Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b489bfa7 by security tracker role at 2020-06-22T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2020-14983
+ RESERVED
+CVE-2020-14982
+ RESERVED
+CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090
for iOS ha ...)
+ TODO: check
+CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android
has Miss ...)
+ TODO: check
+CVE-2020-14979
+ RESERVED
+CVE-2020-14978
+ RESERVED
+CVE-2020-14977
+ RESERVED
+CVE-2020-14976
+ RESERVED
+CVE-2020-14975
+ RESERVED
+CVE-2020-14974
+ RESERVED
+CVE-2020-14973 (The loginForm within the general/login.php webpage in
webTareas 2.0p8 ...)
+ TODO: check
+CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay
Online ...)
+ TODO: check
+CVE-2020-14971
+ RESERVED
+CVE-2020-14970
+ RESERVED
+CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on
attribu ...)
+ TODO: check
+CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17
for Nod ...)
+ TODO: check
+CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18
for Nod ...)
+ TODO: check
+CVE-2020-14966 (An issue was discovered in the jsrsasign package through
8.0.18 for No ...)
+ TODO: check
+CVE-2020-14965
+ RESERVED
+CVE-2020-14964
+ RESERVED
+CVE-2020-14963
+ RESERVED
CVE-2020-14962 (Multiple XSS vulnerabilities in the Final Tiles Gallery plugin
before ...)
NOT-FOR-US: Final Tiles Gallery plugin for WordPress
CVE-2020-14961 (Concrete5 before 8.5.3 does not constrain the sort direction
to a vali ...)
@@ -1005,8 +1047,8 @@ CVE-2020-14463
RESERVED
CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box. ...)
TODO: check
-CVE-2020-14461
- RESERVED
+CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory
Traversa ...)
+ TODO: check
CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0,
5.18.1, 5. ...)
NOT-FOR-US: Mattermost
CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0.
Attackers ...)
@@ -1861,12 +1903,12 @@ CVE-2020-14206
RESERVED
CVE-2020-14205
RESERVED
-CVE-2020-14204
- RESERVED
-CVE-2020-14203
- RESERVED
-CVE-2020-14202
- RESERVED
+CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the
administration portal ...)
+ TODO: check
+CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site
Request F ...)
+ TODO: check
+CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via
arbitrar ...)
+ TODO: check
CVE-2020-14201
RESERVED
CVE-2020-14200
@@ -2239,8 +2281,8 @@ CVE-2020-14051
RESERVED
CVE-2020-14050
RESERVED
-CVE-2020-14049
- RESERVED
+CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its
custom U ...)
+ TODO: check
CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115
allows remo ...)
NOT-FOR-US: Zoho
CVE-2020-14047
@@ -2618,10 +2660,10 @@ CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03
for Bootstrap allows XSS vi
NOT-FOR-US: Bootstrap theme
CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0
allows XSS. ...)
NOT-FOR-US: Bludit
-CVE-2020-13888
- RESERVED
-CVE-2020-13887
- RESERVED
+CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in
users_edit.php, use ...)
+ TODO: check
+CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows
Remote Comma ...)
+ TODO: check
CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl)
module befor ...)
- libcrypt-perl-perl <itp> (bug #907353)
NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14
@@ -3666,8 +3708,8 @@ CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library
eventmachine in an insecu
NOT-FOR-US: EM-HTTP-Request
CVE-2020-13481
RESERVED
-CVE-2020-13480
- RESERVED
+CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection
via the ...)
+ TODO: check
CVE-2020-13479
RESERVED
CVE-2020-13478
@@ -3788,10 +3830,10 @@ CVE-2020-13428 (A heap-based buffer overflow in the
hxxx_AnnexB_to_xVC function
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
NOTE:
http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
-CVE-2020-13427
- RESERVED
-CVE-2020-13426
- RESERVED
+CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in
admin/users.php?source=add_user v ...)
+ TODO: check
+CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a
Cross-Site Reques ...)
+ TODO: check
CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger
the Beep ...)
NOT-FOR-US: TrackR
CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows
Authenticated Lo ...)
@@ -4123,8 +4165,8 @@ CVE-2020-13281
RESERVED
CVE-2020-13280
RESERVED
-CVE-2020-13279
- RESERVED
+CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0
allows at ...)
+ TODO: check
CVE-2020-13278
RESERVED
CVE-2020-13277 (An authorization issue in the mirroring logic allowed read
access to p ...)
@@ -4393,10 +4435,10 @@ CVE-2020-13161
RESERVED
CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string
vulnerab ...)
NOT-FOR-US: AnyDesk
-CVE-2020-13159
- RESERVED
-CVE-2020-13158
- RESERVED
+CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS
command in ...)
+ TODO: check
+CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows
Directory Tra ...)
+ TODO: check
CVE-2020-13157
RESERVED
CVE-2020-13156
@@ -7249,8 +7291,8 @@ CVE-2020-11991
RESERVED
CVE-2020-11990
RESERVED
-CVE-2020-11989
- RESERVED
+CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring
dynamic ...)
+ TODO: check
CVE-2020-11988
RESERVED
CVE-2020-11987
@@ -9631,10 +9673,10 @@ CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP
version > 1.0 through 2.
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845
-CVE-2020-11520
- RESERVED
-CVE-2020-11519
- RESERVED
+CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier
allows ...)
+ TODO: check
+CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier
allows ...)
+ TODO: check
CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows
unauthenticate ...)
NOT-FOR-US: Zoho
CVE-2020-11517
@@ -11867,8 +11909,7 @@ CVE-2020-10742
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835127
CVE-2020-10741
REJECTED
-CVE-2020-10740
- RESERVED
+CVE-2020-10740 (A vulnerability was found in Wildfly in versions before
20.0.0.Final, ...)
- wildfly <itp> (bug #752018)
CVE-2020-10739 (Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain
the foll ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
@@ -11880,8 +11921,7 @@ CVE-2020-10737 (A race condition was found in the
mkhomedir tool shipped with th
[stretch] - oddjob <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042
NOTE:
https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac
-CVE-2020-10736 [authorization bypass in mons & mgrs]
- RESERVED
+CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph
versions 15.2. ...)
- ceph <not-affected> (Vulnerable code introduced later)
NOTE: https://ceph.io/releases/v15-2-2-octopus-released/
NOTE:
https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868
(master)
@@ -15330,8 +15370,8 @@ CVE-2020-9290 (An Unsafe Search Path vulnerability in
FortiClient for Windows on
NOT-FOR-US: Fortiguard
CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data
in CLI ...)
NOT-FOR-US: Fortiguard
-CVE-2020-9288
- RESERVED
+CVE-2020-9288 (An improper neutralization of input vulnerability in FortiWLC
8.5.1 al ...)
+ TODO: check
CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online
installe ...)
NOT-FOR-US: Fortiguard
CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a
remote ...)
@@ -16157,8 +16197,8 @@ CVE-2020-8935
RESERVED
CVE-2020-8934
RESERVED
-CVE-2020-8933
- RESERVED
+CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin
versions betw ...)
+ TODO: check
CVE-2020-8932
RESERVED
CVE-2020-8931
@@ -16211,16 +16251,16 @@ CVE-2020-8909
RESERVED
CVE-2020-8908
RESERVED
-CVE-2020-8907
- RESERVED
+CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin
versions betw ...)
+ TODO: check
CVE-2020-8906
RESERVED
CVE-2020-8905
RESERVED
CVE-2020-8904
RESERVED
-CVE-2020-8903
- RESERVED
+CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin
versions betw ...)
+ TODO: check
CVE-2020-8902
RESERVED
CVE-2020-8901
@@ -16904,7 +16944,7 @@ CVE-2020-8621
RESERVED
CVE-2020-8620
RESERVED
-CVE-2020-8619 (Unless a nameserver is providing authoritative service for one
or more ...)
+CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9
-> 9. ...)
- bind9 1:9.16.4-1
[buster] - bind9 <not-affected> (Vulnerable code introduced later)
[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -17581,7 +17621,8 @@ CVE-2020-8333
RESERVED
CVE-2020-8332
RESERVED
-CVE-2020-8331 (A potential vulnerability in the BIOS configuration of some
ThinkSyste ...)
+CVE-2020-8331
+ REJECTED
NOT-FOR-US: Lenovo
CVE-2020-8330 (A denial of service vulnerability was reported in the firmware
prior t ...)
NOT-FOR-US: Lenovo
@@ -18118,8 +18159,8 @@ CVE-2020-8104
RESERVED
CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in
Bitdefen ...)
NOT-FOR-US: Bitdefender Antivirus Free
-CVE-2020-8102
- RESERVED
+CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser
compone ...)
+ TODO: check
CVE-2020-8101
RESERVED
CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0
module as ...)
@@ -20068,8 +20109,8 @@ CVE-2020-7264 (Privilege Escalation vulnerability in
McAfee Endpoint Security (E
NOT-FOR-US: McAfee
CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in
ENS for W ...)
NOT-FOR-US: ENS for Windows
-CVE-2020-7262
- RESERVED
+CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat
Defens ...)
+ TODO: check
CVE-2020-7261 (Buffer Overflow via Environment Variables vulnerability in AMSI
compon ...)
NOT-FOR-US: McAfee
CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee
Application ...)
@@ -21657,8 +21698,8 @@ CVE-2020-6646 (An improper neutralization of input
vulnerability in FortiWeb all
NOT-FOR-US: Fortiguard
CVE-2020-6645
RESERVED
-CVE-2020-6644
- RESERVED
+CVE-2020-6644 (An insufficient session expiration vulnerability in
FortiDeceptor 3.0. ...)
+ TODO: check
CVE-2020-6643 (An improper neutralization of input vulnerability in the URL
Descripti ...)
NOT-FOR-US: Fortinet
CVE-2020-6642
@@ -27811,28 +27852,28 @@ CVE-2020-4072
RESERVED
CVE-2020-4071
RESERVED
-CVE-2020-4070
- RESERVED
+CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is
a cros ...)
+ TODO: check
CVE-2020-4069
RESERVED
-CVE-2020-4068
- RESERVED
+CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is
likely to r ...)
+ TODO: check
CVE-2020-4067
RESERVED
-CVE-2020-4066
- RESERVED
+CVE-2020-4066 (In Limdu before 0.95, the trainBatch function has a command
injection ...)
+ TODO: check
CVE-2020-4065
RESERVED
CVE-2020-4064
RESERVED
CVE-2020-4063
RESERVED
-CVE-2020-4062
- RESERVED
+CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified
critical ...)
+ TODO: check
CVE-2020-4061
RESERVED
-CVE-2020-4060
- RESERVED
+CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free
vulnera ...)
+ TODO: check
CVE-2020-4059 (In mversion before 2.0.0, there is a command injection
vulnerability. ...)
TODO: check
CVE-2020-4058
@@ -29471,8 +29512,8 @@ CVE-2020-3678
RESERVED
CVE-2020-3677
RESERVED
-CVE-2020-3676
- RESERVED
+CVE-2020-3676 (Possible memory corruption in perfservice due to improper
validation a ...)
+ TODO: check
CVE-2020-3675
RESERVED
CVE-2020-3674
@@ -29493,22 +29534,22 @@ CVE-2020-3667
RESERVED
CVE-2020-3666
RESERVED
-CVE-2020-3665
- RESERVED
+CVE-2020-3665 (A possible buffer overflow would occur while processing command
from f ...)
+ TODO: check
CVE-2020-3664
RESERVED
-CVE-2020-3663
- RESERVED
-CVE-2020-3662
- RESERVED
-CVE-2020-3661
- RESERVED
-CVE-2020-3660
- RESERVED
+CVE-2020-3663 (Buffer over-write may occur during fetching track decoder
specific inf ...)
+ TODO: check
+CVE-2020-3662 (Buffer overflow can occur while parsing eac3 header while
playing the ...)
+ TODO: check
+CVE-2020-3661 (Buffer overflow will happen while parsing mp4 clip with
corrupted samp ...)
+ TODO: check
+CVE-2020-3660 (Possible null-pointer dereference can occur while parsing mp4
clip wit ...)
+ TODO: check
CVE-2020-3659
RESERVED
-CVE-2020-3658
- RESERVED
+CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4
clip wit ...)
+ TODO: check
CVE-2020-3657
RESERVED
CVE-2020-3656
@@ -29539,8 +29580,8 @@ CVE-2020-3644
RESERVED
CVE-2020-3643
RESERVED
-CVE-2020-3642
- RESERVED
+CVE-2020-3642 (Use after free issue in camera applications when used randomly
over mu ...)
+ TODO: check
CVE-2020-3641 (Integer overflow may occur if atom size is less than atom
offset as th ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3640
@@ -29553,8 +29594,8 @@ CVE-2020-3637
RESERVED
CVE-2020-3636
RESERVED
-CVE-2020-3635
- RESERVED
+CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed
per re ...)
+ TODO: check
CVE-2020-3634
RESERVED
CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check
is the ...)
@@ -29567,12 +29608,12 @@ CVE-2020-3630 (Possibility of out of bound access
while processing the responses
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3629
RESERVED
-CVE-2020-3628
- RESERVED
+CVE-2020-3628 (Improper access due to socket opened by the logging application
withou ...)
+ TODO: check
CVE-2020-3627
RESERVED
-CVE-2020-3626
- RESERVED
+CVE-2020-3626 (Any application can bind to it and exercise the APIs due to no
protect ...)
+ TODO: check
CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds
occurs due ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3624
@@ -29595,10 +29636,10 @@ CVE-2020-3616 (Buffer overflow in display function
due to memory copy without ch
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3615 (Valid deauth/disassoc frames is dropped in case if RMF is
enabled and ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3614
- RESERVED
-CVE-2020-3613
- RESERVED
+CVE-2020-3614 (Possible buffer overflow while copying the frame to local
buffer due t ...)
+ TODO: check
+CVE-2020-3613 (Double free issue in kernel memory mapping due to lack of
memory prote ...)
+ TODO: check
CVE-2020-3612
RESERVED
CVE-2020-3611
@@ -35184,8 +35225,7 @@ CVE-2020-1729
NOT-FOR-US: SmallRye Config
CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where,
the pages ...)
NOT-FOR-US: Keycloak
-CVE-2020-1727
- RESERVED
+CVE-2020-1727 (A vulnerability was found in Keycloak before 9.0.2, where every
Author ...)
NOT-FOR-US: Keycloak
CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows
containers ...)
- libpod 1.6.4+dfsg1-3 (bug #961421)
@@ -51321,8 +51361,7 @@ CVE-2019-14895 (A heap-based buffer overflow was
discovered in the Linux kernel,
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
-CVE-2019-14894
- RESERVED
+CVE-2019-14894 (A flaw was found in the CloudForms management engine version
5.10 and ...)
NOT-FOR-US: Red Hat CloudForm
CVE-2019-14893 (A flaw was discovered in FasterXML jackson-databind in all
versions be ...)
- jackson-databind 2.10.0-1
@@ -54404,14 +54443,14 @@ CVE-2019-14096
RESERVED
CVE-2019-14095 (Buffer overflow occurs while processing LMP packet in which
name lengt ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14094
- RESERVED
+CVE-2019-14094 (Integer overflow in diag command handler when user inputs a
large valu ...)
+ TODO: check
CVE-2019-14093
RESERVED
-CVE-2019-14092
- RESERVED
-CVE-2019-14091
- RESERVED
+CVE-2019-14092 (System Services exports services without permission protect
and can le ...)
+ TODO: check
+CVE-2019-14091 (Double free issue in NPU due to lack of resource locking
mechanism to ...)
+ TODO: check
CVE-2019-14090
RESERVED
CVE-2019-14089
@@ -54432,22 +54471,22 @@ CVE-2019-14082 (Potential buffer over-read due to
lack of bound check of memory
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14081 (Buffer Over-read when WLAN module gets a WMI message for SAR
limits wi ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14080
- RESERVED
+CVE-2019-14080 (Out of bound write can happen due to lack of check of array
index valu ...)
+ TODO: check
CVE-2019-14079 (Access to the uninitialized variable when the driver tries to
unmap th ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14078 (Out of bound memory access while processing qpay due to not
validating ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14077 (Out of bound memory access while processing ese transmit
command due t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14076
- RESERVED
+CVE-2019-14076 (Buffer overflow occurs while processing an subsample data
length out o ...)
+ TODO: check
CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to
lack of ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14074
RESERVED
-CVE-2019-14073
- RESERVED
+CVE-2019-14073 (Copying RTCP messages into the output buffer without checking
the dest ...)
+ TODO: check
CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an
already f ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14071 (Compromised reset handler may bypass access control due to AC
config i ...)
@@ -54468,8 +54507,8 @@ CVE-2019-14064
RESERVED
CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings
which r ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14062
- RESERVED
+CVE-2019-14062 (Buffer overflows while decoding setup message from Network due
to lack ...)
+ TODO: check
CVE-2019-14061 (Null-pointer dereference can occur while accessing the segment
element ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated
for blob ...)
@@ -54498,8 +54537,8 @@ CVE-2019-14049 (Stage-2 fault will occur while writing
to an ION system allocati
NOT-FOR-US: Snapdragon
CVE-2019-14048 (Possible out of bound memory access while playing a crafted
clip in me ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14047
- RESERVED
+CVE-2019-14047 (While IPA driver processes route add rule IOCTL, there is no
input val ...)
+ TODO: check
CVE-2019-14046 (Out of bound access while allocating memory for an array in
camera due ...)
NOT-FOR-US: Snapdragon
CVE-2019-14045 (Possible buffer overflow while processing clientlog and
serverlog due ...)
@@ -65137,8 +65176,8 @@ CVE-2019-10628
RESERVED
CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in
PostScript image ...)
NOT-FOR-US: Qualcomm
-CVE-2019-10626
- RESERVED
+CVE-2019-10626 (Payload size is not validated before reading memory that may
cause iss ...)
+ TODO: check
CVE-2019-10625 (Out of bound access in diag services when DCI command buffer
reallocat ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10624 (While handling the vendor command there is an integer
truncation issue ...)
@@ -65195,8 +65234,8 @@ CVE-2019-10599
RESERVED
CVE-2019-10598 (Out of bound access can occur while processing peer info in
IBSS conne ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10597
- RESERVED
+CVE-2019-10597 (kernel writes to user passed address without any checks can
lead to ar ...)
+ TODO: check
CVE-2019-10596
RESERVED
CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of
validation ...)
@@ -83347,8 +83386,7 @@ CVE-2019-3866 (An information-exposure vulnerability
was discovered where openst
NOTE:
https://opendev.org/openstack/oslo.utils/commit/b41268417cecb12d1d5955ee3107067edf050221
NOTE: Patch for Pike and newer:
https://launchpadlibrarian.net/449473654/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
NOTE: Patch for Pike and newer:
https://launchpadlibrarian.net/449472809/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
-CVE-2019-3865
- RESERVED
+CVE-2019-3865 (A vulnerability was found in quay-2, where a stored XSS
vulnerability ...)
NOT-FOR-US: Quay
CVE-2019-3864 (A vulnerability was discovered in all quay-2 versions before
quay-3.0. ...)
NOT-FOR-US: Quay
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b489bfa75dea76401cbac36426c5a46b32e9b8cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b489bfa75dea76401cbac36426c5a46b32e9b8cc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
