[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 13 08:10:28 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
267dd028 by security tracker role at 2020-03-13T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,22 @@
-CVE-2020-10535
+CVE-2020-10543
+ RESERVED
+CVE-2020-10542
+ RESERVED
+CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code executi ...)
+ TODO: check
+CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...)
+ TODO: check
+CVE-2020-10539
+ RESERVED
+CVE-2020-10538
+ RESERVED
+CVE-2020-10537
+ RESERVED
+CVE-2020-10536
+ RESERVED
+CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...)
+ TODO: check
+CVE-2020-10535 (GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote at ...)
- gitlab <not-affected> (Only affects Gitlab 12.8.x)
NOTE: https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/
CVE-2020-10533
@@ -742,10 +760,12 @@ CVE-2020-10187
CVE-2020-10186
RESERVED
CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...)
+ {DLA-2141-1}
- yubikey-val <removed>
NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/
NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286
CVE-2020-10184 (The verify endpoint in YubiKey Validation Server before 2.40 does not ...)
+ {DLA-2141-1}
- yubikey-val <removed>
NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/
NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286
@@ -1582,7 +1602,7 @@ CVE-2020-10020
REJECTED
CVE-2020-10019
RESERVED
-CVE-2020-10018 (accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK throug ...)
+CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the ...)
- webkit2gtk 2.28.0-2
[buster] - webkit2gtk <postponed> (Hold back until next update round)
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -3208,8 +3228,8 @@ CVE-2020-9066
RESERVED
CVE-2020-9065
RESERVED
-CVE-2020-9064
- RESERVED
+CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...)
+ TODO: check
CVE-2020-9063
RESERVED
CVE-2020-9062
@@ -4588,8 +4608,8 @@ CVE-2020-8471
RESERVED
CVE-2020-8470
RESERVED
-CVE-2020-8469
- RESERVED
+CVE-2020-8469 (Trend Micro Password Manager for Windows version 5.0 is affected by a ...)
+ TODO: check
CVE-2020-8468
RESERVED
CVE-2020-8467
@@ -6572,8 +6592,8 @@ CVE-2020-7602
RESERVED
CVE-2020-7601
RESERVED
-CVE-2020-7600
- RESERVED
+CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object properties. The ...)
+ TODO: check
CVE-2020-7599
RESERVED
CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying proper ...)
@@ -8790,8 +8810,8 @@ CVE-2020-6645
RESERVED
CVE-2020-6644
RESERVED
-CVE-2020-6643
- RESERVED
+CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...)
+ TODO: check
CVE-2020-6642
RESERVED
CVE-2020-6641
@@ -10309,12 +10329,12 @@ CVE-2020-5963
RESERVED
CVE-2020-5962
RESERVED
-CVE-2020-5961
- RESERVED
-CVE-2020-5960
- RESERVED
-CVE-2020-5959
- RESERVED
+CVE-2020-5961 (NVIDIA vGPU graphics driver for guest OS contains a vulnerability in w ...)
+ TODO: check
+CVE-2020-5960 (NVIDIA Virtual GPU Manager contains a vulnerability in the kernel modu ...)
+ TODO: check
+CVE-2020-5959 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...)
+ TODO: check
CVE-2020-5958 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
TODO: check
CVE-2020-5957 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
@@ -21036,8 +21056,8 @@ CVE-2020-1889
RESERVED
CVE-2020-1888 (Insufficient boundary checks when decoding JSON in handleBackslash rea ...)
- hhvm <removed>
-CVE-2020-1887
- RESERVED
+CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions after ...)
+ TODO: check
CVE-2020-1886
RESERVED
CVE-2020-1885
@@ -21197,8 +21217,8 @@ CVE-2020-1865
RESERVED
CVE-2020-1864
RESERVED
-CVE-2020-1863
- RESERVED
+CVE-2020-1863 (Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, an ...)
+ TODO: check
CVE-2020-1862
RESERVED
CVE-2020-1861 (CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700 ...)
@@ -26221,8 +26241,8 @@ CVE-2020-0585
RESERVED
CVE-2020-0584
RESERVED
-CVE-2020-0583
- RESERVED
+CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart Sound Tech ...)
+ TODO: check
CVE-2020-0582
RESERVED
CVE-2020-0581
@@ -26239,8 +26259,8 @@ CVE-2020-0576
RESERVED
CVE-2020-0575
RESERVED
-CVE-2020-0574
- RESERVED
+CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...)
+ TODO: check
CVE-2020-0573
RESERVED
CVE-2020-0572
@@ -26264,12 +26284,12 @@ CVE-2020-0569
NOTE: Patch for 5.0.0 through 5.5.1: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d
CVE-2020-0568
RESERVED
-CVE-2020-0567
- RESERVED
+CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before version ...)
+ TODO: check
CVE-2020-0566
RESERVED
-CVE-2020-0565
- RESERVED
+CVE-2020-0565 (Uncontrolled search path in Intel(R) Graphics Drivers before version 2 ...)
+ TODO: check
CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for Windows be ...)
NOT-FOR-US: Intel
CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before version ...)
@@ -26286,8 +26306,8 @@ CVE-2020-0558
RESERVED
CVE-2020-0557
RESERVED
-CVE-2020-0556
- RESERVED
+CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.53 may ...)
+ TODO: check
CVE-2020-0555
RESERVED
CVE-2020-0554
@@ -26296,8 +26316,7 @@ CVE-2020-0553
RESERVED
CVE-2020-0552
RESERVED
-CVE-2020-0551 [Load Value Injection]
- RESERVED
+CVE-2020-0551 (Load value injection in some Intel(R) Processors utilizing speculative ...)
NOTE: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection
NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
NOTE: https://xenbits.xen.org/xsa/advisory-315.html
@@ -26306,8 +26325,7 @@ CVE-2020-0551 [Load Value Injection]
NOTE: binutils/toolchain updates will include a patch that optionally emits lfence
NOTE: instructions in problematic situations (but have performance impact), cf.
NOTE: https://sourceware.org/pipermail/binutils/2020-March/110175.html
-CVE-2020-0550 [Snoop-Assisted L1D Sampling]
- RESERVED
+CVE-2020-0550 (Improper data forwarding in some data cache for some Intel(R) Processo ...)
NOTE: Intel is (currently) no planning to release microcode updates to mitigate issue.
NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
NOTE: https://software.intel.com/security-software-guidance/insights/processors-affected-snoop-assisted-l1-data-sampling
@@ -26328,8 +26346,8 @@ CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authentic
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
CVE-2020-0547
RESERVED
-CVE-2020-0546
- RESERVED
+CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Modu ...)
+ TODO: check
CVE-2020-0545
RESERVED
CVE-2020-0544
@@ -26360,16 +26378,16 @@ CVE-2020-0532
RESERVED
CVE-2020-0531
RESERVED
-CVE-2020-0530
- RESERVED
+CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may allow an ...)
+ TODO: check
CVE-2020-0529
RESERVED
CVE-2020-0528
RESERVED
CVE-2020-0527
RESERVED
-CVE-2020-0526
- RESERVED
+CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...)
+ TODO: check
CVE-2020-0525
RESERVED
CVE-2020-0524
@@ -26380,32 +26398,32 @@ CVE-2020-0522
RESERVED
CVE-2020-0521
RESERVED
-CVE-2020-0520
- RESERVED
-CVE-2020-0519
- RESERVED
+CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...)
+ TODO: check
+CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions ...)
+ TODO: check
CVE-2020-0518
RESERVED
-CVE-2020-0517
- RESERVED
-CVE-2020-0516
- RESERVED
-CVE-2020-0515
- RESERVED
-CVE-2020-0514
- RESERVED
+CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...)
+ TODO: check
+CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before version 26 ...)
+ TODO: check
+CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) Graphic ...)
+ TODO: check
+CVE-2020-0514 (Improper default permissions in the installer for Intel(R) Graphics Dr ...)
+ TODO: check
CVE-2020-0513
RESERVED
CVE-2020-0512
RESERVED
-CVE-2020-0511
- RESERVED
+CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics Drivers befo ...)
+ TODO: check
CVE-2020-0510
RESERVED
CVE-2020-0509
RESERVED
-CVE-2020-0508
- RESERVED
+CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...)
+ TODO: check
CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before versions 15. ...)
TODO: check
CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before versions 1 ...)
@@ -29403,8 +29421,8 @@ CVE-2019-17660 (A cross-site scripting (XSS) vulnerability in admin/translate/tr
- limesurvey <itp> (bug #472802)
CVE-2019-17659
RESERVED
-CVE-2019-17658
- RESERVED
+CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient FortiTray co ...)
+ TODO: check
CVE-2019-17657
RESERVED
CVE-2019-17656
@@ -29413,8 +29431,8 @@ CVE-2019-17655
RESERVED
CVE-2019-17654
RESERVED
-CVE-2019-17653
- RESERVED
+CVE-2019-17653 (A Cross-Site Request Forgery (CSRF) vulnerability in the user interfac ...)
+ TODO: check
CVE-2019-17652 (A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 a ...)
NOT-FOR-US: Fortiguard FortiClient
CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the description a ...)
@@ -33795,8 +33813,8 @@ CVE-2019-16158
RESERVED
CVE-2019-16157
RESERVED
-CVE-2019-16156
- RESERVED
+CVE-2019-16156 (An Improper Neutralization of Input vulnerability in the Anomaly Detec ...)
+ TODO: check
CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...)
NOT-FOR-US: Fortiguard FortiClient
CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...)
@@ -46759,8 +46777,8 @@ CVE-2019-12280 (PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Ele
NOT-FOR-US: PC-Doctor Toolbox
CVE-2019-12279 (** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the username p ...)
NOT-FOR-US: Nagios XI
-CVE-2019-12278
- RESERVED
+CVE-2019-12278 (Opera through 53 on Android allows Address Bar Spoofing. Characters fr ...)
+ TODO: check
CVE-2019-12277 (Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as de ...)
NOT-FOR-US: Blogifier
CVE-2019-12276 (A Path Traversal vulnerability in Controllers/LetsEncryptController.cs ...)
@@ -49449,8 +49467,8 @@ CVE-2019-11356 (The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 a
- cyrus-imapd 3.0.8-6
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1717828
NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/a5779db8163b99463e25e7c476f9cbba438b65f3
-CVE-2019-11355
- RESERVED
+CVE-2019-11355 (An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A featu ...)
+ TODO: check
CVE-2019-11354 (The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows te ...)
NOT-FOR-US: client in Electronic Arts (EA) Origin on Windows
CVE-2019-11353 (The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker ...)
@@ -49480,8 +49498,8 @@ CVE-2019-11345 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN C
NOT-FOR-US: Citrix
CVE-2019-11344 (data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute a ...)
NOT-FOR-US: Pluck CMS
-CVE-2019-11343
- RESERVED
+CVE-2019-11343 (Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBu ...)
+ TODO: check
CVE-2019-11342
RESERVED
CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical access can ...)
@@ -71060,8 +71078,8 @@ CVE-2018-20588 (lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.
CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0. ...)
- bitcoin <unfixed>
NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587
-CVE-2018-20586
- RESERVED
+CVE-2018-20586 (bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary d ...)
+ TODO: check
CVE-2018-20585
RESERVED
CVE-2018-20584 (JasPer 2.0.14 allows remote attackers to cause a denial of service (ap ...)
@@ -81149,8 +81167,7 @@ CVE-2018-19519 (In tcpdump 4.9.2, a stack-based buffer over-read exists in the p
NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/763
NOTE: https://github.com/zyingp/temp/blob/master/tcpdump.md
NOTE: Crash in CLI tool, no security impact
-CVE-2018-19516
- RESERVED
+CVE-2018-19516 (messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE App ...)
- kf5-messagelib 4:18.08.3-2 (bug #915039)
[stretch] - kf5-messagelib <no-dsa> (Minor issue)
NOTE: https://www.kde.org/info/security/advisory-20181128-1.txt
@@ -83391,8 +83408,8 @@ CVE-2018-18808 (The domain management component of TIBCO Software Inc.'s TIBCO J
NOT-FOR-US: TIBCO
CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO Softwar ...)
NOT-FOR-US: TIBCO
-CVE-2017-18350
- RESERVED
+CVE-2017-18350 (bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer over ...)
+ TODO: check
CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of service (Me ...)
{DLA-1596-1}
- squid 4.4-1 (low; bug #912294)
@@ -105317,8 +105334,8 @@ CVE-2018-10706 (An integer overflow in the transferMulti function of a smart con
NOT-FOR-US: Social Chain
CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), an Ethe ...)
NOT-FOR-US: Aurora DAD
-CVE-2018-10704
- RESERVED
+CVE-2018-10704 (yidashi yii2cmf 2.0 has XSS via the /search q parameter. ...)
+ TODO: check
CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
NOT-FOR-US: Moxa
CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
@@ -231932,8 +231949,8 @@ CVE-2015-3643 (usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before
NOT-FOR-US: usb-creator
CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler Applicat ...)
NOT-FOR-US: Citrix
-CVE-2015-3641
- RESERVED
+CVE-2015-3641 (bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a den ...)
+ TODO: check
CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the "." charac ...)
NOT-FOR-US: phpMyBackupPro
CVE-2015-3639 (phpMyBackupPro 2.5 and earlier does not properly sanitize input string ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/267dd02861c24f0db57d886c4f43f6e34830403d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/267dd02861c24f0db57d886c4f43f6e34830403d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200313/d178e48c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list