Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0424abb6 by security tracker role at 2020-04-16T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,37 +1,107 @@
-CVE-2020-11827
+CVE-2020-11862
RESERVED
-CVE-2020-11826
+CVE-2020-11861
RESERVED
-CVE-2020-11825
+CVE-2020-11860
RESERVED
-CVE-2020-11824
+CVE-2020-11859
RESERVED
-CVE-2020-11823
+CVE-2020-11858
RESERVED
-CVE-2020-11822
+CVE-2020-11857
RESERVED
-CVE-2020-11821
+CVE-2020-11856
RESERVED
-CVE-2020-11820
+CVE-2020-11855
RESERVED
-CVE-2020-11819
+CVE-2020-11854
RESERVED
-CVE-2020-11818
+CVE-2020-11853
RESERVED
-CVE-2020-11817
+CVE-2020-11852
+ RESERVED
+CVE-2020-11851
+ RESERVED
+CVE-2020-11850
+ RESERVED
+CVE-2020-11849
+ RESERVED
+CVE-2020-11848
+ RESERVED
+CVE-2020-11847
+ RESERVED
+CVE-2020-11846
+ RESERVED
+CVE-2020-11845
+ RESERVED
+CVE-2020-11844
+ RESERVED
+CVE-2020-11843
+ RESERVED
+CVE-2020-11842
+ RESERVED
+CVE-2020-11841
+ RESERVED
+CVE-2020-11840
+ RESERVED
+CVE-2020-11839
+ RESERVED
+CVE-2020-11838
+ RESERVED
+CVE-2020-11837
+ RESERVED
+CVE-2020-11836
+ RESERVED
+CVE-2020-11835
+ RESERVED
+CVE-2020-11834
+ RESERVED
+CVE-2020-11833
+ RESERVED
+CVE-2020-11832
+ RESERVED
+CVE-2020-11831
+ RESERVED
+CVE-2020-11830
+ RESERVED
+CVE-2020-11829
RESERVED
-CVE-2020-11816
+CVE-2020-11828
RESERVED
-CVE-2020-11815
+CVE-2020-11827
RESERVED
-CVE-2020-11814
+CVE-2020-11826 (Users can lock their notes with a password in Memono version
3.8. Thus ...)
+ TODO: check
+CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token
against CSRF ...)
+ TODO: check
+CVE-2020-11824
RESERVED
-CVE-2020-11813
+CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a
stored ...)
+ TODO: check
+CVE-2020-11822
RESERVED
-CVE-2020-11812
+CVE-2020-11821
RESERVED
-CVE-2020-11811
+CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability
because ...)
+ TODO: check
+CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php
file lo ...)
+ TODO: check
+CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent
CSRF at ...)
+ TODO: check
+CVE-2020-11817
RESERVED
+CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability
because ...)
+ TODO: check
+CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to
the serve ...)
+ TODO: check
+CVE-2020-11814 (A Host Header Injection vulnerability in qdPM 9.1 may allow an
attacke ...)
+ TODO: check
+CVE-2020-11813 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on
the confi ...)
+ TODO: check
+CVE-2020-11812 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability
because ...)
+ TODO: check
+CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to
the serve ...)
+ TODO: check
CVE-2020-11810
RESERVED
CVE-2020-11809
@@ -70,6 +140,7 @@ CVE-2020-11794
RESERVED
CVE-2020-11793 [A memory corruption issue was addressed with improved memory
handling]
RESERVED
+ {DSA-4658-1}
- webkit2gtk 2.28.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -203,100 +274,100 @@ CVE-2019-20730
RESERVED
CVE-2019-20729
RESERVED
-CVE-2019-20728
- RESERVED
-CVE-2019-20727
- RESERVED
-CVE-2019-20726
- RESERVED
-CVE-2019-20725
- RESERVED
-CVE-2019-20724
- RESERVED
-CVE-2019-20723
- RESERVED
-CVE-2019-20722
- RESERVED
-CVE-2019-20721
- RESERVED
-CVE-2019-20720
- RESERVED
-CVE-2019-20719
- RESERVED
-CVE-2019-20718
- RESERVED
-CVE-2019-20717
- RESERVED
-CVE-2019-20716
- RESERVED
-CVE-2019-20715
- RESERVED
-CVE-2019-20714
- RESERVED
-CVE-2019-20713
- RESERVED
-CVE-2019-20712
- RESERVED
-CVE-2019-20711
- RESERVED
-CVE-2019-20710
- RESERVED
-CVE-2019-20709
- RESERVED
-CVE-2019-20708
- RESERVED
-CVE-2019-20707
- RESERVED
-CVE-2019-20706
- RESERVED
-CVE-2019-20705
- RESERVED
-CVE-2019-20704
- RESERVED
-CVE-2019-20703
- RESERVED
-CVE-2019-20702
- RESERVED
-CVE-2019-20701
- RESERVED
-CVE-2019-20700
- RESERVED
-CVE-2019-20699
- RESERVED
-CVE-2019-20698
- RESERVED
-CVE-2019-20697
- RESERVED
-CVE-2019-20696
- RESERVED
-CVE-2019-20695
- RESERVED
-CVE-2019-20694
- RESERVED
-CVE-2019-20693
- RESERVED
-CVE-2019-20692
- RESERVED
-CVE-2019-20691
- RESERVED
-CVE-2019-20690
- RESERVED
-CVE-2019-20689
- RESERVED
-CVE-2019-20688
- RESERVED
-CVE-2019-20687
- RESERVED
-CVE-2019-20686
- RESERVED
-CVE-2019-20685
- RESERVED
-CVE-2019-20684
- RESERVED
-CVE-2019-20683
- RESERVED
-CVE-2019-20682
- RESERVED
+CVE-2019-20728 (Certain NETGEAR devices are affected by a buffer overflow by
an authen ...)
+ TODO: check
+CVE-2019-20727 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20726 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20725 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20724 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20723 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20722 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20721 (Certain NETGEAR devices are affected by stored XSS. This
affects D7800 ...)
+ TODO: check
+CVE-2019-20720 (Certain NETGEAR devices are affected by stored XSS. This
affects D3600 ...)
+ TODO: check
+CVE-2019-20719 (Certain NETGEAR devices are affected by a buffer overflow by
an authen ...)
+ TODO: check
+CVE-2019-20718 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20717 (Certain NETGEAR devices are affected by denial of service.
This affect ...)
+ TODO: check
+CVE-2019-20716 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20715 (Certain NETGEAR devices are affected by stored XSS. This
affects D3600 ...)
+ TODO: check
+CVE-2019-20714 (Certain NETGEAR devices are affected by stored XSS. This
affects D3600 ...)
+ TODO: check
+CVE-2019-20713 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20712 (Certain NETGEAR devices are affected by a buffer overflow by
an authen ...)
+ TODO: check
+CVE-2019-20711 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20710 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20709 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20708 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20707 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20706 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20705 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20704 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20703 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20702 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20701 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20700 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20699 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2019-20698 (Certain NETGEAR devices are affected by disclosure of
sensitive inform ...)
+ TODO: check
+CVE-2019-20697 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20696 (Certain NETGEAR devices are affected by disclosure of
sensitive inform ...)
+ TODO: check
+CVE-2019-20695 (Certain NETGEAR devices are affected by disclosure of
sensitive inform ...)
+ TODO: check
+CVE-2019-20694 (Certain NETGEAR devices are affected by disclosure of
sensitive inform ...)
+ TODO: check
+CVE-2019-20693 (Certain NETGEAR devices are affected by incorrect
configuration of sec ...)
+ TODO: check
+CVE-2019-20692 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20691 (Certain NETGEAR devices are affected by CSRF. This affects
D3600 befor ...)
+ TODO: check
+CVE-2019-20690 (Certain NETGEAR devices are affected by authentication bypass.
This af ...)
+ TODO: check
+CVE-2019-20689 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20688 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2019-20687 (Certain NETGEAR devices are affected by denial of service.
This affect ...)
+ TODO: check
+CVE-2019-20686 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2019-20685 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20684 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20683 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2019-20682 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
CVE-2019-20681 (Certain NETGEAR devices are affected by authentication bypass.
This af ...)
NOT-FOR-US: Netgear
CVE-2019-20680 (Certain NETGEAR devices are affected by command injection by
an authen ...)
@@ -2325,8 +2396,8 @@ CVE-2020-11009
RESERVED
CVE-2020-11008
RESERVED
-CVE-2020-11007
- RESERVED
+CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller
based versi ...)
+ TODO: check
CVE-2020-11006
RESERVED
CVE-2020-11005 (The WindowsHello open source library (NuGet
HaemmerElectronics.SeppPen ...)
@@ -3248,7 +3319,7 @@ CVE-2020-10709
CVE-2020-10708
RESERVED
CVE-2020-10707
- RESERVED
+ REJECTED
CVE-2020-10706
RESERVED
CVE-2020-10705
@@ -11251,8 +11322,8 @@ CVE-2020-7226 (CiphertextHeader.java in Cryptacular
1.2.3, as used in Apereo CAS
NOT-FOR-US: cryptacular
CVE-2020-7225
RESERVED
-CVE-2020-7224
- RESERVED
+CVE-2020-7224 (The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and
Windows ...)
+ TODO: check
CVE-2020-7223
RESERVED
CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R
2017-06- ...)
@@ -11483,16 +11554,16 @@ CVE-2020-7116
RESERVED
CVE-2020-7115
RESERVED
-CVE-2020-7114
- RESERVED
-CVE-2020-7113
- RESERVED
+CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the
same ne ...)
+ TODO: check
+CVE-2020-7113 (A vulnerability was found when an attacker, while communicating
with t ...)
+ TODO: check
CVE-2020-7112
RESERVED
-CVE-2020-7111
- RESERVED
-CVE-2020-7110
- RESERVED
+CVE-2020-7111 (A server side injection vulnerability exists which could allow
an auth ...)
+ TODO: check
+CVE-2020-7110 (ClearPass is vulnerable to Stored Cross Site Scripting by
allowing a m ...)
+ TODO: check
CVE-2020-7109 (The Elementor Page Builder plugin before 2.8.4 for WordPress
does not ...)
NOT-FOR-US: Elementor Page Builder plugin for WordPress
CVE-2020-7108 (The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS
via the ...)
@@ -18196,8 +18267,8 @@ CVE-2020-4349
RESERVED
CVE-2020-4348
RESERVED
-CVE-2020-4347
- RESERVED
+CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be
subjec ...)
+ TODO: check
CVE-2020-4346
RESERVED
CVE-2020-4345
@@ -18214,8 +18285,8 @@ CVE-2020-4340
RESERVED
CVE-2020-4339
RESERVED
-CVE-2020-4338
- RESERVED
+CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive
informat ...)
+ TODO: check
CVE-2020-4337
RESERVED
CVE-2020-4336
@@ -18370,8 +18441,8 @@ CVE-2020-4262
RESERVED
CVE-2020-4261
RESERVED
-CVE-2020-4260
- RESERVED
+CVE-2020-4260 (IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with
special permi ...)
+ TODO: check
CVE-2020-4259
RESERVED
CVE-2020-4258
@@ -20407,12 +20478,11 @@ CVE-2020-3655
RESERVED
CVE-2020-3654
RESERVED
-CVE-2020-3653
- RESERVED
-CVE-2020-3652
- RESERVED
-CVE-2020-3651
- RESERVED
+CVE-2020-3653 (Possible buffer over-read in windows wlan driver function due
to lack ...)
+ TODO: check
+CVE-2020-3652 (Possible buffer over-read issue in windows x86 wlan driver
function wh ...)
+ TODO: check
+CVE-2020-3651 (Active command timeout since WM status change cmd is not
removed from ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3650
RESERVED
@@ -24266,17 +24336,13 @@ CVE-2020-2182
RESERVED
CVE-2020-2181
RESERVED
-CVE-2020-2180
- RESERVED
+CVE-2020-2180 (Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its
YAML p ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2179
- RESERVED
+CVE-2020-2179 (Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure
its YAML ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2178
- RESERVED
+CVE-2020-2178 (Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not
configure ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2177
- RESERVED
+CVE-2020-2177 (Jenkins Copr Plugin 0.3 and earlier stores credentials
unencrypted in ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2176 (Multiple form validation endpoints in Jenkins useMango Runner
Plugin 1 ...)
NOT-FOR-US: Jenkins plugin
@@ -24968,8 +25034,7 @@ CVE-2019-19519 (In OpenBSD 6.6, local users can use the
su -L option to achieve
NOT-FOR-US: OpenBSD
CVE-2019-19518 (CA Automic Sysload 5.6.0 through 6.1.2 contains a
vulnerability, relat ...)
NOT-FOR-US: CA Automic Sysload
-CVE-2020-1964
- RESERVED
+CVE-2020-1964 (It was noticed that Apache Heron 0.20.2-incubating, Release
0.20.1-inc ...)
NOT-FOR-US: Apache Heron
CVE-2020-1963
RESERVED
@@ -25757,8 +25822,8 @@ CVE-2020-1765 (An improper control of parameters allows
the spoofing of the from
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/
NOTE:
https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252
(OTRS6)
NOTE:
https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3
(OTRS5)
-CVE-2019-19394
- RESERVED
+CVE-2019-19394 (Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and
3.12.x bef ...)
+ TODO: check
CVE-2019-19393
RESERVED
CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN
(formerly Dot ...)
@@ -27267,8 +27332,8 @@ CVE-2019-18950
RESERVED
CVE-2019-18949 (SnowHaze before 2.6.6 is sometimes too late to honor a
per-site JavaSc ...)
NOT-FOR-US: SnowHaze
-CVE-2019-18948
- RESERVED
+CVE-2019-18948 (An issue was found in Arista EOS. Specific malformed ARP
packets can i ...)
+ TODO: check
CVE-2019-18947
RESERVED
CVE-2019-18946
@@ -45032,19 +45097,15 @@ CVE-2019-14137
RESERVED
CVE-2019-14136
RESERVED
-CVE-2019-14135
- RESERVED
+CVE-2019-14135 (Possible integer overflow to buffer overflow in WLAN while
parsing non ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14134
- RESERVED
+CVE-2019-14134 (Possible out of bound access in WLAN handler when the received
value o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14133
RESERVED
-CVE-2019-14132
- RESERVED
+CVE-2019-14132 (Buffer over-write when this 0-byte buffer is typecasted to
some other ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14131
- RESERVED
+CVE-2019-14131 (Out of bound write can occur in radio measurement request if
STA recei ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14130
RESERVED
@@ -45052,8 +45113,7 @@ CVE-2019-14129
RESERVED
CVE-2019-14128
RESERVED
-CVE-2019-14127
- RESERVED
+CVE-2019-14127 (Possible buffer overflow while playing mkv clip due to lack of
validat ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14126
RESERVED
@@ -45063,8 +45123,7 @@ CVE-2019-14124
RESERVED
CVE-2019-14123
RESERVED
-CVE-2019-14122
- RESERVED
+CVE-2019-14122 (Memory failure in SKB if it fails to to add the requested
padding to t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14121
RESERVED
@@ -45076,24 +45135,19 @@ CVE-2019-14118
RESERVED
CVE-2019-14117
RESERVED
-CVE-2019-14116
- RESERVED
+CVE-2019-14116 (Privilege escalation by using an altered debug policy image
can occur ...)
+ TODO: check
CVE-2019-14115
RESERVED
-CVE-2019-14114
- RESERVED
+CVE-2019-14114 (Buffer overflow in WLAN firmware while parsing GTK IE
containing GTK k ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14113
- RESERVED
+CVE-2019-14113 (Buffer overflow can occur in In WLAN firmware while unwraping
data usi ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14112
- RESERVED
+CVE-2019-14112 (Potential buffer overflow while processing CBF frames due to
lack of c ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14111
- RESERVED
+CVE-2019-14111 (Possible buffer overflow while handling NAN reception of NMF
in Snapdr ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14110
- RESERVED
+CVE-2019-14110 (Buffer overflow can occur in function wlan firmware while
copying asso ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14109
RESERVED
@@ -45103,11 +45157,9 @@ CVE-2019-14107
RESERVED
CVE-2019-14106
RESERVED
-CVE-2019-14105
- RESERVED
+CVE-2019-14105 (Kernel was reading the CSL defined reserved field as uint16
instead of ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14104
- RESERVED
+CVE-2019-14104 (Slab-out-of-bounds access can occur if the context pointer is
invalid ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14103
RESERVED
@@ -45165,8 +45217,7 @@ CVE-2019-14077
RESERVED
CVE-2019-14076
RESERVED
-CVE-2019-14075
- RESERVED
+CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to
lack of ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14074
RESERVED
@@ -45176,8 +45227,7 @@ CVE-2019-14072 (Unhandled paging request is observed
due to dereferencing an alr
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14071 (Compromised reset handler may bypass access control due to AC
config i ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14070
- RESERVED
+CVE-2019-14070 (Possible use after free issue in pcm volume controls due to
race condi ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14069
RESERVED
@@ -45251,8 +45301,7 @@ CVE-2019-14035
RESERVED
CVE-2019-14034 (Use after free while processing eeprom query as there is a
chance to n ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14033
- RESERVED
+CVE-2019-14033 (Multiple Read overflows issue due to improper length check
while decod ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14032 (Memory use after free issue in audio due to lack of resource
control i ...)
NOT-FOR-US: Qualcomm components for Android
@@ -45274,20 +45323,15 @@ CVE-2019-14024 (Possible stack-use-after-scope issue
in NFC usecase for card emu
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14023 (String format issue will occur while processing HLOS data as
there is ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14022
- RESERVED
+CVE-2019-14022 (Error occurs While extracting the ipv6_header having an
invalid length ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14021
- RESERVED
+CVE-2019-14021 (Possible buffer overrun when processing EFS filename and
payload sent ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14020
- RESERVED
+CVE-2019-14020 (Multiple Read overflows issue due to improper length check
while decod ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14019
- RESERVED
+CVE-2019-14019 (Multiple Read overflows issue due to improper length check
while decod ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14018
- RESERVED
+CVE-2019-14018 (Possible out of bound array access as there is no check on
carrier ind ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14017 (Heap buffer overflow can occur while parsing invalid MKV clip
which is ...)
NOT-FOR-US: Qualcomm components for Android
@@ -45299,21 +45343,17 @@ CVE-2019-14014 (Possible buffer overflow when byte
array receives incorrect inpu
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14013 (While parsing invalid super index table, elements within super
index t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14012
- RESERVED
+CVE-2019-14012 (Possibility of null pointer deference as the array of video
codecs fro ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14011
- RESERVED
+CVE-2019-14011 (Multiple Read overflows issue due to improper length check
while decod ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14010 (The device may enter into error state when some tool or
application ge ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14009
- RESERVED
+CVE-2019-14009 (Out of bound memory access while processing TZ command handler
due to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14008 (Possible null pointer dereference issue in location assistance
data pr ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14007
- RESERVED
+CVE-2019-14007 (Due to the use of non-time-constant comparison functions there
is issu ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14006 (Buffer overflow occur while playing the clip which is
nonstandard due ...)
NOT-FOR-US: Qualcomm components for Android
@@ -45325,8 +45365,7 @@ CVE-2019-14003 (Null pointer exception can happen while
parsing invalid MKV clip
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14002 (APKs without proper permission may bind to
CallEnhancementService and ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14001
- RESERVED
+CVE-2019-14001 (Wrong public key usage from existing oem_keystore for hash
generation ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14000 (Lack of check that the RX FIFO write index that is read from
shared RA ...)
NOT-FOR-US: Qualcomm components for Android
@@ -51811,8 +51850,8 @@ CVE-2019-12001
RESERVED
CVE-2019-12000
RESERVED
-CVE-2019-11999
- RESERVED
+CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE
OpenCal ...)
+ TODO: check
CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote
vulnerabili ...)
NOT-FOR-US: HPE Superdome Flex Server
CVE-2019-11997 (A potential security vulnerability has been identified in HPE
enhanced ...)
@@ -55838,23 +55877,17 @@ CVE-2019-10627 (Integer overflow to buffer overflow
vulnerability in PostScript
NOT-FOR-US: Qualcomm
CVE-2019-10626
RESERVED
-CVE-2019-10625
- RESERVED
+CVE-2019-10625 (Out of bound access in diag services when DCI command buffer
reallocat ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10624
- RESERVED
+CVE-2019-10624 (While handling the vendor command there is an integer
truncation issue ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10623
- RESERVED
+CVE-2019-10623 (Possible integer overflow can happen in host driver while
processing u ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10622
- RESERVED
+CVE-2019-10622 (Out of bound memory access can happen while parsing ADSP
message due t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10621
- RESERVED
+CVE-2019-10621 (Use after free issue when MAP and UNMAP calls at same time as
data str ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10620
- RESERVED
+CVE-2019-10620 (Kernel memory error in debug module due to improper check of
user data ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10619
RESERVED
@@ -55874,14 +55907,11 @@ CVE-2019-10612 (UTCB object has a function pointer
called by the reaper to deall
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10611 (Buffer overflow can occur while processing clip due to lack of
check o ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10610
- RESERVED
+CVE-2019-10610 (Possible buffer over read when trying to process SDP message
Video med ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10609
- RESERVED
+CVE-2019-10609 (Out of bound write can happen due to lack of check of array
index valu ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10608
- RESERVED
+CVE-2019-10608 (Information disclosure issue occurs as there is no binding
between the ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10607 (Out of bounds memcpy can occur by providing the embedded NULL
characte ...)
NOT-FOR-US: Qualcomm components for Android
@@ -55919,11 +55949,9 @@ CVE-2019-10591 (Null pointer dereference can happen
when parsing udta atom which
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10590 (Out of bound access while parsing dts atom, which is
non-standard as i ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10589
- RESERVED
+CVE-2019-10589 (Lack of length check of response buffer can lead to buffer
over-flow w ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10588
- RESERVED
+CVE-2019-10588 (Copying RTCP messages into the output buffer without checking
the dest ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10587 (Possible Stack overflow can occur when processing a large SDP
body or ...)
NOT-FOR-US: Qualcomm components for Android
@@ -55949,11 +55977,9 @@ CVE-2019-10577 (Improper input validation while
processing SIP URI received from
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10576
RESERVED
-CVE-2019-10575
- RESERVED
+CVE-2019-10575 (Wlan binary which is not signed with OEMs RoT is working on
secure dev ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10574
- RESERVED
+CVE-2019-10574 (Lack of boundary checks for data offsets received from HLOS
can lead t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10573
RESERVED
@@ -55989,8 +56015,7 @@ CVE-2019-10558 (While transferring data from APPS to
DSP, Out of bound in FastRP
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10557 (Out-of-bound read in the wireless driver in the Linux kernel
due to la ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10556
- RESERVED
+CVE-2019-10556 (Missing length check before copying the data from kernel space
to user ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10555 (Buffer overflow can occur due to usage of wrong datatype and
missing l ...)
NOT-FOR-US: Qualcomm components for Android
@@ -56000,8 +56025,7 @@ CVE-2019-10553 (Multiple Read overflows due to improper
length checks while deco
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10552 (Multiple Buffer Over-read issue can happen due to improper
length chec ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10551
- RESERVED
+CVE-2019-10551 (String error while processing non standard SIP messages
received can l ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10550 (Buffer Over-read when UE is trying to process the message
received for ...)
NOT-FOR-US: Qualcomm components for Android
@@ -56009,8 +56033,7 @@ CVE-2019-10549 (Null pointer dereference issue can
happen due to improper valida
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10548 (While trying to obtain datad ipc handle during DPL
initialization, Hea ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10547
- RESERVED
+CVE-2019-10547 (When issuing IOCTL calls to ION, Memory leak can occur due to
failure ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10546 (Buffer overflow can occur in WLAN firmware while parsing
beacon/probe_ ...)
NOT-FOR-US: Qualcomm components for Android
@@ -56058,8 +56081,7 @@ CVE-2019-10525 (Buffer overflow during SIB read when
network configures complete
NOT-FOR-US: Snapdragon
CVE-2019-10524 (Lack of check for a negative value returned for get_clk is
wrongly int ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10523
- RESERVED
+CVE-2019-10523 (Target specific data is being sent to remote server and leads
to infor ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10522 (While playing the clip which is nonstandard buffer overflow
can occur ...)
NOT-FOR-US: Snapdragon
@@ -56139,8 +56161,7 @@ CVE-2019-10485 (Infinite loop while decoding compressed
data can lead to overrun
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10484 (Use after free issue occurs when command destructors access
dynamicall ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10483
- RESERVED
+CVE-2019-10483 (Side channel issue in QTEE due to usage of non-time-constant
compariso ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10482 (Due to the use of non-time-constant comparison functions there
is issu ...)
NOT-FOR-US: Snapdragon
@@ -72137,8 +72158,8 @@ CVE-2019-4764
REJECTED
CVE-2019-4763
REJECTED
-CVE-2019-4762
- RESERVED
+CVE-2019-4762 (IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack
due to ...)
+ TODO: check
CVE-2019-4761
RESERVED
CVE-2019-4760
@@ -217949,7 +217970,7 @@ CVE-2016-1423 (A vulnerability in the display of
email messages in the Messages
NOT-FOR-US: Cisco ESA
CVE-2016-1422
RESERVED
-CVE-2016-1421 (The web application on Cisco IP 8800 devices allows remote
attackers t ...)
+CVE-2016-1421 (A vulnerability in the web application for Cisco IP Phones
could allow ...)
NOT-FOR-US: Cisco
CVE-2016-1420 (The installation component on Cisco Application Policy
Infrastructure ...)
NOT-FOR-US: Cisco
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0424abb6a2b89c0d1d8defb481a2eee284a1afed
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0424abb6a2b89c0d1d8defb481a2eee284a1afed
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
