[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 22 21:10:34 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b489bfa7 by security tracker role at 2020-06-22T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2020-14983
+ RESERVED
+CVE-2020-14982
+ RESERVED
+CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...)
+ TODO: check
+CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...)
+ TODO: check
+CVE-2020-14979
+ RESERVED
+CVE-2020-14978
+ RESERVED
+CVE-2020-14977
+ RESERVED
+CVE-2020-14976
+ RESERVED
+CVE-2020-14975
+ RESERVED
+CVE-2020-14974
+ RESERVED
+CVE-2020-14973 (The loginForm within the general/login.php webpage in webTareas 2.0p8 ...)
+ TODO: check
+CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online ...)
+ TODO: check
+CVE-2020-14971
+ RESERVED
+CVE-2020-14970
+ RESERVED
+CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribu ...)
+ TODO: check
+CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17 for Nod ...)
+ TODO: check
+CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 for Nod ...)
+ TODO: check
+CVE-2020-14966 (An issue was discovered in the jsrsasign package through 8.0.18 for No ...)
+ TODO: check
+CVE-2020-14965
+ RESERVED
+CVE-2020-14964
+ RESERVED
+CVE-2020-14963
+ RESERVED
CVE-2020-14962 (Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before ...)
NOT-FOR-US: Final Tiles Gallery plugin for WordPress
CVE-2020-14961 (Concrete5 before 8.5.3 does not constrain the sort direction to a vali ...)
@@ -1005,8 +1047,8 @@ CVE-2020-14463
RESERVED
CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box. ...)
TODO: check
-CVE-2020-14461
- RESERVED
+CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversa ...)
+ TODO: check
CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5. ...)
NOT-FOR-US: Mattermost
CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...)
@@ -1861,12 +1903,12 @@ CVE-2020-14206
RESERVED
CVE-2020-14205
RESERVED
-CVE-2020-14204
- RESERVED
-CVE-2020-14203
- RESERVED
-CVE-2020-14202
- RESERVED
+CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal ...)
+ TODO: check
+CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request F ...)
+ TODO: check
+CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...)
+ TODO: check
CVE-2020-14201
RESERVED
CVE-2020-14200
@@ -2239,8 +2281,8 @@ CVE-2020-14051
RESERVED
CVE-2020-14050
RESERVED
-CVE-2020-14049
- RESERVED
+CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its custom U ...)
+ TODO: check
CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remo ...)
NOT-FOR-US: Zoho
CVE-2020-14047
@@ -2618,10 +2660,10 @@ CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS vi
NOT-FOR-US: Bootstrap theme
CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS. ...)
NOT-FOR-US: Bludit
-CVE-2020-13888
- RESERVED
-CVE-2020-13887
- RESERVED
+CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, use ...)
+ TODO: check
+CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Comma ...)
+ TODO: check
CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module befor ...)
- libcrypt-perl-perl <itp> (bug #907353)
NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14
@@ -3666,8 +3708,8 @@ CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecu
NOT-FOR-US: EM-HTTP-Request
CVE-2020-13481
RESERVED
-CVE-2020-13480
- RESERVED
+CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...)
+ TODO: check
CVE-2020-13479
RESERVED
CVE-2020-13478
@@ -3788,10 +3830,10 @@ CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
-CVE-2020-13427
- RESERVED
-CVE-2020-13426
- RESERVED
+CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...)
+ TODO: check
+CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...)
+ TODO: check
CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep ...)
NOT-FOR-US: TrackR
CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...)
@@ -4123,8 +4165,8 @@ CVE-2020-13281
RESERVED
CVE-2020-13280
RESERVED
-CVE-2020-13279
- RESERVED
+CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0 allows at ...)
+ TODO: check
CVE-2020-13278
RESERVED
CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...)
@@ -4393,10 +4435,10 @@ CVE-2020-13161
RESERVED
CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...)
NOT-FOR-US: AnyDesk
-CVE-2020-13159
- RESERVED
-CVE-2020-13158
- RESERVED
+CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS command in ...)
+ TODO: check
+CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows Directory Tra ...)
+ TODO: check
CVE-2020-13157
RESERVED
CVE-2020-13156
@@ -7249,8 +7291,8 @@ CVE-2020-11991
RESERVED
CVE-2020-11990
RESERVED
-CVE-2020-11989
- RESERVED
+CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...)
+ TODO: check
CVE-2020-11988
RESERVED
CVE-2020-11987
@@ -9631,10 +9673,10 @@ CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845
-CVE-2020-11520
- RESERVED
-CVE-2020-11519
- RESERVED
+CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...)
+ TODO: check
+CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...)
+ TODO: check
CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticate ...)
NOT-FOR-US: Zoho
CVE-2020-11517
@@ -11867,8 +11909,7 @@ CVE-2020-10742
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835127
CVE-2020-10741
REJECTED
-CVE-2020-10740
- RESERVED
+CVE-2020-10740 (A vulnerability was found in Wildfly in versions before 20.0.0.Final, ...)
- wildfly <itp> (bug #752018)
CVE-2020-10739 (Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the foll ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
@@ -11880,8 +11921,7 @@ CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with th
[stretch] - oddjob <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042
NOTE: https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac
-CVE-2020-10736 [authorization bypass in mons & mgrs]
- RESERVED
+CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions 15.2. ...)
- ceph <not-affected> (Vulnerable code introduced later)
NOTE: https://ceph.io/releases/v15-2-2-octopus-released/
NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master)
@@ -15330,8 +15370,8 @@ CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows on
NOT-FOR-US: Fortiguard
CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data in CLI ...)
NOT-FOR-US: Fortiguard
-CVE-2020-9288
- RESERVED
+CVE-2020-9288 (An improper neutralization of input vulnerability in FortiWLC 8.5.1 al ...)
+ TODO: check
CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...)
NOT-FOR-US: Fortiguard
CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...)
@@ -16157,8 +16197,8 @@ CVE-2020-8935
RESERVED
CVE-2020-8934
RESERVED
-CVE-2020-8933
- RESERVED
+CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
+ TODO: check
CVE-2020-8932
RESERVED
CVE-2020-8931
@@ -16211,16 +16251,16 @@ CVE-2020-8909
RESERVED
CVE-2020-8908
RESERVED
-CVE-2020-8907
- RESERVED
+CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
+ TODO: check
CVE-2020-8906
RESERVED
CVE-2020-8905
RESERVED
CVE-2020-8904
RESERVED
-CVE-2020-8903
- RESERVED
+CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
+ TODO: check
CVE-2020-8902
RESERVED
CVE-2020-8901
@@ -16904,7 +16944,7 @@ CVE-2020-8621
RESERVED
CVE-2020-8620
RESERVED
-CVE-2020-8619 (Unless a nameserver is providing authoritative service for one or more ...)
+CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9. ...)
- bind9 1:9.16.4-1
[buster] - bind9 <not-affected> (Vulnerable code introduced later)
[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -17581,7 +17621,8 @@ CVE-2020-8333
RESERVED
CVE-2020-8332
RESERVED
-CVE-2020-8331 (A potential vulnerability in the BIOS configuration of some ThinkSyste ...)
+CVE-2020-8331
+ REJECTED
NOT-FOR-US: Lenovo
CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...)
NOT-FOR-US: Lenovo
@@ -18118,8 +18159,8 @@ CVE-2020-8104
RESERVED
CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...)
NOT-FOR-US: Bitdefender Antivirus Free
-CVE-2020-8102
- RESERVED
+CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser compone ...)
+ TODO: check
CVE-2020-8101
RESERVED
CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as ...)
@@ -20068,8 +20109,8 @@ CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (E
NOT-FOR-US: McAfee
CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...)
NOT-FOR-US: ENS for Windows
-CVE-2020-7262
- RESERVED
+CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...)
+ TODO: check
CVE-2020-7261 (Buffer Overflow via Environment Variables vulnerability in AMSI compon ...)
NOT-FOR-US: McAfee
CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee Application ...)
@@ -21657,8 +21698,8 @@ CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb all
NOT-FOR-US: Fortiguard
CVE-2020-6645
RESERVED
-CVE-2020-6644
- RESERVED
+CVE-2020-6644 (An insufficient session expiration vulnerability in FortiDeceptor 3.0. ...)
+ TODO: check
CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...)
NOT-FOR-US: Fortinet
CVE-2020-6642
@@ -27811,28 +27852,28 @@ CVE-2020-4072
RESERVED
CVE-2020-4071
RESERVED
-CVE-2020-4070
- RESERVED
+CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is a cros ...)
+ TODO: check
CVE-2020-4069
RESERVED
-CVE-2020-4068
- RESERVED
+CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...)
+ TODO: check
CVE-2020-4067
RESERVED
-CVE-2020-4066
- RESERVED
+CVE-2020-4066 (In Limdu before 0.95, the trainBatch function has a command injection ...)
+ TODO: check
CVE-2020-4065
RESERVED
CVE-2020-4064
RESERVED
CVE-2020-4063
RESERVED
-CVE-2020-4062
- RESERVED
+CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified critical ...)
+ TODO: check
CVE-2020-4061
RESERVED
-CVE-2020-4060
- RESERVED
+CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free vulnera ...)
+ TODO: check
CVE-2020-4059 (In mversion before 2.0.0, there is a command injection vulnerability. ...)
TODO: check
CVE-2020-4058
@@ -29471,8 +29512,8 @@ CVE-2020-3678
RESERVED
CVE-2020-3677
RESERVED
-CVE-2020-3676
- RESERVED
+CVE-2020-3676 (Possible memory corruption in perfservice due to improper validation a ...)
+ TODO: check
CVE-2020-3675
RESERVED
CVE-2020-3674
@@ -29493,22 +29534,22 @@ CVE-2020-3667
RESERVED
CVE-2020-3666
RESERVED
-CVE-2020-3665
- RESERVED
+CVE-2020-3665 (A possible buffer overflow would occur while processing command from f ...)
+ TODO: check
CVE-2020-3664
RESERVED
-CVE-2020-3663
- RESERVED
-CVE-2020-3662
- RESERVED
-CVE-2020-3661
- RESERVED
-CVE-2020-3660
- RESERVED
+CVE-2020-3663 (Buffer over-write may occur during fetching track decoder specific inf ...)
+ TODO: check
+CVE-2020-3662 (Buffer overflow can occur while parsing eac3 header while playing the ...)
+ TODO: check
+CVE-2020-3661 (Buffer overflow will happen while parsing mp4 clip with corrupted samp ...)
+ TODO: check
+CVE-2020-3660 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
+ TODO: check
CVE-2020-3659
RESERVED
-CVE-2020-3658
- RESERVED
+CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
+ TODO: check
CVE-2020-3657
RESERVED
CVE-2020-3656
@@ -29539,8 +29580,8 @@ CVE-2020-3644
RESERVED
CVE-2020-3643
RESERVED
-CVE-2020-3642
- RESERVED
+CVE-2020-3642 (Use after free issue in camera applications when used randomly over mu ...)
+ TODO: check
CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset as th ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3640
@@ -29553,8 +29594,8 @@ CVE-2020-3637
RESERVED
CVE-2020-3636
RESERVED
-CVE-2020-3635
- RESERVED
+CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed per re ...)
+ TODO: check
CVE-2020-3634
RESERVED
CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...)
@@ -29567,12 +29608,12 @@ CVE-2020-3630 (Possibility of out of bound access while processing the responses
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3629
RESERVED
-CVE-2020-3628
- RESERVED
+CVE-2020-3628 (Improper access due to socket opened by the logging application withou ...)
+ TODO: check
CVE-2020-3627
RESERVED
-CVE-2020-3626
- RESERVED
+CVE-2020-3626 (Any application can bind to it and exercise the APIs due to no protect ...)
+ TODO: check
CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds occurs due ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3624
@@ -29595,10 +29636,10 @@ CVE-2020-3616 (Buffer overflow in display function due to memory copy without ch
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3615 (Valid deauth/disassoc frames is dropped in case if RMF is enabled and ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3614
- RESERVED
-CVE-2020-3613
- RESERVED
+CVE-2020-3614 (Possible buffer overflow while copying the frame to local buffer due t ...)
+ TODO: check
+CVE-2020-3613 (Double free issue in kernel memory mapping due to lack of memory prote ...)
+ TODO: check
CVE-2020-3612
RESERVED
CVE-2020-3611
@@ -35184,8 +35225,7 @@ CVE-2020-1729
NOT-FOR-US: SmallRye Config
CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the pages ...)
NOT-FOR-US: Keycloak
-CVE-2020-1727
- RESERVED
+CVE-2020-1727 (A vulnerability was found in Keycloak before 9.0.2, where every Author ...)
NOT-FOR-US: Keycloak
CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...)
- libpod 1.6.4+dfsg1-3 (bug #961421)
@@ -51321,8 +51361,7 @@ CVE-2019-14895 (A heap-based buffer overflow was discovered in the Linux kernel,
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
-CVE-2019-14894
- RESERVED
+CVE-2019-14894 (A flaw was found in the CloudForms management engine version 5.10 and ...)
NOT-FOR-US: Red Hat CloudForm
CVE-2019-14893 (A flaw was discovered in FasterXML jackson-databind in all versions be ...)
- jackson-databind 2.10.0-1
@@ -54404,14 +54443,14 @@ CVE-2019-14096
RESERVED
CVE-2019-14095 (Buffer overflow occurs while processing LMP packet in which name lengt ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14094
- RESERVED
+CVE-2019-14094 (Integer overflow in diag command handler when user inputs a large valu ...)
+ TODO: check
CVE-2019-14093
RESERVED
-CVE-2019-14092
- RESERVED
-CVE-2019-14091
- RESERVED
+CVE-2019-14092 (System Services exports services without permission protect and can le ...)
+ TODO: check
+CVE-2019-14091 (Double free issue in NPU due to lack of resource locking mechanism to ...)
+ TODO: check
CVE-2019-14090
RESERVED
CVE-2019-14089
@@ -54432,22 +54471,22 @@ CVE-2019-14082 (Potential buffer over-read due to lack of bound check of memory
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14081 (Buffer Over-read when WLAN module gets a WMI message for SAR limits wi ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14080
- RESERVED
+CVE-2019-14080 (Out of bound write can happen due to lack of check of array index valu ...)
+ TODO: check
CVE-2019-14079 (Access to the uninitialized variable when the driver tries to unmap th ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14078 (Out of bound memory access while processing qpay due to not validating ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14077 (Out of bound memory access while processing ese transmit command due t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14076
- RESERVED
+CVE-2019-14076 (Buffer overflow occurs while processing an subsample data length out o ...)
+ TODO: check
CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to lack of ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14074
RESERVED
-CVE-2019-14073
- RESERVED
+CVE-2019-14073 (Copying RTCP messages into the output buffer without checking the dest ...)
+ TODO: check
CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an already f ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14071 (Compromised reset handler may bypass access control due to AC config i ...)
@@ -54468,8 +54507,8 @@ CVE-2019-14064
RESERVED
CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14062
- RESERVED
+CVE-2019-14062 (Buffer overflows while decoding setup message from Network due to lack ...)
+ TODO: check
CVE-2019-14061 (Null-pointer dereference can occur while accessing the segment element ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...)
@@ -54498,8 +54537,8 @@ CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocati
NOT-FOR-US: Snapdragon
CVE-2019-14048 (Possible out of bound memory access while playing a crafted clip in me ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14047
- RESERVED
+CVE-2019-14047 (While IPA driver processes route add rule IOCTL, there is no input val ...)
+ TODO: check
CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...)
NOT-FOR-US: Snapdragon
CVE-2019-14045 (Possible buffer overflow while processing clientlog and serverlog due ...)
@@ -65137,8 +65176,8 @@ CVE-2019-10628
RESERVED
CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in PostScript image ...)
NOT-FOR-US: Qualcomm
-CVE-2019-10626
- RESERVED
+CVE-2019-10626 (Payload size is not validated before reading memory that may cause iss ...)
+ TODO: check
CVE-2019-10625 (Out of bound access in diag services when DCI command buffer reallocat ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10624 (While handling the vendor command there is an integer truncation issue ...)
@@ -65195,8 +65234,8 @@ CVE-2019-10599
RESERVED
CVE-2019-10598 (Out of bound access can occur while processing peer info in IBSS conne ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10597
- RESERVED
+CVE-2019-10597 (kernel writes to user passed address without any checks can lead to ar ...)
+ TODO: check
CVE-2019-10596
RESERVED
CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of validation ...)
@@ -83347,8 +83386,7 @@ CVE-2019-3866 (An information-exposure vulnerability was discovered where openst
NOTE: https://opendev.org/openstack/oslo.utils/commit/b41268417cecb12d1d5955ee3107067edf050221
NOTE: Patch for Pike and newer: https://launchpadlibrarian.net/449473654/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
NOTE: Patch for Pike and newer: https://launchpadlibrarian.net/449472809/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
-CVE-2019-3865
- RESERVED
+CVE-2019-3865 (A vulnerability was found in quay-2, where a stored XSS vulnerability ...)
NOT-FOR-US: Quay
CVE-2019-3864 (A vulnerability was discovered in all quay-2 versions before quay-3.0. ...)
NOT-FOR-US: Quay
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b489bfa75dea76401cbac36426c5a46b32e9b8cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b489bfa75dea76401cbac36426c5a46b32e9b8cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200622/a267ecaf/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list