Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e14fbeef by security tracker role at 2020-01-04T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,219 @@
+CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There
are non ...)
+ TODO: check
+CVE-2020-5498
+ RESERVED
+CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect
throug ...)
+ TODO: check
+CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the
Type2NotDef ...)
+ TODO: check
+CVE-2020-5495
+ RESERVED
+CVE-2020-5494
+ RESERVED
+CVE-2020-5493
+ RESERVED
+CVE-2020-5492
+ RESERVED
+CVE-2020-5491
+ RESERVED
+CVE-2020-5490
+ RESERVED
+CVE-2020-5489
+ RESERVED
+CVE-2020-5488
+ RESERVED
+CVE-2020-5487
+ RESERVED
+CVE-2020-5486
+ RESERVED
+CVE-2020-5485
+ RESERVED
+CVE-2020-5484
+ RESERVED
+CVE-2020-5483
+ RESERVED
+CVE-2020-5482
+ RESERVED
+CVE-2020-5481
+ RESERVED
+CVE-2020-5480
+ RESERVED
+CVE-2020-5479
+ RESERVED
+CVE-2020-5478
+ RESERVED
+CVE-2020-5477
+ RESERVED
+CVE-2020-5476
+ RESERVED
+CVE-2020-5475
+ RESERVED
+CVE-2020-5474
+ RESERVED
+CVE-2020-5473
+ RESERVED
+CVE-2020-5472
+ RESERVED
+CVE-2020-5471
+ RESERVED
+CVE-2020-5470
+ RESERVED
+CVE-2020-5469
+ RESERVED
+CVE-2020-5468
+ RESERVED
+CVE-2020-5467
+ RESERVED
+CVE-2020-5466
+ RESERVED
+CVE-2020-5465
+ RESERVED
+CVE-2020-5464
+ RESERVED
+CVE-2020-5463
+ RESERVED
+CVE-2020-5462
+ RESERVED
+CVE-2020-5461
+ RESERVED
+CVE-2020-5460
+ RESERVED
+CVE-2020-5459
+ RESERVED
+CVE-2020-5458
+ RESERVED
+CVE-2020-5457
+ RESERVED
+CVE-2020-5456
+ RESERVED
+CVE-2020-5455
+ RESERVED
+CVE-2020-5454
+ RESERVED
+CVE-2020-5453
+ RESERVED
+CVE-2020-5452
+ RESERVED
+CVE-2020-5451
+ RESERVED
+CVE-2020-5450
+ RESERVED
+CVE-2020-5449
+ RESERVED
+CVE-2020-5448
+ RESERVED
+CVE-2020-5447
+ RESERVED
+CVE-2020-5446
+ RESERVED
+CVE-2020-5445
+ RESERVED
+CVE-2020-5444
+ RESERVED
+CVE-2020-5443
+ RESERVED
+CVE-2020-5442
+ RESERVED
+CVE-2020-5441
+ RESERVED
+CVE-2020-5440
+ RESERVED
+CVE-2020-5439
+ RESERVED
+CVE-2020-5438
+ RESERVED
+CVE-2020-5437
+ RESERVED
+CVE-2020-5436
+ RESERVED
+CVE-2020-5435
+ RESERVED
+CVE-2020-5434
+ RESERVED
+CVE-2020-5433
+ RESERVED
+CVE-2020-5432
+ RESERVED
+CVE-2020-5431
+ RESERVED
+CVE-2020-5430
+ RESERVED
+CVE-2020-5429
+ RESERVED
+CVE-2020-5428
+ RESERVED
+CVE-2020-5427
+ RESERVED
+CVE-2020-5426
+ RESERVED
+CVE-2020-5425
+ RESERVED
+CVE-2020-5424
+ RESERVED
+CVE-2020-5423
+ RESERVED
+CVE-2020-5422
+ RESERVED
+CVE-2020-5421
+ RESERVED
+CVE-2020-5420
+ RESERVED
+CVE-2020-5419
+ RESERVED
+CVE-2020-5418
+ RESERVED
+CVE-2020-5417
+ RESERVED
+CVE-2020-5416
+ RESERVED
+CVE-2020-5415
+ RESERVED
+CVE-2020-5414
+ RESERVED
+CVE-2020-5413
+ RESERVED
+CVE-2020-5412
+ RESERVED
+CVE-2020-5411
+ RESERVED
+CVE-2020-5410
+ RESERVED
+CVE-2020-5409
+ RESERVED
+CVE-2020-5408
+ RESERVED
+CVE-2020-5407
+ RESERVED
+CVE-2020-5406
+ RESERVED
+CVE-2020-5405
+ RESERVED
+CVE-2020-5404
+ RESERVED
+CVE-2020-5403
+ RESERVED
+CVE-2020-5402
+ RESERVED
+CVE-2020-5401
+ RESERVED
+CVE-2020-5400
+ RESERVED
+CVE-2020-5399
+ RESERVED
+CVE-2020-5398
+ RESERVED
+CVE-2020-5397
+ RESERVED
+CVE-2020-5396
+ RESERVED
+CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData
in sfd. ...)
+ TODO: check
+CVE-2019-20334 (In Netwide Assembler (NASM) 2.14.02, stack consumption occurs
in expr# ...)
+ TODO: check
+CVE-2015-9540 (Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url=
open red ...)
+ TODO: check
+CVE-2014-10398 (Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll
in Bank ...)
+ TODO: check
CVE-2020-5394
RESERVED
CVE-2020-5393
@@ -3792,8 +4008,8 @@ CVE-2019-19961
CVE-2019-19960 (In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly
resist sid ...)
- wolfssl 4.3.0+dfsg-1
NOTE:
https://github.com/wolfSSL/wolfssl/commit/5ee9f9c7a23f8ed093fe1e42bc540727e96cebb8
(v4.3.0-stable)
-CVE-2019-19959
- RESERVED
+CVE-2019-19959 (ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of
INSERT ...)
+ TODO: check
CVE-2019-19958 (In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in
common/str ...)
NOT-FOR-US: libIEC61850
CVE-2019-19957 (In libIEC61850 1.4.0, getNumberOfElements in
mms/iso_mms/server/mms_ac ...)
@@ -28977,10 +29193,10 @@ CVE-2019-13768
CVE-2019-13767
RESERVED
- chromium <unfixed>
-CVE-2019-13766
- RESERVED
-CVE-2019-13765
- RESERVED
+CVE-2019-13766 (Use-after-free in accessibility in Google Chrome prior to
77.0.3865.75 ...)
+ TODO: check
+CVE-2019-13765 (Use-after-free in content delivery manager in Google Chrome
prior to 7 ...)
+ TODO: check
CVE-2019-13764 (Type confusion in JavaScript in Google Chrome prior to
79.0.3945.79 al ...)
- chromium 79.0.3945.79-1
CVE-2019-13763 (Insufficient policy enforcement in payments in Google Chrome
prior to ...)
@@ -42771,18 +42987,18 @@ CVE-2019-9543 (An issue was discovered in Poppler
0.74.0. A recursive function c
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <postponed> (Minor issue; revisit when fixed
upstream)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/730
-CVE-2019-9542
- RESERVED
-CVE-2019-9541
- RESERVED
-CVE-2019-9540
- RESERVED
-CVE-2019-9539
- RESERVED
-CVE-2019-9538
- RESERVED
-CVE-2019-9537
- RESERVED
+CVE-2019-9542 (: Improper Neutralization of Input During Web Page Generation
('Cross- ...)
+ TODO: check
+CVE-2019-9541 (: Information Exposure vulnerability in itemlookup.asp of Telos
Automa ...)
+ TODO: check
+CVE-2019-9540 (: Improper Neutralization of Input During Web Page Generation
('Cross- ...)
+ TODO: check
+CVE-2019-9539 (: Improper Neutralization of Input During Web Page Generation
('Cross- ...)
+ TODO: check
+CVE-2019-9538 (: Improper Neutralization of Input During Web Page Generation
('Cross- ...)
+ TODO: check
+CVE-2019-9537 (: Improper Neutralization of Input During Web Page Generation
('Cross- ...)
+ TODO: check
CVE-2019-9536 (Apple iPhone 3GS bootrom malloc implementation returns a
non-NULL poin ...)
NOT-FOR-US: Apple iPhone 3GS
CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with
tmux's c ...)
@@ -52321,12 +52537,12 @@ CVE-2019-5848 (Incorrect font handling in autofill in
Google Chrome prior to 75.
CVE-2019-5847 (Inappropriate implementation in JavaScript in Google Chrome
prior to 7 ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
-CVE-2019-5846
- RESERVED
-CVE-2019-5845
- RESERVED
-CVE-2019-5844
- RESERVED
+CVE-2019-5846 (Out of bounds access in SwiftShader in Google Chrome prior to
73.0.368 ...)
+ TODO: check
+CVE-2019-5845 (Out of bounds access in SwiftShader in Google Chrome prior to
73.0.368 ...)
+ TODO: check
+CVE-2019-5844 (Out of bounds access in SwiftShader in Google Chrome prior to
73.0.368 ...)
+ TODO: check
CVE-2019-5843 (Out of bounds memory access in JavaScript in Google Chrome
prior to 74 ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
@@ -57285,8 +57501,8 @@ CVE-2019-3770
RESERVED
CVE-2019-3769
RESERVED
-CVE-2019-3768
- RESERVED
+CVE-2019-3768 (RSA Authentication Manager versions prior to 8.4 P7 contain an
XML Ent ...)
+ TODO: check
CVE-2019-3767 (Dell ImageAssist versions prior to 8.7.15 contain an
information discl ...)
NOT-FOR-US: Dell ImageAssist
CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper
restriction ...)
@@ -233621,8 +233837,8 @@ CVE-2014-8519 (Unspecified vulnerability in McAfee
Network Data Loss Prevention
NOT-FOR-US: McAfee
CVE-2014-8518 (The (1) Removable Media and (2) CD and DVD encryption offsite
access o ...)
NOT-FOR-US: McAfee
-CVE-2014-8516
- RESERVED
+CVE-2014-8516 (Unrestricted file upload vulnerability in Visual Mining
NetCharts Serv ...)
+ TODO: check
CVE-2014-8515 (The web interface in BitTorrent allows remote attackers to
execute arb ...)
NOT-FOR-US: uTorrent
CVE-2014-8514 (Buffer overflow in an ActiveX control in MDraw30.ocx in
Schneider Elec ...)
@@ -234120,8 +234336,8 @@ CVE-2014-8339 (SQL injection vulnerability in
midroll.php in Nuevolab Nuevoplaye
NOT-FOR-US: Nuevolabs Nuevoplayer for clipshare
CVE-2014-8338
RESERVED
-CVE-2014-8337
- RESERVED
+CVE-2014-8337 (Unrestricted file upload vulnerability in
includes/classes/uploadify-v ...)
+ TODO: check
CVE-2014-8336 (The "Sql Run Query" panel in WP-DBManager (aka Database
Manager) plugi ...)
NOT-FOR-US: WP-DBManager plugin for WordPress
CVE-2014-8335 ((1) wp-dbmanager.php and (2) database-manage.php in the
WP-DBManager ( ...)
@@ -240913,8 +241129,7 @@ CVE-2014-5518
RESERVED
CVE-2014-5517
RESERVED
-CVE-2014-5516
- RESERVED
+CVE-2014-5516 (Cross-site request forgery (CSRF) vulnerability in the
Storefront Appl ...)
NOT-FOR-US: KonaKart
CVE-2014-5515
RESERVED
@@ -241973,8 +242188,8 @@ CVE-2014-5142
RESERVED
CVE-2014-5141
RESERVED
-CVE-2014-5140
- RESERVED
+CVE-2014-5140 (The bindReplace function in the query factory in
includes/classes/data ...)
+ TODO: check
CVE-2014-5139 (The ssl_set_client_disabled function in t1_lib.c in OpenSSL
1.0.1 befo ...)
{DSA-2998-1}
- openssl 1.0.1i-1
@@ -244272,8 +244487,8 @@ CVE-2014-4198
RESERVED
CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems
(BSS) RBS ...)
NOT-FOR-US: Bank Soft Systems
-CVE-2014-4196
- RESERVED
+CVE-2014-4196 (Cross-site scripting (XSS) vulnerability in bsi.dll in Bank
Soft Syste ...)
+ TODO: check
CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in
zero_view_article.php in Z ...)
NOT-FOR-US: ZeroCMS
CVE-2014-4194 (SQL injection vulnerability in zero_transact_article.php in
ZeroCMS 1. ...)
@@ -276956,8 +277171,8 @@ CVE-2012-5880
RESERVED
CVE-2012-5879 (An ActiveX control in McHealthCheck.dll in McAfee Virtual
Technician ( ...)
NOT-FOR-US: McAfee Virtual Technician
-CVE-2012-5878
- RESERVED
+CVE-2012-5878 (Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through
0.1.4 a ...)
+ TODO: check
CVE-2012-5877 (Nero MediaHome 4.5.8.0 and earlier allows remote attackers to
cause a ...)
NOT-FOR-US: Nero MediaHome
CVE-2012-5876 (Multiple off-by-one errors in NMMediaServerService.dll in Nero
MediaHo ...)
@@ -277403,8 +277618,8 @@ CVE-2012-5695 (Multiple cross-site request forgery
(CSRF) vulnerabilities in Bul
NOT-FOR-US: Smartphone Pentest Framework
CVE-2012-5694 (Multiple SQL injection vulnerabilities in Bulb Security
Smartphone Pen ...)
NOT-FOR-US: Smartphone Pentest Framework
-CVE-2012-5693
- RESERVED
+CVE-2012-5693 (Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3
allows r ...)
+ TODO: check
CVE-2012-5692 (Unspecified vulnerability in admin/sources/base/core.php in
Invision P ...)
NOT-FOR-US: Invision Power Board
CVE-2012-5691 (Buffer overflow in RealNetworks RealPlayer before 16.0.0.282
and RealP ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e14fbeefaf08092b022af4e69cb50b6b52c9411e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e14fbeefaf08092b022af4e69cb50b6b52c9411e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
