED
+CVE-2020-7492
+ RESERVED
+CVE-2020-7491
+ RESERVED
+CVE-2020-7490
+ RESERVED
+CVE-2020-7489
+ RESERVED
+CVE-2020-7488
+ RESERVED
+CVE-2020-7487
+ RESERVED
+CVE-2020-7486
+ RESERVED
+CVE-2020-7485
+ RESERVED
+CVE-2020-7484
+ RESERVED
+CVE-2020-7483
+ RESERVED
+CVE-2020-7482
+ RESERVED
+CVE-2020-7481
+ RESERVED
+CVE-2020-7480
+ RESERVED
+CVE-2020-7479
+ RESERVED
+CVE-2020-7478
+ RESERVED
+CVE-2020-7477
+ RESERVED
+CVE-2020-7476
+ RESERVED
+CVE-2020-7475
+ RESERVED
+CVE-2020-7474
+ RESERVED
+CVE-2020-7473
+ RESERVED
+CVE-2020-7472
+ RESERVED
+CVE-2019-20390
+ RESERVED
+CVE-2019-20389
+ RESERVED
+CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...)
+ TODO: check
+CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...)
+ TODO: check
CVE-2020-7471
RESERVED
CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the ...)
@@ -905,8 +1575,7 @@ CVE-2020-7042
RESERVED
CVE-2020-7041
RESERVED
-CVE-2020-7040 [storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock]
- RESERVED
+CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...)
- storebackup <unfixed> (bug #949393)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1156767
NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3
@@ -1772,8 +2441,8 @@ CVE-2020-6640
RESERVED
CVE-2020-6639
RESERVED
-CVE-2020-6638
- RESERVED
+CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...)
+ TODO: check
CVE-2020-6637
RESERVED
CVE-2020-6636
@@ -4177,7 +4846,7 @@ CVE-2020-5500
CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...)
NOT-FOR-US: Baidu Rust SGX SDK
CVE-2020-5498
- RESERVED
+ REJECTED
CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect throug ...)
NOT-FOR-US: MITREid Connect
CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...)
@@ -8702,8 +9371,7 @@ CVE-2019-19888 (jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-
NOT-FOR-US: ffjpeg
CVE-2019-19887 (bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointe ...)
NOT-FOR-US: ffjpeg
-CVE-2019-19886
- RESERVED
+CVE-2019-19886 (Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send c ...)
- modsecurity 3.0.4-1
[buster] - modsecurity <no-dsa> (Minor issue)
NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2202
@@ -10540,7 +11208,7 @@ CVE-2019-19742 (On D-Link DIR-615 devices, the User Account Configuration page i
NOT-FOR-US: D-Link
CVE-2019-19741
RESERVED
-CVE-2019-19740 (Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Ca ...)
+CVE-2019-19740 (Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignI ...)
NOT-FOR-US: Octeth Oempro
CVE-2019-19739 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag o ...)
NOT-FOR-US: MFScripts YetiShare
@@ -11994,7 +12662,7 @@ CVE-2019-19683 (RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable t
NOT-FOR-US: RoxyFileman in nopCommerce
CVE-2019-19682 (nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the co ...)
NOT-FOR-US: nopCommerce
-CVE-2019-19681 (Pandora FMS 7.x suffers from remote code execution vulnerability. With ...)
+CVE-2019-19681 (** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vuln ...)
NOT-FOR-US: Pandora FMS
CVE-2019-19680 (A file-extension filtering vulnerability in Proofpoint Enterprise Prot ...)
NOT-FOR-US: ProofPoint Protection Server Email Firewall
@@ -13357,6 +14025,7 @@ CVE-2019-19557
CVE-2019-19556
RESERVED
CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buf ...)
+ {DLA-2073-1}
- fig2dev 1:3.2.7b-2 (unimportant; bug #946176)
- transfig <removed> (unimportant)
NOTE: https://sourceforge.net/p/mcj/tickets/55/
@@ -13934,7 +14603,7 @@ CVE-2020-1812
RESERVED
CVE-2020-1811
RESERVED
-CVE-2020-1810 (Huawei products CloudEngine 12800;S5700;S6700 have a weak algorithm vu ...)
+CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...)
NOT-FOR-US: Huawei
CVE-2020-1809
RESERVED
@@ -13978,8 +14647,8 @@ CVE-2020-1790
RESERVED
CVE-2020-1789
RESERVED
-CVE-2020-1788
- RESERVED
+CVE-2020-1788 (Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P ...)
+ TODO: check
CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...)
NOT-FOR-US: Huawei
CVE-2020-1786 (HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69 ...)
@@ -14099,10 +14768,10 @@ CVE-2019-19416
RESERVED
CVE-2019-19415
RESERVED
-CVE-2019-19414
- RESERVED
-CVE-2019-19413
- RESERVED
+CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of some Huaw ...)
+ TODO: check
+CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of some Huaw ...)
+ TODO: check
CVE-2019-19412
RESERVED
CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...)
@@ -19187,8 +19856,8 @@ CVE-2019-18428
RESERVED
CVE-2019-18427
RESERVED
-CVE-2019-18426
- RESERVED
+CVE-2019-18426 (A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when pa ...)
+ TODO: check
CVE-2019-18425 (An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest ...)
{DSA-4602-1}
- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
@@ -22053,8 +22722,8 @@ CVE-2019-17586
RESERVED
CVE-2019-17585
RESERVED
-CVE-2019-17584
- RESERVED
+CVE-2019-17584 (The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which all ...)
+ TODO: check
CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of se ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2019-17582
@@ -22239,7 +22908,7 @@ CVE-2019-17547 (In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecf7c6b288e11e7e7f75387c5e9e93e423b98397
CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ...)
- {DLA-2009-1}
+ {DSA-4608-1 DLA-2009-1}
- gdal <unfixed> (unimportant)
- tiff 4.0.10+git190818-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443
@@ -24316,8 +24985,8 @@ CVE-2019-16793
RESERVED
CVE-2019-16792
RESERVED
-CVE-2019-16791
- RESERVED
+CVE-2019-16791 (In postfix-mta-sts-resolver before 0.5.1, All users can receive incorr ...)
+ TODO: check
CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...)
NOT-FOR-US: Tiny File Manager
CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front ...)
@@ -29743,7 +30412,7 @@ CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in
CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.h ...)
NOT-FOR-US: SugarCRM
CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...)
- {DLA-1897-1}
+ {DSA-4608-1 DLA-1897-1}
- tiff 4.0.10+git190814-1 (low; bug #934780)
[stretch] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
@@ -32589,6 +33258,7 @@ CVE-2019-14277 (** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x thr
CVE-2019-14276 (WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. ...)
NOT-FOR-US: WUSTL XNAT
CVE-2019-14275 (Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arro ...)
+ {DLA-2073-1}
- fig2dev 1:3.2.7a-7 (unimportant; bug #933075)
[buster] - fig2dev 1:3.2.7a-5+deb10u1
[stretch] - fig2dev 1:3.2.6a-2+deb9u2
@@ -38223,8 +38893,8 @@ CVE-2019-12492 (Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961
NOT-FOR-US: Gallagher Command Centre
CVE-2019-12491 (OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to r ...)
NOT-FOR-US: OnApp
-CVE-2019-12490
- RESERVED
+CVE-2019-12490 (An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. ...)
+ TODO: check
CVE-2019-12489 (An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Aske ...)
NOT-FOR-US: Fastweb Askey RTV1907VW devices
CVE-2019-12488
@@ -77789,8 +78459,8 @@ CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig before
NOT-FOR-US: ISPConfig
CVE-2018-17982
RESERVED
-CVE-2018-17981
- RESERVED
+CVE-2018-17981 (Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the int ...)
+ TODO: check
CVE-2018-17980 (NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain ...)
NOT-FOR-US: NoMachine
CVE-2015-9273 (The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for Wor ...)
@@ -82609,6 +83279,7 @@ CVE-2018-16142 (PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www
CVE-2018-16141 (ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_ava ...)
NOT-FOR-US: ThinkCMF
CVE-2018-16140 (A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3. ...)
+ {DLA-2073-1}
- fig2dev 1:3.2.7a-3 (unimportant; bug #907660)
- transfig <removed> (unimportant)
NOTE: https://sourceforge.net/p/mcj/tickets/28/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53ea6f1352c9b6b63b64ed07eaba88f42b604749
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53ea6f1352c9b6b63b64ed07eaba88f42b604749
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200122/33990d75/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list