Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d5152cb3 by security tracker role at 2020-01-30T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component
responsible for ...)
+ TODO: check
+CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component
responsible for ...)
+ TODO: check
+CVE-2020-8446 (In OSSEC-HIDS 2.7 through 3.5.0, the server component
responsible for ...)
+ TODO: check
+CVE-2020-8445 (In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in
ossec-ana ...)
+ TODO: check
+CVE-2020-8444 (In OSSEC-HIDS 2.7 through 3.5.0, the server component
responsible for ...)
+ TODO: check
+CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component
responsible for ...)
+ TODO: check
+CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component
responsible for ...)
+ TODO: check
+CVE-2020-8441
+ RESERVED
+CVE-2020-8440
+ RESERVED
+CVE-2020-8439
+ RESERVED
+CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an
authenticated att ...)
+ TODO: check
+CVE-2020-8437
+ RESERVED
+CVE-2020-8436
+ RESERVED
+CVE-2020-8435
+ RESERVED
+CVE-2020-8434
+ RESERVED
+CVE-2020-8433
+ RESERVED
+CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a
Content-Length ...)
+ TODO: check
+CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP
header th ...)
+ TODO: check
CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in
the cmd ...)
- u-boot <unfixed> (low)
[buster] - u-boot <no-dsa> (Minor issue)
@@ -10425,6 +10461,7 @@ CVE-2019-19955
CVE-2019-19954 (Signal Desktop before 1.29.1 on Windows allows local users to
gain pri ...)
- signal-desktop <itp> (bug #842943)
CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a
heap-based buff ...)
+ {DLA-2084-1}
- graphicsmagick 1.4+really1.3.34-1 (bug #947311)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/617/
@@ -10437,10 +10474,12 @@ CVE-2019-19952 (In ImageMagick 7.0.9-7 Q16, there is
a use-after-free in the fun
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c
(7.x)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/7ef923841437bb57bd9b55fc0bf40ddc99b93c2b
(6.x)
CVE-2019-19951 (In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a
heap-based buff ...)
+ {DLA-2084-1}
- graphicsmagick 1.4~hg16039-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/608/
CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a
use-after-free ...)
+ {DLA-2084-1}
- graphicsmagick 1.4~hg16039-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/
@@ -12545,8 +12584,8 @@ CVE-2020-3149
RESERVED
CVE-2020-3148
RESERVED
-CVE-2020-3147
- RESERVED
+CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches
could a ...)
+ TODO: check
CVE-2020-3146
RESERVED
CVE-2020-3145
@@ -45338,8 +45377,8 @@ CVE-2019-10785
RESERVED
CVE-2019-10784
RESERVED
-CVE-2019-10783
- RESERVED
+CVE-2019-10783 (All versions including 0.0.4 of lsof npm module are vulnerable
to Comm ...)
+ TODO: check
CVE-2019-10782
RESERVED
CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted
JavaScript obj ...)
@@ -174112,7 +174151,7 @@ CVE-2016-9845 (QEMU (aka Quick Emulator) built with
the Virtio GPU Device emulat
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow
context-de ...)
- {DLA-1725-1}
+ {DLA-2085-1 DLA-1725-1}
- zlib 1:1.2.8.dfsg-3 (bug #847275)
[wheezy] - zlib <no-dsa> (Minor issue)
- rsync 3.1.3-6 (bug #924509)
@@ -174120,7 +174159,7 @@ CVE-2016-9843 (The crc32_big function in crc32.c in
zlib 1.2.8 might allow conte
NOTE:
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow
contex ...)
- {DLA-1725-1}
+ {DLA-2085-1 DLA-1725-1}
- zlib 1:1.2.8.dfsg-3 (bug #847274)
[wheezy] - zlib <no-dsa> (Minor issue)
- rsync 3.1.3-6 (bug #924509)
@@ -174128,7 +174167,7 @@ CVE-2016-9842 (The inflateMark function in inflate.c
in zlib 1.2.8 might allow c
NOTE:
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers
to hav ...)
- {DLA-1725-1}
+ {DLA-2085-1 DLA-1725-1}
- zlib 1:1.2.8.dfsg-4 (bug #847270)
[wheezy] - zlib <no-dsa> (Minor issue)
- rsync 3.1.3-6 (bug #924509)
@@ -174136,7 +174175,7 @@ CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow
context-dependent attackers t
NOTE:
https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent
attackers to ha ...)
- {DLA-1725-1}
+ {DLA-2085-1 DLA-1725-1}
- zlib 1:1.2.8.dfsg-3 (bug #847270)
[wheezy] - zlib <no-dsa> (Minor issue)
- rsync 3.1.3-6 (bug #924509)
@@ -188907,6 +188946,7 @@ CVE-2016-7092 (The get_page_from_l3e function in
arch/x86/mm.c in Xen allows loc
CVE-2016-7090 (The integrated web server on Siemens SCALANCE M-800 and S615
modules w ...)
NOT-FOR-US: Siemens
CVE-2016-7098 (Race condition in wget 1.17 and earlier, when used in recursive
or mir ...)
+ {DLA-2086-1}
- wget 1.18-4 (low; bug #836503)
[wheezy] - wget <no-dsa> (Minor issue)
NOTE:
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d
@@ -272984,18 +273024,18 @@ CVE-2013-3323
RESERVED
CVE-2013-3322
RESERVED
-CVE-2013-3321
- RESERVED
-CVE-2013-3320
- RESERVED
+CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote
attacker ...)
+ TODO: check
+CVE-2013-3320 (Cross-site Scripting (XSS) vulnerability in NetApp OnCommand
System Ma ...)
+ TODO: check
CVE-2013-3319 (The GetComputerSystem method in the HostControl service in SAP
Netweav ...)
NOT-FOR-US: SAP Netweaver
CVE-2013-3318
REJECTED
-CVE-2013-3317
- RESERVED
-CVE-2013-3316
- RESERVED
+CVE-2013-3317 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an
Authentica ...)
+ TODO: check
+CVE-2013-3316 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an
Authentica ...)
+ TODO: check
CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly
verify acces ...)
NOT-FOR-US: TIBCO
CVE-2013-3314 (The Loftek Nexus 543 IP Camera allows remote attackers to
obtain (1) I ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5152cb34cd67353898260bcd76bfaa1631d589f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5152cb34cd67353898260bcd76bfaa1631d589f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
