[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 31 21:10:30 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c5efe88 by security tracker role at 2020-03-31T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,662 @@
-CVE-2020-5291 [bubblewrap priv escalation]
+CVE-2020-11442
+ RESERVED
+CVE-2020-11441 (phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astrin ...)
+ TODO: check
+CVE-2020-11440
+ RESERVED
+CVE-2020-11439
+ RESERVED
+CVE-2020-11438
+ RESERVED
+CVE-2020-11437
+ RESERVED
+CVE-2020-11436
+ RESERVED
+CVE-2020-11435
+ RESERVED
+CVE-2020-11434
+ RESERVED
+CVE-2020-11433
+ RESERVED
+CVE-2020-11432
+ RESERVED
+CVE-2020-11431
+ RESERVED
+CVE-2020-11430
+ RESERVED
+CVE-2020-11429
+ RESERVED
+CVE-2020-11428
+ RESERVED
+CVE-2020-11427
+ RESERVED
+CVE-2020-11426
+ RESERVED
+CVE-2020-11425
+ RESERVED
+CVE-2020-11424
+ RESERVED
+CVE-2020-11423
+ RESERVED
+CVE-2020-11422
+ RESERVED
+CVE-2020-11421
+ RESERVED
+CVE-2020-11420
+ RESERVED
+CVE-2020-11419
+ RESERVED
+CVE-2020-11418
+ RESERVED
+CVE-2020-11417
+ RESERVED
+CVE-2020-11416
+ RESERVED
+CVE-2020-11415
+ RESERVED
+CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...)
+ TODO: check
+CVE-2020-11413
+ RESERVED
+CVE-2020-11412
+ RESERVED
+CVE-2020-11411
+ RESERVED
+CVE-2020-11410
+ RESERVED
+CVE-2020-11409
+ RESERVED
+CVE-2020-11408
+ RESERVED
+CVE-2020-11407
+ RESERVED
+CVE-2020-11406
+ RESERVED
+CVE-2020-11405
+ RESERVED
+CVE-2020-11404
+ RESERVED
+CVE-2020-11403
+ RESERVED
+CVE-2020-11402
+ RESERVED
+CVE-2020-11401
+ RESERVED
+CVE-2020-11400
+ RESERVED
+CVE-2020-11399
+ RESERVED
+CVE-2020-11398
+ RESERVED
+CVE-2020-11397
+ RESERVED
+CVE-2020-11396
+ RESERVED
+CVE-2020-11395
+ RESERVED
+CVE-2020-11394
+ RESERVED
+CVE-2020-11393
+ RESERVED
+CVE-2020-11392
+ RESERVED
+CVE-2020-11391
+ RESERVED
+CVE-2020-11390
+ RESERVED
+CVE-2020-11389
+ RESERVED
+CVE-2020-11388
+ RESERVED
+CVE-2020-11387
+ RESERVED
+CVE-2020-11386
+ RESERVED
+CVE-2020-11385
+ RESERVED
+CVE-2020-11384
+ RESERVED
+CVE-2020-11383
+ RESERVED
+CVE-2020-11382
+ RESERVED
+CVE-2020-11381
+ RESERVED
+CVE-2020-11380
+ RESERVED
+CVE-2020-11379
+ RESERVED
+CVE-2020-11378
+ RESERVED
+CVE-2020-11377
+ RESERVED
+CVE-2020-11376
+ RESERVED
+CVE-2020-11375
+ RESERVED
+CVE-2020-11374
+ RESERVED
+CVE-2020-11373
+ RESERVED
+CVE-2020-11372
+ RESERVED
+CVE-2020-11371
+ RESERVED
+CVE-2020-11370
+ RESERVED
+CVE-2020-11369
+ RESERVED
+CVE-2020-11368
+ RESERVED
+CVE-2020-11367
+ RESERVED
+CVE-2020-11366
+ RESERVED
+CVE-2020-11365
+ RESERVED
+CVE-2020-11364
+ RESERVED
+CVE-2020-11363
+ RESERVED
+CVE-2020-11362
+ RESERVED
+CVE-2020-11361
+ RESERVED
+CVE-2020-11360
+ RESERVED
+CVE-2020-11359
+ RESERVED
+CVE-2020-11358
+ RESERVED
+CVE-2020-11357
+ RESERVED
+CVE-2020-11356
+ RESERVED
+CVE-2020-11355
+ RESERVED
+CVE-2020-11354
+ RESERVED
+CVE-2020-11353
+ RESERVED
+CVE-2020-11352
+ RESERVED
+CVE-2020-11351
+ RESERVED
+CVE-2020-11350
+ RESERVED
+CVE-2020-11349
+ RESERVED
+CVE-2020-11348
+ RESERVED
+CVE-2020-11347
+ RESERVED
+CVE-2020-11346
+ RESERVED
+CVE-2020-11345
+ RESERVED
+CVE-2020-11344
+ RESERVED
+CVE-2020-11343
+ RESERVED
+CVE-2020-11342
+ RESERVED
+CVE-2020-11341
+ RESERVED
+CVE-2020-11340
+ RESERVED
+CVE-2020-11339
+ RESERVED
+CVE-2020-11338
+ RESERVED
+CVE-2020-11337
+ RESERVED
+CVE-2020-11336
+ RESERVED
+CVE-2020-11335
+ RESERVED
+CVE-2020-11334
+ RESERVED
+CVE-2020-11333
+ RESERVED
+CVE-2020-11332
+ RESERVED
+CVE-2020-11331
+ RESERVED
+CVE-2020-11330
+ RESERVED
+CVE-2020-11329
+ RESERVED
+CVE-2020-11328
+ RESERVED
+CVE-2020-11327
+ RESERVED
+CVE-2020-11326
+ RESERVED
+CVE-2020-11325
+ RESERVED
+CVE-2020-11324
+ RESERVED
+CVE-2020-11323
+ RESERVED
+CVE-2020-11322
+ RESERVED
+CVE-2020-11321
+ RESERVED
+CVE-2020-11320
+ RESERVED
+CVE-2020-11319
+ RESERVED
+CVE-2020-11318
+ RESERVED
+CVE-2020-11317
+ RESERVED
+CVE-2020-11316
+ RESERVED
+CVE-2020-11315
+ RESERVED
+CVE-2020-11314
+ RESERVED
+CVE-2020-11313
+ RESERVED
+CVE-2020-11312
+ RESERVED
+CVE-2020-11311
+ RESERVED
+CVE-2020-11310
+ RESERVED
+CVE-2020-11309
+ RESERVED
+CVE-2020-11308
+ RESERVED
+CVE-2020-11307
+ RESERVED
+CVE-2020-11306
+ RESERVED
+CVE-2020-11305
+ RESERVED
+CVE-2020-11304
+ RESERVED
+CVE-2020-11303
+ RESERVED
+CVE-2020-11302
+ RESERVED
+CVE-2020-11301
+ RESERVED
+CVE-2020-11300
+ RESERVED
+CVE-2020-11299
+ RESERVED
+CVE-2020-11298
+ RESERVED
+CVE-2020-11297
+ RESERVED
+CVE-2020-11296
+ RESERVED
+CVE-2020-11295
+ RESERVED
+CVE-2020-11294
+ RESERVED
+CVE-2020-11293
+ RESERVED
+CVE-2020-11292
+ RESERVED
+CVE-2020-11291
+ RESERVED
+CVE-2020-11290
+ RESERVED
+CVE-2020-11289
+ RESERVED
+CVE-2020-11288
+ RESERVED
+CVE-2020-11287
+ RESERVED
+CVE-2020-11286
+ RESERVED
+CVE-2020-11285
+ RESERVED
+CVE-2020-11284
+ RESERVED
+CVE-2020-11283
+ RESERVED
+CVE-2020-11282
+ RESERVED
+CVE-2020-11281
+ RESERVED
+CVE-2020-11280
+ RESERVED
+CVE-2020-11279
+ RESERVED
+CVE-2020-11278
+ RESERVED
+CVE-2020-11277
+ RESERVED
+CVE-2020-11276
+ RESERVED
+CVE-2020-11275
+ RESERVED
+CVE-2020-11274
+ RESERVED
+CVE-2020-11273
+ RESERVED
+CVE-2020-11272
+ RESERVED
+CVE-2020-11271
+ RESERVED
+CVE-2020-11270
+ RESERVED
+CVE-2020-11269
+ RESERVED
+CVE-2020-11268
+ RESERVED
+CVE-2020-11267
+ RESERVED
+CVE-2020-11266
+ RESERVED
+CVE-2020-11265
+ RESERVED
+CVE-2020-11264
+ RESERVED
+CVE-2020-11263
+ RESERVED
+CVE-2020-11262
+ RESERVED
+CVE-2020-11261
+ RESERVED
+CVE-2020-11260
+ RESERVED
+CVE-2020-11259
+ RESERVED
+CVE-2020-11258
+ RESERVED
+CVE-2020-11257
+ RESERVED
+CVE-2020-11256
+ RESERVED
+CVE-2020-11255
+ RESERVED
+CVE-2020-11254
+ RESERVED
+CVE-2020-11253
+ RESERVED
+CVE-2020-11252
+ RESERVED
+CVE-2020-11251
+ RESERVED
+CVE-2020-11250
+ RESERVED
+CVE-2020-11249
+ RESERVED
+CVE-2020-11248
+ RESERVED
+CVE-2020-11247
+ RESERVED
+CVE-2020-11246
+ RESERVED
+CVE-2020-11245
+ RESERVED
+CVE-2020-11244
+ RESERVED
+CVE-2020-11243
+ RESERVED
+CVE-2020-11242
+ RESERVED
+CVE-2020-11241
+ RESERVED
+CVE-2020-11240
+ RESERVED
+CVE-2020-11239
+ RESERVED
+CVE-2020-11238
+ RESERVED
+CVE-2020-11237
+ RESERVED
+CVE-2020-11236
+ RESERVED
+CVE-2020-11235
+ RESERVED
+CVE-2020-11234
+ RESERVED
+CVE-2020-11233
+ RESERVED
+CVE-2020-11232
+ RESERVED
+CVE-2020-11231
+ RESERVED
+CVE-2020-11230
+ RESERVED
+CVE-2020-11229
+ RESERVED
+CVE-2020-11228
+ RESERVED
+CVE-2020-11227
+ RESERVED
+CVE-2020-11226
+ RESERVED
+CVE-2020-11225
+ RESERVED
+CVE-2020-11224
+ RESERVED
+CVE-2020-11223
+ RESERVED
+CVE-2020-11222
+ RESERVED
+CVE-2020-11221
+ RESERVED
+CVE-2020-11220
+ RESERVED
+CVE-2020-11219
+ RESERVED
+CVE-2020-11218
+ RESERVED
+CVE-2020-11217
+ RESERVED
+CVE-2020-11216
+ RESERVED
+CVE-2020-11215
+ RESERVED
+CVE-2020-11214
+ RESERVED
+CVE-2020-11213
+ RESERVED
+CVE-2020-11212
+ RESERVED
+CVE-2020-11211
+ RESERVED
+CVE-2020-11210
+ RESERVED
+CVE-2020-11209
+ RESERVED
+CVE-2020-11208
+ RESERVED
+CVE-2020-11207
+ RESERVED
+CVE-2020-11206
+ RESERVED
+CVE-2020-11205
+ RESERVED
+CVE-2020-11204
+ RESERVED
+CVE-2020-11203
+ RESERVED
+CVE-2020-11202
+ RESERVED
+CVE-2020-11201
+ RESERVED
+CVE-2020-11200
+ RESERVED
+CVE-2020-11199
+ RESERVED
+CVE-2020-11198
+ RESERVED
+CVE-2020-11197
+ RESERVED
+CVE-2020-11196
+ RESERVED
+CVE-2020-11195
+ RESERVED
+CVE-2020-11194
+ RESERVED
+CVE-2020-11193
+ RESERVED
+CVE-2020-11192
+ RESERVED
+CVE-2020-11191
+ RESERVED
+CVE-2020-11190
+ RESERVED
+CVE-2020-11189
+ RESERVED
+CVE-2020-11188
+ RESERVED
+CVE-2020-11187
+ RESERVED
+CVE-2020-11186
+ RESERVED
+CVE-2020-11185
+ RESERVED
+CVE-2020-11184
+ RESERVED
+CVE-2020-11183
+ RESERVED
+CVE-2020-11182
+ RESERVED
+CVE-2020-11181
+ RESERVED
+CVE-2020-11180
+ RESERVED
+CVE-2020-11179
+ RESERVED
+CVE-2020-11178
+ RESERVED
+CVE-2020-11177
+ RESERVED
+CVE-2020-11176
+ RESERVED
+CVE-2020-11175
+ RESERVED
+CVE-2020-11174
+ RESERVED
+CVE-2020-11173
+ RESERVED
+CVE-2020-11172
+ RESERVED
+CVE-2020-11171
+ RESERVED
+CVE-2020-11170
+ RESERVED
+CVE-2020-11169
+ RESERVED
+CVE-2020-11168
+ RESERVED
+CVE-2020-11167
+ RESERVED
+CVE-2020-11166
+ RESERVED
+CVE-2020-11165
+ RESERVED
+CVE-2020-11164
+ RESERVED
+CVE-2020-11163
+ RESERVED
+CVE-2020-11162
+ RESERVED
+CVE-2020-11161
+ RESERVED
+CVE-2020-11160
+ RESERVED
+CVE-2020-11159
+ RESERVED
+CVE-2020-11158
+ RESERVED
+CVE-2020-11157
+ RESERVED
+CVE-2020-11156
+ RESERVED
+CVE-2020-11155
+ RESERVED
+CVE-2020-11154
+ RESERVED
+CVE-2020-11153
+ RESERVED
+CVE-2020-11152
+ RESERVED
+CVE-2020-11151
+ RESERVED
+CVE-2020-11150
+ RESERVED
+CVE-2020-11149
+ RESERVED
+CVE-2020-11148
+ RESERVED
+CVE-2020-11147
+ RESERVED
+CVE-2020-11146
+ RESERVED
+CVE-2020-11145
+ RESERVED
+CVE-2020-11144
+ RESERVED
+CVE-2020-11143
+ RESERVED
+CVE-2020-11142
+ RESERVED
+CVE-2020-11141
+ RESERVED
+CVE-2020-11140
+ RESERVED
+CVE-2020-11139
+ RESERVED
+CVE-2020-11138
+ RESERVED
+CVE-2020-11137
+ RESERVED
+CVE-2020-11136
+ RESERVED
+CVE-2020-11135
+ RESERVED
+CVE-2020-11134
+ RESERVED
+CVE-2020-11133
+ RESERVED
+CVE-2020-11132
+ RESERVED
+CVE-2020-11131
+ RESERVED
+CVE-2020-11130
+ RESERVED
+CVE-2020-11129
+ RESERVED
+CVE-2020-11128
+ RESERVED
+CVE-2020-11127
+ RESERVED
+CVE-2020-11126
+ RESERVED
+CVE-2020-11125
+ RESERVED
+CVE-2020-11124
+ RESERVED
+CVE-2020-11123
+ RESERVED
+CVE-2020-11122
+ RESERVED
+CVE-2020-11121
+ RESERVED
+CVE-2020-11120
+ RESERVED
+CVE-2020-11119
+ RESERVED
+CVE-2020-11118
+ RESERVED
+CVE-2020-11117
+ RESERVED
+CVE-2020-11116
+ RESERVED
+CVE-2020-11115
+ RESERVED
+CVE-2020-11114
+ RESERVED
+CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...)
- bubblewrap 0.4.1-1 (low)
[buster] - bubblewrap <not-affected> (Introduced in 0.4.0)
[stretch] - bubblewrap <not-affected> (Introduced in 0.4.0)
@@ -1400,8 +2058,8 @@ CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XS
NOT-FOR-US: OpenCart
CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...)
NOT-FOR-US: Subrion CMS
-CVE-2020-10595
- RESERVED
+CVE-2020-10595 (pam-krb5 before 4.9 has a buffer overflow that might cause remote code ...)
+ {DSA-4648-1}
- libpam-krb5 4.9-1
NOTE: https://www.openwall.com/lists/oss-security/2020/03/31/1
CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
@@ -9592,8 +10250,8 @@ CVE-2020-7011
RESERVED
CVE-2020-7010
RESERVED
-CVE-2020-7009
- RESERVED
+CVE-2020-7009 (Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain ...)
+ TODO: check
CVE-2020-7008
RESERVED
CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker ...)
@@ -11918,8 +12576,8 @@ CVE-2020-6010
RESERVED
CVE-2020-6009
RESERVED
-CVE-2020-6008
- RESERVED
+CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbi ...)
+ TODO: check
CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...)
NOT-FOR-US: Philips Hue Bridge model
CVE-2020-6006
@@ -13457,8 +14115,8 @@ CVE-2020-5294
RESERVED
CVE-2020-5293
RESERVED
-CVE-2020-5292
- RESERVED
+CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vuln ...)
+ TODO: check
CVE-2020-5290
RESERVED
CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and ...)
@@ -16102,22 +16760,22 @@ CVE-2020-4244
RESERVED
CVE-2020-4243
RESERVED
-CVE-2020-4242
- RESERVED
-CVE-2020-4241
- RESERVED
-CVE-2020-4240
- RESERVED
-CVE-2020-4239
- RESERVED
-CVE-2020-4238
- RESERVED
-CVE-2020-4237
- RESERVED
-CVE-2020-4236
- RESERVED
-CVE-2020-4235
- RESERVED
+CVE-2020-4242 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
+ TODO: check
+CVE-2020-4241 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
+ TODO: check
+CVE-2020-4240 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
+ TODO: check
+CVE-2020-4239 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remot ...)
+ TODO: check
+CVE-2020-4238 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
+ TODO: check
+CVE-2020-4237 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
+ TODO: check
+CVE-2020-4236 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an auth ...)
+ TODO: check
+CVE-2020-4235 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
+ TODO: check
CVE-2020-4234
RESERVED
CVE-2020-4233
@@ -16158,8 +16816,8 @@ CVE-2020-4216
RESERVED
CVE-2020-4215
RESERVED
-CVE-2020-4214
- RESERVED
+CVE-2020-4214 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
+ TODO: check
CVE-2020-4213 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
NOT-FOR-US: IBM
CVE-2020-4212 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
@@ -16170,12 +16828,12 @@ CVE-2020-4210 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote
NOT-FOR-US: IBM
CVE-2020-4209
RESERVED
-CVE-2020-4208
- RESERVED
+CVE-2020-4208 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded cr ...)
+ TODO: check
CVE-2020-4207 (IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 ...)
NOT-FOR-US: IBM
-CVE-2020-4206
- RESERVED
+CVE-2020-4206 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
+ TODO: check
CVE-2020-4205 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an aut ...)
NOT-FOR-US: IBM
CVE-2020-4204 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
@@ -23584,8 +24242,7 @@ CVE-2020-1714
RESERVED
CVE-2020-1713
RESERVED
-CVE-2020-1712 [heap use-after-free vulnerability]
- RESERVED
+CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before versio ...)
- systemd 244.2-1 (bug #950732)
[jessie] - systemd <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation)
@@ -39521,8 +40178,7 @@ CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 an
NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html
CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did not fix ...)
NOT-FOR-US: Specific CVE assignment for incorrect/incomplete fix of CVE-2019-13616 in RHEL 7
-CVE-2019-14905 [malicious code could craft filename in nxos_file_copy module]
- RESERVED
+CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x before 2.9. ...)
- ansible 2.9.4+dfsg-1 (low)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
@@ -39623,10 +40279,9 @@ CVE-2019-14882 (A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7,
- moodle <removed>
CVE-2019-14881 (A vulnerability was found in moodle 3.7 to 3.7.2 and before 3.7.3, whe ...)
- moodle <removed>
-CVE-2019-14880
- RESERVED
+CVE-2019-14880 (A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 bef ...)
- moodle <removed>
-CVE-2019-14879 (moodle before versions 3.7.3, 3.6.7, 3.5.9 is vulnerable to a None. ...)
+CVE-2019-14879 (A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x ...)
- moodle <removed>
CVE-2019-14878 (In the __d2b function of the newlib libc library, all versions prior t ...)
- newlib 3.3.0-1
@@ -45208,8 +45863,8 @@ CVE-2019-13497 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows C
NOT-FOR-US: One Identity Cloud Access Manager
CVE-2019-13496 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP byp ...)
NOT-FOR-US: One Identity Cloud Access Manager
-CVE-2019-13495
- RESERVED
+CVE-2019-13495 (In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross- ...)
+ TODO: check
CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0. ...)
NOT-FOR-US: Castle Rock SNMPc
CVE-2019-13493 (In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library ...)
@@ -54431,8 +55086,7 @@ CVE-2019-10181 (It was found that in icedtea-web up to and including 1.7.2 and 1
NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/32d174def953d801eb1cfc9d989bff5e80aac3cd (1.7)
NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/528cb8163b7053576a658b9602b5694b21957b0e (1.8)
-CVE-2019-10180
- RESERVED
+CVE-2019-10180 (A vulnerability was found in all pki-core 10.x.x version, where the To ...)
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721137
CVE-2019-10179 (A vulnerability was found in all pki-core 10.x.x versions, where the K ...)
@@ -77005,8 +77659,8 @@ CVE-2019-2393
RESERVED
CVE-2019-2392
RESERVED
-CVE-2019-2391
- RESERVED
+CVE-2019-2391 (Incorrect parsing of certain JSON input may result in js-bson not corr ...)
+ TODO: check
CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can create ...)
NOT-FOR-US: Microsoft
CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...)
@@ -154163,6 +154817,7 @@ CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted searc
CVE-2017-11748 (VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hij ...)
NOT-FOR-US: VIT Spider Player
CVE-2017-11747 (main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinypro ...)
+ {DLA-2163-1}
- tinyproxy 1.10.0-1 (bug #870307)
[stretch] - tinyproxy <no-dsa> (Minor issue)
[wheezy] - tinyproxy <no-dsa> (Minor issue)
@@ -169397,7 +170052,7 @@ CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper saniti
[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...)
- {DLA-981-1}
+ {DLA-2165-1 DLA-981-1}
- apng2gif 1.8-0.1 (bug #854367)
[stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
CVE-2017-6959
@@ -173147,7 +173802,7 @@ CVE-2016-10195 (The name_parse function in evdns.c in libevent before 2.1.6-beta
NOTE: https://github.com/libevent/libevent/issues/317
NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in ...)
- {DSA-3818-1 DLA-830-1}
+ {DSA-3818-1 DLA-2164-1 DLA-830-1}
- gst-plugins-bad1.0 1.10.4-1 (low)
- gst-plugins-bad0.10 <unfixed> (low)
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
@@ -173181,7 +173836,7 @@ CVE-2017-5844 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525
CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unr ...)
- {DSA-3818-1 DLA-830-1}
+ {DSA-3818-1 DLA-2164-1 DLA-830-1}
- gst-plugins-bad1.0 1.10.3-1
- gst-plugins-bad0.10 <unfixed> (low)
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
@@ -188579,7 +189234,7 @@ CVE-2016-9810 (The gst_decode_chain_free_internal function in the flxdex decoder
[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774897
CVE-2016-9809 (Off-by-one error in the gst_h264_parse_set_caps function in GStreamer ...)
- {DSA-3818-1 DLA-736-1}
+ {DSA-3818-1 DLA-2164-1 DLA-736-1}
- gst-plugins-bad1.0 1.10.2-1
- gst-plugins-bad0.10 <removed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774896
@@ -243130,7 +243785,7 @@ CVE-2015-0798 (The Reader mode feature in Mozilla Firefox before 37.0.1 on Andro
- iceweasel <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/
CVE-2015-0797 (GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefo ...)
- {DSA-3264-1 DSA-3260-1 DSA-3225-1}
+ {DSA-3264-1 DSA-3260-1 DSA-3225-1 DLA-2164-1}
- gst-plugins-bad0.10 <removed> (bug #784220)
[squeeze] - gst-plugins-bad0.10 <not-affected> (vulnerable code (gst/videoparsers/*) introduced later)
- iceweasel 38.0-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c5efe88c9406036882f28db030db81a605ef373
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c5efe88c9406036882f28db030db81a605ef373
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200331/c3aac11b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list