Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2bba8e31 by security tracker role at 2020-01-15T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,14 @@
-CVE-2020-7053 [drm/i915: Fix use-after-free when destroying GEM context]
+CVE-2020-7058 (** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code
execut ...)
+ TODO: check
+CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version
sends a d ...)
+ TODO: check
+CVE-2020-7056
+ RESERVED
+CVE-2020-7055
+ RESERVED
+CVE-2020-7054 (MmsValue_decodeMmsData in
mms/iso_mms/server/mms_access_result.c in li ...)
+ TODO: check
+CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19
longterm t ...)
- linux 5.2.6-1
NOTE:
https://lore.kernel.org/stable/[email protected]/
CVE-2020-7052
@@ -3267,10 +3277,10 @@ CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5
before 5.0.1, SQL injection ex
NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/
CVE-2020-5503
RESERVED
-CVE-2020-5502
- RESERVED
-CVE-2020-5501
- RESERVED
+CVE-2020-5502 (phpBB 3.2.8 allows a CSRF attack that can approve pending group
member ...)
+ TODO: check
+CVE-2020-5501 (phpBB 3.2.8 allows a CSRF attack that can modify a group
avatar. ...)
+ TODO: check
CVE-2020-5500
RESERVED
CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There
are non ...)
@@ -17126,118 +17136,118 @@ CVE-2020-0658
RESERVED
CVE-2020-0657
RESERVED
-CVE-2020-0656
- RESERVED
+CVE-2020-0656 (A cross site scripting vulnerability exists when Microsoft
Dynamics 36 ...)
+ TODO: check
CVE-2020-0655
RESERVED
-CVE-2020-0654
- RESERVED
-CVE-2020-0653
- RESERVED
-CVE-2020-0652
- RESERVED
-CVE-2020-0651
- RESERVED
-CVE-2020-0650
- RESERVED
+CVE-2020-0654 (A security feature bypass vulnerability exists in Microsoft
OneDrive A ...)
+ TODO: check
+CVE-2020-0653 (A remote code execution vulnerability exists in Microsoft Excel
softwa ...)
+ TODO: check
+CVE-2020-0652 (A remote code execution vulnerability exists in Microsoft
Office softw ...)
+ TODO: check
+CVE-2020-0651 (A remote code execution vulnerability exists in Microsoft Excel
softwa ...)
+ TODO: check
+CVE-2020-0650 (A remote code execution vulnerability exists in Microsoft Excel
softwa ...)
+ TODO: check
CVE-2020-0649
RESERVED
CVE-2020-0648
RESERVED
-CVE-2020-0647
- RESERVED
-CVE-2020-0646
- RESERVED
+CVE-2020-0647 (A spoofing vulnerability exists when Office Online does not
validate o ...)
+ TODO: check
+CVE-2020-0646 (A remote code execution vulnerability exists when the Microsoft
.NET F ...)
+ TODO: check
CVE-2020-0645
RESERVED
-CVE-2020-0644
- RESERVED
-CVE-2020-0643
- RESERVED
-CVE-2020-0642
- RESERVED
-CVE-2020-0641
- RESERVED
-CVE-2020-0640
- RESERVED
-CVE-2020-0639
- RESERVED
-CVE-2020-0638
- RESERVED
-CVE-2020-0637
- RESERVED
-CVE-2020-0636
- RESERVED
-CVE-2020-0635
- RESERVED
-CVE-2020-0634
- RESERVED
-CVE-2020-0633
- RESERVED
-CVE-2020-0632
- RESERVED
-CVE-2020-0631
- RESERVED
-CVE-2020-0630
- RESERVED
-CVE-2020-0629
- RESERVED
-CVE-2020-0628
- RESERVED
-CVE-2020-0627
- RESERVED
-CVE-2020-0626
- RESERVED
-CVE-2020-0625
- RESERVED
-CVE-2020-0624
- RESERVED
-CVE-2020-0623
- RESERVED
-CVE-2020-0622
- RESERVED
-CVE-2020-0621
- RESERVED
-CVE-2020-0620
- RESERVED
+CVE-2020-0644 (An elevation of privilege vulnerability exists when Microsoft
Windows ...)
+ TODO: check
+CVE-2020-0643 (An information disclosure vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0642 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2020-0641 (An elevation of privilege vulnerability exists in Windows Media
Servic ...)
+ TODO: check
+CVE-2020-0640 (A remote code execution vulnerability exists when Internet
Explorer im ...)
+ TODO: check
+CVE-2020-0639 (An information disclosure vulnerability exists in the Windows
Common L ...)
+ TODO: check
+CVE-2020-0638 (An elevation of privilege vulnerability exists in the way the
Update N ...)
+ TODO: check
+CVE-2020-0637 (An information disclosure vulnerability exists when Remote
Desktop Web ...)
+ TODO: check
+CVE-2020-0636 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0635 (An elevation of privilege vulnerability exists in Microsoft
Windows wh ...)
+ TODO: check
+CVE-2020-0634 (An elevation of privilege vulnerability exists when the Windows
Common ...)
+ TODO: check
+CVE-2020-0633 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0632 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0631 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0630 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0629 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0628 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0627 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0626 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0625 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0624 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2020-0623 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0622 (An information disclosure vulnerability exists when the
Microsoft Wind ...)
+ TODO: check
+CVE-2020-0621 (A security feature bypass vulnerability exists in Windows 10
when thir ...)
+ TODO: check
+CVE-2020-0620 (An elevation of privilege vulnerability exists when Microsoft
Cryptogr ...)
+ TODO: check
CVE-2020-0619
RESERVED
CVE-2020-0618
RESERVED
-CVE-2020-0617
- RESERVED
-CVE-2020-0616
- RESERVED
-CVE-2020-0615
- RESERVED
-CVE-2020-0614
- RESERVED
-CVE-2020-0613
- RESERVED
-CVE-2020-0612
- RESERVED
-CVE-2020-0611
- RESERVED
-CVE-2020-0610
- RESERVED
-CVE-2020-0609
- RESERVED
-CVE-2020-0608
- RESERVED
-CVE-2020-0607
- RESERVED
-CVE-2020-0606
- RESERVED
-CVE-2020-0605
- RESERVED
+CVE-2020-0617 (A denial of service vulnerability exists when Microsoft Hyper-V
Virtua ...)
+ TODO: check
+CVE-2020-0616 (A denial of service vulnerability exists when Windows
improperly handl ...)
+ TODO: check
+CVE-2020-0615 (An information disclosure vulnerability exists in the Windows
Common L ...)
+ TODO: check
+CVE-2020-0614 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0613 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0612 (A denial of service vulnerability exists in Windows Remote
Desktop Gat ...)
+ TODO: check
+CVE-2020-0611 (A remote code execution vulnerability exists in the Windows
Remote Des ...)
+ TODO: check
+CVE-2020-0610 (A remote code execution vulnerability exists in Windows Remote
Desktop ...)
+ TODO: check
+CVE-2020-0609 (A remote code execution vulnerability exists in Windows Remote
Desktop ...)
+ TODO: check
+CVE-2020-0608 (An information disclosure vulnerability exists when the win32k
compone ...)
+ TODO: check
+CVE-2020-0607 (An information disclosure vulnerability exists in the way that
Microso ...)
+ TODO: check
+CVE-2020-0606 (A remote code execution vulnerability exists in .NET software
when the ...)
+ TODO: check
+CVE-2020-0605 (A remote code execution vulnerability exists in .NET software
when the ...)
+ TODO: check
CVE-2020-0604
RESERVED
-CVE-2020-0603
- RESERVED
-CVE-2020-0602
- RESERVED
-CVE-2020-0601
- RESERVED
+CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core
software ...)
+ TODO: check
+CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core
improperly ...)
+ TODO: check
+CVE-2020-0601 (A spoofing vulnerability exists in the way Windows CryptoAPI
(Crypt32. ...)
+ TODO: check
CVE-2019-18779
RESERVED
CVE-2019-18778
@@ -22319,9 +22329,9 @@ CVE-2019-17152
CVE-2019-17151 (This vulnerability allows remote attackers redirect users to
an extern ...)
NOT-FOR-US: Tencent WeChat
CVE-2019-17150
- RESERVED
+ REJECTED
CVE-2019-17149
- RESERVED
+ REJECTED
CVE-2019-17148 (This vulnerability allows local attackers to escalate
privileges on af ...)
NOT-FOR-US: Parallels
CVE-2019-17147 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
@@ -23396,8 +23406,8 @@ CVE-2019-16785 (Waitress through version 1.3.1
implemented a "MAY" part of the R
[jessie] - waitress <no-dsa> (Minor issue)
NOTE:
https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p
NOTE:
https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba
-CVE-2019-16784
- RESERVED
+CVE-2019-16784 (In PyInstaller before version 3.6, only on Windows, a local
privilege ...)
+ TODO: check
CVE-2019-16783
RESERVED
CVE-2019-16782 (There's a possible information leak / session hijack
vulnerability in ...)
@@ -66555,7 +66565,8 @@ CVE-2019-2226 (In device_class_to_int of
device_class.cc, there is a possible ou
NOT-FOR-US: Android
CVE-2019-2225 (When pairing with a Bluetooth device, it may be possible to
pair a mal ...)
NOT-FOR-US: Android
-CVE-2019-2224 (In ReadMATImage of mat.c, there is a possible out of bounds
write due ...)
+CVE-2019-2224
+ REJECTED
NOTE: Duplicate of CVE-2019-15140, reported to MITRE
CVE-2019-2223 (In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible
out of bo ...)
NOT-FOR-US: Android Media Framework
@@ -68421,8 +68432,8 @@ CVE-2018-19876 (cairo 1.16.0, in
cairo_ft_apply_variations() in cairo-ft-font.c,
NOTE: and became vulnerable with freetype 2.9 which allows to define a
different allocator. Partially
NOTE: fixed in
https://gitlab.freedesktop.org/cairo/cairo/commit/c3659d7ef662b55949307ece7b1f613a7dc32620
NOTE:
https://gitlab.freedesktop.org/cairo/cairo/commit/90e85c2493fdfa3551f202ff10282463f1e36645
-CVE-2018-1002104
- RESERVED
+CVE-2018-1002104 (Versions < 1.5 of the Kubernetes ingress default backend,
which han ...)
+ TODO: check
CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the
Kubernetes Das ...)
NOT-FOR-US: minikube
CVE-2018-1002102 (Improper validation of URL redirection in the Kubernetes API
server in ...)
@@ -162275,7 +162286,7 @@ CVE-2017-5717 (Type Confusion in Content Protection
HECI Service in Intel Graphi
CVE-2017-5716
REJECTED
CVE-2017-5715 (Systems with microprocessors utilizing speculative execution
and indir ...)
- {DSA-4213-1 DSA-4188-1 DSA-4187-1 DLA-1497-1 DLA-1422-1 DLA-1369-1}
+ {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-1497-1 DLA-1422-1
DLA-1369-1}
- linux 4.15.11-1
- intel-microcode 3.20180425.1
[stretch] - intel-microcode 3.20180425.1~deb9u1
@@ -187396,8 +187407,8 @@ CVE-2016-6594 (Blue Coat Advanced Secure Gateway 6.6,
CacheFlow 3.4, ProxySG 6.5
NOT-FOR-US: Blue Coat
CVE-2016-6593 (A code-execution vulnerability exists during startup in jhi.dll
and ot ...)
NOT-FOR-US: Symantec VIP Access
-CVE-2016-6592
- RESERVED
+CVE-2016-6592 (A vulnerability was found in Symantec Norton Download Manager
versions ...)
+ TODO: check
CVE-2016-6591 (A security bypass vulnerability exists in Symantec Norton App
Lock 1.0 ...)
NOT-FOR-US: Symantec
CVE-2016-6590 (A privilege escalation vulnerability exists when loading DLLs
during b ...)
@@ -301580,11 +301591,9 @@ CVE-2011-3204 (hammerhead.cc in Hammerhead 2.1.4
allows local users to write to
[lenny] - hammerhead <no-dsa> (Minor issue)
[squeeze] - hammerhead <no-dsa> (Minor issue)
NOTE: https://launchpad.net/bugs/826679
-CVE-2011-3203 [Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution]
- RESERVED
+CVE-2011-3203 (A Code Execution vulnerability exists the attachment parameter
to inde ...)
NOT-FOR-US: Jcow
-CVE-2011-3202 [Jcow CMS 4.2 <= | Cross Site Scripting]
- RESERVED
+CVE-2011-3202 (A Cross-Site Scripting (XSS) vulnerability exists in the g
parameter t ...)
NOT-FOR-US: Jcow
CVE-2011-3201 (GNOME Evolution before 3.2.3 allows user-assisted remote
attackers to ...)
- evolution <unfixed> (unimportant)
@@ -301646,8 +301655,7 @@ CVE-2011-3185 (gtkutils.c in Pidgin before 2.10.0 on
Windows allows user-assiste
CVE-2011-3184 (The msn_httpconn_parse_data function in httpconn.c in the MSN
protocol ...)
- pidgin 2.10.0-1 (unimportant)
NOTE: Only exploitable by a malicious MSN server to crash the client
-CVE-2011-3183
- RESERVED
+CVE-2011-3183 (A Cross-Site Scripting (XSS) vulnerability exists in the rcID
paramete ...)
NOT-FOR-US: Concrete CMS
CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of
the mall ...)
{DSA-2408-1}
@@ -302513,11 +302521,9 @@ CVE-2011-2936 (Elgg through 1.7.10 has a SQL
injection vulnerability ...)
- elgg <itp> (bug #526197)
CVE-2011-2935 (Elgg through 1.7.10 has XSS ...)
- elgg <itp> (bug #526197)
-CVE-2011-2934
- RESERVED
+CVE-2011-2934 (A Cross Site Request Forgery (CSRF) vulnerability exists in the
admini ...)
NOT-FOR-US: WebsiteBaker
-CVE-2011-2933
- RESERVED
+CVE-2011-2933 (An Arbitrary File Upload vulnerability exists in
admin/media/upload.ph ...)
NOT-FOR-US: WebsiteBaker
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in
activesupport/lib/active_s ...)
{DSA-2655-1}
@@ -303215,11 +303221,9 @@ CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox
before 1.20.0 allows remote D
- busybox 1:1.20.0-3 (unimportant; bug #635548)
NOTE: the default action script of busybox is not vulnerable to this
attack
NOTE: fixed in 1.20 (experimental). default script in udeb may be
vulnerable.
-CVE-2011-2715
- RESERVED
+CVE-2011-2715 (An SQL Injection vulnerability exists in Drupal 6.20 with Data
6.x-1.0 ...)
NOT-FOR-US: Drupal data module
-CVE-2011-2714
- RESERVED
+CVE-2011-2714 (A Cross-Site Scripting vulnerability exists in Drupal 6.20 with
Data 6 ...)
NOT-FOR-US: Drupal data module
CVE-2011-2713 (oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3
allows u ...)
{DSA-2315-1}
@@ -303241,8 +303245,7 @@ CVE-2011-2708
REJECTED
CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in
the Lin ...)
- linux-2.6 <not-affected> (xtensa arch not used in Debian)
-CVE-2011-2706
- RESERVED
+CVE-2011-2706 (A Cross-Site Scripting (XSS) vulnerability exists in the
reorder admin ...)
NOT-FOR-US: sNews
CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb
in Ruby ...)
{DLA-235-1 DLA-88-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bba8e3177569193b91c23172d66c4aa1abb3db3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bba8e3177569193b91c23172d66c4aa1abb3db3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
