Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 267dd028 by security tracker role at 2020-03-13T08:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,4 +1,22 @@ -CVE-2020-10535 +CVE-2020-10543 + RESERVED +CVE-2020-10542 + RESERVED +CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code executi ...) + TODO: check +CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...) + TODO: check +CVE-2020-10539 + RESERVED +CVE-2020-10538 + RESERVED +CVE-2020-10537 + RESERVED +CVE-2020-10536 + RESERVED +CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...) + TODO: check +CVE-2020-10535 (GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote at ...) - gitlab <not-affected> (Only affects Gitlab 12.8.x) NOTE: https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/ CVE-2020-10533 @@ -742,10 +760,12 @@ CVE-2020-10187 CVE-2020-10186 RESERVED CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...) + {DLA-2141-1} - yubikey-val <removed> NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 CVE-2020-10184 (The verify endpoint in YubiKey Validation Server before 2.40 does not ...) + {DLA-2141-1} - yubikey-val <removed> NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 @@ -1582,7 +1602,7 @@ CVE-2020-10020 REJECTED CVE-2020-10019 RESERVED -CVE-2020-10018 (accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK throug ...) +CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the ...) - webkit2gtk 2.28.0-2 [buster] - webkit2gtk <postponed> (Hold back until next update round) [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) @@ -3208,8 +3228,8 @@ CVE-2020-9066 RESERVED CVE-2020-9065 RESERVED -CVE-2020-9064 - RESERVED +CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...) + TODO: check CVE-2020-9063 RESERVED CVE-2020-9062 @@ -4588,8 +4608,8 @@ CVE-2020-8471 RESERVED CVE-2020-8470 RESERVED -CVE-2020-8469 - RESERVED +CVE-2020-8469 (Trend Micro Password Manager for Windows version 5.0 is affected by a ...) + TODO: check CVE-2020-8468 RESERVED CVE-2020-8467 @@ -6572,8 +6592,8 @@ CVE-2020-7602 RESERVED CVE-2020-7601 RESERVED -CVE-2020-7600 - RESERVED +CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object properties. The ...) + TODO: check CVE-2020-7599 RESERVED CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying proper ...) @@ -8790,8 +8810,8 @@ CVE-2020-6645 RESERVED CVE-2020-6644 RESERVED -CVE-2020-6643 - RESERVED +CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...) + TODO: check CVE-2020-6642 RESERVED CVE-2020-6641 @@ -10309,12 +10329,12 @@ CVE-2020-5963 RESERVED CVE-2020-5962 RESERVED -CVE-2020-5961 - RESERVED -CVE-2020-5960 - RESERVED -CVE-2020-5959 - RESERVED +CVE-2020-5961 (NVIDIA vGPU graphics driver for guest OS contains a vulnerability in w ...) + TODO: check +CVE-2020-5960 (NVIDIA Virtual GPU Manager contains a vulnerability in the kernel modu ...) + TODO: check +CVE-2020-5959 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) + TODO: check CVE-2020-5958 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) TODO: check CVE-2020-5957 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) @@ -21036,8 +21056,8 @@ CVE-2020-1889 RESERVED CVE-2020-1888 (Insufficient boundary checks when decoding JSON in handleBackslash rea ...) - hhvm <removed> -CVE-2020-1887 - RESERVED +CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions after ...) + TODO: check CVE-2020-1886 RESERVED CVE-2020-1885 @@ -21197,8 +21217,8 @@ CVE-2020-1865 RESERVED CVE-2020-1864 RESERVED -CVE-2020-1863 - RESERVED +CVE-2020-1863 (Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, an ...) + TODO: check CVE-2020-1862 RESERVED CVE-2020-1861 (CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700 ...) @@ -26221,8 +26241,8 @@ CVE-2020-0585 RESERVED CVE-2020-0584 RESERVED -CVE-2020-0583 - RESERVED +CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart Sound Tech ...) + TODO: check CVE-2020-0582 RESERVED CVE-2020-0581 @@ -26239,8 +26259,8 @@ CVE-2020-0576 RESERVED CVE-2020-0575 RESERVED -CVE-2020-0574 - RESERVED +CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...) + TODO: check CVE-2020-0573 RESERVED CVE-2020-0572 @@ -26264,12 +26284,12 @@ CVE-2020-0569 NOTE: Patch for 5.0.0 through 5.5.1: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d CVE-2020-0568 RESERVED -CVE-2020-0567 - RESERVED +CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before version ...) + TODO: check CVE-2020-0566 RESERVED -CVE-2020-0565 - RESERVED +CVE-2020-0565 (Uncontrolled search path in Intel(R) Graphics Drivers before version 2 ...) + TODO: check CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for Windows be ...) NOT-FOR-US: Intel CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before version ...) @@ -26286,8 +26306,8 @@ CVE-2020-0558 RESERVED CVE-2020-0557 RESERVED -CVE-2020-0556 - RESERVED +CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.53 may ...) + TODO: check CVE-2020-0555 RESERVED CVE-2020-0554 @@ -26296,8 +26316,7 @@ CVE-2020-0553 RESERVED CVE-2020-0552 RESERVED -CVE-2020-0551 [Load Value Injection] - RESERVED +CVE-2020-0551 (Load value injection in some Intel(R) Processors utilizing speculative ...) NOTE: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection NOTE: https://xenbits.xen.org/xsa/advisory-315.html @@ -26306,8 +26325,7 @@ CVE-2020-0551 [Load Value Injection] NOTE: binutils/toolchain updates will include a patch that optionally emits lfence NOTE: instructions in problematic situations (but have performance impact), cf. NOTE: https://sourceware.org/pipermail/binutils/2020-March/110175.html -CVE-2020-0550 [Snoop-Assisted L1D Sampling] - RESERVED +CVE-2020-0550 (Improper data forwarding in some data cache for some Intel(R) Processo ...) NOTE: Intel is (currently) no planning to release microcode updates to mitigate issue. NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling NOTE: https://software.intel.com/security-software-guidance/insights/processors-affected-snoop-assisted-l1-data-sampling @@ -26328,8 +26346,8 @@ CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authentic NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html CVE-2020-0547 RESERVED -CVE-2020-0546 - RESERVED +CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Modu ...) + TODO: check CVE-2020-0545 RESERVED CVE-2020-0544 @@ -26360,16 +26378,16 @@ CVE-2020-0532 RESERVED CVE-2020-0531 RESERVED -CVE-2020-0530 - RESERVED +CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may allow an ...) + TODO: check CVE-2020-0529 RESERVED CVE-2020-0528 RESERVED CVE-2020-0527 RESERVED -CVE-2020-0526 - RESERVED +CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...) + TODO: check CVE-2020-0525 RESERVED CVE-2020-0524 @@ -26380,32 +26398,32 @@ CVE-2020-0522 RESERVED CVE-2020-0521 RESERVED -CVE-2020-0520 - RESERVED -CVE-2020-0519 - RESERVED +CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...) + TODO: check +CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions ...) + TODO: check CVE-2020-0518 RESERVED -CVE-2020-0517 - RESERVED -CVE-2020-0516 - RESERVED -CVE-2020-0515 - RESERVED -CVE-2020-0514 - RESERVED +CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...) + TODO: check +CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) + TODO: check +CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) Graphic ...) + TODO: check +CVE-2020-0514 (Improper default permissions in the installer for Intel(R) Graphics Dr ...) + TODO: check CVE-2020-0513 RESERVED CVE-2020-0512 RESERVED -CVE-2020-0511 - RESERVED +CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics Drivers befo ...) + TODO: check CVE-2020-0510 RESERVED CVE-2020-0509 RESERVED -CVE-2020-0508 - RESERVED +CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...) + TODO: check CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before versions 15. ...) TODO: check CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before versions 1 ...) @@ -29403,8 +29421,8 @@ CVE-2019-17660 (A cross-site scripting (XSS) vulnerability in admin/translate/tr - limesurvey <itp> (bug #472802) CVE-2019-17659 RESERVED -CVE-2019-17658 - RESERVED +CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient FortiTray co ...) + TODO: check CVE-2019-17657 RESERVED CVE-2019-17656 @@ -29413,8 +29431,8 @@ CVE-2019-17655 RESERVED CVE-2019-17654 RESERVED -CVE-2019-17653 - RESERVED +CVE-2019-17653 (A Cross-Site Request Forgery (CSRF) vulnerability in the user interfac ...) + TODO: check CVE-2019-17652 (A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 a ...) NOT-FOR-US: Fortiguard FortiClient CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the description a ...) @@ -33795,8 +33813,8 @@ CVE-2019-16158 RESERVED CVE-2019-16157 RESERVED -CVE-2019-16156 - RESERVED +CVE-2019-16156 (An Improper Neutralization of Input vulnerability in the Anomaly Detec ...) + TODO: check CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...) NOT-FOR-US: Fortiguard FortiClient CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...) @@ -46759,8 +46777,8 @@ CVE-2019-12280 (PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Ele NOT-FOR-US: PC-Doctor Toolbox CVE-2019-12279 (** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the username p ...) NOT-FOR-US: Nagios XI -CVE-2019-12278 - RESERVED +CVE-2019-12278 (Opera through 53 on Android allows Address Bar Spoofing. Characters fr ...) + TODO: check CVE-2019-12277 (Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as de ...) NOT-FOR-US: Blogifier CVE-2019-12276 (A Path Traversal vulnerability in Controllers/LetsEncryptController.cs ...) @@ -49449,8 +49467,8 @@ CVE-2019-11356 (The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 a - cyrus-imapd 3.0.8-6 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1717828 NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/a5779db8163b99463e25e7c476f9cbba438b65f3 -CVE-2019-11355 - RESERVED +CVE-2019-11355 (An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A featu ...) + TODO: check CVE-2019-11354 (The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows te ...) NOT-FOR-US: client in Electronic Arts (EA) Origin on Windows CVE-2019-11353 (The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker ...) @@ -49480,8 +49498,8 @@ CVE-2019-11345 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN C NOT-FOR-US: Citrix CVE-2019-11344 (data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute a ...) NOT-FOR-US: Pluck CMS -CVE-2019-11343 - RESERVED +CVE-2019-11343 (Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBu ...) + TODO: check CVE-2019-11342 RESERVED CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical access can ...) @@ -71060,8 +71078,8 @@ CVE-2018-20588 (lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0. CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0. ...) - bitcoin <unfixed> NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587 -CVE-2018-20586 - RESERVED +CVE-2018-20586 (bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary d ...) + TODO: check CVE-2018-20585 RESERVED CVE-2018-20584 (JasPer 2.0.14 allows remote attackers to cause a denial of service (ap ...) @@ -81149,8 +81167,7 @@ CVE-2018-19519 (In tcpdump 4.9.2, a stack-based buffer over-read exists in the p NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/763 NOTE: https://github.com/zyingp/temp/blob/master/tcpdump.md NOTE: Crash in CLI tool, no security impact -CVE-2018-19516 - RESERVED +CVE-2018-19516 (messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE App ...) - kf5-messagelib 4:18.08.3-2 (bug #915039) [stretch] - kf5-messagelib <no-dsa> (Minor issue) NOTE: https://www.kde.org/info/security/advisory-20181128-1.txt @@ -83391,8 +83408,8 @@ CVE-2018-18808 (The domain management component of TIBCO Software Inc.'s TIBCO J NOT-FOR-US: TIBCO CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO Softwar ...) NOT-FOR-US: TIBCO -CVE-2017-18350 - RESERVED +CVE-2017-18350 (bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer over ...) + TODO: check CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of service (Me ...) {DLA-1596-1} - squid 4.4-1 (low; bug #912294) @@ -105317,8 +105334,8 @@ CVE-2018-10706 (An integer overflow in the transferMulti function of a smart con NOT-FOR-US: Social Chain CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), an Ethe ...) NOT-FOR-US: Aurora DAD -CVE-2018-10704 - RESERVED +CVE-2018-10704 (yidashi yii2cmf 2.0 has XSS via the /search q parameter. ...) + TODO: check CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...) NOT-FOR-US: Moxa CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...) @@ -231932,8 +231949,8 @@ CVE-2015-3643 (usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before NOT-FOR-US: usb-creator CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler Applicat ...) NOT-FOR-US: Citrix -CVE-2015-3641 - RESERVED +CVE-2015-3641 (bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a den ...) + TODO: check CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the "." charac ...) NOT-FOR-US: phpMyBackupPro CVE-2015-3639 (phpMyBackupPro 2.5 and earlier does not properly sanitize input string ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/267dd02861c24f0db57d886c4f43f6e34830403d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/267dd02861c24f0db57d886c4f43f6e34830403d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits