automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-01-17 20:10:26 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-01-17 20:10:26 +0000
commit: b3293ae873a932de864298f4be7e8a34fba4873d (patch)
tree: 2853e7989931848d1471827df9622033b673980c
parent: 8d9c1fe04b44ebc8334874a768269437ed6d9eff (diff)
3 files changed, 86 insertions, 47 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 263fd25518..7d70caaa67 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1617,7 +1617,7 @@ CVE-2007-6072
 CVE-2007-6071
 	RESERVED
 CVE-2007-6070
-	RESERVED
+	REJECTED
 CVE-2007-6069
 	RESERVED
 CVE-2007-6068
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index f27608ca00..485fc994fe 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -919,8 +919,8 @@ CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
 	NOT-FOR-US: ezXML
 CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the ...)
 	NOT-FOR-US: Intelbras
-CVE-2019-20003
-	RESERVED
+CVE-2019-20003 (Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored ...)
+	TODO: check
 CVE-2019-20002
 	RESERVED
 CVE-2019-20001
@@ -996,11 +996,13 @@ CVE-2019-19977 (libESMTP through 1.0.6 mishandles domain copying into a fixed-si
 	NOTE: https://github.com/Kirin-say/Vulnerabilities/blob/master/Stack_Overflow_in_libesmtp.md
 	NOTE: NTLM support not enabled in the Debian builds.
 CVE-2019-19966 (In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_e ...)
+	{DLA-2068-1}
 	- linux 5.2.6-1
 	[buster] - linux 4.19.67-1
 	[stretch] - linux 4.9.184-1
 	NOTE: https://git.kernel.org/linus/dea37a97265588da604c6ba80160a287b72c7bfd
 CVE-2019-19965 (In the Linux kernel through 5.4.6, there is a NULL pointer dereference ...)
+	{DLA-2068-1}
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/f70267f379b5e5e11bdc5d72a56bf17e5feed01f
 CVE-2019-19964
@@ -1076,6 +1078,7 @@ CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overfl
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c (7.x)
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54 (6.x)	
 CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks of unin ...)
+	{DLA-2068-1}
 	- linux 5.4.8-1
 	NOTE: https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9
 CVE-2019-19946
@@ -1140,6 +1143,7 @@ CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain
 	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35
 CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quo ...)
+	{DLA-2068-1}
 	- linux 5.3.9-1
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425
@@ -1584,6 +1588,7 @@ CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is a use-after-free (read)
 	- linux <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711
 CVE-2019-19767 (The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as d ...)
+	{DLA-2068-1}
 	- linux 5.3.15-1
 	NOTE: https://git.kernel.org/linus/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
 CVE-2019-19766 (The Bitwarden server through 1.32.0 has a potentially unwanted KDF. ...)
@@ -2170,9 +2175,11 @@ CVE-2019-19539
 CVE-2019-19538
 	RESERVED
 CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that  ...)
+	{DLA-2068-1}
 	- linux 5.2.17-1
 	NOTE: https://git.kernel.org/linus/303911cfc5b95d33687d9046133ff184cf5043ff
 CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...)
+	{DLA-2068-1}
 	- linux 5.2.9-1
 	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/ead16e53c2f0ed946d82d4037c630e2f60f4ab69
@@ -2182,19 +2189,24 @@ CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/30a8beeb3042f49d0537b7050fd21b490166a3d9
 CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can  ...)
+	{DLA-2068-1}
 	- linux 5.3.15-1
 	NOTE: https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd
 CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...)
+	{DLA-2068-1}
 	- linux 5.3.7-1
 	NOTE: https://git.kernel.org/linus/a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1
 CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...)
+	{DLA-2068-1}
 	- linux 5.3.9-1
 	NOTE: https://git.kernel.org/linus/d9d4b1e46d9543a82c23f6df03f4ad697dab361b
 CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...)
+	{DLA-2068-1}
 	- linux 5.2.9-1
 	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/fc05481b2fcabaaeccf63e32ac1baab54e5b6963
 CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that  ...)
+	{DLA-2068-1}
 	- linux 5.2.17-1
 	NOTE: https://git.kernel.org/linus/c52873e5a1ef72f845526d9f6a50704433f9c625
 CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that  ...)
@@ -2208,6 +2220,7 @@ CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/edc4746f253d907d048de680a621e121517f484b
 CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that  ...)
+	{DLA-2068-1}
 	- linux 5.2.17-1
 	NOTE: https://git.kernel.org/linus/6d4472d7bec39917b54e4e80245784ea5d60ce49
 	NOTE: https://git.kernel.org/linus/9c09b214f30e3c11f9b0b03f89442df03643794d
@@ -2221,9 +2234,11 @@ CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/7fd25e6fc035f4b04b75bca6d7e8daa069603a76
 CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that  ...)
+	{DLA-2068-1}
 	- linux 5.3.15-1
 	NOTE: https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86
 CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...)
+	{DLA-2068-1}
 	- linux 5.3.7-1
 	NOTE: https://git.kernel.org/linus/44efc269db7929f6275a1fa927ef082e533ecde0
 CVE-2019-19522 (OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey aut ...)
@@ -2627,8 +2642,7 @@ CVE-2019-19341 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2,
 	NOT-FOR-US: Ansible Tower
 CVE-2019-19340 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...)
 	NOT-FOR-US: Ansible Tower
-CVE-2019-19339
-	RESERVED
+CVE-2019-19339 (It was found that the Red Hat Enterprise Linux 8 kpatch update did not ...)
 	NOT-FOR-US: Red Hat specific kpatch update which was incomplete to address CVE-2018-12207
 CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest -  incomplete fix for TAA (CVE-2019-11135)]
 	RESERVED
@@ -2652,6 +2666,7 @@ CVE-2019-19333 (In all versions of libyang before 1.0-r5, a stack-based buffer o
 	[buster] - libyang <no-dsa> (Minor issue)
 	NOTE: https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d
 CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kernel, ver ...)
+	{DLA-2068-1}
 	- linux 5.4.6-1
 	NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e
 CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service  ...)
@@ -2963,6 +2978,7 @@ CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius Solar Inverter devices befo
 CVE-2019-19228 (Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attacke ...)
 	NOT-FOR-US: Fronius Solar Inverter devices
 CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1, there is a  ...)
+	{DLA-2068-1}
 	- linux 5.2.6-1
 	NOTE: https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc
 CVE-2019-19226
@@ -3364,6 +3380,7 @@ CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function i
 	- linux 5.3.9-1 (unimportant)
 	NOTE: https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
 CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/ ...)
+	{DLA-2068-1}
 	- linux <unfixed>
 CVE-2019-19065 (A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi ...)
 	- linux 5.3.9-1
@@ -3375,6 +3392,7 @@ CVE-2019-19064 (** DISPUTED ** A memory leak in the fsl_lpspi_probe() function i
 CVE-2019-19063 (Two memory leaks in the rtl_usb_probe() function in drivers/net/wirele ...)
 	- linux 5.4.8-1 (unimportant)
 CVE-2019-19062 (A memory leak in the crypto_report() function in crypto/crypto_user_ba ...)
+	{DLA-2068-1}
 	- linux 5.4.6-1
 CVE-2019-19061 (A memory leak in the adis_update_scan_mode_burst() function in drivers ...)
 	- linux 5.3.9-1 (unimportant)
@@ -3393,8 +3411,10 @@ CVE-2019-19058 (A memory leak in the alloc_sgtable() function in drivers/net/wir
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b4b814fec1a5a849383f7b3886b654a13abbda7d
 CVE-2019-19057 (Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drive ...)
+	{DLA-2068-1}
 	- linux 5.4.8-1
 CVE-2019-19056 (A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drive ...)
+	{DLA-2068-1}
 	- linux <unfixed>
 CVE-2019-19055 (** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats()  ...)
 	- linux 5.4.6-1 (unimportant)
@@ -3411,9 +3431,11 @@ CVE-2019-19053 (A memory leak in the rpmsg_eptdev_write_iter() function in drive
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 CVE-2019-19052 (A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_ ...)
+	{DLA-2068-1}
 	- linux 5.3.15-1
 	NOTE: https://git.kernel.org/linus/fb5be6a7b4863ecc44963bb80ca614584b6c7817
 CVE-2019-19051 (A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/ ...)
+	{DLA-2068-1}
 	- linux 5.3.15-1
 	NOTE: https://git.kernel.org/linus/6f3ef5c25cc762687a7341c18cbea5af54461407
 CVE-2019-19050 (A memory leak in the crypto_reportstat() function in crypto/crypto_use ...)
@@ -6515,6 +6537,7 @@ CVE-2019-17668 (Samsung Galaxy S10 and Note10 devices allow unlock operations vi
 CVE-2019-17667 (Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML inj ...)
 	NOT-FOR-US: Comtech H8 Heights Remote Gateway devices
 CVE-2019-17666 (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Lin ...)
+	{DLA-2068-1}
 	- linux 5.3.9-1
 	NOTE: https://lkml.org/lkml/2019/10/16/1226
 CVE-2019-17665 (NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it load ...)
@@ -6577,10 +6600,10 @@ CVE-2019-17637
 	RESERVED
 CVE-2019-17636
 	RESERVED
-CVE-2019-17635
-	RESERVED
-CVE-2019-17634
-	RESERVED
+CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...)
+	TODO: check
+CVE-2019-17634 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cros ...)
+	TODO: check
 CVE-2019-17633 (For Eclipse Che versions 6.16 to 7.3.0, with both authentication and T ...)
 	NOT-FOR-US: Eclipse Che
 CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...)
@@ -7822,18 +7845,19 @@ CVE-2019-17131 (vBulletin before 5.5.4 allows clickjacking. ...)
 CVE-2019-17130 (vBulletin through 5.5.4 mishandles external URLs within the /core/vb/v ...)
 	NOT-FOR-US: vBulletin
 CVE-2019-17133 (In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/w ...)
+	{DLA-2068-1}
 	- linux 5.3.9-1
 	NOTE: https://marc.info/?l=linux-wireless&m=157018270915487&w=2
 CVE-2019-17129
 	RESERVED
 CVE-2019-17128 (Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection  ...)
 	NOT-FOR-US: Netreo OmniCenter
-CVE-2019-17127
-	RESERVED
+CVE-2019-17127 (A Stored Client Side Template Injection (CSTI) with Angular was discov ...)
+	TODO: check
 CVE-2019-17126
 	RESERVED
-CVE-2019-17125
-	RESERVED
+CVE-2019-17125 (A Reflected Client Side Template Injection (CSTI) with Angular was dis ...)
+	TODO: check
 CVE-2019-17124 (Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. ...)
 	NOT-FOR-US: Kramer VIAware
 CVE-2019-17123 (The eGain Web Email API 11+ allows spoofed messages because the fromNa ...)
@@ -7990,18 +8014,23 @@ CVE-2019-17058 (Footy Tipping Software AFL Web Edition 2019 allows arbitrary fil
 CVE-2019-17057 (Footy Tipping Software AFL Web Edition 2019 allows XSS. ...)
 	NOT-FOR-US: Footy Tipping Software AFL Web Edition
 CVE-2019-17056 (llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module i ...)
+	{DLA-2068-1}
 	- linux 5.3.7-1
 	NOTE: https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104
 CVE-2019-17055 (base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network ...)
+	{DLA-2068-1}
 	- linux 5.3.7-1
 	NOTE: https://git.kernel.org/linus/b91ee4aa2a2199ba4d4650706c272985a5a32d80
 CVE-2019-17054 (atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module ...)
+	{DLA-2068-1}
 	- linux 5.3.7-1
 	NOTE: https://git.kernel.org/linus/6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac
 CVE-2019-17053 (ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 netw ...)
+	{DLA-2068-1}
 	- linux 5.3.7-1
 	NOTE: https://git.kernel.org/linus/e69dbd4619e7674c1679cba49afd9dd9ac347eef
 CVE-2019-17052 (ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the ...)
+	{DLA-2068-1}
 	- linux 5.3.7-1
 	NOTE: https://git.kernel.org/linus/0614e2b73768b502fc32a75349823356d98aae2c
 CVE-2019-17051 (Evernote before 7.13 GA on macOS allows code execution because the com ...)
@@ -8885,6 +8914,7 @@ CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML mutation
 	[stretch] - dompurify.js <ignored> (Minor issue)
 	NOTE: https://research.securitum.com/dompurify-bypass-using-mxss/
 CVE-2019-16746 (An issue was discovered in net/wireless/nl80211.c in the Linux kernel  ...)
+	{DLA-2068-1}
 	- linux 5.3.7-1
 	NOTE: https://marc.info/?l=linux-wireless&m=156901391225058&w=2
 CVE-2019-16727
@@ -10991,10 +11021,10 @@ CVE-2019-15857
 	RESERVED
 CVE-2019-15856
 	RESERVED
-CVE-2019-15855
-	RESERVED
-CVE-2019-15854
-	RESERVED
+CVE-2019-15855 (An issue was discovered in Maarch RM before 2.5. A path traversal vuln ...)
+	TODO: check
+CVE-2019-15854 (An issue was discovered in Maarch RM before 2.5. A privilege escalatio ...)
+	TODO: check
 CVE-2019-15853
 	RESERVED
 CVE-2019-15852
@@ -11869,6 +11899,7 @@ CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web requ
 CVE-2019-15506 (An issue was discovered in Kaseya Virtual System Administrator (VSA) t ...)
 	NOT-FOR-US: Kaseya Virtual System Administrator (VSA)
 CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...)
+	{DLA-2068-1}
 	- linux 5.2.17-1
 CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2 ...)
 	- linux 5.2.17-1
@@ -12411,6 +12442,7 @@ CVE-2019-15292 (An issue was discovered in the Linux kernel before 5.0.9. There
 	- linux 4.19.37-1
 	[stretch] - linux 4.9.184-1
 CVE-2019-15291 (An issue was discovered in the Linux kernel through 5.2.9. There is a  ...)
+	{DLA-2068-1}
 	- linux 5.3.15-1
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/20/2
 CVE-2019-15290
@@ -12490,6 +12522,7 @@ CVE-2019-15218 (An issue was discovered in the Linux kernel before 5.1.8. There
 	[stretch] - linux 4.9.184-1
 	NOTE: https://git.kernel.org/linus/31e0456de5be379b10fea0fa94a681057114a96e
 CVE-2019-15217 (An issue was discovered in the Linux kernel before 5.2.3. There is a N ...)
+	{DLA-2068-1}
 	- linux 5.2.6-1
 	NOTE: https://git.kernel.org/linus/5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e
 CVE-2019-15216 (An issue was discovered in the Linux kernel before 5.0.14. There is a  ...)
@@ -12861,6 +12894,7 @@ CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel throug
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike@gmail.com/T/#u
 CVE-2019-15098 (drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2. ...)
+	{DLA-2068-1}
 	- linux 5.3.7-1
 	NOTE: https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u
 CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux k ...)
@@ -13297,6 +13331,7 @@ CVE-2019-14903
 CVE-2019-14902
 	RESERVED
 CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all versions 3.x.x ...)
+	{DLA-2068-1}
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/2
 CVE-2019-14900
@@ -13307,12 +13342,15 @@ CVE-2019-14898 [RHEL-7 specific incompete fix issue for CVE-2019-11599]
 	RESERVED
 	- linux <not-affected> (RHEL-7 specific incomplete fix for CVE-2019-11599)
 CVE-2019-14897 (A stack-based buffer overflow was found in the Linux kernel, version k ...)
+	{DLA-2068-1}
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
 CVE-2019-14896 (A heap-based buffer overflow vulnerability was found in the Linux kern ...)
+	{DLA-2068-1}
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
 CVE-2019-14895 (A heap-based buffer overflow was discovered in the Linux kernel, all v ...)
+	{DLA-2068-1}
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
 CVE-2019-14894
@@ -14158,8 +14196,8 @@ CVE-2019-14631
 	RESERVED
 CVE-2019-14630
 	RESERVED
-CVE-2019-14629
-	RESERVED
+CVE-2019-14629 (Improper permissions in Intel(R) DAAL before version 2020 Gold may all ...)
+	TODO: check
 CVE-2019-14628
 	RESERVED
 CVE-2019-14627
@@ -14186,15 +14224,14 @@ CVE-2019-14617
 	RESERVED
 CVE-2019-14616
 	RESERVED
-CVE-2019-14615
-	RESERVED
+CVE-2019-14615 (Insufficient control flow in certain data structures for some Intel(R) ...)
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Driver doesn't support this hardware)
 	NOTE: https://git.kernel.org/linus/bc8a76a152c5f9ef3b48104154a65a68a8b76946
 CVE-2019-14614
 	RESERVED
-CVE-2019-14613
-	RESERVED
+CVE-2019-14613 (Improper access control in driver for Intel(R) VTune(TM) Amplifier for ...)
+	TODO: check
 CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow a privil ...)
 	NOT-FOR-US: Intel
 CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a privilege ...)
@@ -14219,18 +14256,18 @@ CVE-2019-14603 (Improper permissions in the installer for the License Server sof
 	NOT-FOR-US: Intel
 CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR Driver vers ...)
 	NOT-FOR-US: Nuvoton* CIR Driver
-CVE-2019-14601
-	RESERVED
-CVE-2019-14600
-	RESERVED
+CVE-2019-14601 (Improper permissions in the installer for Intel(R) RWC 3 for Windows b ...)
+	TODO: check
+CVE-2019-14600 (Uncontrolled search path element in the installer for Intel(R) SNMP Su ...)
+	TODO: check
 CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier  ...)
 	NOT-FOR-US: Intel
 CVE-2019-14598
 	RESERVED
 CVE-2019-14597
 	RESERVED
-CVE-2019-14596
-	RESERVED
+CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset Device S ...)
+	TODO: check
 CVE-2019-14595
 	RESERVED
 CVE-2019-14594
@@ -23958,12 +23995,12 @@ CVE-2019-10960 (Zebra Industrial Printers All Versions, Zebra printers are shipp
 	NOT-FOR-US: Zebra Industrial Printers
 CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build ...)
 	NOT-FOR-US: BD Alaris Gateway
-CVE-2019-10958
-	RESERVED
-CVE-2019-10957
-	RESERVED
-CVE-2019-10956
-	RESERVED
+CVE-2019-10958 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...)
+	TODO: check
+CVE-2019-10957 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...)
+	TODO: check
+CVE-2019-10956 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...)
+	TODO: check
 CVE-2019-10955 (In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versi ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2019-10954 (An attacker could send crafted SMTP packets to cause a denial-of-servi ...)
@@ -25820,6 +25857,7 @@ CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as the
 CVE-2019-10221
 	RESERVED
 CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a rel ...)
+	{DLA-2068-1}
 	- linux 5.3.9-1
 CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml validat ...)
 	- libhibernate-validator-java <unfixed> (bug #948235)
@@ -42970,16 +43008,16 @@ CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Ent
 	- squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root)
 CVE-2019-3687
 	RESERVED
-CVE-2019-3686
-	RESERVED
+CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...)
+	TODO: check
 CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...)
 	- osc <not-affected> (Affects 0.165.x only, bug #941667)
 CVE-2019-3684 (SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a71 ...)
 	NOT-FOR-US: SUSE Manager
-CVE-2019-3683
-	RESERVED
-CVE-2019-3682
-	RESERVED
+CVE-2019-3683 (The keystone-json-assignment package in SUSE Openstack Cloud 8 before  ...)
+	TODO: check
+CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7 ...)
+	TODO: check
 CVE-2019-3681
 	RESERVED
 CVE-2019-3680
@@ -46217,6 +46255,7 @@ CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory co
 CVE-2019-2216
 	RESERVED
 CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an  ...)
+	{DLA-2068-1}
 	- linux 4.15.4-1
 	NOTE: Fixed by: https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f
 CVE-2019-2214 (In binder_transaction of binder.c, there is a possible out of bounds w ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 0754d01919..0ad277766a 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -729,8 +729,8 @@ CVE-2020-6864
 	RESERVED
 CVE-2020-6863
 	RESERVED
-CVE-2020-6862
-	RESERVED
+CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Informati ...)
+	TODO: check
 CVE-2020-6861
 	RESERVED
 CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...)
@@ -3721,8 +3721,8 @@ CVE-2020-5399
 	RESERVED
 CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...)
 	TODO: check
-CVE-2020-5397
-	RESERVED
+CVE-2020-5397 (Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ...)
+	TODO: check
 CVE-2020-5396
 	RESERVED
 CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...)
@@ -6655,8 +6655,8 @@ CVE-2020-3942
 	RESERVED
 CVE-2020-3941 (The repair operation of VMware Tools for Windows 10.x.y has a race con ...)
 	NOT-FOR-US: VMware Tools for Windows
-CVE-2020-3940
-	RESERVED
+CVE-2020-3940 (VMware Workspace ONE SDK and dependent mobile application updates addr ...)
+	TODO: check
 CVE-2020-3939
 	RESERVED
 CVE-2020-3938
author	security tracker role <sectracker@soriano.debian.org>	2020-01-17 20:10:26 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-01-17 20:10:26 +0000
commit	b3293ae873a932de864298f4be7e8a34fba4873d (patch)
tree	2853e7989931848d1471827df9622033b673980c
parent	8d9c1fe04b44ebc8334874a768269437ed6d9eff (diff)