Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5ab02c34 by security tracker role at 2020-03-11T08:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,33 @@ +CVE-2020-10385 (A stored cross-site scripting (XSS) vulnerability exists in the WPForm ...) + TODO: check +CVE-2020-10384 + RESERVED +CVE-2020-10383 + RESERVED +CVE-2020-10382 + RESERVED +CVE-2020-10381 + RESERVED +CVE-2020-10380 + RESERVED +CVE-2020-10379 + RESERVED +CVE-2020-10378 + RESERVED +CVE-2020-10377 + RESERVED +CVE-2020-10376 + RESERVED +CVE-2020-10375 + RESERVED +CVE-2020-10374 + RESERVED +CVE-2020-10373 + RESERVED +CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...) + TODO: check +CVE-2020-10371 + RESERVED CVE-2020-10370 RESERVED CVE-2020-10369 @@ -2906,8 +2936,8 @@ CVE-2020-9046 RESERVED CVE-2020-9045 RESERVED -CVE-2020-9044 - RESERVED +CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...) + TODO: check CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...) NOT-FOR-US: wpCentral plugin for WordPress CVE-2020-9042 @@ -6276,8 +6306,8 @@ CVE-2020-7581 RESERVED CVE-2020-7580 RESERVED -CVE-2020-7579 - RESERVED +CVE-2020-7579 (A vulnerability has been identified in Spectrum Power™ 5 (All ve ...) + TODO: check CVE-2020-7578 RESERVED CVE-2020-7577 @@ -8922,121 +8952,159 @@ CVE-2020-6421 RESERVED CVE-2020-6420 RESERVED + {DSA-4638-1} - chromium 80.0.3987.132-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6419 RESERVED CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...) + {DSA-4638-1} - chromium 80.0.3987.122-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome prior to 80 ...) - chromium <not-affected> (debian package does not support the chromium installer) CVE-2020-6416 (Insufficient data validation in streams in Google Chrome prior to 80.0 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6415 (Inappropriate implementation in JavaScript in Google Chrome prior to 8 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6414 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6413 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6412 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6411 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6410 (Insufficient policy enforcement in navigation in Google Chrome prior t ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6409 (Inappropriate implementation in Omnibox in Google Chrome prior to 80.0 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6408 (Insufficient policy enforcement in CORS in Google Chrome prior to 80.0 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6407 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...) + {DSA-4638-1} - chromium 80.0.3987.122-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6406 (Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6405 (Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 al ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6404 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6403 (Incorrect implementation in Omnibox in Google Chrome on iOS prior to 8 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6402 (Insufficient policy enforcement in downloads in Google Chrome on OS X ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6401 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6400 (Inappropriate implementation in CORS in Google Chrome prior to 80.0.39 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6399 (Insufficient policy enforcement in AppCache in Google Chrome prior to ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6398 (Use of uninitialized data in PDFium in Google Chrome prior to 80.0.398 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6397 (Inappropriate implementation in sharing in Google Chrome prior to 80.0 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6396 (Inappropriate implementation in Skia in Google Chrome prior to 80.0.39 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6395 (Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.8 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6394 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6393 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6392 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6391 (Insufficient validation of untrusted input in Blink in Google Chrome p ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6390 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6389 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6388 (Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.8 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6387 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6386 (Use after free in speech in Google Chrome prior to 80.0.3987.116 allow ...) + {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6385 (Insufficient policy enforcement in storage in Google Chrome prior to 8 ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6384 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 all ...) + {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6383 (Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a ...) + {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6382 (Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 al ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6381 (Integer overflow in JavaScript in Google Chrome on ChromeOS and Androi ...) + {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6380 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) @@ -9387,36 +9455,36 @@ CVE-2020-6212 RESERVED CVE-2020-6211 RESERVED -CVE-2020-6210 - RESERVED -CVE-2020-6209 - RESERVED -CVE-2020-6208 - RESERVED -CVE-2020-6207 - RESERVED -CVE-2020-6206 - RESERVED -CVE-2020-6205 - RESERVED -CVE-2020-6204 - RESERVED -CVE-2020-6203 - RESERVED -CVE-2020-6202 - RESERVED -CVE-2020-6201 - RESERVED -CVE-2020-6200 - RESERVED -CVE-2020-6199 - RESERVED -CVE-2020-6198 - RESERVED -CVE-2020-6197 - RESERVED -CVE-2020-6196 - RESERVED +CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode ...) + TODO: check +CVE-2020-6209 (SAP Disclosure Management, version 10.1, does not perform necessary au ...) + TODO: check +CVE-2020-6208 (SAP Business Objects Business Intelligence Platform (Crystal Reports), ...) + TODO: check +CVE-2020-6207 (SAP Solution Manager (User Experience Monitoring), version- 7.2, due t ...) + TODO: check +CVE-2020-6206 (SAP Cloud Platform Integration for Data Services, version 1.0, allows ...) + TODO: check +CVE-2020-6205 (SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS v ...) + TODO: check +CVE-2020-6204 (The selection query in SAP Treasury and Risk Management (Transaction M ...) + TODO: check +CVE-2020-6203 (SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7 ...) + TODO: check +CVE-2020-6202 (SAP NetWeaver Application Server Java (User Management Engine), versio ...) + TODO: check +CVE-2020-6201 (The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, ...) + TODO: check +CVE-2020-6200 (The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811 ...) + TODO: check +CVE-2020-6199 (The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EA ...) + TODO: check +CVE-2020-6198 (SAP Solution Manager (Diagnostics Agent), version 720, allows unencryp ...) + TODO: check +CVE-2020-6197 (SAP Enable Now, before version 1908, does not invalidate session token ...) + TODO: check +CVE-2020-6196 (SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an a ...) + TODO: check CVE-2020-6195 RESERVED CVE-2020-6194 @@ -9451,8 +9519,8 @@ CVE-2020-6180 RESERVED CVE-2020-6179 RESERVED -CVE-2020-6178 - RESERVED +CVE-2020-6178 (SAP Enable Now, before version 1911, sends the Session ID cookie value ...) + TODO: check CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate an XM ...) NOT-FOR-US: SAP CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...) @@ -15192,11 +15260,13 @@ CVE-2019-19927 (In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.gi [stretch] - linux <not-affected> (Vulnerable code not present) [jessie] - linux <not-affected> (Vulnerable code not present) CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...) + {DSA-4638-1} - sqlite3 <not-affected> (Incomplete fix for CVE-2019-19880 not applied) NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...) + {DSA-4638-1} - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 <no-dsa> (Minor issue) [stretch] - sqlite3 <not-affected> (Vulnerable code introduced later) @@ -15211,6 +15281,7 @@ CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related [jessie] - sqlite3 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3 CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...) + {DSA-4638-1} - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 <no-dsa> (Minor issue) [stretch] - sqlite3 <not-affected> (Vulnerable code introduced later) @@ -15596,6 +15667,7 @@ CVE-2019-19882 (shadow 4.8, in certain circumstances affecting at least Gentoo, CVE-2019-19881 RESERVED CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers to tr ...) + {DSA-4638-1} - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 <not-affected> (Vulnerable code introduced later) [stretch] - sqlite3 <not-affected> (Vulnerable code introduced later) @@ -21670,26 +21742,26 @@ CVE-2019-19301 RESERVED CVE-2019-19300 RESERVED -CVE-2019-19299 - RESERVED -CVE-2019-19298 - RESERVED -CVE-2019-19297 - RESERVED -CVE-2019-19296 - RESERVED -CVE-2019-19295 - RESERVED -CVE-2019-19294 - RESERVED -CVE-2019-19293 - RESERVED -CVE-2019-19292 - RESERVED -CVE-2019-19291 - RESERVED -CVE-2019-19290 - RESERVED +CVE-2019-19299 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) + TODO: check +CVE-2019-19298 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) + TODO: check +CVE-2019-19297 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) + TODO: check +CVE-2019-19296 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) + TODO: check +CVE-2019-19295 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) + TODO: check +CVE-2019-19294 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) + TODO: check +CVE-2019-19293 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) + TODO: check +CVE-2019-19292 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) + TODO: check +CVE-2019-19291 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) + TODO: check +CVE-2019-19290 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) + TODO: check CVE-2019-19289 RESERVED CVE-2019-19288 @@ -21704,18 +21776,18 @@ CVE-2019-19284 RESERVED CVE-2019-19283 RESERVED -CVE-2019-19282 - RESERVED -CVE-2019-19281 - RESERVED +CVE-2019-19282 (A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), ...) + TODO: check +CVE-2019-19281 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) + TODO: check CVE-2019-19280 RESERVED -CVE-2019-19279 - RESERVED +CVE-2019-19279 (A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact ...) + TODO: check CVE-2019-19278 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 ...) NOT-FOR-US: SINAMICS -CVE-2019-19277 - RESERVED +CVE-2019-19277 (A vulnerability has been identified in SIPORT MP (All versions < 3. ...) + TODO: check CVE-2019-19276 RESERVED CVE-2019-19275 (typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. ...) @@ -26600,8 +26672,8 @@ CVE-2019-18338 (A vulnerability has been identified in SiNVR 3 Central Control S NOT-FOR-US: Siemens CVE-2019-18337 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) NOT-FOR-US: Siemens -CVE-2019-18336 - RESERVED +CVE-2019-18336 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...) + TODO: check CVE-2019-18335 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18334 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) @@ -27758,19 +27830,15 @@ CVE-2020-0089 RESERVED CVE-2020-0088 RESERVED -CVE-2020-0087 - RESERVED +CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...) NOT-FOR-US: Android CVE-2020-0086 RESERVED -CVE-2020-0085 - RESERVED +CVE-2020-0085 (In setBluetoothTethering of PanService.java, there is a possible permi ...) NOT-FOR-US: Android -CVE-2020-0084 - RESERVED +CVE-2020-0084 (In several functions of NotificationManagerService.java, there are mis ...) NOT-FOR-US: Android -CVE-2020-0083 - RESERVED +CVE-2020-0083 (In setRequirePmfInternal of sta_network.cpp, there is a possible defau ...) NOT-FOR-US: Android CVE-2020-0082 RESERVED @@ -27798,15 +27866,13 @@ CVE-2020-0071 RESERVED CVE-2020-0070 RESERVED -CVE-2020-0069 - RESERVED +CVE-2020-0069 (In the ioctl handlers of the Mediatek Command Queue driver, there is a ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0068 RESERVED CVE-2020-0067 RESERVED -CVE-2020-0066 - RESERVED +CVE-2020-0066 (In the netlink driver, there is a possible out of bounds write due to ...) - linux 4.2.5-1 [jessie] - linux 3.16.7-ckt20-1 NOTE: https://git.kernel.org/linus/db65a3aaf29ecce2e34271d52e8d2336b97bd9fe @@ -27814,114 +27880,81 @@ CVE-2020-0065 RESERVED CVE-2020-0064 RESERVED -CVE-2020-0063 - RESERVED +CVE-2020-0063 (In SurfaceFlinger, it is possible to override UI confirmation screen p ...) NOT-FOR-US: Android -CVE-2020-0062 - RESERVED +CVE-2020-0062 (In Euicc, there is a possible information disclosure due to an include ...) NOT-FOR-US: Android -CVE-2020-0061 - RESERVED +CVE-2020-0061 (In Pixel Recorder, there is a possible permissions bypass allowing arb ...) NOT-FOR-US: Android -CVE-2020-0060 - RESERVED +CVE-2020-0060 (In query of SmsProvider.java and MmsSmsProvider.java, there is a possi ...) NOT-FOR-US: Android -CVE-2020-0059 - RESERVED +CVE-2020-0059 (In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.c ...) NOT-FOR-US: Android -CVE-2020-0058 - RESERVED +CVE-2020-0058 (In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds ...) NOT-FOR-US: Android -CVE-2020-0057 - RESERVED +CVE-2020-0057 (In btm_process_inq_results of btm_inq.cc, there is a possible out of b ...) NOT-FOR-US: Android -CVE-2020-0056 - RESERVED +CVE-2020-0056 (In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible ou ...) NOT-FOR-US: Android -CVE-2020-0055 - RESERVED +CVE-2020-0055 (In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a poss ...) NOT-FOR-US: Android -CVE-2020-0054 - RESERVED +CVE-2020-0054 (In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java ...) NOT-FOR-US: Android -CVE-2020-0053 - RESERVED +CVE-2020-0053 (In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanD ...) NOT-FOR-US: Android -CVE-2020-0052 - RESERVED +CVE-2020-0052 (In smsSelected of AnswerFragment.java, there is a way to send an SMS f ...) NOT-FOR-US: Android -CVE-2020-0051 - RESERVED +CVE-2020-0051 (In onCreate of SettingsHomepageActivity, there is a possible tapjackin ...) NOT-FOR-US: Android -CVE-2020-0050 - RESERVED +CVE-2020-0050 (In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of b ...) NOT-FOR-US: Android -CVE-2020-0049 - RESERVED +CVE-2020-0049 (In onReadBuffer() of StreamingSource.cpp, there is a possible informat ...) NOT-FOR-US: Android media framework -CVE-2020-0048 - RESERVED +CVE-2020-0048 (In onTransact of IAudioFlinger.cpp, there is a possible stack informat ...) NOT-FOR-US: Android media framework -CVE-2020-0047 - RESERVED +CVE-2020-0047 (In setMasterMute of AudioService.java, there is a missing permission c ...) NOT-FOR-US: Android media framework -CVE-2020-0046 - RESERVED +CVE-2020-0046 (In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible ...) NOT-FOR-US: Android media framework -CVE-2020-0045 - RESERVED +CVE-2020-0045 (In StatsService::command of StatsService.cpp, there is possible memory ...) NOT-FOR-US: Android -CVE-2020-0044 - RESERVED +CVE-2020-0044 (In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds re ...) NOT-FOR-US: FPC components for Android -CVE-2020-0043 - RESERVED +CVE-2020-0043 (In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bou ...) NOT-FOR-US: FPC components for Android -CVE-2020-0042 - RESERVED +CVE-2020-0042 (In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a poss ...) NOT-FOR-US: FPC components for Android -CVE-2020-0041 - RESERVED +CVE-2020-0041 (In binder_transaction of binder.c, there is a possible out of bounds w ...) - linux 5.4.6-1 NOTE: https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2 CVE-2020-0040 RESERVED NOTE: Duplicate of CVE-2019-15239, will be rejected -CVE-2020-0039 - RESERVED +CVE-2020-0039 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...) NOT-FOR-US: Android -CVE-2020-0038 - RESERVED +CVE-2020-0038 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...) NOT-FOR-US: Android -CVE-2020-0037 - RESERVED +CVE-2020-0037 (In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bo ...) NOT-FOR-US: Android -CVE-2020-0036 - RESERVED +CVE-2020-0036 (In hasPermissions of PermissionMonitor.java, there is a possible acces ...) NOT-FOR-US: Android -CVE-2020-0035 - RESERVED +CVE-2020-0035 (In query of TelephonyProvider.java, there is a possible access to SIM ...) NOT-FOR-US: Android -CVE-2020-0034 - RESERVED +CVE-2020-0034 (In vp8_decode_frame of decodeframe.c, there is a possible out of bound ...) {DLA-2136-1} - libvpx 1.7.0-3 [stretch] - libvpx <no-dsa> (Minor issue) NOTE: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a -CVE-2020-0033 - RESERVED +CVE-2020-0033 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) NOT-FOR-US: Android media framework -CVE-2020-0032 - RESERVED +CVE-2020-0032 (In ih264d_release_display_bufs of ih264d_utils.c, there is a possible ...) NOT-FOR-US: Android media framework -CVE-2020-0031 - RESERVED +CVE-2020-0031 (In triggerAugmentedAutofillLocked and related functions of Session.jav ...) NOT-FOR-US: Android CVE-2020-0030 (In binder_thread_release of binder.c, there is a possible use after fr ...) - linux 4.15.11-1 NOTE: Fixed by: https://git.kernel.org/linus/5eeb2ca02a2f6084fc57ae5c244a38baab07033a -CVE-2020-0029 - RESERVED +CVE-2020-0029 (In the WifiConfigManager, there is a possible storage of location hist ...) NOT-FOR-US: Android CVE-2020-0028 (In notifyNetworkTested and related functions of NetworkMonitor.java, t ...) NOT-FOR-US: Android @@ -27955,14 +27988,11 @@ CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TO NOT-FOR-US: Android CVE-2020-0013 RESERVED -CVE-2020-0012 - RESERVED +CVE-2020-0012 (In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible ...) NOT-FOR-US: FPC components for Android -CVE-2020-0011 - RESERVED +CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bou ...) NOT-FOR-US: FPC components for Android -CVE-2020-0010 - RESERVED +CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...) NOT-FOR-US: FPC components for Android CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...) - linux <unfixed> @@ -47274,8 +47304,8 @@ CVE-2019-11940 (In the course of decompressing HPACK inside the HTTP2 protocol, NOT-FOR-US: Facebook Proxygen CVE-2019-11939 RESERVED -CVE-2019-11938 - RESERVED +CVE-2019-11938 (Java Facebook Thrift servers would not error upon receiving messages d ...) + TODO: check CVE-2019-11937 (In Mcrouter prior to v0.41.0, a large struct input provided to the Car ...) NOT-FOR-US: mcrouter NOTE: https://github.com/facebook/mcrouter/releases @@ -50224,7 +50254,7 @@ CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manag NOT-FOR-US: Joomla! CVE-2019-10944 RESERVED -CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET200SP (incl. SIPLUS v ...) +CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) NOT-FOR-US: Siemens CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versions), ...) NOT-FOR-US: Siemens @@ -50608,8 +50638,8 @@ CVE-2019-10809 RESERVED CVE-2019-10808 RESERVED -CVE-2019-10807 - RESERVED +CVE-2019-10807 (Blamer versions prior to 1.0.1 allows execution of arbitrary commands. ...) + TODO: check CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object prototype. The ...) TODO: check CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A maliciously ...) @@ -52697,6 +52727,7 @@ CVE-2019-10065 (An issue was discovered in Open Ticket Request System (OTRS) 7.0 - otrs2 <not-affected> (Only affects 7.x series) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-07/ CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and random( ...) + {DLA-2138-1} - wpa 2:2.6-7 NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1 NOTE: Comment from upstream: https://www.openwall.com/lists/oss-security/2020/02/27/2 @@ -60260,8 +60291,8 @@ CVE-2019-7591 RESERVED CVE-2019-7590 (ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserve ...) NOT-FOR-US: ExacqVision -CVE-2019-7589 - RESERVED +CVE-2019-7589 (A vulnerability with the SmartService API Service option exists whereb ...) + TODO: check CVE-2019-7588 (A vulnerability in the exacqVision Enterprise System Manager (ESM) v5. ...) NOT-FOR-US: exacqVision Enterprise System Manager CVE-2019-7587 (Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/co ...) @@ -62823,8 +62854,8 @@ CVE-2019-6587 RESERVED CVE-2019-6586 RESERVED -CVE-2019-6585 - RESERVED +CVE-2019-6585 (A vulnerability has been identified in SCALANCE S602 (All versions > ...) + TODO: check CVE-2019-6584 (A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0 ...) NOT-FOR-US: Siemens CVE-2019-6583 @@ -66490,12 +66521,12 @@ CVE-2019-5170 RESERVED CVE-2019-5169 RESERVED -CVE-2019-5168 - RESERVED -CVE-2019-5167 - RESERVED -CVE-2019-5166 - RESERVED +CVE-2019-5168 (An exploitable command injection vulnerability exists in the iocheckd ...) + TODO: check +CVE-2019-5167 (An exploitable command injection vulnerability exists in the iocheckd ...) + TODO: check +CVE-2019-5166 (An exploitable stack buffer overflow vulnerability exists in the ioche ...) + TODO: check CVE-2019-5165 (An exploitable authentication bypass vulnerability exists in the hostn ...) NOT-FOR-US: Moxa CVE-2019-5164 (An exploitable code execution vulnerability exists in the ss-manager b ...) @@ -66514,20 +66545,20 @@ CVE-2019-5163 (An exploitable denial-of-service vulnerability exists in the UDPR NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2536 CVE-2019-5162 (An exploitable improper access control vulnerability exists in the iw_ ...) NOT-FOR-US: Moxa -CVE-2019-5161 - RESERVED -CVE-2019-5160 - RESERVED -CVE-2019-5159 - RESERVED -CVE-2019-5158 - RESERVED -CVE-2019-5157 - RESERVED -CVE-2019-5156 - RESERVED -CVE-2019-5155 - RESERVED +CVE-2019-5161 (An exploitable remote code execution vulnerability exists in the Cloud ...) + TODO: check +CVE-2019-5160 (An exploitable improper host validation vulnerability exists in the Cl ...) + TODO: check +CVE-2019-5159 (An exploitable improper input validation vulnerability exists in the f ...) + TODO: check +CVE-2019-5158 (An exploitable firmware downgrade vulnerability exists in the firmware ...) + TODO: check +CVE-2019-5157 (An exploitable command injection vulnerability exists in the Cloud Con ...) + TODO: check +CVE-2019-5156 (An exploitable command injection vulnerability exists in the cloud con ...) + TODO: check +CVE-2019-5155 (An exploitable command injection vulnerability exists in the cloud con ...) + TODO: check CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...) NOT-FOR-US: LEADTOOLS CVE-2019-5153 (An exploitable remote code execution vulnerability exists in the iw_we ...) @@ -66543,8 +66574,8 @@ CVE-2019-5151 (An exploitable SQL injection vulnerability exist in YouPHPTube 7. NOT-FOR-US: YouPHPTube CVE-2019-5150 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Wh ...) NOT-FOR-US: YouPHPTube -CVE-2019-5149 - RESERVED +CVE-2019-5149 (The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on ...) + TODO: check CVE-2019-5148 (An exploitable denial-of-service vulnerability exists in ServiceAgent ...) NOT-FOR-US: Moxa CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...) @@ -66571,10 +66602,10 @@ CVE-2019-5137 (The usage of hard-coded cryptographic keys within the ServiceAgen NOT-FOR-US: Moxa CVE-2019-5136 (An exploitable privilege escalation vulnerability exists in the iw_con ...) NOT-FOR-US: Moxa -CVE-2019-5135 - RESERVED -CVE-2019-5134 - RESERVED +CVE-2019-5135 (An exploitable timing discrepancy vulnerability exists in the authenti ...) + TODO: check +CVE-2019-5134 (An exploitable regular expression without anchors vulnerability exists ...) + TODO: check CVE-2019-5133 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: ImageGear CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) @@ -66630,10 +66661,10 @@ CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the Linu [buster] - linux 4.19.98-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 NOTE: https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e -CVE-2019-5107 - RESERVED -CVE-2019-5106 - RESERVED +CVE-2019-5107 (A cleartext transmission vulnerability exists in the network communica ...) + TODO: check +CVE-2019-5106 (A hard-coded encryption key vulnerability exists in the authentication ...) + TODO: check CVE-2019-5105 RESERVED CVE-2019-5104 @@ -70201,8 +70232,8 @@ CVE-2019-3555 RESERVED CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when acceptin ...) NOT-FOR-US: Facebook Wangle -CVE-2019-3553 - RESERVED +CVE-2019-3553 (C++ Facebook Thrift servers would not error upon receiving messages de ...) + TODO: check CVE-2019-3552 (C++ Facebook Thrift servers (using cpp2) would not error upon receivin ...) NOT-FOR-US: Thrift servers CVE-2019-3551 @@ -187709,9 +187740,9 @@ CVE-2016-9161 REJECTED CVE-2016-9160 (A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC Wi ...) NOT-FOR-US: Siemens SIMATIC WinCC -CVE-2016-9159 (A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMA ...) +CVE-2016-9159 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All ...) NOT-FOR-US: Siemens SIMATIC -CVE-2016-9158 (A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMA ...) +CVE-2016-9158 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All ...) NOT-FOR-US: Siemens SIMATIC CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...) NOT-FOR-US: Siemens SICAM PAS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab02c349d26a1bd74c74b59521f7b93c0df88f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab02c349d26a1bd74c74b59521f7b93c0df88f6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits