[Git][security-tracker-team/security-tracker][master] automatic update

Thu Jan 30 08:10:25 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d5152cb3 by security tracker role at 2020-01-30T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
+	TODO: check
+CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
+	TODO: check
+CVE-2020-8446 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
+	TODO: check
+CVE-2020-8445 (In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-ana ...)
+	TODO: check
+CVE-2020-8444 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
+	TODO: check
+CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
+	TODO: check
+CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
+	TODO: check
+CVE-2020-8441
+	RESERVED
+CVE-2020-8440
+	RESERVED
+CVE-2020-8439
+	RESERVED
+CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...)
+	TODO: check
+CVE-2020-8437
+	RESERVED
+CVE-2020-8436
+	RESERVED
+CVE-2020-8435
+	RESERVED
+CVE-2020-8434
+	RESERVED
+CVE-2020-8433
+	RESERVED
+CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length  ...)
+	TODO: check
+CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...)
+	TODO: check
 CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...)
 	- u-boot <unfixed> (low)
 	[buster] - u-boot <no-dsa> (Minor issue)
@@ -10425,6 +10461,7 @@ CVE-2019-19955
 CVE-2019-19954 (Signal Desktop before 1.29.1 on Windows allows local users to gain pri ...)
 	- signal-desktop <itp> (bug #842943)
 CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buff ...)
+	{DLA-2084-1}
 	- graphicsmagick 1.4+really1.3.34-1 (bug #947311)
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/617/
@@ -10437,10 +10474,12 @@ CVE-2019-19952 (In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the fun
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c (7.x)
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ef923841437bb57bd9b55fc0bf40ddc99b93c2b (6.x)
 CVE-2019-19951 (In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buff ...)
+	{DLA-2084-1}
 	- graphicsmagick 1.4~hg16039-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/608/
 CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free  ...)
+	{DLA-2084-1}
 	- graphicsmagick 1.4~hg16039-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/
@@ -12545,8 +12584,8 @@ CVE-2020-3149
 	RESERVED
 CVE-2020-3148
 	RESERVED
-CVE-2020-3147
-	RESERVED
+CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
+	TODO: check
 CVE-2020-3146
 	RESERVED
 CVE-2020-3145
@@ -45338,8 +45377,8 @@ CVE-2019-10785
 	RESERVED
 CVE-2019-10784
 	RESERVED
-CVE-2019-10783
-	RESERVED
+CVE-2019-10783 (All versions including 0.0.4 of lsof npm module are vulnerable to Comm ...)
+	TODO: check
 CVE-2019-10782
 	RESERVED
 CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScript obj ...)
@@ -174112,7 +174151,7 @@ CVE-2016-9845 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulat
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
 CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ...)
-	{DLA-1725-1}
+	{DLA-2085-1 DLA-1725-1}
 	- zlib 1:1.2.8.dfsg-3 (bug #847275)
 	[wheezy] - zlib <no-dsa> (Minor issue)
 	- rsync 3.1.3-6 (bug #924509)
@@ -174120,7 +174159,7 @@ CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow conte
 	NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
 CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ...)
-	{DLA-1725-1}
+	{DLA-2085-1 DLA-1725-1}
 	- zlib 1:1.2.8.dfsg-3 (bug #847274)
 	[wheezy] - zlib <no-dsa> (Minor issue)
 	- rsync 3.1.3-6 (bug #924509)
@@ -174128,7 +174167,7 @@ CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow c
 	NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
 CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to hav ...)
-	{DLA-1725-1}
+	{DLA-2085-1 DLA-1725-1}
 	- zlib 1:1.2.8.dfsg-4 (bug #847270)
 	[wheezy] - zlib <no-dsa> (Minor issue)
 	- rsync 3.1.3-6 (bug #924509)
@@ -174136,7 +174175,7 @@ CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers t
 	NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
 CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ha ...)
-	{DLA-1725-1}
+	{DLA-2085-1 DLA-1725-1}
 	- zlib 1:1.2.8.dfsg-3 (bug #847270)
 	[wheezy] - zlib <no-dsa> (Minor issue)
 	- rsync 3.1.3-6 (bug #924509)
@@ -188907,6 +188946,7 @@ CVE-2016-7092 (The get_page_from_l3e function in arch/x86/mm.c in Xen allows loc
 CVE-2016-7090 (The integrated web server on Siemens SCALANCE M-800 and S615 modules w ...)
 	NOT-FOR-US: Siemens
 CVE-2016-7098 (Race condition in wget 1.17 and earlier, when used in recursive or mir ...)
+	{DLA-2086-1}
 	- wget 1.18-4 (low; bug #836503)
 	[wheezy] - wget <no-dsa> (Minor issue)
 	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d
@@ -272984,18 +273024,18 @@ CVE-2013-3323
 	RESERVED
 CVE-2013-3322
 	RESERVED
-CVE-2013-3321
-	RESERVED
-CVE-2013-3320
-	RESERVED
+CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...)
+	TODO: check
+CVE-2013-3320 (Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Ma ...)
+	TODO: check
 CVE-2013-3319 (The GetComputerSystem method in the HostControl service in SAP Netweav ...)
 	NOT-FOR-US: SAP Netweaver
 CVE-2013-3318
 	REJECTED
-CVE-2013-3317
-	RESERVED
-CVE-2013-3316
-	RESERVED
+CVE-2013-3317 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...)
+	TODO: check
+CVE-2013-3316 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...)
+	TODO: check
 CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly verify acces ...)
 	NOT-FOR-US: TIBCO
 CVE-2013-3314 (The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) I ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5152cb34cd67353898260bcd76bfaa1631d589f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5152cb34cd67353898260bcd76bfaa1631d589f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200130/5b2ec103/attachment-0001.html>
