[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Jun 22 21:10:34 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b489bfa7 by security tracker role at 2020-06-22T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2020-14983
+	RESERVED
+CVE-2020-14982
+	RESERVED
+CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...)
+	TODO: check
+CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...)
+	TODO: check
+CVE-2020-14979
+	RESERVED
+CVE-2020-14978
+	RESERVED
+CVE-2020-14977
+	RESERVED
+CVE-2020-14976
+	RESERVED
+CVE-2020-14975
+	RESERVED
+CVE-2020-14974
+	RESERVED
+CVE-2020-14973 (The loginForm within the general/login.php webpage in webTareas 2.0p8  ...)
+	TODO: check
+CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online  ...)
+	TODO: check
+CVE-2020-14971
+	RESERVED
+CVE-2020-14970
+	RESERVED
+CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribu ...)
+	TODO: check
+CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17 for Nod ...)
+	TODO: check
+CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 for Nod ...)
+	TODO: check
+CVE-2020-14966 (An issue was discovered in the jsrsasign package through 8.0.18 for No ...)
+	TODO: check
+CVE-2020-14965
+	RESERVED
+CVE-2020-14964
+	RESERVED
+CVE-2020-14963
+	RESERVED
 CVE-2020-14962 (Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before  ...)
 	NOT-FOR-US: Final Tiles Gallery plugin for WordPress
 CVE-2020-14961 (Concrete5 before 8.5.3 does not constrain the sort direction to a vali ...)
@@ -1005,8 +1047,8 @@ CVE-2020-14463
 	RESERVED
 CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box. ...)
 	TODO: check
-CVE-2020-14461
-	RESERVED
+CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversa ...)
+	TODO: check
 CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5. ...)
 	NOT-FOR-US: Mattermost
 CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0. Attackers  ...)
@@ -1861,12 +1903,12 @@ CVE-2020-14206
 	RESERVED
 CVE-2020-14205
 	RESERVED
-CVE-2020-14204
-	RESERVED
-CVE-2020-14203
-	RESERVED
-CVE-2020-14202
-	RESERVED
+CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal ...)
+	TODO: check
+CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request F ...)
+	TODO: check
+CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...)
+	TODO: check
 CVE-2020-14201
 	RESERVED
 CVE-2020-14200
@@ -2239,8 +2281,8 @@ CVE-2020-14051
 	RESERVED
 CVE-2020-14050
 	RESERVED
-CVE-2020-14049
-	RESERVED
+CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its custom U ...)
+	TODO: check
 CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remo ...)
 	NOT-FOR-US: Zoho
 CVE-2020-14047
@@ -2618,10 +2660,10 @@ CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS vi
 	NOT-FOR-US: Bootstrap theme
 CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS. ...)
 	NOT-FOR-US: Bludit
-CVE-2020-13888
-	RESERVED
-CVE-2020-13887
-	RESERVED
+CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, use ...)
+	TODO: check
+CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Comma ...)
+	TODO: check
 CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module befor ...)
 	- libcrypt-perl-perl <itp> (bug #907353)
 	NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14
@@ -3666,8 +3708,8 @@ CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecu
 	NOT-FOR-US: EM-HTTP-Request
 CVE-2020-13481
 	RESERVED
-CVE-2020-13480
-	RESERVED
+CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...)
+	TODO: check
 CVE-2020-13479
 	RESERVED
 CVE-2020-13478
@@ -3788,10 +3830,10 @@ CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function
 	[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
 	NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
 	NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
-CVE-2020-13427
-	RESERVED
-CVE-2020-13426
-	RESERVED
+CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...)
+	TODO: check
+CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...)
+	TODO: check
 CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep  ...)
 	NOT-FOR-US: TrackR
 CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...)
@@ -4123,8 +4165,8 @@ CVE-2020-13281
 	RESERVED
 CVE-2020-13280
 	RESERVED
-CVE-2020-13279
-	RESERVED
+CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0 allows at ...)
+	TODO: check
 CVE-2020-13278
 	RESERVED
 CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...)
@@ -4393,10 +4435,10 @@ CVE-2020-13161
 	RESERVED
 CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...)
 	NOT-FOR-US: AnyDesk
-CVE-2020-13159
-	RESERVED
-CVE-2020-13158
-	RESERVED
+CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS command in ...)
+	TODO: check
+CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows Directory Tra ...)
+	TODO: check
 CVE-2020-13157
 	RESERVED
 CVE-2020-13156
@@ -7249,8 +7291,8 @@ CVE-2020-11991
 	RESERVED
 CVE-2020-11990
 	RESERVED
-CVE-2020-11989
-	RESERVED
+CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...)
+	TODO: check
 CVE-2020-11988
 	RESERVED
 CVE-2020-11987
@@ -9631,10 +9673,10 @@ CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845
-CVE-2020-11520
-	RESERVED
-CVE-2020-11519
-	RESERVED
+CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows  ...)
+	TODO: check
+CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows  ...)
+	TODO: check
 CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticate ...)
 	NOT-FOR-US: Zoho
 CVE-2020-11517
@@ -11867,8 +11909,7 @@ CVE-2020-10742
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835127
 CVE-2020-10741
 	REJECTED
-CVE-2020-10740
-	RESERVED
+CVE-2020-10740 (A vulnerability was found in Wildfly in versions before 20.0.0.Final,  ...)
 	- wildfly <itp> (bug #752018)
 CVE-2020-10739 (Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the foll ...)
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
@@ -11880,8 +11921,7 @@ CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with th
 	[stretch] - oddjob <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042
 	NOTE: https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac
-CVE-2020-10736 [authorization bypass in mons & mgrs]
-	RESERVED
+CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions 15.2. ...)
 	- ceph <not-affected> (Vulnerable code introduced later)
 	NOTE: https://ceph.io/releases/v15-2-2-octopus-released/
 	NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master)
@@ -15330,8 +15370,8 @@ CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows on
 	NOT-FOR-US: Fortiguard
 CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data in CLI  ...)
 	NOT-FOR-US: Fortiguard
-CVE-2020-9288
-	RESERVED
+CVE-2020-9288 (An improper neutralization of input vulnerability in FortiWLC 8.5.1 al ...)
+	TODO: check
 CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...)
 	NOT-FOR-US: Fortiguard
 CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...)
@@ -16157,8 +16197,8 @@ CVE-2020-8935
 	RESERVED
 CVE-2020-8934
 	RESERVED
-CVE-2020-8933
-	RESERVED
+CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
+	TODO: check
 CVE-2020-8932
 	RESERVED
 CVE-2020-8931
@@ -16211,16 +16251,16 @@ CVE-2020-8909
 	RESERVED
 CVE-2020-8908
 	RESERVED
-CVE-2020-8907
-	RESERVED
+CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
+	TODO: check
 CVE-2020-8906
 	RESERVED
 CVE-2020-8905
 	RESERVED
 CVE-2020-8904
 	RESERVED
-CVE-2020-8903
-	RESERVED
+CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
+	TODO: check
 CVE-2020-8902
 	RESERVED
 CVE-2020-8901
@@ -16904,7 +16944,7 @@ CVE-2020-8621
 	RESERVED
 CVE-2020-8620
 	RESERVED
-CVE-2020-8619 (Unless a nameserver is providing authoritative service for one or more ...)
+CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9. ...)
 	- bind9 1:9.16.4-1
 	[buster] - bind9 <not-affected> (Vulnerable code introduced later)
 	[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -17581,7 +17621,8 @@ CVE-2020-8333
 	RESERVED
 CVE-2020-8332
 	RESERVED
-CVE-2020-8331 (A potential vulnerability in the BIOS configuration of some ThinkSyste ...)
+CVE-2020-8331
+	REJECTED
 	NOT-FOR-US: Lenovo
 CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...)
 	NOT-FOR-US: Lenovo
@@ -18118,8 +18159,8 @@ CVE-2020-8104
 	RESERVED
 CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...)
 	NOT-FOR-US: Bitdefender Antivirus Free
-CVE-2020-8102
-	RESERVED
+CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser compone ...)
+	TODO: check
 CVE-2020-8101
 	RESERVED
 CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as  ...)
@@ -20068,8 +20109,8 @@ CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (E
 	NOT-FOR-US: McAfee
 CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...)
 	NOT-FOR-US: ENS for Windows
-CVE-2020-7262
-	RESERVED
+CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...)
+	TODO: check
 CVE-2020-7261 (Buffer Overflow via Environment Variables vulnerability in AMSI compon ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee Application ...)
@@ -21657,8 +21698,8 @@ CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb all
 	NOT-FOR-US: Fortiguard
 CVE-2020-6645
 	RESERVED
-CVE-2020-6644
-	RESERVED
+CVE-2020-6644 (An insufficient session expiration vulnerability in FortiDeceptor 3.0. ...)
+	TODO: check
 CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...)
 	NOT-FOR-US: Fortinet
 CVE-2020-6642
@@ -27811,28 +27852,28 @@ CVE-2020-4072
 	RESERVED
 CVE-2020-4071
 	RESERVED
-CVE-2020-4070
-	RESERVED
+CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is a cros ...)
+	TODO: check
 CVE-2020-4069
 	RESERVED
-CVE-2020-4068
-	RESERVED
+CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...)
+	TODO: check
 CVE-2020-4067
 	RESERVED
-CVE-2020-4066
-	RESERVED
+CVE-2020-4066 (In Limdu before 0.95, the trainBatch function has a command injection  ...)
+	TODO: check
 CVE-2020-4065
 	RESERVED
 CVE-2020-4064
 	RESERVED
 CVE-2020-4063
 	RESERVED
-CVE-2020-4062
-	RESERVED
+CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified critical  ...)
+	TODO: check
 CVE-2020-4061
 	RESERVED
-CVE-2020-4060
-	RESERVED
+CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free vulnera ...)
+	TODO: check
 CVE-2020-4059 (In mversion before 2.0.0, there is a command injection vulnerability.  ...)
 	TODO: check
 CVE-2020-4058
@@ -29471,8 +29512,8 @@ CVE-2020-3678
 	RESERVED
 CVE-2020-3677
 	RESERVED
-CVE-2020-3676
-	RESERVED
+CVE-2020-3676 (Possible memory corruption in perfservice due to improper validation a ...)
+	TODO: check
 CVE-2020-3675
 	RESERVED
 CVE-2020-3674
@@ -29493,22 +29534,22 @@ CVE-2020-3667
 	RESERVED
 CVE-2020-3666
 	RESERVED
-CVE-2020-3665
-	RESERVED
+CVE-2020-3665 (A possible buffer overflow would occur while processing command from f ...)
+	TODO: check
 CVE-2020-3664
 	RESERVED
-CVE-2020-3663
-	RESERVED
-CVE-2020-3662
-	RESERVED
-CVE-2020-3661
-	RESERVED
-CVE-2020-3660
-	RESERVED
+CVE-2020-3663 (Buffer over-write may occur during fetching track decoder specific inf ...)
+	TODO: check
+CVE-2020-3662 (Buffer overflow can occur while parsing eac3 header while playing the  ...)
+	TODO: check
+CVE-2020-3661 (Buffer overflow will happen while parsing mp4 clip with corrupted samp ...)
+	TODO: check
+CVE-2020-3660 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
+	TODO: check
 CVE-2020-3659
 	RESERVED
-CVE-2020-3658
-	RESERVED
+CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
+	TODO: check
 CVE-2020-3657
 	RESERVED
 CVE-2020-3656
@@ -29539,8 +29580,8 @@ CVE-2020-3644
 	RESERVED
 CVE-2020-3643
 	RESERVED
-CVE-2020-3642
-	RESERVED
+CVE-2020-3642 (Use after free issue in camera applications when used randomly over mu ...)
+	TODO: check
 CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset as th ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3640
@@ -29553,8 +29594,8 @@ CVE-2020-3637
 	RESERVED
 CVE-2020-3636
 	RESERVED
-CVE-2020-3635
-	RESERVED
+CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed per re ...)
+	TODO: check
 CVE-2020-3634
 	RESERVED
 CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...)
@@ -29567,12 +29608,12 @@ CVE-2020-3630 (Possibility of out of bound access while processing the responses
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3629
 	RESERVED
-CVE-2020-3628
-	RESERVED
+CVE-2020-3628 (Improper access due to socket opened by the logging application withou ...)
+	TODO: check
 CVE-2020-3627
 	RESERVED
-CVE-2020-3626
-	RESERVED
+CVE-2020-3626 (Any application can bind to it and exercise the APIs due to no protect ...)
+	TODO: check
 CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds occurs due  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3624
@@ -29595,10 +29636,10 @@ CVE-2020-3616 (Buffer overflow in display function due to memory copy without ch
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3615 (Valid deauth/disassoc frames is dropped in case if RMF is enabled and  ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3614
-	RESERVED
-CVE-2020-3613
-	RESERVED
+CVE-2020-3614 (Possible buffer overflow while copying the frame to local buffer due t ...)
+	TODO: check
+CVE-2020-3613 (Double free issue in kernel memory mapping due to lack of memory prote ...)
+	TODO: check
 CVE-2020-3612
 	RESERVED
 CVE-2020-3611
@@ -35184,8 +35225,7 @@ CVE-2020-1729
 	NOT-FOR-US: SmallRye Config
 CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the pages ...)
 	NOT-FOR-US: Keycloak
-CVE-2020-1727
-	RESERVED
+CVE-2020-1727 (A vulnerability was found in Keycloak before 9.0.2, where every Author ...)
 	NOT-FOR-US: Keycloak
 CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...)
 	- libpod 1.6.4+dfsg1-3 (bug #961421)
@@ -51321,8 +51361,7 @@ CVE-2019-14895 (A heap-based buffer overflow was discovered in the Linux kernel,
 	[buster] - linux 4.19.98-1
 	[stretch] - linux 4.9.210-1
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
-CVE-2019-14894
-	RESERVED
+CVE-2019-14894 (A flaw was found in the CloudForms management engine version 5.10 and  ...)
 	NOT-FOR-US: Red Hat CloudForm
 CVE-2019-14893 (A flaw was discovered in FasterXML jackson-databind in all versions be ...)
 	- jackson-databind 2.10.0-1
@@ -54404,14 +54443,14 @@ CVE-2019-14096
 	RESERVED
 CVE-2019-14095 (Buffer overflow occurs while processing LMP packet in which name lengt ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14094
-	RESERVED
+CVE-2019-14094 (Integer overflow in diag command handler when user inputs a large valu ...)
+	TODO: check
 CVE-2019-14093
 	RESERVED
-CVE-2019-14092
-	RESERVED
-CVE-2019-14091
-	RESERVED
+CVE-2019-14092 (System Services exports services without permission protect and can le ...)
+	TODO: check
+CVE-2019-14091 (Double free issue in NPU due to lack of resource locking mechanism to  ...)
+	TODO: check
 CVE-2019-14090
 	RESERVED
 CVE-2019-14089
@@ -54432,22 +54471,22 @@ CVE-2019-14082 (Potential buffer over-read due to lack of bound check of memory
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14081 (Buffer Over-read when WLAN module gets a WMI message for SAR limits wi ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14080
-	RESERVED
+CVE-2019-14080 (Out of bound write can happen due to lack of check of array index valu ...)
+	TODO: check
 CVE-2019-14079 (Access to the uninitialized variable when the driver tries to unmap th ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14078 (Out of bound memory access while processing qpay due to not validating ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14077 (Out of bound memory access while processing ese transmit command due t ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14076
-	RESERVED
+CVE-2019-14076 (Buffer overflow occurs while processing an subsample data length out o ...)
+	TODO: check
 CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to lack of ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14074
 	RESERVED
-CVE-2019-14073
-	RESERVED
+CVE-2019-14073 (Copying RTCP messages into the output buffer without checking the dest ...)
+	TODO: check
 CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an already f ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14071 (Compromised reset handler may bypass access control due to AC config i ...)
@@ -54468,8 +54507,8 @@ CVE-2019-14064
 	RESERVED
 CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...)
 	NOT-FOR-US: Snapdragon
-CVE-2019-14062
-	RESERVED
+CVE-2019-14062 (Buffer overflows while decoding setup message from Network due to lack ...)
+	TODO: check
 CVE-2019-14061 (Null-pointer dereference can occur while accessing the segment element ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...)
@@ -54498,8 +54537,8 @@ CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocati
 	NOT-FOR-US: Snapdragon
 CVE-2019-14048 (Possible out of bound memory access while playing a crafted clip in me ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14047
-	RESERVED
+CVE-2019-14047 (While IPA driver processes route add rule IOCTL, there is no input val ...)
+	TODO: check
 CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-14045 (Possible buffer overflow while processing clientlog and serverlog due  ...)
@@ -65137,8 +65176,8 @@ CVE-2019-10628
 	RESERVED
 CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in PostScript image  ...)
 	NOT-FOR-US: Qualcomm
-CVE-2019-10626
-	RESERVED
+CVE-2019-10626 (Payload size is not validated before reading memory that may cause iss ...)
+	TODO: check
 CVE-2019-10625 (Out of bound access in diag services when DCI command buffer reallocat ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10624 (While handling the vendor command there is an integer truncation issue ...)
@@ -65195,8 +65234,8 @@ CVE-2019-10599
 	RESERVED
 CVE-2019-10598 (Out of bound access can occur while processing peer info in IBSS conne ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10597
-	RESERVED
+CVE-2019-10597 (kernel writes to user passed address without any checks can lead to ar ...)
+	TODO: check
 CVE-2019-10596
 	RESERVED
 CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of validation ...)
@@ -83347,8 +83386,7 @@ CVE-2019-3866 (An information-exposure vulnerability was discovered where openst
 	NOTE: https://opendev.org/openstack/oslo.utils/commit/b41268417cecb12d1d5955ee3107067edf050221
 	NOTE: Patch for Pike and newer: https://launchpadlibrarian.net/449473654/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
 	NOTE: Patch for Pike and newer: https://launchpadlibrarian.net/449472809/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
-CVE-2019-3865
-	RESERVED
+CVE-2019-3865 (A vulnerability was found in quay-2, where a stored XSS vulnerability  ...)
 	NOT-FOR-US: Quay
 CVE-2019-3864 (A vulnerability was discovered in all quay-2 versions before quay-3.0. ...)
 	NOT-FOR-US: Quay



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b489bfa75dea76401cbac36426c5a46b32e9b8cc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b489bfa75dea76401cbac36426c5a46b32e9b8cc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200622/a267ecaf/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list