[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 11 08:10:26 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ab02c34 by security tracker role at 2020-03-11T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-10385 (A stored cross-site scripting (XSS) vulnerability exists in the WPForm ...)
+ TODO: check
+CVE-2020-10384
+ RESERVED
+CVE-2020-10383
+ RESERVED
+CVE-2020-10382
+ RESERVED
+CVE-2020-10381
+ RESERVED
+CVE-2020-10380
+ RESERVED
+CVE-2020-10379
+ RESERVED
+CVE-2020-10378
+ RESERVED
+CVE-2020-10377
+ RESERVED
+CVE-2020-10376
+ RESERVED
+CVE-2020-10375
+ RESERVED
+CVE-2020-10374
+ RESERVED
+CVE-2020-10373
+ RESERVED
+CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...)
+ TODO: check
+CVE-2020-10371
+ RESERVED
CVE-2020-10370
RESERVED
CVE-2020-10369
@@ -2906,8 +2936,8 @@ CVE-2020-9046
RESERVED
CVE-2020-9045
RESERVED
-CVE-2020-9044
- RESERVED
+CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...)
+ TODO: check
CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...)
NOT-FOR-US: wpCentral plugin for WordPress
CVE-2020-9042
@@ -6276,8 +6306,8 @@ CVE-2020-7581
RESERVED
CVE-2020-7580
RESERVED
-CVE-2020-7579
- RESERVED
+CVE-2020-7579 (A vulnerability has been identified in Spectrum Power™ 5 (All ve ...)
+ TODO: check
CVE-2020-7578
RESERVED
CVE-2020-7577
@@ -8922,121 +8952,159 @@ CVE-2020-6421
RESERVED
CVE-2020-6420
RESERVED
+ {DSA-4638-1}
- chromium 80.0.3987.132-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6419
RESERVED
CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...)
+ {DSA-4638-1}
- chromium 80.0.3987.122-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome prior to 80 ...)
- chromium <not-affected> (debian package does not support the chromium installer)
CVE-2020-6416 (Insufficient data validation in streams in Google Chrome prior to 80.0 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6415 (Inappropriate implementation in JavaScript in Google Chrome prior to 8 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6414 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6413 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6412 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6411 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6410 (Insufficient policy enforcement in navigation in Google Chrome prior t ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6409 (Inappropriate implementation in Omnibox in Google Chrome prior to 80.0 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6408 (Insufficient policy enforcement in CORS in Google Chrome prior to 80.0 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6407 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...)
+ {DSA-4638-1}
- chromium 80.0.3987.122-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6406 (Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6405 (Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 al ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6404 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6403 (Incorrect implementation in Omnibox in Google Chrome on iOS prior to 8 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6402 (Insufficient policy enforcement in downloads in Google Chrome on OS X ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6401 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6400 (Inappropriate implementation in CORS in Google Chrome prior to 80.0.39 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6399 (Insufficient policy enforcement in AppCache in Google Chrome prior to ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6398 (Use of uninitialized data in PDFium in Google Chrome prior to 80.0.398 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6397 (Inappropriate implementation in sharing in Google Chrome prior to 80.0 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6396 (Inappropriate implementation in Skia in Google Chrome prior to 80.0.39 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6395 (Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.8 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6394 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6393 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6392 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6391 (Insufficient validation of untrusted input in Blink in Google Chrome p ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6390 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6389 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6388 (Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.8 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6387 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6386 (Use after free in speech in Google Chrome prior to 80.0.3987.116 allow ...)
+ {DSA-4638-1}
- chromium 80.0.3987.116-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6385 (Insufficient policy enforcement in storage in Google Chrome prior to 8 ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6384 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 all ...)
+ {DSA-4638-1}
- chromium 80.0.3987.116-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6383 (Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a ...)
+ {DSA-4638-1}
- chromium 80.0.3987.116-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6382 (Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 al ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6381 (Integer overflow in JavaScript in Google Chrome on ChromeOS and Androi ...)
+ {DSA-4638-1}
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6380 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
@@ -9387,36 +9455,36 @@ CVE-2020-6212
RESERVED
CVE-2020-6211
RESERVED
-CVE-2020-6210
- RESERVED
-CVE-2020-6209
- RESERVED
-CVE-2020-6208
- RESERVED
-CVE-2020-6207
- RESERVED
-CVE-2020-6206
- RESERVED
-CVE-2020-6205
- RESERVED
-CVE-2020-6204
- RESERVED
-CVE-2020-6203
- RESERVED
-CVE-2020-6202
- RESERVED
-CVE-2020-6201
- RESERVED
-CVE-2020-6200
- RESERVED
-CVE-2020-6199
- RESERVED
-CVE-2020-6198
- RESERVED
-CVE-2020-6197
- RESERVED
-CVE-2020-6196
- RESERVED
+CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode ...)
+ TODO: check
+CVE-2020-6209 (SAP Disclosure Management, version 10.1, does not perform necessary au ...)
+ TODO: check
+CVE-2020-6208 (SAP Business Objects Business Intelligence Platform (Crystal Reports), ...)
+ TODO: check
+CVE-2020-6207 (SAP Solution Manager (User Experience Monitoring), version- 7.2, due t ...)
+ TODO: check
+CVE-2020-6206 (SAP Cloud Platform Integration for Data Services, version 1.0, allows ...)
+ TODO: check
+CVE-2020-6205 (SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS v ...)
+ TODO: check
+CVE-2020-6204 (The selection query in SAP Treasury and Risk Management (Transaction M ...)
+ TODO: check
+CVE-2020-6203 (SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7 ...)
+ TODO: check
+CVE-2020-6202 (SAP NetWeaver Application Server Java (User Management Engine), versio ...)
+ TODO: check
+CVE-2020-6201 (The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, ...)
+ TODO: check
+CVE-2020-6200 (The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811 ...)
+ TODO: check
+CVE-2020-6199 (The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EA ...)
+ TODO: check
+CVE-2020-6198 (SAP Solution Manager (Diagnostics Agent), version 720, allows unencryp ...)
+ TODO: check
+CVE-2020-6197 (SAP Enable Now, before version 1908, does not invalidate session token ...)
+ TODO: check
+CVE-2020-6196 (SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an a ...)
+ TODO: check
CVE-2020-6195
RESERVED
CVE-2020-6194
@@ -9451,8 +9519,8 @@ CVE-2020-6180
RESERVED
CVE-2020-6179
RESERVED
-CVE-2020-6178
- RESERVED
+CVE-2020-6178 (SAP Enable Now, before version 1911, sends the Session ID cookie value ...)
+ TODO: check
CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate an XM ...)
NOT-FOR-US: SAP
CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...)
@@ -15192,11 +15260,13 @@ CVE-2019-19927 (In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.gi
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...)
+ {DSA-4638-1}
- sqlite3 <not-affected> (Incomplete fix for CVE-2019-19880 not applied)
NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...)
+ {DSA-4638-1}
- sqlite3 3.30.1+fossil191229-1
[buster] - sqlite3 <no-dsa> (Minor issue)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
@@ -15211,6 +15281,7 @@ CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3
CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...)
+ {DSA-4638-1}
- sqlite3 3.30.1+fossil191229-1
[buster] - sqlite3 <no-dsa> (Minor issue)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
@@ -15596,6 +15667,7 @@ CVE-2019-19882 (shadow 4.8, in certain circumstances affecting at least Gentoo,
CVE-2019-19881
RESERVED
CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers to tr ...)
+ {DSA-4638-1}
- sqlite3 3.30.1+fossil191229-1
[buster] - sqlite3 <not-affected> (Vulnerable code introduced later)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
@@ -21670,26 +21742,26 @@ CVE-2019-19301
RESERVED
CVE-2019-19300
RESERVED
-CVE-2019-19299
- RESERVED
-CVE-2019-19298
- RESERVED
-CVE-2019-19297
- RESERVED
-CVE-2019-19296
- RESERVED
-CVE-2019-19295
- RESERVED
-CVE-2019-19294
- RESERVED
-CVE-2019-19293
- RESERVED
-CVE-2019-19292
- RESERVED
-CVE-2019-19291
- RESERVED
-CVE-2019-19290
- RESERVED
+CVE-2019-19299 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-19298 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-19297 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-19296 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-19295 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-19294 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-19293 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-19292 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-19291 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
+CVE-2019-19290 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+ TODO: check
CVE-2019-19289
RESERVED
CVE-2019-19288
@@ -21704,18 +21776,18 @@ CVE-2019-19284
RESERVED
CVE-2019-19283
RESERVED
-CVE-2019-19282
- RESERVED
-CVE-2019-19281
- RESERVED
+CVE-2019-19282 (A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), ...)
+ TODO: check
+CVE-2019-19281 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
+ TODO: check
CVE-2019-19280
RESERVED
-CVE-2019-19279
- RESERVED
+CVE-2019-19279 (A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact ...)
+ TODO: check
CVE-2019-19278 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 ...)
NOT-FOR-US: SINAMICS
-CVE-2019-19277
- RESERVED
+CVE-2019-19277 (A vulnerability has been identified in SIPORT MP (All versions < 3. ...)
+ TODO: check
CVE-2019-19276
RESERVED
CVE-2019-19275 (typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. ...)
@@ -26600,8 +26672,8 @@ CVE-2019-18338 (A vulnerability has been identified in SiNVR 3 Central Control S
NOT-FOR-US: Siemens
CVE-2019-18337 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
NOT-FOR-US: Siemens
-CVE-2019-18336
- RESERVED
+CVE-2019-18336 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...)
+ TODO: check
CVE-2019-18335 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
NOT-FOR-US: Siemens
CVE-2019-18334 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
@@ -27758,19 +27830,15 @@ CVE-2020-0089
RESERVED
CVE-2020-0088
RESERVED
-CVE-2020-0087
- RESERVED
+CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...)
NOT-FOR-US: Android
CVE-2020-0086
RESERVED
-CVE-2020-0085
- RESERVED
+CVE-2020-0085 (In setBluetoothTethering of PanService.java, there is a possible permi ...)
NOT-FOR-US: Android
-CVE-2020-0084
- RESERVED
+CVE-2020-0084 (In several functions of NotificationManagerService.java, there are mis ...)
NOT-FOR-US: Android
-CVE-2020-0083
- RESERVED
+CVE-2020-0083 (In setRequirePmfInternal of sta_network.cpp, there is a possible defau ...)
NOT-FOR-US: Android
CVE-2020-0082
RESERVED
@@ -27798,15 +27866,13 @@ CVE-2020-0071
RESERVED
CVE-2020-0070
RESERVED
-CVE-2020-0069
- RESERVED
+CVE-2020-0069 (In the ioctl handlers of the Mediatek Command Queue driver, there is a ...)
NOT-FOR-US: Mediatek components for Android
CVE-2020-0068
RESERVED
CVE-2020-0067
RESERVED
-CVE-2020-0066
- RESERVED
+CVE-2020-0066 (In the netlink driver, there is a possible out of bounds write due to ...)
- linux 4.2.5-1
[jessie] - linux 3.16.7-ckt20-1
NOTE: https://git.kernel.org/linus/db65a3aaf29ecce2e34271d52e8d2336b97bd9fe
@@ -27814,114 +27880,81 @@ CVE-2020-0065
RESERVED
CVE-2020-0064
RESERVED
-CVE-2020-0063
- RESERVED
+CVE-2020-0063 (In SurfaceFlinger, it is possible to override UI confirmation screen p ...)
NOT-FOR-US: Android
-CVE-2020-0062
- RESERVED
+CVE-2020-0062 (In Euicc, there is a possible information disclosure due to an include ...)
NOT-FOR-US: Android
-CVE-2020-0061
- RESERVED
+CVE-2020-0061 (In Pixel Recorder, there is a possible permissions bypass allowing arb ...)
NOT-FOR-US: Android
-CVE-2020-0060
- RESERVED
+CVE-2020-0060 (In query of SmsProvider.java and MmsSmsProvider.java, there is a possi ...)
NOT-FOR-US: Android
-CVE-2020-0059
- RESERVED
+CVE-2020-0059 (In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.c ...)
NOT-FOR-US: Android
-CVE-2020-0058
- RESERVED
+CVE-2020-0058 (In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
-CVE-2020-0057
- RESERVED
+CVE-2020-0057 (In btm_process_inq_results of btm_inq.cc, there is a possible out of b ...)
NOT-FOR-US: Android
-CVE-2020-0056
- RESERVED
+CVE-2020-0056 (In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible ou ...)
NOT-FOR-US: Android
-CVE-2020-0055
- RESERVED
+CVE-2020-0055 (In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a poss ...)
NOT-FOR-US: Android
-CVE-2020-0054
- RESERVED
+CVE-2020-0054 (In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java ...)
NOT-FOR-US: Android
-CVE-2020-0053
- RESERVED
+CVE-2020-0053 (In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanD ...)
NOT-FOR-US: Android
-CVE-2020-0052
- RESERVED
+CVE-2020-0052 (In smsSelected of AnswerFragment.java, there is a way to send an SMS f ...)
NOT-FOR-US: Android
-CVE-2020-0051
- RESERVED
+CVE-2020-0051 (In onCreate of SettingsHomepageActivity, there is a possible tapjackin ...)
NOT-FOR-US: Android
-CVE-2020-0050
- RESERVED
+CVE-2020-0050 (In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of b ...)
NOT-FOR-US: Android
-CVE-2020-0049
- RESERVED
+CVE-2020-0049 (In onReadBuffer() of StreamingSource.cpp, there is a possible informat ...)
NOT-FOR-US: Android media framework
-CVE-2020-0048
- RESERVED
+CVE-2020-0048 (In onTransact of IAudioFlinger.cpp, there is a possible stack informat ...)
NOT-FOR-US: Android media framework
-CVE-2020-0047
- RESERVED
+CVE-2020-0047 (In setMasterMute of AudioService.java, there is a missing permission c ...)
NOT-FOR-US: Android media framework
-CVE-2020-0046
- RESERVED
+CVE-2020-0046 (In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible ...)
NOT-FOR-US: Android media framework
-CVE-2020-0045
- RESERVED
+CVE-2020-0045 (In StatsService::command of StatsService.cpp, there is possible memory ...)
NOT-FOR-US: Android
-CVE-2020-0044
- RESERVED
+CVE-2020-0044 (In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds re ...)
NOT-FOR-US: FPC components for Android
-CVE-2020-0043
- RESERVED
+CVE-2020-0043 (In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bou ...)
NOT-FOR-US: FPC components for Android
-CVE-2020-0042
- RESERVED
+CVE-2020-0042 (In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a poss ...)
NOT-FOR-US: FPC components for Android
-CVE-2020-0041
- RESERVED
+CVE-2020-0041 (In binder_transaction of binder.c, there is a possible out of bounds w ...)
- linux 5.4.6-1
NOTE: https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2
CVE-2020-0040
RESERVED
NOTE: Duplicate of CVE-2019-15239, will be rejected
-CVE-2020-0039
- RESERVED
+CVE-2020-0039 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...)
NOT-FOR-US: Android
-CVE-2020-0038
- RESERVED
+CVE-2020-0038 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...)
NOT-FOR-US: Android
-CVE-2020-0037
- RESERVED
+CVE-2020-0037 (In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bo ...)
NOT-FOR-US: Android
-CVE-2020-0036
- RESERVED
+CVE-2020-0036 (In hasPermissions of PermissionMonitor.java, there is a possible acces ...)
NOT-FOR-US: Android
-CVE-2020-0035
- RESERVED
+CVE-2020-0035 (In query of TelephonyProvider.java, there is a possible access to SIM ...)
NOT-FOR-US: Android
-CVE-2020-0034
- RESERVED
+CVE-2020-0034 (In vp8_decode_frame of decodeframe.c, there is a possible out of bound ...)
{DLA-2136-1}
- libvpx 1.7.0-3
[stretch] - libvpx <no-dsa> (Minor issue)
NOTE: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a
-CVE-2020-0033
- RESERVED
+CVE-2020-0033 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...)
NOT-FOR-US: Android media framework
-CVE-2020-0032
- RESERVED
+CVE-2020-0032 (In ih264d_release_display_bufs of ih264d_utils.c, there is a possible ...)
NOT-FOR-US: Android media framework
-CVE-2020-0031
- RESERVED
+CVE-2020-0031 (In triggerAugmentedAutofillLocked and related functions of Session.jav ...)
NOT-FOR-US: Android
CVE-2020-0030 (In binder_thread_release of binder.c, there is a possible use after fr ...)
- linux 4.15.11-1
NOTE: Fixed by: https://git.kernel.org/linus/5eeb2ca02a2f6084fc57ae5c244a38baab07033a
-CVE-2020-0029
- RESERVED
+CVE-2020-0029 (In the WifiConfigManager, there is a possible storage of location hist ...)
NOT-FOR-US: Android
CVE-2020-0028 (In notifyNetworkTested and related functions of NetworkMonitor.java, t ...)
NOT-FOR-US: Android
@@ -27955,14 +27988,11 @@ CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TO
NOT-FOR-US: Android
CVE-2020-0013
RESERVED
-CVE-2020-0012
- RESERVED
+CVE-2020-0012 (In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible ...)
NOT-FOR-US: FPC components for Android
-CVE-2020-0011
- RESERVED
+CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bou ...)
NOT-FOR-US: FPC components for Android
-CVE-2020-0010
- RESERVED
+CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...)
NOT-FOR-US: FPC components for Android
CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...)
- linux <unfixed>
@@ -47274,8 +47304,8 @@ CVE-2019-11940 (In the course of decompressing HPACK inside the HTTP2 protocol,
NOT-FOR-US: Facebook Proxygen
CVE-2019-11939
RESERVED
-CVE-2019-11938
- RESERVED
+CVE-2019-11938 (Java Facebook Thrift servers would not error upon receiving messages d ...)
+ TODO: check
CVE-2019-11937 (In Mcrouter prior to v0.41.0, a large struct input provided to the Car ...)
NOT-FOR-US: mcrouter
NOTE: https://github.com/facebook/mcrouter/releases
@@ -50224,7 +50254,7 @@ CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manag
NOT-FOR-US: Joomla!
CVE-2019-10944
RESERVED
-CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET200SP (incl. SIPLUS v ...)
+CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
NOT-FOR-US: Siemens
CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versions), ...)
NOT-FOR-US: Siemens
@@ -50608,8 +50638,8 @@ CVE-2019-10809
RESERVED
CVE-2019-10808
RESERVED
-CVE-2019-10807
- RESERVED
+CVE-2019-10807 (Blamer versions prior to 1.0.1 allows execution of arbitrary commands. ...)
+ TODO: check
CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object prototype. The ...)
TODO: check
CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A maliciously ...)
@@ -52697,6 +52727,7 @@ CVE-2019-10065 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
- otrs2 <not-affected> (Only affects 7.x series)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-07/
CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and random( ...)
+ {DLA-2138-1}
- wpa 2:2.6-7
NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1
NOTE: Comment from upstream: https://www.openwall.com/lists/oss-security/2020/02/27/2
@@ -60260,8 +60291,8 @@ CVE-2019-7591
RESERVED
CVE-2019-7590 (ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserve ...)
NOT-FOR-US: ExacqVision
-CVE-2019-7589
- RESERVED
+CVE-2019-7589 (A vulnerability with the SmartService API Service option exists whereb ...)
+ TODO: check
CVE-2019-7588 (A vulnerability in the exacqVision Enterprise System Manager (ESM) v5. ...)
NOT-FOR-US: exacqVision Enterprise System Manager
CVE-2019-7587 (Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/co ...)
@@ -62823,8 +62854,8 @@ CVE-2019-6587
RESERVED
CVE-2019-6586
RESERVED
-CVE-2019-6585
- RESERVED
+CVE-2019-6585 (A vulnerability has been identified in SCALANCE S602 (All versions > ...)
+ TODO: check
CVE-2019-6584 (A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0 ...)
NOT-FOR-US: Siemens
CVE-2019-6583
@@ -66490,12 +66521,12 @@ CVE-2019-5170
RESERVED
CVE-2019-5169
RESERVED
-CVE-2019-5168
- RESERVED
-CVE-2019-5167
- RESERVED
-CVE-2019-5166
- RESERVED
+CVE-2019-5168 (An exploitable command injection vulnerability exists in the iocheckd ...)
+ TODO: check
+CVE-2019-5167 (An exploitable command injection vulnerability exists in the iocheckd ...)
+ TODO: check
+CVE-2019-5166 (An exploitable stack buffer overflow vulnerability exists in the ioche ...)
+ TODO: check
CVE-2019-5165 (An exploitable authentication bypass vulnerability exists in the hostn ...)
NOT-FOR-US: Moxa
CVE-2019-5164 (An exploitable code execution vulnerability exists in the ss-manager b ...)
@@ -66514,20 +66545,20 @@ CVE-2019-5163 (An exploitable denial-of-service vulnerability exists in the UDPR
NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2536
CVE-2019-5162 (An exploitable improper access control vulnerability exists in the iw_ ...)
NOT-FOR-US: Moxa
-CVE-2019-5161
- RESERVED
-CVE-2019-5160
- RESERVED
-CVE-2019-5159
- RESERVED
-CVE-2019-5158
- RESERVED
-CVE-2019-5157
- RESERVED
-CVE-2019-5156
- RESERVED
-CVE-2019-5155
- RESERVED
+CVE-2019-5161 (An exploitable remote code execution vulnerability exists in the Cloud ...)
+ TODO: check
+CVE-2019-5160 (An exploitable improper host validation vulnerability exists in the Cl ...)
+ TODO: check
+CVE-2019-5159 (An exploitable improper input validation vulnerability exists in the f ...)
+ TODO: check
+CVE-2019-5158 (An exploitable firmware downgrade vulnerability exists in the firmware ...)
+ TODO: check
+CVE-2019-5157 (An exploitable command injection vulnerability exists in the Cloud Con ...)
+ TODO: check
+CVE-2019-5156 (An exploitable command injection vulnerability exists in the cloud con ...)
+ TODO: check
+CVE-2019-5155 (An exploitable command injection vulnerability exists in the cloud con ...)
+ TODO: check
CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
NOT-FOR-US: LEADTOOLS
CVE-2019-5153 (An exploitable remote code execution vulnerability exists in the iw_we ...)
@@ -66543,8 +66574,8 @@ CVE-2019-5151 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.
NOT-FOR-US: YouPHPTube
CVE-2019-5150 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Wh ...)
NOT-FOR-US: YouPHPTube
-CVE-2019-5149
- RESERVED
+CVE-2019-5149 (The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on ...)
+ TODO: check
CVE-2019-5148 (An exploitable denial-of-service vulnerability exists in ServiceAgent ...)
NOT-FOR-US: Moxa
CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
@@ -66571,10 +66602,10 @@ CVE-2019-5137 (The usage of hard-coded cryptographic keys within the ServiceAgen
NOT-FOR-US: Moxa
CVE-2019-5136 (An exploitable privilege escalation vulnerability exists in the iw_con ...)
NOT-FOR-US: Moxa
-CVE-2019-5135
- RESERVED
-CVE-2019-5134
- RESERVED
+CVE-2019-5135 (An exploitable timing discrepancy vulnerability exists in the authenti ...)
+ TODO: check
+CVE-2019-5134 (An exploitable regular expression without anchors vulnerability exists ...)
+ TODO: check
CVE-2019-5133 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
NOT-FOR-US: ImageGear
CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
@@ -66630,10 +66661,10 @@ CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the Linu
[buster] - linux 4.19.98-1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
NOTE: https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
-CVE-2019-5107
- RESERVED
-CVE-2019-5106
- RESERVED
+CVE-2019-5107 (A cleartext transmission vulnerability exists in the network communica ...)
+ TODO: check
+CVE-2019-5106 (A hard-coded encryption key vulnerability exists in the authentication ...)
+ TODO: check
CVE-2019-5105
RESERVED
CVE-2019-5104
@@ -70201,8 +70232,8 @@ CVE-2019-3555
RESERVED
CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when acceptin ...)
NOT-FOR-US: Facebook Wangle
-CVE-2019-3553
- RESERVED
+CVE-2019-3553 (C++ Facebook Thrift servers would not error upon receiving messages de ...)
+ TODO: check
CVE-2019-3552 (C++ Facebook Thrift servers (using cpp2) would not error upon receivin ...)
NOT-FOR-US: Thrift servers
CVE-2019-3551
@@ -187709,9 +187740,9 @@ CVE-2016-9161
REJECTED
CVE-2016-9160 (A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC Wi ...)
NOT-FOR-US: Siemens SIMATIC WinCC
-CVE-2016-9159 (A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMA ...)
+CVE-2016-9159 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All ...)
NOT-FOR-US: Siemens SIMATIC
-CVE-2016-9158 (A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMA ...)
+CVE-2016-9158 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All ...)
NOT-FOR-US: Siemens SIMATIC
CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...)
NOT-FOR-US: Siemens SICAM PAS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab02c349d26a1bd74c74b59521f7b93c0df88f6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab02c349d26a1bd74c74b59521f7b93c0df88f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200311/f621f9e1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list