Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
267dd028 by security tracker role at 2020-03-13T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,22 @@
-CVE-2020-10535
+CVE-2020-10543
+ RESERVED
+CVE-2020-10542
+ RESERVED
+CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code
executi ...)
+ TODO: check
+CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain
combinations of ...)
+ TODO: check
+CVE-2020-10539
+ RESERVED
+CVE-2020-10538
+ RESERVED
+CVE-2020-10537
+ RESERVED
+CVE-2020-10536
+ RESERVED
+CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for
MediaWiki throug ...)
+ TODO: check
+CVE-2020-10535 (GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows
remote at ...)
- gitlab <not-affected> (Only affects Gitlab 12.8.x)
NOTE:
https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/
CVE-2020-10533
@@ -742,10 +760,12 @@ CVE-2020-10187
CVE-2020-10186
RESERVED
CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40
allows remo ...)
+ {DLA-2141-1}
- yubikey-val <removed>
NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/
NOTE:
https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286
CVE-2020-10184 (The verify endpoint in YubiKey Validation Server before 2.40
does not ...)
+ {DLA-2141-1}
- yubikey-val <removed>
NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/
NOTE:
https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286
@@ -1582,7 +1602,7 @@ CVE-2020-10020
REJECTED
CVE-2020-10019
RESERVED
-CVE-2020-10018 (accessibility/AXObjectCache.cpp in WebKit, as used in
WebKitGTK throug ...)
+CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which
are the ...)
- webkit2gtk 2.28.0-2
[buster] - webkit2gtk <postponed> (Hold back until next update round)
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -3208,8 +3228,8 @@ CVE-2020-9066
RESERVED
CVE-2020-9065
RESERVED
-CVE-2020-9064
- RESERVED
+CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than
OxfordS-AN00A 1 ...)
+ TODO: check
CVE-2020-9063
RESERVED
CVE-2020-9062
@@ -4588,8 +4608,8 @@ CVE-2020-8471
RESERVED
CVE-2020-8470
RESERVED
-CVE-2020-8469
- RESERVED
+CVE-2020-8469 (Trend Micro Password Manager for Windows version 5.0 is
affected by a ...)
+ TODO: check
CVE-2020-8468
RESERVED
CVE-2020-8467
@@ -6572,8 +6592,8 @@ CVE-2020-7602
RESERVED
CVE-2020-7601
RESERVED
-CVE-2020-7600
- RESERVED
+CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object
properties. The ...)
+ TODO: check
CVE-2020-7599
RESERVED
CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying
proper ...)
@@ -8790,8 +8810,8 @@ CVE-2020-6645
RESERVED
CVE-2020-6644
RESERVED
-CVE-2020-6643
- RESERVED
+CVE-2020-6643 (An improper neutralization of input vulnerability in the URL
Descripti ...)
+ TODO: check
CVE-2020-6642
RESERVED
CVE-2020-6641
@@ -10309,12 +10329,12 @@ CVE-2020-5963
RESERVED
CVE-2020-5962
RESERVED
-CVE-2020-5961
- RESERVED
-CVE-2020-5960
- RESERVED
-CVE-2020-5959
- RESERVED
+CVE-2020-5961 (NVIDIA vGPU graphics driver for guest OS contains a
vulnerability in w ...)
+ TODO: check
+CVE-2020-5960 (NVIDIA Virtual GPU Manager contains a vulnerability in the
kernel modu ...)
+ TODO: check
+CVE-2020-5959 (NVIDIA Virtual GPU Manager, all versions, contains a
vulnerability in ...)
+ TODO: check
CVE-2020-5958 (NVIDIA Windows GPU Display Driver, all versions, contains a
vulnerabil ...)
TODO: check
CVE-2020-5957 (NVIDIA Windows GPU Display Driver, all versions, contains a
vulnerabil ...)
@@ -21036,8 +21056,8 @@ CVE-2020-1889
RESERVED
CVE-2020-1888 (Insufficient boundary checks when decoding JSON in
handleBackslash rea ...)
- hhvm <removed>
-CVE-2020-1887
- RESERVED
+CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery
versions after ...)
+ TODO: check
CVE-2020-1886
RESERVED
CVE-2020-1885
@@ -21197,8 +21217,8 @@ CVE-2020-1865
RESERVED
CVE-2020-1864
RESERVED
-CVE-2020-1863
- RESERVED
+CVE-2020-1863 (Huawei USG6000V with versions V500R001C20SPC300,
V500R003C00SPC100, an ...)
+ TODO: check
CVE-2020-1862
RESERVED
CVE-2020-1861 (CloudEngine 12800 with versions of
V200R001C00SPC600,V200R001C00SPC700 ...)
@@ -26221,8 +26241,8 @@ CVE-2020-0585
RESERVED
CVE-2020-0584
RESERVED
-CVE-2020-0583
- RESERVED
+CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart
Sound Tech ...)
+ TODO: check
CVE-2020-0582
RESERVED
CVE-2020-0581
@@ -26239,8 +26259,8 @@ CVE-2020-0576
RESERVED
CVE-2020-0575
RESERVED
-CVE-2020-0574
- RESERVED
+CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10
FPGA all ...)
+ TODO: check
CVE-2020-0573
RESERVED
CVE-2020-0572
@@ -26264,12 +26284,12 @@ CVE-2020-0569
NOTE: Patch for 5.0.0 through 5.5.1:
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d
CVE-2020-0568
RESERVED
-CVE-2020-0567
- RESERVED
+CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before
version ...)
+ TODO: check
CVE-2020-0566
RESERVED
-CVE-2020-0565
- RESERVED
+CVE-2020-0565 (Uncontrolled search path in Intel(R) Graphics Drivers before
version 2 ...)
+ TODO: check
CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for
Windows be ...)
NOT-FOR-US: Intel
CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before
version ...)
@@ -26286,8 +26306,8 @@ CVE-2020-0558
RESERVED
CVE-2020-0557
RESERVED
-CVE-2020-0556
- RESERVED
+CVE-2020-0556 (Improper access control in subsystem for BlueZ before version
5.53 may ...)
+ TODO: check
CVE-2020-0555
RESERVED
CVE-2020-0554
@@ -26296,8 +26316,7 @@ CVE-2020-0553
RESERVED
CVE-2020-0552
RESERVED
-CVE-2020-0551 [Load Value Injection]
- RESERVED
+CVE-2020-0551 (Load value injection in some Intel(R) Processors utilizing
speculative ...)
NOTE:
https://software.intel.com/security-software-guidance/software-guidance/load-value-injection
NOTE:
https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
NOTE: https://xenbits.xen.org/xsa/advisory-315.html
@@ -26306,8 +26325,7 @@ CVE-2020-0551 [Load Value Injection]
NOTE: binutils/toolchain updates will include a patch that optionally
emits lfence
NOTE: instructions in problematic situations (but have performance
impact), cf.
NOTE: https://sourceware.org/pipermail/binutils/2020-March/110175.html
-CVE-2020-0550 [Snoop-Assisted L1D Sampling]
- RESERVED
+CVE-2020-0550 (Improper data forwarding in some data cache for some Intel(R)
Processo ...)
NOTE: Intel is (currently) no planning to release microcode updates to
mitigate issue.
NOTE:
https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
NOTE:
https://software.intel.com/security-software-guidance/insights/processors-affected-snoop-assisted-l1-data-sampling
@@ -26328,8 +26346,8 @@ CVE-2020-0548 (Cleanup errors in some Intel(R)
Processors may allow an authentic
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
CVE-2020-0547
RESERVED
-CVE-2020-0546
- RESERVED
+CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent
Memory Modu ...)
+ TODO: check
CVE-2020-0545
RESERVED
CVE-2020-0544
@@ -26360,16 +26378,16 @@ CVE-2020-0532
RESERVED
CVE-2020-0531
RESERVED
-CVE-2020-0530
- RESERVED
+CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may
allow an ...)
+ TODO: check
CVE-2020-0529
RESERVED
CVE-2020-0528
RESERVED
CVE-2020-0527
RESERVED
-CVE-2020-0526
- RESERVED
+CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may
allow a pri ...)
+ TODO: check
CVE-2020-0525
RESERVED
CVE-2020-0524
@@ -26380,32 +26398,32 @@ CVE-2020-0522
RESERVED
CVE-2020-0521
RESERVED
-CVE-2020-0520
- RESERVED
-CVE-2020-0519
- RESERVED
+CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers
before ve ...)
+ TODO: check
+CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before
versions ...)
+ TODO: check
CVE-2020-0518
RESERVED
-CVE-2020-0517
- RESERVED
-CVE-2020-0516
- RESERVED
-CVE-2020-0515
- RESERVED
-CVE-2020-0514
- RESERVED
+CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version
15.36. ...)
+ TODO: check
+CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before
version 26 ...)
+ TODO: check
+CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R)
Graphic ...)
+ TODO: check
+CVE-2020-0514 (Improper default permissions in the installer for Intel(R)
Graphics Dr ...)
+ TODO: check
CVE-2020-0513
RESERVED
CVE-2020-0512
RESERVED
-CVE-2020-0511
- RESERVED
+CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics
Drivers befo ...)
+ TODO: check
CVE-2020-0510
RESERVED
CVE-2020-0509
RESERVED
-CVE-2020-0508
- RESERVED
+CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R)
Graphics D ...)
+ TODO: check
CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before
versions 15. ...)
TODO: check
CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before
versions 1 ...)
@@ -29403,8 +29421,8 @@ CVE-2019-17660 (A cross-site scripting (XSS)
vulnerability in admin/translate/tr
- limesurvey <itp> (bug #472802)
CVE-2019-17659
RESERVED
-CVE-2019-17658
- RESERVED
+CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient
FortiTray co ...)
+ TODO: check
CVE-2019-17657
RESERVED
CVE-2019-17656
@@ -29413,8 +29431,8 @@ CVE-2019-17655
RESERVED
CVE-2019-17654
RESERVED
-CVE-2019-17653
- RESERVED
+CVE-2019-17653 (A Cross-Site Request Forgery (CSRF) vulnerability in the user
interfac ...)
+ TODO: check
CVE-2019-17652 (A stack buffer overflow vulnerability in FortiClient for Linux
6.2.1 a ...)
NOT-FOR-US: Fortiguard FortiClient
CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the
description a ...)
@@ -33795,8 +33813,8 @@ CVE-2019-16158
RESERVED
CVE-2019-16157
RESERVED
-CVE-2019-16156
- RESERVED
+CVE-2019-16156 (An Improper Neutralization of Input vulnerability in the
Anomaly Detec ...)
+ TODO: check
CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux
6.2.1 an ...)
NOT-FOR-US: Fortiguard FortiClient
CVE-2019-16154 (An improper neutralization of input during web page generation
in Fort ...)
@@ -46759,8 +46777,8 @@ CVE-2019-12280 (PC-Doctor Toolbox before 7.3 has an
Uncontrolled Search Path Ele
NOT-FOR-US: PC-Doctor Toolbox
CVE-2019-12279 (** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the
username p ...)
NOT-FOR-US: Nagios XI
-CVE-2019-12278
- RESERVED
+CVE-2019-12278 (Opera through 53 on Android allows Address Bar Spoofing.
Characters fr ...)
+ TODO: check
CVE-2019-12277 (Blogifier 2.3 before 2019-05-11 does not properly restrict
APIs, as de ...)
NOT-FOR-US: Blogifier
CVE-2019-12276 (A Path Traversal vulnerability in
Controllers/LetsEncryptController.cs ...)
@@ -49449,8 +49467,8 @@ CVE-2019-11356 (The CalDAV feature in httpd in Cyrus
IMAP 2.5.x through 2.5.12 a
- cyrus-imapd 3.0.8-6
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1717828
NOTE:
https://github.com/cyrusimap/cyrus-imapd/commit/a5779db8163b99463e25e7c476f9cbba438b65f3
-CVE-2019-11355
- RESERVED
+CVE-2019-11355 (An issue was discovered in Poly (formerly Polycom) HDX 3.1.13.
A featu ...)
+ TODO: check
CVE-2019-11354 (The client in Electronic Arts (EA) Origin 10.5.36 on Windows
allows te ...)
NOT-FOR-US: client in Electronic Arts (EA) Origin on Windows
CVE-2019-11353 (The EnGenius EWS660AP router with firmware 2.0.284 allows an
attacker ...)
@@ -49480,8 +49498,8 @@ CVE-2019-11345 (Citrix SD-WAN Center 10.2.x before
10.2.1 and NetScaler SD-WAN C
NOT-FOR-US: Citrix
CVE-2019-11344 (data/inc/files.php in Pluck 4.7.8 allows remote attackers to
execute a ...)
NOT-FOR-US: Pluck CMS
-CVE-2019-11343
- RESERVED
+CVE-2019-11343 (Torpedo Query before 2.5.3 mishandles the LIKE operator in
ConditionBu ...)
+ TODO: check
CVE-2019-11342
RESERVED
CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical
access can ...)
@@ -71060,8 +71078,8 @@ CVE-2018-20588 (lib/support/unicodeconv/unicodeconv.c
in libotfcc.a in otfcc v0.
CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0
through 0. ...)
- bitcoin <unfixed>
NOTE:
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587
-CVE-2018-20586
- RESERVED
+CVE-2018-20586 (bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of
arbitrary d ...)
+ TODO: check
CVE-2018-20585
RESERVED
CVE-2018-20584 (JasPer 2.0.14 allows remote attackers to cause a denial of
service (ap ...)
@@ -81149,8 +81167,7 @@ CVE-2018-19519 (In tcpdump 4.9.2, a stack-based buffer
over-read exists in the p
NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/763
NOTE: https://github.com/zyingp/temp/blob/master/tcpdump.md
NOTE: Crash in CLI tool, no security impact
-CVE-2018-19516
- RESERVED
+CVE-2018-19516 (messagepartthemes/default/defaultrenderer.cpp in messagelib in
KDE App ...)
- kf5-messagelib 4:18.08.3-2 (bug #915039)
[stretch] - kf5-messagelib <no-dsa> (Minor issue)
NOTE: https://www.kde.org/info/security/advisory-20181128-1.txt
@@ -83391,8 +83408,8 @@ CVE-2018-18808 (The domain management component of
TIBCO Software Inc.'s TIBCO J
NOT-FOR-US: TIBCO
CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO
Softwar ...)
NOT-FOR-US: TIBCO
-CVE-2017-18350
- RESERVED
+CVE-2017-18350 (bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based
buffer over ...)
+ TODO: check
CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of
service (Me ...)
{DLA-1596-1}
- squid 4.4-1 (low; bug #912294)
@@ -105317,8 +105334,8 @@ CVE-2018-10706 (An integer overflow in the
transferMulti function of a smart con
NOT-FOR-US: Social Chain
CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA),
an Ethe ...)
NOT-FOR-US: Aurora DAD
-CVE-2018-10704
- RESERVED
+CVE-2018-10704 (yidashi yii2cmf 2.0 has XSS via the /search q parameter. ...)
+ TODO: check
CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It
provides fun ...)
NOT-FOR-US: Moxa
CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It
provides fun ...)
@@ -231932,8 +231949,8 @@ CVE-2015-3643 (usb-creator before 0.2.38.3ubuntu0.1
on Ubuntu 12.04 LTS, before
NOT-FOR-US: usb-creator
CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler
Applicat ...)
NOT-FOR-US: Citrix
-CVE-2015-3641
- RESERVED
+CVE-2015-3641 (bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to
cause a den ...)
+ TODO: check
CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the "."
charac ...)
NOT-FOR-US: phpMyBackupPro
CVE-2015-3639 (phpMyBackupPro 2.5 and earlier does not properly sanitize input
string ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/267dd02861c24f0db57d886c4f43f6e34830403d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/267dd02861c24f0db57d886c4f43f6e34830403d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
