Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79a52746 by security tracker role at 2019-12-18T08:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2019-19881
+ RESERVED
+CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows
attackers to tr ...)
+ TODO: check
+CVE-2019-19879
+ RESERVED
+CVE-2019-19878
+ RESERVED
+CVE-2019-19877
+ RESERVED
+CVE-2019-19876
+ RESERVED
+CVE-2019-19875
+ RESERVED
+CVE-2019-19874
+ RESERVED
+CVE-2019-19873
+ RESERVED
+CVE-2019-19872
+ RESERVED
+CVE-2019-19871
+ RESERVED
+CVE-2019-19870
+ RESERVED
+CVE-2019-19869
+ RESERVED
+CVE-2019-19868
+ RESERVED
+CVE-2019-19867
+ RESERVED
+CVE-2019-19866
+ RESERVED
+CVE-2019-19865
+ RESERVED
CVE-2020-3824
RESERVED
CVE-2020-3823
@@ -465,10 +499,10 @@ CVE-2019-19848 (An issue was discovered in TYPO3 before
8.7.30, 9.x before 9.5.1
CVE-2019-19847 (Libspiro through 20190731 has a stack-based buffer overflow in
the spi ...)
- libspiro <unfixed>
NOTE: https://github.com/fontforge/libspiro/issues/21
-CVE-2019-19846
- RESERVED
-CVE-2019-19845
- RESERVED
+CVE-2019-19846 (In Joomla! before 3.9.14, the lack of validation of
configuration para ...)
+ TODO: check
+CVE-2019-19845 (In Joomla! before 3.9.14, a missing access check in framework
files co ...)
+ TODO: check
CVE-2019-19844
RESERVED
CVE-2019-19843
@@ -634,8 +668,8 @@ CVE-2019-19777 (stb_image.h (aka the stb image loader)
2.23, as used in libsixel
NOTE: https://github.com/saitoha/libsixel/issues/109
CVE-2019-19776
RESERVED
-CVE-2019-19775
- RESERVED
+CVE-2019-19775 (The image thumbnailing handler in Zulip Server versions 1.9.0
to befor ...)
+ TODO: check
CVE-2019-19774 (An issue was discovered in Zoho ManageEngine EventLog Analyzer
10.0 SP ...)
NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
CVE-2019-19773
@@ -10602,8 +10636,8 @@ CVE-2019-18259 (In Omron PLC CJ series, all versions
and Omron PLC CS series, al
NOT-FOR-US: Omron
CVE-2019-18258
RESERVED
-CVE-2019-18257
- RESERVED
+CVE-2019-18257 (In Advantech DiagAnywhere Server, Versions 3.07.11 and prior,
multiple ...)
+ TODO: check
CVE-2019-18256
RESERVED
CVE-2019-18255
@@ -13837,14 +13871,14 @@ CVE-2019-17339
RESERVED
CVE-2019-17338
RESERVED
-CVE-2019-17337
- RESERVED
-CVE-2019-17336
- RESERVED
-CVE-2019-17335
- RESERVED
-CVE-2019-17334
- RESERVED
+CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
+ TODO: check
+CVE-2019-17336 (The Data access layer component of TIBCO Software Inc.'s TIBCO
Spotfir ...)
+ TODO: check
+CVE-2019-17335 (The Data access layer component of TIBCO Software Inc.'s TIBCO
Spotfir ...)
+ TODO: check
+CVE-2019-17334 (The Visualizations component of TIBCO Software Inc.'s TIBCO
Spotfire A ...)
+ TODO: check
CVE-2019-17333
RESERVED
CVE-2019-17332 (The Digital Asset Manager Web Interface component of TIBCO
Software In ...)
@@ -20481,8 +20515,8 @@ CVE-2019-15015 (In the Zingbox Inspector, versions
1.294 and earlier, hardcoded
NOT-FOR-US: Zingbox Inspector
CVE-2019-15014 (A command injection vulnerability exists in the Zingbox
Inspector vers ...)
NOT-FOR-US: Zingbox Inspector
-CVE-2019-15013
- RESERVED
+CVE-2019-15013 (The WorkflowResource class removeStatus method in Jira before
version ...)
+ TODO: check
CVE-2019-15012
RESERVED
CVE-2019-15011 (The ListEntityLinksServlet resource in Application Links
before versio ...)
@@ -31445,8 +31479,8 @@ CVE-2019-11659
RESERVED
CVE-2019-11658 (Information exposure in Micro Focus Content Manager, versions
9.1, 9.2 ...)
NOT-FOR-US: Micro Focus
-CVE-2019-11657
- RESERVED
+CVE-2019-11657 (Cross-Site Request Forgery vulnerability in all Micro Focus
ArcSight L ...)
+ TODO: check
CVE-2019-11656 (Stored XSS vulnerability in Micro Focus ArcSight Logger,
affects versi ...)
NOT-FOR-US: Micro Focus
CVE-2019-11655 (Unrestricted file upload vulnerability in Micro Focus ArcSight
Logger, ...)
@@ -34356,8 +34390,8 @@ CVE-2019-10616
RESERVED
CVE-2019-10615
RESERVED
-CVE-2019-10614
- RESERVED
+CVE-2019-10614 (Out of boundary access is possible as there is no validation
of data a ...)
+ TODO: check
CVE-2019-10613
RESERVED
CVE-2019-10612
@@ -34370,13 +34404,11 @@ CVE-2019-10609
RESERVED
CVE-2019-10608
RESERVED
-CVE-2019-10607
- RESERVED
+CVE-2019-10607 (Out of bounds memcpy can occur by providing the embedded NULL
characte ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10606
RESERVED
-CVE-2019-10605
- RESERVED
+CVE-2019-10605 (Buffer overwrite can occur in IEEE80211 header filling
function due to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10604
RESERVED
@@ -34384,22 +34416,19 @@ CVE-2019-10603
RESERVED
CVE-2019-10602
RESERVED
-CVE-2019-10601
- RESERVED
+CVE-2019-10601 (Out of bound access can occur while processing firmware event
due to l ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10600
- RESERVED
+CVE-2019-10600 (Use of local variable as argument to netlink CB callback goes
out of i ...)
+ TODO: check
CVE-2019-10599
RESERVED
-CVE-2019-10598
- RESERVED
+CVE-2019-10598 (Out of bound access can occur while processing peer info in
IBSS conne ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10597
RESERVED
CVE-2019-10596
RESERVED
-CVE-2019-10595
- RESERVED
+CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of
validation ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10594
RESERVED
@@ -34421,8 +34450,8 @@ CVE-2019-10586
RESERVED
CVE-2019-10585
RESERVED
-CVE-2019-10584
- RESERVED
+CVE-2019-10584 (Possibility of out of bound access in debug queue, if packet
size fiel ...)
+ TODO: check
CVE-2019-10583
RESERVED
CVE-2019-10582
@@ -34445,8 +34474,8 @@ CVE-2019-10574
RESERVED
CVE-2019-10573
RESERVED
-CVE-2019-10572
- RESERVED
+CVE-2019-10572 (Improper check in video driver while processing data from
video firmwa ...)
+ TODO: check
CVE-2019-10571 (Snapshot of IB can lead to invalid address access due to
missing check ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10570
@@ -34461,8 +34490,8 @@ CVE-2019-10566 (Buffer overflow can occur in wlan
module if supported rates or e
NOT-FOR-US: Snapdragon
CVE-2019-10565 (Double free issue can happen when sensor power settings is
freed by so ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10564
- RESERVED
+CVE-2019-10564 (Possible OOB issue in EEPROM due to lack of check while
accessing memo ...)
+ TODO: check
CVE-2019-10563 (Buffer over-read can occur in fast message handler due to
improper inp ...)
NOT-FOR-US: Snapdragon
CVE-2019-10562
@@ -34475,8 +34504,7 @@ CVE-2019-10559 (Accessing data buffer beyond the
available data while parsing og
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10558
RESERVED
-CVE-2019-10557
- RESERVED
+CVE-2019-10557 (Out-of-bound read in the wireless driver in the Linux kernel
due to la ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10556
RESERVED
@@ -34502,8 +34530,8 @@ CVE-2019-10546
RESERVED
CVE-2019-10545 (Null pointer dereference issue in kernel due to missing check
related ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10544
- RESERVED
+CVE-2019-10544 (Improper length check on source buffer to handle userspace
data receiv ...)
+ TODO: check
CVE-2019-10543
RESERVED
CVE-2019-10542 (Buffer over-read may occur when downloading a corrupted
firmware file ...)
@@ -34516,11 +34544,9 @@ CVE-2019-10539 (Possible buffer overflow issue due to
lack of length check when
NOT-FOR-US: Snapdragon
CVE-2019-10538 (Lack of check of address range received from firmware response
allows ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10537
- RESERVED
+CVE-2019-10537 (Improper validation of event buffer extracted from FW response
can lea ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10536
- RESERVED
+CVE-2019-10536 (Potential double free scenario if driver receives another
DIAG_EVENT_L ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10535 (Improper validation for loop variable received from firmware
can lead ...)
NOT-FOR-US: Snapdragon
@@ -34542,8 +34568,8 @@ CVE-2019-10527
RESERVED
CVE-2019-10526
RESERVED
-CVE-2019-10525
- RESERVED
+CVE-2019-10525 (Buffer overflow during SIB read when network configures
complete sib l ...)
+ TODO: check
CVE-2019-10524 (Lack of check for a negative value returned for get_clk is
wrongly int ...)
NOT-FOR-US: Snapdragon
CVE-2019-10523
@@ -34556,18 +34582,18 @@ CVE-2019-10520 (An unprivileged application can
allocate GPU memory by calling m
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10519
RESERVED
-CVE-2019-10518
- RESERVED
-CVE-2019-10517
- RESERVED
-CVE-2019-10516
- RESERVED
+CVE-2019-10518 (Use after free of a pointer in iWLAN scenario during netmgr
state tran ...)
+ TODO: check
+CVE-2019-10517 (Memory is being freed up twice when two concurrent threads are
executi ...)
+ TODO: check
+CVE-2019-10516 (Multiple read overflows in MM while decoding service
accept,service re ...)
+ TODO: check
CVE-2019-10515 (DCI client which might be preemptively freed up might be
accessed for ...)
NOT-FOR-US: Snapdragon
CVE-2019-10514
RESERVED
-CVE-2019-10513
- RESERVED
+CVE-2019-10513 (Possibility of Null pointer access if the SPDM commands are
executed i ...)
+ TODO: check
CVE-2019-10512 (Payload size is not checked before using it as array index in
audio in ...)
NOT-FOR-US: Snapdragon
CVE-2019-10511 (Possibility of memory overflow while decoding GSNDCP
compressed mode P ...)
@@ -34592,8 +34618,8 @@ CVE-2019-10502 (Possible stack overflow when an index
equal to io buffer size is
NOT-FOR-US: Snapdragon
CVE-2019-10501 (Possible use after free issue due to improper input validation
in volu ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10500
- RESERVED
+CVE-2019-10500 (While processing MT Secondary PDP request, Buffer overflow
will happen ...)
+ TODO: check
CVE-2019-10499 (Improper validation of read and write index of tx and rx
fifo`s before ...)
NOT-FOR-US: Snapdragon
CVE-2019-10498 (Buffer overflow scenario if the client sends more than 5
io_vec reques ...)
@@ -34618,8 +34644,8 @@ CVE-2019-10489 (Possible null-pointer dereference can
occur while parsing avi cl
NOT-FOR-US: Snapdragon
CVE-2019-10488 (Null pointer dereference can occur while parsing invalid
chunks while ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10487
- RESERVED
+CVE-2019-10487 (Buffer over read can happen while parsing SMS OTA messages at
transpor ...)
+ TODO: check
CVE-2019-10486 (Race condition due to the lack of resource lock which will be
concurre ...)
NOT-FOR-US: Snapdragon
CVE-2019-10485 (Infinite loop while decoding compressed data can lead to
overrun condi ...)
@@ -34628,13 +34654,11 @@ CVE-2019-10484 (Use after free issue occurs when
command destructors access dyna
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10483
RESERVED
-CVE-2019-10482
- RESERVED
-CVE-2019-10481
- RESERVED
+CVE-2019-10482 (Due to the use of non-time-constant comparison functions there
is issu ...)
+ TODO: check
+CVE-2019-10481 (Out of bound access occurs while handling the WMI FW event due
to lack ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10480
- RESERVED
+CVE-2019-10480 (Out of bound write can happen in WMI firmware event handler
due to lac ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10479 (An issue was discovered on Glory RBW-100 devices with firmware
ISP-K05 ...)
NOT-FOR-US: Glory RBW-100 devices
@@ -43755,8 +43779,8 @@ CVE-2019-7483
RESERVED
CVE-2019-7482
RESERVED
-CVE-2019-7481
- RESERVED
+CVE-2019-7481 (Vulnerability in SonicWall SMA100 allow unauthenticated user to
gain r ...)
+ TODO: check
CVE-2019-7480
RESERVED
CVE-2019-7479
@@ -52114,16 +52138,16 @@ CVE-2019-3998
RESERVED
CVE-2019-3997
RESERVED
-CVE-2019-3996
- RESERVED
-CVE-2019-3995
- RESERVED
-CVE-2019-3994
- RESERVED
-CVE-2019-3993
- RESERVED
-CVE-2019-3992
- RESERVED
+CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request
proxy ...)
+ TODO: check
+CVE-2019-3995 (ELOG 3.1.4-57bea22 and below is affected by a denial of service
vulner ...)
+ TODO: check
+CVE-2019-3994 (ELOG 3.1.4-57bea22 and below is affected by a denial of service
vulner ...)
+ TODO: check
+CVE-2019-3993 (ELOG 3.1.4-57bea22 and below is affected by an information
disclosure ...)
+ TODO: check
+CVE-2019-3992 (ELOG 3.1.4-57bea22 and below is affected by an information
disclosure ...)
+ TODO: check
CVE-2019-3991
RESERVED
CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present
in the ...)
@@ -58142,8 +58166,8 @@ CVE-2019-2306 (Improper casting of structure while
handling the buffer leads to
NOT-FOR-US: Snapdragon
CVE-2019-2305 (Out of bound access when reason code is extracted from frame
data with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-2304
- RESERVED
+CVE-2019-2304 (Integer overflow to buffer overflow due to lack of validation
of event ...)
+ TODO: check
CVE-2019-2303 (SNDCP module may access array out side its boundary when it
receives m ...)
NOT-FOR-US: Snapdragon
CVE-2019-2302 (While processing vendor command which contains corrupted
channel count ...)
@@ -58202,8 +58226,8 @@ CVE-2019-2276 (Possible out of bound read occurs while
processing beaconing requ
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2275 (While deserializing any key blob during key operations, buffer
overflo ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2274
- RESERVED
+CVE-2019-2274 (Improper Access Control for RPU write access from secure
processor in ...)
+ TODO: check
CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial
of serv ...)
NOT-FOR-US: Snapdragon
CVE-2019-2272 (Buffer overflow can occur in display function due to lack of
validatio ...)
@@ -58266,8 +58290,8 @@ CVE-2019-2244 (Possible integer underflow can happen
when calculating length of
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2243 (Possible buffer overflow at the end of iterating loop while
getting th ...)
NOT-FOR-US: Snapdragon
-CVE-2019-2242
- RESERVED
+CVE-2019-2242 (Device memory may get corrupted because of buffer
overflow/underflow. ...)
+ TODO: check
CVE-2019-2241 (While rendering the layout background, Error status check is
not caugh ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2240 (While sending the rendered surface content to the screen, Error
handli ...)
@@ -63499,10 +63523,10 @@ CVE-2019-0386 (Order processing in SAP ERP Sales
(corrected in SAP_APPL 6.0, 6.0
NOT-FOR-US: SAP
CVE-2019-0385 (SAP Enable Now, before version 1908, does not sufficiently
encode user ...)
NOT-FOR-US: SAP
-CVE-2019-0384
- RESERVED
-CVE-2019-0383
- RESERVED
+CVE-2019-0384 (Transaction Management in SAP Treasury and Risk Management
(corrected ...)
+ TODO: check
+CVE-2019-0383 (Transaction Management in SAP Treasury and Risk Management
(corrected ...)
+ TODO: check
CVE-2019-0382 (A Cross-Site Scripting vulnerability exists in SAP
BusinessObjects Bus ...)
NOT-FOR-US: SAP
CVE-2019-0381 (A binary planting in SAP SQL Anywhere, before version 17.0, SAP
IQ, be ...)
@@ -84292,8 +84316,7 @@ CVE-2018-11982 (In Snapdragon (Mobile, Wear) in version
MDM9206, MDM9607, MDM963
NOT-FOR-US: Snapdragon
CVE-2018-11981
RESERVED
-CVE-2018-11980
- RESERVED
+CVE-2018-11980 (When a fake broadcast/multicast 11w rmf without mmie received,
since n ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11979
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/79a52746b3efbf5eb6064423f9fbf0d239b2fd51
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/79a52746b3efbf5eb6064423f9fbf0d239b2fd51
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
