[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 5 20:10:36 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a604b276 by security tracker role at 2020-03-05T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...)
+ TODO: check
+CVE-2020-10179
+ RESERVED
+CVE-2020-10178
+ RESERVED
+CVE-2020-10177
+ RESERVED
+CVE-2020-10176
+ RESERVED
+CVE-2020-10175
+ RESERVED
+CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely ...)
+ TODO: check
+CVE-2020-10173 (Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Mult ...)
+ TODO: check
+CVE-2020-10172
+ RESERVED
+CVE-2020-10171
+ RESERVED
+CVE-2020-10170
+ RESERVED
+CVE-2020-10169
+ RESERVED
+CVE-2020-10168
+ RESERVED
+CVE-2020-10167
+ RESERVED
+CVE-2020-10166
+ RESERVED
+CVE-2020-10165
+ RESERVED
+CVE-2020-10164
+ RESERVED
+CVE-2020-10163
+ RESERVED
+CVE-2020-10162
+ RESERVED
+CVE-2020-10161
+ RESERVED
+CVE-2020-10160
+ RESERVED
+CVE-2020-10159
+ RESERVED
+CVE-2020-10158
+ RESERVED
+CVE-2020-10157
+ RESERVED
+CVE-2020-10156
+ RESERVED
+CVE-2020-10155
+ RESERVED
+CVE-2020-10154
+ RESERVED
+CVE-2020-10153
+ RESERVED
+CVE-2020-10152
+ RESERVED
+CVE-2020-10151
+ RESERVED
+CVE-2020-10150
+ RESERVED
+CVE-2020-10149
+ RESERVED
+CVE-2020-10148
+ RESERVED
+CVE-2020-10147
+ RESERVED
+CVE-2020-10146
+ RESERVED
+CVE-2020-10145
+ RESERVED
+CVE-2020-10144
+ RESERVED
+CVE-2020-10143
+ RESERVED
+CVE-2020-10142
+ RESERVED
+CVE-2020-10141
+ RESERVED
+CVE-2020-10140
+ RESERVED
+CVE-2020-10139
+ RESERVED
+CVE-2020-10138
+ RESERVED
+CVE-2020-10137
+ RESERVED
+CVE-2020-10136
+ RESERVED
+CVE-2020-10135
+ RESERVED
+CVE-2020-10134
+ RESERVED
+CVE-2020-10133
+ RESERVED
+CVE-2020-10132
+ RESERVED
+CVE-2020-10131
+ RESERVED
+CVE-2020-10130
+ RESERVED
+CVE-2020-10129
+ RESERVED
+CVE-2020-10128
+ RESERVED
+CVE-2020-10127
+ RESERVED
+CVE-2020-10126
+ RESERVED
+CVE-2020-10125
+ RESERVED
+CVE-2020-10124
+ RESERVED
+CVE-2020-10123
+ RESERVED
+CVE-2019-20501 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
+ TODO: check
+CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
+ TODO: check
+CVE-2019-20499 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
+ TODO: check
CVE-2020-10122
RESERVED
CVE-2020-10121
@@ -28,10 +150,10 @@ CVE-2020-10109
RESERVED
CVE-2020-10108
RESERVED
-CVE-2020-10107
- RESERVED
-CVE-2020-10106
- RESERVED
+CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
+ TODO: check
+CVE-2020-10106 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injec ...)
+ TODO: check
CVE-2020-10105 (An issue was discovered in Zammad 3.0 through 3.2. It returns source c ...)
- zammad <itp> (bug #841355)
CVE-2020-10104 (An issue was discovered in Zammad 3.0 through 3.2. After authenticatio ...)
@@ -1179,6 +1301,7 @@ CVE-2019-20486 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. M
CVE-2020-9550 (Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication b ...)
NOT-FOR-US: Rubetek SmartHome 2020 devices
CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ...)
+ {DLA-2134-1}
- pdfresurrect <unfixed> (unimportant; bug #952948)
NOTE: https://github.com/enferex/pdfresurrect/issues/8
NOTE: Crash in CLI tool, no security impact
@@ -1199,8 +1322,8 @@ CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the int
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-9545 (Pale Moon 28.x before 28.8.4 has a segmentation fault related to modul ...)
NOT-FOR-US: Pale Moon
-CVE-2020-9544
- RESERVED
+CVE-2020-9544 (An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The ad ...)
+ TODO: check
CVE-2020-9543
RESERVED
CVE-2020-9542
@@ -1497,8 +1620,8 @@ CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash.
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73c5fff899f253c44a72657048aec7db6edee571
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2530f740d67d41908e84434bb5ec99480c2ac2e
-CVE-2020-9418
- RESERVED
+CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...)
+ TODO: check
CVE-2020-9417
RESERVED
CVE-2020-9416
@@ -1529,8 +1652,7 @@ CVE-2020-9404
RESERVED
CVE-2020-9403
RESERVED
-CVE-2020-9402
- RESERVED
+CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...)
- python-django 2:2.2.11-1 (low; bug #953102)
[buster] - python-django <postponed> (Can be fixed along in a future DSA)
[stretch] - python-django <postponed> (Can be fixed along in a future DSA)
@@ -1586,8 +1708,8 @@ CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 fo
NOT-FOR-US: Widgets extension for MediaWiki
CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers to exe ...)
NOT-FOR-US: Total.js CMS
-CVE-2020-9380
- RESERVED
+CVE-2020-9380 (IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to exe ...)
+ TODO: check
CVE-2020-9379 (The Software Development Kit of the MiContact Center Business with Sit ...)
NOT-FOR-US: Mitel
CVE-2020-9378
@@ -1608,8 +1730,8 @@ CVE-2020-9372 (The Appointment Booking Calendar plugin before 1.3.35 for WordPre
NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin before 1. ...)
NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
-CVE-2020-9370
- RESERVED
+CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. ...)
+ TODO: check
CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial ...)
- sympa 6.2.40~dfsg-4 (bug #952428)
[stretch] - sympa <not-affected> (Vulnerability introduced later in 6.2.38)
@@ -2502,8 +2624,8 @@ CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when t
NOTE: https://bugs.php.net/bug.php?id=78338
NOTE: Fixed by: https://vcs.pcre.org/pcre2?view=revision&revision=1092
NOTE: Tests: https://vcs.pcre.org/pcre2?view=revision&revision=1091
-CVE-2020-8994
- RESERVED
+CVE-2020-8994 (An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1. ...)
+ TODO: check
CVE-2020-8993
RESERVED
CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...)
@@ -6443,8 +6565,8 @@ CVE-2019-20384 (Gentoo Portage through 2.3.84 allows local users to place a Troj
NOT-FOR-US: Portage
CVE-2019-20383
RESERVED
-CVE-2019-20382
- RESERVED
+CVE-2019-20382 (QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle. ...)
+ TODO: check
CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...)
{DLA-2110-1 DLA-2109-1}
- netty 1:4.1.45-1 (bug #950967)
@@ -10480,8 +10602,8 @@ CVE-2020-5407
RESERVED
CVE-2020-5406
RESERVED
-CVE-2020-5405
- RESERVED
+CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...)
+ TODO: check
CVE-2020-5404 (The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and ...)
NOT-FOR-US: Reactor Netty, different from src:netty
CVE-2020-5403 (Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a UR ...)
@@ -10834,8 +10956,8 @@ CVE-2020-5252
RESERVED
CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...)
NOT-FOR-US: parser-server
-CVE-2020-5250
- RESERVED
+CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their addr ...)
+ TODO: check
CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...)
- puma 3.12.4-1 (bug #953122)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
@@ -13284,8 +13406,8 @@ CVE-2020-4280
RESERVED
CVE-2020-4279
RESERVED
-CVE-2020-4278
- RESERVED
+CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Sp ...)
+ TODO: check
CVE-2020-4277
RESERVED
CVE-2020-4276
@@ -13674,10 +13796,10 @@ CVE-2020-4085
RESERVED
CVE-2020-4084
RESERVED
-CVE-2020-4083
- RESERVED
-CVE-2020-4082
- RESERVED
+CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...)
+ TODO: check
+CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...)
+ TODO: check
CVE-2020-4081
RESERVED
CVE-2020-4080
@@ -14067,8 +14189,8 @@ CVE-2019-20109
RESERVED
CVE-2019-20108
RESERVED
-CVE-2019-20107
- RESERVED
+CVE-2019-20107 (Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allo ...)
+ TODO: check
CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center before ver ...)
NOT-FOR-US: Atlassian
CVE-2019-20105
@@ -28421,14 +28543,14 @@ CVE-2019-17647
RESERVED
CVE-2019-17646
RESERVED
-CVE-2019-17645
- RESERVED
+CVE-2019-17645 (An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, a ...)
+ TODO: check
CVE-2019-17644 (An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, a ...)
- centreon-web <itp> (bug #913903)
CVE-2019-17643 (An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, an ...)
- centreon-web <itp> (bug #913903)
-CVE-2019-17642
- RESERVED
+CVE-2019-17642 (An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04 ...)
+ TODO: check
CVE-2019-17641
RESERVED
CVE-2019-17640
@@ -36780,8 +36902,7 @@ CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in version
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464
CVE-2019-14887
RESERVED
-CVE-2019-14886
- RESERVED
+CVE-2019-14886 (A vulnerability was found in business-central, as shipped in rhdm-7.5. ...)
NOT-FOR-US: Business central
CVE-2019-14885 (A flaw was found in the JBoss EAP Vault system in all versions before ...)
NOT-FOR-US: JBoss EAP
@@ -39809,16 +39930,13 @@ CVE-2019-14100
RESERVED
CVE-2019-14099
RESERVED
-CVE-2019-14098
- RESERVED
+CVE-2019-14098 (Possible buffer overflow in data offload handler due to lack of check ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14097
- RESERVED
+CVE-2019-14097 (Possible buffer overflow in WLAN Parser due to lack of length check wh ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14096
RESERVED
-CVE-2019-14095
- RESERVED
+CVE-2019-14095 (Buffer overflow occurs while processing LMP packet in which name lengt ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14094
RESERVED
@@ -39836,27 +39954,21 @@ CVE-2019-14088 (Possible use after free issue while CRM is accessing the link po
NOT-FOR-US: Snapdragon
CVE-2019-14087
RESERVED
-CVE-2019-14086
- RESERVED
+CVE-2019-14086 (Possible integer overflow while checking the length of frame which is ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14085
- RESERVED
+CVE-2019-14085 (Possible Integer underflow in WLAN function due to lack of check of da ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14084
RESERVED
-CVE-2019-14083
- RESERVED
+CVE-2019-14083 (While parsing Service Descriptor Extended Attribute received as part o ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14082
- RESERVED
+CVE-2019-14082 (Potential buffer over-read due to lack of bound check of memory offset ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14081
- RESERVED
+CVE-2019-14081 (Buffer Over-read when WLAN module gets a WMI message for SAR limits wi ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14080
RESERVED
-CVE-2019-14079
- RESERVED
+CVE-2019-14079 (Access to the uninitialized variable when the driver tries to unmap th ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14078
RESERVED
@@ -39870,18 +39982,15 @@ CVE-2019-14074
RESERVED
CVE-2019-14073
RESERVED
-CVE-2019-14072
- RESERVED
+CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an already f ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14071
- RESERVED
+CVE-2019-14071 (Compromised reset handler may bypass access control due to AC config i ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14070
RESERVED
CVE-2019-14069
RESERVED
-CVE-2019-14068
- RESERVED
+CVE-2019-14068 (Out of bound access in msm routing due to lack of check of size before ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14067
RESERVED
@@ -39895,8 +40004,7 @@ CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings w
NOT-FOR-US: Snapdragon
CVE-2019-14062
RESERVED
-CVE-2019-14061
- RESERVED
+CVE-2019-14061 (Null-pointer dereference can occur while accessing the segment element ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...)
NOT-FOR-US: Snapdragon
@@ -39918,20 +40026,17 @@ CVE-2019-14052
RESERVED
CVE-2019-14051 (Subsequent additions performed during Module loading while allocating ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14050
- RESERVED
+CVE-2019-14050 (Out-of-bound writes occurs due to lack of check of buffer size will ca ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocation whi ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14048
- RESERVED
+CVE-2019-14048 (Possible out of bound memory access while playing a crafted clip in me ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14047
RESERVED
CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14045
- RESERVED
+CVE-2019-14045 (Possible buffer overflow while processing clientlog and serverlog due ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14044 (Out of bound access due to access of uninitialized memory segment in a ...)
NOT-FOR-US: Snapdragon
@@ -39957,26 +40062,19 @@ CVE-2019-14034 (Use after free while processing eeprom query as there is a chanc
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14033
RESERVED
-CVE-2019-14032
- RESERVED
+CVE-2019-14032 (Memory use after free issue in audio due to lack of resource control i ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14031
- RESERVED
+CVE-2019-14031 (Buffer overflow can occur while parsing RSN IE containing list of PMK ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14030
- RESERVED
+CVE-2019-14030 (The size of a buffer is determined by addition and multiplications ope ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14029
- RESERVED
+CVE-2019-14029 (Use-after-free in graphics module due to destroying already queued syn ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14028
- RESERVED
+CVE-2019-14028 (Buffer overwrite during memcpy due to lack of check on SSID length val ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14027
- RESERVED
+CVE-2019-14027 (Buffer overflow due to lack of upper bound check on channel length whi ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14026
- RESERVED
+CVE-2019-14026 (Possible buffer overflow in WLAN WMI handler due to lack of ssid lengt ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14025
RESERVED
@@ -39998,8 +40096,7 @@ CVE-2019-14017 (Heap buffer overflow can occur while parsing invalid MKV clip wh
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14016 (Integer overflow occurs while playing the clip which is nonstandard in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14015
- RESERVED
+CVE-2019-14015 (A stack-based buffer overflow exists in the initialization of the iden ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14014 (Possible buffer overflow when byte array receives incorrect input from ...)
NOT-FOR-US: Qualcomm components for Android
@@ -40029,8 +40126,7 @@ CVE-2019-14002 (APKs without proper permission may bind to CallEnhancementServic
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14001
RESERVED
-CVE-2019-14000
- RESERVED
+CVE-2019-14000 (Lack of check that the RX FIFO write index that is read from shared RA ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-13999
RESERVED
@@ -50550,8 +50646,7 @@ CVE-2019-10618 (Driver may access an invalid address while processing IO control
NOT-FOR-US: Snapdragon
CVE-2019-10617 (Low privilege users can access service configuration which contains re ...)
NOT-FOR-US: Qualcomm
-CVE-2019-10616
- RESERVED
+CVE-2019-10616 (Possibility of null pointer access if the SPDM commands are executed i ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10615
RESERVED
@@ -50559,8 +50654,7 @@ CVE-2019-10614 (Out of boundary access is possible as there is no validation of
NOT-FOR-US: Snapdragon
CVE-2019-10613
RESERVED
-CVE-2019-10612
- RESERVED
+CVE-2019-10612 (UTCB object has a function pointer called by the reaper to deallocate ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10611 (Buffer overflow can occur while processing clip due to lack of check o ...)
NOT-FOR-US: Qualcomm components for Android
@@ -50576,11 +50670,9 @@ CVE-2019-10606 (Out-of-bound access will occur in USB driver due to lack of chec
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10605 (Buffer overwrite can occur in IEEE80211 header filling function due to ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10604
- RESERVED
+CVE-2019-10604 (Possibility of heap-buffer-overflow during last iteration of loop whil ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10603
- RESERVED
+CVE-2019-10603 (Use after free issue occurs If the real device interface goes down and ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10602 (Potential use-after-free heap error during Validate/Present calls on d ...)
NOT-FOR-US: Qualcomm components for Android
@@ -50598,16 +50690,13 @@ CVE-2019-10596
RESERVED
CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of validation ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10594
- RESERVED
+CVE-2019-10594 (Stack overflow can occur when SDP is received with multiple payload ty ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10593
- RESERVED
+CVE-2019-10593 (Buffer overflow can occur when processing non standard SDP video Image ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10592 (Possible integer overflow while multiplying two integers of 32 bit in ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10591
- RESERVED
+CVE-2019-10591 (Null pointer dereference can happen when parsing udta atom which is no ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10590 (Out of bound access while parsing dts atom, which is non-standard as i ...)
NOT-FOR-US: Snapdragon
@@ -50615,11 +50704,9 @@ CVE-2019-10589
RESERVED
CVE-2019-10588
RESERVED
-CVE-2019-10587
- RESERVED
+CVE-2019-10587 (Possible Stack overflow can occur when processing a large SDP body or ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10586
- RESERVED
+CVE-2019-10586 (Filling media attribute tag names without validating the destination b ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10585 (Possible integer overflow happens when mmap find function will increme ...)
NOT-FOR-US: Qualcomm components for Android
@@ -50637,8 +50724,7 @@ CVE-2019-10579 (Buffer over-read can occur while playing the video clip which is
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10578 (Null pointer dereference can occur while parsing the clip which is non ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10577
- RESERVED
+CVE-2019-10577 (Improper input validation while processing SIP URI received from the n ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10576
RESERVED
@@ -50654,8 +50740,7 @@ CVE-2019-10571 (Snapshot of IB can lead to invalid address access due to missing
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10570
RESERVED
-CVE-2019-10569
- RESERVED
+CVE-2019-10569 (Stack buffer overflow due to instance id is misplaced inside definitio ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10568
RESERVED
@@ -50685,29 +50770,23 @@ CVE-2019-10556
RESERVED
CVE-2019-10555 (Buffer overflow can occur due to usage of wrong datatype and missing l ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10554
- RESERVED
+CVE-2019-10554 (Multiple Read overflows issue due to improper length check while decod ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10553
- RESERVED
+CVE-2019-10553 (Multiple Read overflows due to improper length checks while decoding a ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10552
- RESERVED
+CVE-2019-10552 (Multiple Buffer Over-read issue can happen due to improper length chec ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10551
RESERVED
-CVE-2019-10550
- RESERVED
+CVE-2019-10550 (Buffer Over-read when UE is trying to process the message received for ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10549
- RESERVED
+CVE-2019-10549 (Null pointer dereference issue can happen due to improper validation o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10548 (While trying to obtain datad ipc handle during DPL initialization, Hea ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10547
RESERVED
-CVE-2019-10546
- RESERVED
+CVE-2019-10546 (Buffer overflow can occur in WLAN firmware while parsing beacon/probe_ ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10545 (Null pointer dereference issue in kernel due to missing check related ...)
NOT-FOR-US: Qualcomm components for Android
@@ -50747,8 +50826,7 @@ CVE-2019-10528 (Use after free issue in kernel while accessing freed mdlog sessi
NOT-FOR-US: Snapdragon
CVE-2019-10527
RESERVED
-CVE-2019-10526
- RESERVED
+CVE-2019-10526 (Out of bound write in WLAN driver due to NULL character not properly p ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10525 (Buffer overflow during SIB read when network configures complete sib l ...)
NOT-FOR-US: Snapdragon
@@ -74354,8 +74432,7 @@ CVE-2019-2319 (HLOS could corrupt CPZ page table memory for S1 managed VMs in Sn
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2318 (Non Secure Kernel can cause Trustzone to do an arbitrary memory read w ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2317
- RESERVED
+CVE-2019-2317 (The secret key used to make the Initial Sequence Number in the TCP SYN ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2316 (When computing the digest a local variable is used after going out of ...)
NOT-FOR-US: Snapdragon
@@ -74367,8 +74444,8 @@ CVE-2019-2313
RESERVED
CVE-2019-2312 (When handling the vendor command there exists a potential buffer overf ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2311
- RESERVED
+CVE-2019-2311 (Possible buffer overflow in WLAN handler due to lack of validation of ...)
+ TODO: check
CVE-2019-2310 (Out of bound read would occur while trying to read action category and ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2309 (While storing calibrated data from firmware in cache, An integer overf ...)
@@ -74389,8 +74466,8 @@ CVE-2019-2302 (While processing vendor command which contains corrupted channel
NOT-FOR-US: Snapdragon
CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not in ran ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2300
- RESERVED
+CVE-2019-2300 (Possible buffer overflow in WLAN handler due to lack of validation of ...)
+ TODO: check
CVE-2019-2299 (An out-of-bound write can be triggered by a specially-crafted command ...)
NOT-FOR-US: Snapdragon
CVE-2019-2298 (Protection is missing while accessing md sessions info via macro which ...)
@@ -89218,14 +89295,14 @@ CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to
NOT-FOR-US: PDF-XChange Editor
CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...)
NOT-FOR-US: MediaComm Zip-n-Go
-CVE-2018-16301 (libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer ov ...)
+CVE-2018-16301
+ REJECTED
- libpcap 1.9.1-1 (bug #941697; unimportant)
[buster] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
[stretch] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
[jessie] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855 (asked upstream for info)
NOTE: rpcapd not built in Debian.
- NOTE: The CVE is likely to be rejected, cf.
NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855#issuecomment-576358104
CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...)
{DSA-4547-1 DLA-1955-1}
@@ -100873,8 +100950,7 @@ CVE-2018-11840 (In all android releases (Android for MSM, Firefox OS for MSM, QR
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11839
RESERVED
-CVE-2018-11838
- RESERVED
+CVE-2018-11838 (Possible double free issue in WLAN due to lack of checking memory free ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11837
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a604b276d017f671a4314edeca07b3d3af6457a5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a604b276d017f671a4314edeca07b3d3af6457a5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200305/9d9a0e0f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list