[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 31 21:10:30 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c5efe88 by security tracker role at 2020-03-31T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,662 @@
-CVE-2020-5291 [bubblewrap priv escalation]
+CVE-2020-11442
+	RESERVED
+CVE-2020-11441 (phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astrin ...)
+	TODO: check
+CVE-2020-11440
+	RESERVED
+CVE-2020-11439
+	RESERVED
+CVE-2020-11438
+	RESERVED
+CVE-2020-11437
+	RESERVED
+CVE-2020-11436
+	RESERVED
+CVE-2020-11435
+	RESERVED
+CVE-2020-11434
+	RESERVED
+CVE-2020-11433
+	RESERVED
+CVE-2020-11432
+	RESERVED
+CVE-2020-11431
+	RESERVED
+CVE-2020-11430
+	RESERVED
+CVE-2020-11429
+	RESERVED
+CVE-2020-11428
+	RESERVED
+CVE-2020-11427
+	RESERVED
+CVE-2020-11426
+	RESERVED
+CVE-2020-11425
+	RESERVED
+CVE-2020-11424
+	RESERVED
+CVE-2020-11423
+	RESERVED
+CVE-2020-11422
+	RESERVED
+CVE-2020-11421
+	RESERVED
+CVE-2020-11420
+	RESERVED
+CVE-2020-11419
+	RESERVED
+CVE-2020-11418
+	RESERVED
+CVE-2020-11417
+	RESERVED
+CVE-2020-11416
+	RESERVED
+CVE-2020-11415
+	RESERVED
+CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before  ...)
+	TODO: check
+CVE-2020-11413
+	RESERVED
+CVE-2020-11412
+	RESERVED
+CVE-2020-11411
+	RESERVED
+CVE-2020-11410
+	RESERVED
+CVE-2020-11409
+	RESERVED
+CVE-2020-11408
+	RESERVED
+CVE-2020-11407
+	RESERVED
+CVE-2020-11406
+	RESERVED
+CVE-2020-11405
+	RESERVED
+CVE-2020-11404
+	RESERVED
+CVE-2020-11403
+	RESERVED
+CVE-2020-11402
+	RESERVED
+CVE-2020-11401
+	RESERVED
+CVE-2020-11400
+	RESERVED
+CVE-2020-11399
+	RESERVED
+CVE-2020-11398
+	RESERVED
+CVE-2020-11397
+	RESERVED
+CVE-2020-11396
+	RESERVED
+CVE-2020-11395
+	RESERVED
+CVE-2020-11394
+	RESERVED
+CVE-2020-11393
+	RESERVED
+CVE-2020-11392
+	RESERVED
+CVE-2020-11391
+	RESERVED
+CVE-2020-11390
+	RESERVED
+CVE-2020-11389
+	RESERVED
+CVE-2020-11388
+	RESERVED
+CVE-2020-11387
+	RESERVED
+CVE-2020-11386
+	RESERVED
+CVE-2020-11385
+	RESERVED
+CVE-2020-11384
+	RESERVED
+CVE-2020-11383
+	RESERVED
+CVE-2020-11382
+	RESERVED
+CVE-2020-11381
+	RESERVED
+CVE-2020-11380
+	RESERVED
+CVE-2020-11379
+	RESERVED
+CVE-2020-11378
+	RESERVED
+CVE-2020-11377
+	RESERVED
+CVE-2020-11376
+	RESERVED
+CVE-2020-11375
+	RESERVED
+CVE-2020-11374
+	RESERVED
+CVE-2020-11373
+	RESERVED
+CVE-2020-11372
+	RESERVED
+CVE-2020-11371
+	RESERVED
+CVE-2020-11370
+	RESERVED
+CVE-2020-11369
+	RESERVED
+CVE-2020-11368
+	RESERVED
+CVE-2020-11367
+	RESERVED
+CVE-2020-11366
+	RESERVED
+CVE-2020-11365
+	RESERVED
+CVE-2020-11364
+	RESERVED
+CVE-2020-11363
+	RESERVED
+CVE-2020-11362
+	RESERVED
+CVE-2020-11361
+	RESERVED
+CVE-2020-11360
+	RESERVED
+CVE-2020-11359
+	RESERVED
+CVE-2020-11358
+	RESERVED
+CVE-2020-11357
+	RESERVED
+CVE-2020-11356
+	RESERVED
+CVE-2020-11355
+	RESERVED
+CVE-2020-11354
+	RESERVED
+CVE-2020-11353
+	RESERVED
+CVE-2020-11352
+	RESERVED
+CVE-2020-11351
+	RESERVED
+CVE-2020-11350
+	RESERVED
+CVE-2020-11349
+	RESERVED
+CVE-2020-11348
+	RESERVED
+CVE-2020-11347
+	RESERVED
+CVE-2020-11346
+	RESERVED
+CVE-2020-11345
+	RESERVED
+CVE-2020-11344
+	RESERVED
+CVE-2020-11343
+	RESERVED
+CVE-2020-11342
+	RESERVED
+CVE-2020-11341
+	RESERVED
+CVE-2020-11340
+	RESERVED
+CVE-2020-11339
+	RESERVED
+CVE-2020-11338
+	RESERVED
+CVE-2020-11337
+	RESERVED
+CVE-2020-11336
+	RESERVED
+CVE-2020-11335
+	RESERVED
+CVE-2020-11334
+	RESERVED
+CVE-2020-11333
+	RESERVED
+CVE-2020-11332
+	RESERVED
+CVE-2020-11331
+	RESERVED
+CVE-2020-11330
+	RESERVED
+CVE-2020-11329
+	RESERVED
+CVE-2020-11328
+	RESERVED
+CVE-2020-11327
+	RESERVED
+CVE-2020-11326
+	RESERVED
+CVE-2020-11325
+	RESERVED
+CVE-2020-11324
+	RESERVED
+CVE-2020-11323
+	RESERVED
+CVE-2020-11322
+	RESERVED
+CVE-2020-11321
+	RESERVED
+CVE-2020-11320
+	RESERVED
+CVE-2020-11319
+	RESERVED
+CVE-2020-11318
+	RESERVED
+CVE-2020-11317
+	RESERVED
+CVE-2020-11316
+	RESERVED
+CVE-2020-11315
+	RESERVED
+CVE-2020-11314
+	RESERVED
+CVE-2020-11313
+	RESERVED
+CVE-2020-11312
+	RESERVED
+CVE-2020-11311
+	RESERVED
+CVE-2020-11310
+	RESERVED
+CVE-2020-11309
+	RESERVED
+CVE-2020-11308
+	RESERVED
+CVE-2020-11307
+	RESERVED
+CVE-2020-11306
+	RESERVED
+CVE-2020-11305
+	RESERVED
+CVE-2020-11304
+	RESERVED
+CVE-2020-11303
+	RESERVED
+CVE-2020-11302
+	RESERVED
+CVE-2020-11301
+	RESERVED
+CVE-2020-11300
+	RESERVED
+CVE-2020-11299
+	RESERVED
+CVE-2020-11298
+	RESERVED
+CVE-2020-11297
+	RESERVED
+CVE-2020-11296
+	RESERVED
+CVE-2020-11295
+	RESERVED
+CVE-2020-11294
+	RESERVED
+CVE-2020-11293
+	RESERVED
+CVE-2020-11292
+	RESERVED
+CVE-2020-11291
+	RESERVED
+CVE-2020-11290
+	RESERVED
+CVE-2020-11289
+	RESERVED
+CVE-2020-11288
+	RESERVED
+CVE-2020-11287
+	RESERVED
+CVE-2020-11286
+	RESERVED
+CVE-2020-11285
+	RESERVED
+CVE-2020-11284
+	RESERVED
+CVE-2020-11283
+	RESERVED
+CVE-2020-11282
+	RESERVED
+CVE-2020-11281
+	RESERVED
+CVE-2020-11280
+	RESERVED
+CVE-2020-11279
+	RESERVED
+CVE-2020-11278
+	RESERVED
+CVE-2020-11277
+	RESERVED
+CVE-2020-11276
+	RESERVED
+CVE-2020-11275
+	RESERVED
+CVE-2020-11274
+	RESERVED
+CVE-2020-11273
+	RESERVED
+CVE-2020-11272
+	RESERVED
+CVE-2020-11271
+	RESERVED
+CVE-2020-11270
+	RESERVED
+CVE-2020-11269
+	RESERVED
+CVE-2020-11268
+	RESERVED
+CVE-2020-11267
+	RESERVED
+CVE-2020-11266
+	RESERVED
+CVE-2020-11265
+	RESERVED
+CVE-2020-11264
+	RESERVED
+CVE-2020-11263
+	RESERVED
+CVE-2020-11262
+	RESERVED
+CVE-2020-11261
+	RESERVED
+CVE-2020-11260
+	RESERVED
+CVE-2020-11259
+	RESERVED
+CVE-2020-11258
+	RESERVED
+CVE-2020-11257
+	RESERVED
+CVE-2020-11256
+	RESERVED
+CVE-2020-11255
+	RESERVED
+CVE-2020-11254
+	RESERVED
+CVE-2020-11253
+	RESERVED
+CVE-2020-11252
+	RESERVED
+CVE-2020-11251
+	RESERVED
+CVE-2020-11250
+	RESERVED
+CVE-2020-11249
+	RESERVED
+CVE-2020-11248
+	RESERVED
+CVE-2020-11247
+	RESERVED
+CVE-2020-11246
+	RESERVED
+CVE-2020-11245
+	RESERVED
+CVE-2020-11244
+	RESERVED
+CVE-2020-11243
+	RESERVED
+CVE-2020-11242
+	RESERVED
+CVE-2020-11241
+	RESERVED
+CVE-2020-11240
+	RESERVED
+CVE-2020-11239
+	RESERVED
+CVE-2020-11238
+	RESERVED
+CVE-2020-11237
+	RESERVED
+CVE-2020-11236
+	RESERVED
+CVE-2020-11235
+	RESERVED
+CVE-2020-11234
+	RESERVED
+CVE-2020-11233
+	RESERVED
+CVE-2020-11232
+	RESERVED
+CVE-2020-11231
+	RESERVED
+CVE-2020-11230
+	RESERVED
+CVE-2020-11229
+	RESERVED
+CVE-2020-11228
+	RESERVED
+CVE-2020-11227
+	RESERVED
+CVE-2020-11226
+	RESERVED
+CVE-2020-11225
+	RESERVED
+CVE-2020-11224
+	RESERVED
+CVE-2020-11223
+	RESERVED
+CVE-2020-11222
+	RESERVED
+CVE-2020-11221
+	RESERVED
+CVE-2020-11220
+	RESERVED
+CVE-2020-11219
+	RESERVED
+CVE-2020-11218
+	RESERVED
+CVE-2020-11217
+	RESERVED
+CVE-2020-11216
+	RESERVED
+CVE-2020-11215
+	RESERVED
+CVE-2020-11214
+	RESERVED
+CVE-2020-11213
+	RESERVED
+CVE-2020-11212
+	RESERVED
+CVE-2020-11211
+	RESERVED
+CVE-2020-11210
+	RESERVED
+CVE-2020-11209
+	RESERVED
+CVE-2020-11208
+	RESERVED
+CVE-2020-11207
+	RESERVED
+CVE-2020-11206
+	RESERVED
+CVE-2020-11205
+	RESERVED
+CVE-2020-11204
+	RESERVED
+CVE-2020-11203
+	RESERVED
+CVE-2020-11202
+	RESERVED
+CVE-2020-11201
+	RESERVED
+CVE-2020-11200
+	RESERVED
+CVE-2020-11199
+	RESERVED
+CVE-2020-11198
+	RESERVED
+CVE-2020-11197
+	RESERVED
+CVE-2020-11196
+	RESERVED
+CVE-2020-11195
+	RESERVED
+CVE-2020-11194
+	RESERVED
+CVE-2020-11193
+	RESERVED
+CVE-2020-11192
+	RESERVED
+CVE-2020-11191
+	RESERVED
+CVE-2020-11190
+	RESERVED
+CVE-2020-11189
+	RESERVED
+CVE-2020-11188
+	RESERVED
+CVE-2020-11187
+	RESERVED
+CVE-2020-11186
+	RESERVED
+CVE-2020-11185
+	RESERVED
+CVE-2020-11184
+	RESERVED
+CVE-2020-11183
+	RESERVED
+CVE-2020-11182
+	RESERVED
+CVE-2020-11181
+	RESERVED
+CVE-2020-11180
+	RESERVED
+CVE-2020-11179
+	RESERVED
+CVE-2020-11178
+	RESERVED
+CVE-2020-11177
+	RESERVED
+CVE-2020-11176
+	RESERVED
+CVE-2020-11175
+	RESERVED
+CVE-2020-11174
+	RESERVED
+CVE-2020-11173
+	RESERVED
+CVE-2020-11172
+	RESERVED
+CVE-2020-11171
+	RESERVED
+CVE-2020-11170
+	RESERVED
+CVE-2020-11169
+	RESERVED
+CVE-2020-11168
+	RESERVED
+CVE-2020-11167
+	RESERVED
+CVE-2020-11166
+	RESERVED
+CVE-2020-11165
+	RESERVED
+CVE-2020-11164
+	RESERVED
+CVE-2020-11163
+	RESERVED
+CVE-2020-11162
+	RESERVED
+CVE-2020-11161
+	RESERVED
+CVE-2020-11160
+	RESERVED
+CVE-2020-11159
+	RESERVED
+CVE-2020-11158
+	RESERVED
+CVE-2020-11157
+	RESERVED
+CVE-2020-11156
+	RESERVED
+CVE-2020-11155
+	RESERVED
+CVE-2020-11154
+	RESERVED
+CVE-2020-11153
+	RESERVED
+CVE-2020-11152
+	RESERVED
+CVE-2020-11151
+	RESERVED
+CVE-2020-11150
+	RESERVED
+CVE-2020-11149
+	RESERVED
+CVE-2020-11148
+	RESERVED
+CVE-2020-11147
+	RESERVED
+CVE-2020-11146
+	RESERVED
+CVE-2020-11145
+	RESERVED
+CVE-2020-11144
+	RESERVED
+CVE-2020-11143
+	RESERVED
+CVE-2020-11142
+	RESERVED
+CVE-2020-11141
+	RESERVED
+CVE-2020-11140
+	RESERVED
+CVE-2020-11139
+	RESERVED
+CVE-2020-11138
+	RESERVED
+CVE-2020-11137
+	RESERVED
+CVE-2020-11136
+	RESERVED
+CVE-2020-11135
+	RESERVED
+CVE-2020-11134
+	RESERVED
+CVE-2020-11133
+	RESERVED
+CVE-2020-11132
+	RESERVED
+CVE-2020-11131
+	RESERVED
+CVE-2020-11130
+	RESERVED
+CVE-2020-11129
+	RESERVED
+CVE-2020-11128
+	RESERVED
+CVE-2020-11127
+	RESERVED
+CVE-2020-11126
+	RESERVED
+CVE-2020-11125
+	RESERVED
+CVE-2020-11124
+	RESERVED
+CVE-2020-11123
+	RESERVED
+CVE-2020-11122
+	RESERVED
+CVE-2020-11121
+	RESERVED
+CVE-2020-11120
+	RESERVED
+CVE-2020-11119
+	RESERVED
+CVE-2020-11118
+	RESERVED
+CVE-2020-11117
+	RESERVED
+CVE-2020-11116
+	RESERVED
+CVE-2020-11115
+	RESERVED
+CVE-2020-11114
+	RESERVED
+CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...)
 	- bubblewrap 0.4.1-1 (low)
 	[buster] - bubblewrap <not-affected> (Introduced in 0.4.0)
 	[stretch] - bubblewrap <not-affected> (Introduced in 0.4.0)
@@ -1400,8 +2058,8 @@ CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XS
 	NOT-FOR-US: OpenCart
 CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...)
 	NOT-FOR-US: Subrion CMS
-CVE-2020-10595
-	RESERVED
+CVE-2020-10595 (pam-krb5 before 4.9 has a buffer overflow that might cause remote code ...)
+	{DSA-4648-1}
 	- libpam-krb5 4.9-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/03/31/1
 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
@@ -9592,8 +10250,8 @@ CVE-2020-7011
 	RESERVED
 CVE-2020-7010
 	RESERVED
-CVE-2020-7009
-	RESERVED
+CVE-2020-7009 (Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain  ...)
+	TODO: check
 CVE-2020-7008
 	RESERVED
 CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker  ...)
@@ -11918,8 +12576,8 @@ CVE-2020-6010
 	RESERVED
 CVE-2020-6009
 	RESERVED
-CVE-2020-6008
-	RESERVED
+CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbi ...)
+	TODO: check
 CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...)
 	NOT-FOR-US: Philips Hue Bridge model
 CVE-2020-6006
@@ -13457,8 +14115,8 @@ CVE-2020-5294
 	RESERVED
 CVE-2020-5293
 	RESERVED
-CVE-2020-5292
-	RESERVED
+CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vuln ...)
+	TODO: check
 CVE-2020-5290
 	RESERVED
 CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and  ...)
@@ -16102,22 +16760,22 @@ CVE-2020-4244
 	RESERVED
 CVE-2020-4243
 	RESERVED
-CVE-2020-4242
-	RESERVED
-CVE-2020-4241
-	RESERVED
-CVE-2020-4240
-	RESERVED
-CVE-2020-4239
-	RESERVED
-CVE-2020-4238
-	RESERVED
-CVE-2020-4237
-	RESERVED
-CVE-2020-4236
-	RESERVED
-CVE-2020-4235
-	RESERVED
+CVE-2020-4242 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
+	TODO: check
+CVE-2020-4241 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
+	TODO: check
+CVE-2020-4240 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
+	TODO: check
+CVE-2020-4239 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remot ...)
+	TODO: check
+CVE-2020-4238 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
+	TODO: check
+CVE-2020-4237 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
+	TODO: check
+CVE-2020-4236 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an auth ...)
+	TODO: check
+CVE-2020-4235 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
+	TODO: check
 CVE-2020-4234
 	RESERVED
 CVE-2020-4233
@@ -16158,8 +16816,8 @@ CVE-2020-4216
 	RESERVED
 CVE-2020-4215
 	RESERVED
-CVE-2020-4214
-	RESERVED
+CVE-2020-4214 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
+	TODO: check
 CVE-2020-4213 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
 	NOT-FOR-US: IBM
 CVE-2020-4212 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
@@ -16170,12 +16828,12 @@ CVE-2020-4210 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote
 	NOT-FOR-US: IBM
 CVE-2020-4209
 	RESERVED
-CVE-2020-4208
-	RESERVED
+CVE-2020-4208 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded cr ...)
+	TODO: check
 CVE-2020-4207 (IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2  ...)
 	NOT-FOR-US: IBM
-CVE-2020-4206
-	RESERVED
+CVE-2020-4206 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
+	TODO: check
 CVE-2020-4205 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an aut ...)
 	NOT-FOR-US: IBM
 CVE-2020-4204 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
@@ -23584,8 +24242,7 @@ CVE-2020-1714
 	RESERVED
 CVE-2020-1713
 	RESERVED
-CVE-2020-1712 [heap use-after-free vulnerability]
-	RESERVED
+CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before versio ...)
 	- systemd 244.2-1 (bug #950732)
 	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation)
@@ -39521,8 +40178,7 @@ CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 an
 	NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html
 CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did not fix ...)
 	NOT-FOR-US: Specific CVE assignment for incorrect/incomplete fix of CVE-2019-13616 in RHEL 7
-CVE-2019-14905 [malicious code could craft filename in nxos_file_copy module]
-	RESERVED
+CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x before 2.9. ...)
 	- ansible 2.9.4+dfsg-1 (low)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)
@@ -39623,10 +40279,9 @@ CVE-2019-14882 (A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7,
 	- moodle <removed>
 CVE-2019-14881 (A vulnerability was found in moodle 3.7 to 3.7.2 and before 3.7.3, whe ...)
 	- moodle <removed>
-CVE-2019-14880
-	RESERVED
+CVE-2019-14880 (A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 bef ...)
 	- moodle <removed>
-CVE-2019-14879 (moodle before versions 3.7.3, 3.6.7, 3.5.9 is vulnerable to a None. ...)
+CVE-2019-14879 (A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x ...)
 	- moodle <removed>
 CVE-2019-14878 (In the __d2b function of the newlib libc library, all versions prior t ...)
 	- newlib 3.3.0-1
@@ -45208,8 +45863,8 @@ CVE-2019-13497 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows C
 	NOT-FOR-US: One Identity Cloud Access Manager
 CVE-2019-13496 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP byp ...)
 	NOT-FOR-US: One Identity Cloud Access Manager
-CVE-2019-13495
-	RESERVED
+CVE-2019-13495 (In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross- ...)
+	TODO: check
 CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0. ...)
 	NOT-FOR-US: Castle Rock SNMPc
 CVE-2019-13493 (In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library ...)
@@ -54431,8 +55086,7 @@ CVE-2019-10181 (It was found that in icedtea-web up to and including 1.7.2 and 1
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
 	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/32d174def953d801eb1cfc9d989bff5e80aac3cd (1.7)
 	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/528cb8163b7053576a658b9602b5694b21957b0e (1.8)
-CVE-2019-10180
-	RESERVED
+CVE-2019-10180 (A vulnerability was found in all pki-core 10.x.x version, where the To ...)
 	- dogtag-pki <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721137
 CVE-2019-10179 (A vulnerability was found in all pki-core 10.x.x versions, where the K ...)
@@ -77005,8 +77659,8 @@ CVE-2019-2393
 	RESERVED
 CVE-2019-2392
 	RESERVED
-CVE-2019-2391
-	RESERVED
+CVE-2019-2391 (Incorrect parsing of certain JSON input may result in js-bson not corr ...)
+	TODO: check
 CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can create  ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...)
@@ -154163,6 +154817,7 @@ CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted searc
 CVE-2017-11748 (VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hij ...)
 	NOT-FOR-US: VIT Spider Player
 CVE-2017-11747 (main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinypro ...)
+	{DLA-2163-1}
 	- tinyproxy 1.10.0-1 (bug #870307)
 	[stretch] - tinyproxy <no-dsa> (Minor issue)
 	[wheezy] - tinyproxy <no-dsa> (Minor issue)
@@ -169397,7 +170052,7 @@ CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper saniti
 	[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
 	[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
 CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There is an integer overflow  ...)
-	{DLA-981-1}
+	{DLA-2165-1 DLA-981-1}
 	- apng2gif 1.8-0.1 (bug #854367)
 	[stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
 CVE-2017-6959
@@ -173147,7 +173802,7 @@ CVE-2016-10195 (The name_parse function in evdns.c in libevent before 2.1.6-beta
 	NOTE: https://github.com/libevent/libevent/issues/317
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
 CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in ...)
-	{DSA-3818-1 DLA-830-1}
+	{DSA-3818-1 DLA-2164-1 DLA-830-1}
 	- gst-plugins-bad1.0 1.10.4-1 (low)
 	- gst-plugins-bad0.10 <unfixed> (low)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
@@ -173181,7 +173836,7 @@ CVE-2017-5844 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525
 CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unr ...)
-	{DSA-3818-1 DLA-830-1}
+	{DSA-3818-1 DLA-2164-1 DLA-830-1}
 	- gst-plugins-bad1.0 1.10.3-1
 	- gst-plugins-bad0.10 <unfixed> (low)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
@@ -188579,7 +189234,7 @@ CVE-2016-9810 (The gst_decode_chain_free_internal function in the flxdex decoder
 	[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774897
 CVE-2016-9809 (Off-by-one error in the gst_h264_parse_set_caps function in GStreamer  ...)
-	{DSA-3818-1 DLA-736-1}
+	{DSA-3818-1 DLA-2164-1 DLA-736-1}
 	- gst-plugins-bad1.0 1.10.2-1
 	- gst-plugins-bad0.10 <removed>
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774896
@@ -243130,7 +243785,7 @@ CVE-2015-0798 (The Reader mode feature in Mozilla Firefox before 37.0.1 on Andro
 	- iceweasel <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/
 CVE-2015-0797 (GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefo ...)
-	{DSA-3264-1 DSA-3260-1 DSA-3225-1}
+	{DSA-3264-1 DSA-3260-1 DSA-3225-1 DLA-2164-1}
 	- gst-plugins-bad0.10 <removed> (bug #784220)
 	[squeeze] - gst-plugins-bad0.10 <not-affected> (vulnerable code (gst/videoparsers/*) introduced later)
 	- iceweasel 38.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c5efe88c9406036882f28db030db81a605ef373

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c5efe88c9406036882f28db030db81a605ef373
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200331/c3aac11b/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list