diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-17 20:10:26 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-17 20:10:26 +0000 |
commit | b3293ae873a932de864298f4be7e8a34fba4873d (patch) | |
tree | 2853e7989931848d1471827df9622033b673980c | |
parent | 8d9c1fe04b44ebc8334874a768269437ed6d9eff (diff) |
automatic update
-rw-r--r-- | data/CVE/2007.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 119 | ||||
-rw-r--r-- | data/CVE/2020.list | 12 |
3 files changed, 86 insertions, 47 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 263fd25518..7d70caaa67 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1617,7 +1617,7 @@ CVE-2007-6072 CVE-2007-6071 RESERVED CVE-2007-6070 - RESERVED + REJECTED CVE-2007-6069 RESERVED CVE-2007-6068 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index f27608ca00..485fc994fe 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -919,8 +919,8 @@ CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi NOT-FOR-US: ezXML CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the ...) NOT-FOR-US: Intelbras -CVE-2019-20003 - RESERVED +CVE-2019-20003 (Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored ...) + TODO: check CVE-2019-20002 RESERVED CVE-2019-20001 @@ -996,11 +996,13 @@ CVE-2019-19977 (libESMTP through 1.0.6 mishandles domain copying into a fixed-si NOTE: https://github.com/Kirin-say/Vulnerabilities/blob/master/Stack_Overflow_in_libesmtp.md NOTE: NTLM support not enabled in the Debian builds. CVE-2019-19966 (In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_e ...) + {DLA-2068-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 NOTE: https://git.kernel.org/linus/dea37a97265588da604c6ba80160a287b72c7bfd CVE-2019-19965 (In the Linux kernel through 5.4.6, there is a NULL pointer dereference ...) + {DLA-2068-1} - linux <unfixed> NOTE: https://git.kernel.org/linus/f70267f379b5e5e11bdc5d72a56bf17e5feed01f CVE-2019-19964 @@ -1076,6 +1078,7 @@ CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overfl NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c (7.x) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54 (6.x) CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks of unin ...) + {DLA-2068-1} - linux 5.4.8-1 NOTE: https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9 CVE-2019-19946 @@ -1140,6 +1143,7 @@ CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain [jessie] - sqlite3 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35 CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quo ...) + {DLA-2068-1} - linux 5.3.9-1 [stretch] - linux <not-affected> (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425 @@ -1584,6 +1588,7 @@ CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) - linux <unfixed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711 CVE-2019-19767 (The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as d ...) + {DLA-2068-1} - linux 5.3.15-1 NOTE: https://git.kernel.org/linus/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a CVE-2019-19766 (The Bitwarden server through 1.32.0 has a potentially unwanted KDF. ...) @@ -2170,9 +2175,11 @@ CVE-2019-19539 CVE-2019-19538 RESERVED CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...) + {DLA-2068-1} - linux 5.2.17-1 NOTE: https://git.kernel.org/linus/303911cfc5b95d33687d9046133ff184cf5043ff CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) + {DLA-2068-1} - linux 5.2.9-1 [buster] - linux 4.19.67-1 NOTE: https://git.kernel.org/linus/ead16e53c2f0ed946d82d4037c630e2f60f4ab69 @@ -2182,19 +2189,24 @@ CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/30a8beeb3042f49d0537b7050fd21b490166a3d9 CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can ...) + {DLA-2068-1} - linux 5.3.15-1 NOTE: https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...) + {DLA-2068-1} - linux 5.3.7-1 NOTE: https://git.kernel.org/linus/a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1 CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...) + {DLA-2068-1} - linux 5.3.9-1 NOTE: https://git.kernel.org/linus/d9d4b1e46d9543a82c23f6df03f4ad697dab361b CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...) + {DLA-2068-1} - linux 5.2.9-1 [buster] - linux 4.19.67-1 NOTE: https://git.kernel.org/linus/fc05481b2fcabaaeccf63e32ac1baab54e5b6963 CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) + {DLA-2068-1} - linux 5.2.17-1 NOTE: https://git.kernel.org/linus/c52873e5a1ef72f845526d9f6a50704433f9c625 CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that ...) @@ -2208,6 +2220,7 @@ CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/edc4746f253d907d048de680a621e121517f484b CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) + {DLA-2068-1} - linux 5.2.17-1 NOTE: https://git.kernel.org/linus/6d4472d7bec39917b54e4e80245784ea5d60ce49 NOTE: https://git.kernel.org/linus/9c09b214f30e3c11f9b0b03f89442df03643794d @@ -2221,9 +2234,11 @@ CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7fd25e6fc035f4b04b75bca6d7e8daa069603a76 CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that ...) + {DLA-2068-1} - linux 5.3.15-1 NOTE: https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86 CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) + {DLA-2068-1} - linux 5.3.7-1 NOTE: https://git.kernel.org/linus/44efc269db7929f6275a1fa927ef082e533ecde0 CVE-2019-19522 (OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey aut ...) @@ -2627,8 +2642,7 @@ CVE-2019-19341 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, NOT-FOR-US: Ansible Tower CVE-2019-19340 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...) NOT-FOR-US: Ansible Tower -CVE-2019-19339 - RESERVED +CVE-2019-19339 (It was found that the Red Hat Enterprise Linux 8 kpatch update did not ...) NOT-FOR-US: Red Hat specific kpatch update which was incomplete to address CVE-2018-12207 CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)] RESERVED @@ -2652,6 +2666,7 @@ CVE-2019-19333 (In all versions of libyang before 1.0-r5, a stack-based buffer o [buster] - libyang <no-dsa> (Minor issue) NOTE: https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kernel, ver ...) + {DLA-2068-1} - linux 5.4.6-1 NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service ...) @@ -2963,6 +2978,7 @@ CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius Solar Inverter devices befo CVE-2019-19228 (Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attacke ...) NOT-FOR-US: Fronius Solar Inverter devices CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1, there is a ...) + {DLA-2068-1} - linux 5.2.6-1 NOTE: https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc CVE-2019-19226 @@ -3364,6 +3380,7 @@ CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function i - linux 5.3.9-1 (unimportant) NOTE: https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725 CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/ ...) + {DLA-2068-1} - linux <unfixed> CVE-2019-19065 (A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi ...) - linux 5.3.9-1 @@ -3375,6 +3392,7 @@ CVE-2019-19064 (** DISPUTED ** A memory leak in the fsl_lpspi_probe() function i CVE-2019-19063 (Two memory leaks in the rtl_usb_probe() function in drivers/net/wirele ...) - linux 5.4.8-1 (unimportant) CVE-2019-19062 (A memory leak in the crypto_report() function in crypto/crypto_user_ba ...) + {DLA-2068-1} - linux 5.4.6-1 CVE-2019-19061 (A memory leak in the adis_update_scan_mode_burst() function in drivers ...) - linux 5.3.9-1 (unimportant) @@ -3393,8 +3411,10 @@ CVE-2019-19058 (A memory leak in the alloc_sgtable() function in drivers/net/wir [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b4b814fec1a5a849383f7b3886b654a13abbda7d CVE-2019-19057 (Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drive ...) + {DLA-2068-1} - linux 5.4.8-1 CVE-2019-19056 (A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drive ...) + {DLA-2068-1} - linux <unfixed> CVE-2019-19055 (** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() ...) - linux 5.4.6-1 (unimportant) @@ -3411,9 +3431,11 @@ CVE-2019-19053 (A memory leak in the rpmsg_eptdev_write_iter() function in drive [stretch] - linux <not-affected> (Vulnerable code not present) [jessie] - linux <not-affected> (Vulnerable code not present) CVE-2019-19052 (A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_ ...) + {DLA-2068-1} - linux 5.3.15-1 NOTE: https://git.kernel.org/linus/fb5be6a7b4863ecc44963bb80ca614584b6c7817 CVE-2019-19051 (A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/ ...) + {DLA-2068-1} - linux 5.3.15-1 NOTE: https://git.kernel.org/linus/6f3ef5c25cc762687a7341c18cbea5af54461407 CVE-2019-19050 (A memory leak in the crypto_reportstat() function in crypto/crypto_use ...) @@ -6515,6 +6537,7 @@ CVE-2019-17668 (Samsung Galaxy S10 and Note10 devices allow unlock operations vi CVE-2019-17667 (Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML inj ...) NOT-FOR-US: Comtech H8 Heights Remote Gateway devices CVE-2019-17666 (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Lin ...) + {DLA-2068-1} - linux 5.3.9-1 NOTE: https://lkml.org/lkml/2019/10/16/1226 CVE-2019-17665 (NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it load ...) @@ -6577,10 +6600,10 @@ CVE-2019-17637 RESERVED CVE-2019-17636 RESERVED -CVE-2019-17635 - RESERVED -CVE-2019-17634 - RESERVED +CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...) + TODO: check +CVE-2019-17634 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cros ...) + TODO: check CVE-2019-17633 (For Eclipse Che versions 6.16 to 7.3.0, with both authentication and T ...) NOT-FOR-US: Eclipse Che CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...) @@ -7822,18 +7845,19 @@ CVE-2019-17131 (vBulletin before 5.5.4 allows clickjacking. ...) CVE-2019-17130 (vBulletin through 5.5.4 mishandles external URLs within the /core/vb/v ...) NOT-FOR-US: vBulletin CVE-2019-17133 (In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/w ...) + {DLA-2068-1} - linux 5.3.9-1 NOTE: https://marc.info/?l=linux-wireless&m=157018270915487&w=2 CVE-2019-17129 RESERVED CVE-2019-17128 (Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection ...) NOT-FOR-US: Netreo OmniCenter -CVE-2019-17127 - RESERVED +CVE-2019-17127 (A Stored Client Side Template Injection (CSTI) with Angular was discov ...) + TODO: check CVE-2019-17126 RESERVED -CVE-2019-17125 - RESERVED +CVE-2019-17125 (A Reflected Client Side Template Injection (CSTI) with Angular was dis ...) + TODO: check CVE-2019-17124 (Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. ...) NOT-FOR-US: Kramer VIAware CVE-2019-17123 (The eGain Web Email API 11+ allows spoofed messages because the fromNa ...) @@ -7990,18 +8014,23 @@ CVE-2019-17058 (Footy Tipping Software AFL Web Edition 2019 allows arbitrary fil CVE-2019-17057 (Footy Tipping Software AFL Web Edition 2019 allows XSS. ...) NOT-FOR-US: Footy Tipping Software AFL Web Edition CVE-2019-17056 (llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module i ...) + {DLA-2068-1} - linux 5.3.7-1 NOTE: https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104 CVE-2019-17055 (base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network ...) + {DLA-2068-1} - linux 5.3.7-1 NOTE: https://git.kernel.org/linus/b91ee4aa2a2199ba4d4650706c272985a5a32d80 CVE-2019-17054 (atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module ...) + {DLA-2068-1} - linux 5.3.7-1 NOTE: https://git.kernel.org/linus/6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac CVE-2019-17053 (ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 netw ...) + {DLA-2068-1} - linux 5.3.7-1 NOTE: https://git.kernel.org/linus/e69dbd4619e7674c1679cba49afd9dd9ac347eef CVE-2019-17052 (ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the ...) + {DLA-2068-1} - linux 5.3.7-1 NOTE: https://git.kernel.org/linus/0614e2b73768b502fc32a75349823356d98aae2c CVE-2019-17051 (Evernote before 7.13 GA on macOS allows code execution because the com ...) @@ -8885,6 +8914,7 @@ CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML mutation [stretch] - dompurify.js <ignored> (Minor issue) NOTE: https://research.securitum.com/dompurify-bypass-using-mxss/ CVE-2019-16746 (An issue was discovered in net/wireless/nl80211.c in the Linux kernel ...) + {DLA-2068-1} - linux 5.3.7-1 NOTE: https://marc.info/?l=linux-wireless&m=156901391225058&w=2 CVE-2019-16727 @@ -10991,10 +11021,10 @@ CVE-2019-15857 RESERVED CVE-2019-15856 RESERVED -CVE-2019-15855 - RESERVED -CVE-2019-15854 - RESERVED +CVE-2019-15855 (An issue was discovered in Maarch RM before 2.5. A path traversal vuln ...) + TODO: check +CVE-2019-15854 (An issue was discovered in Maarch RM before 2.5. A privilege escalatio ...) + TODO: check CVE-2019-15853 RESERVED CVE-2019-15852 @@ -11869,6 +11899,7 @@ CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web requ CVE-2019-15506 (An issue was discovered in Kaseya Virtual System Administrator (VSA) t ...) NOT-FOR-US: Kaseya Virtual System Administrator (VSA) CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...) + {DLA-2068-1} - linux 5.2.17-1 CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2 ...) - linux 5.2.17-1 @@ -12411,6 +12442,7 @@ CVE-2019-15292 (An issue was discovered in the Linux kernel before 5.0.9. There - linux 4.19.37-1 [stretch] - linux 4.9.184-1 CVE-2019-15291 (An issue was discovered in the Linux kernel through 5.2.9. There is a ...) + {DLA-2068-1} - linux 5.3.15-1 NOTE: https://www.openwall.com/lists/oss-security/2019/08/20/2 CVE-2019-15290 @@ -12490,6 +12522,7 @@ CVE-2019-15218 (An issue was discovered in the Linux kernel before 5.1.8. There [stretch] - linux 4.9.184-1 NOTE: https://git.kernel.org/linus/31e0456de5be379b10fea0fa94a681057114a96e CVE-2019-15217 (An issue was discovered in the Linux kernel before 5.2.3. There is a N ...) + {DLA-2068-1} - linux 5.2.6-1 NOTE: https://git.kernel.org/linus/5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e CVE-2019-15216 (An issue was discovered in the Linux kernel before 5.0.14. There is a ...) @@ -12861,6 +12894,7 @@ CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel throug [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike@gmail.com/T/#u CVE-2019-15098 (drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2. ...) + {DLA-2068-1} - linux 5.3.7-1 NOTE: https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux k ...) @@ -13297,6 +13331,7 @@ CVE-2019-14903 CVE-2019-14902 RESERVED CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all versions 3.x.x ...) + {DLA-2068-1} - linux <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/2 CVE-2019-14900 @@ -13307,12 +13342,15 @@ CVE-2019-14898 [RHEL-7 specific incompete fix issue for CVE-2019-11599] RESERVED - linux <not-affected> (RHEL-7 specific incomplete fix for CVE-2019-11599) CVE-2019-14897 (A stack-based buffer overflow was found in the Linux kernel, version k ...) + {DLA-2068-1} - linux <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1 CVE-2019-14896 (A heap-based buffer overflow vulnerability was found in the Linux kern ...) + {DLA-2068-1} - linux <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1 CVE-2019-14895 (A heap-based buffer overflow was discovered in the Linux kernel, all v ...) + {DLA-2068-1} - linux <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1 CVE-2019-14894 @@ -14158,8 +14196,8 @@ CVE-2019-14631 RESERVED CVE-2019-14630 RESERVED -CVE-2019-14629 - RESERVED +CVE-2019-14629 (Improper permissions in Intel(R) DAAL before version 2020 Gold may all ...) + TODO: check CVE-2019-14628 RESERVED CVE-2019-14627 @@ -14186,15 +14224,14 @@ CVE-2019-14617 RESERVED CVE-2019-14616 RESERVED -CVE-2019-14615 - RESERVED +CVE-2019-14615 (Insufficient control flow in certain data structures for some Intel(R) ...) - linux <unfixed> [jessie] - linux <not-affected> (Driver doesn't support this hardware) NOTE: https://git.kernel.org/linus/bc8a76a152c5f9ef3b48104154a65a68a8b76946 CVE-2019-14614 RESERVED -CVE-2019-14613 - RESERVED +CVE-2019-14613 (Improper access control in driver for Intel(R) VTune(TM) Amplifier for ...) + TODO: check CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow a privil ...) NOT-FOR-US: Intel CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a privilege ...) @@ -14219,18 +14256,18 @@ CVE-2019-14603 (Improper permissions in the installer for the License Server sof NOT-FOR-US: Intel CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR Driver vers ...) NOT-FOR-US: Nuvoton* CIR Driver -CVE-2019-14601 - RESERVED -CVE-2019-14600 - RESERVED +CVE-2019-14601 (Improper permissions in the installer for Intel(R) RWC 3 for Windows b ...) + TODO: check +CVE-2019-14600 (Uncontrolled search path element in the installer for Intel(R) SNMP Su ...) + TODO: check CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier ...) NOT-FOR-US: Intel CVE-2019-14598 RESERVED CVE-2019-14597 RESERVED -CVE-2019-14596 - RESERVED +CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset Device S ...) + TODO: check CVE-2019-14595 RESERVED CVE-2019-14594 @@ -23958,12 +23995,12 @@ CVE-2019-10960 (Zebra Industrial Printers All Versions, Zebra printers are shipp NOT-FOR-US: Zebra Industrial Printers CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build ...) NOT-FOR-US: BD Alaris Gateway -CVE-2019-10958 - RESERVED -CVE-2019-10957 - RESERVED -CVE-2019-10956 - RESERVED +CVE-2019-10958 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...) + TODO: check +CVE-2019-10957 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...) + TODO: check +CVE-2019-10956 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...) + TODO: check CVE-2019-10955 (In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versi ...) NOT-FOR-US: Rockwell Automation CVE-2019-10954 (An attacker could send crafted SMTP packets to cause a denial-of-servi ...) @@ -25820,6 +25857,7 @@ CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as the CVE-2019-10221 RESERVED CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a rel ...) + {DLA-2068-1} - linux 5.3.9-1 CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml validat ...) - libhibernate-validator-java <unfixed> (bug #948235) @@ -42970,16 +43008,16 @@ CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Ent - squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root) CVE-2019-3687 RESERVED -CVE-2019-3686 - RESERVED +CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...) + TODO: check CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...) - osc <not-affected> (Affects 0.165.x only, bug #941667) CVE-2019-3684 (SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a71 ...) NOT-FOR-US: SUSE Manager -CVE-2019-3683 - RESERVED -CVE-2019-3682 - RESERVED +CVE-2019-3683 (The keystone-json-assignment package in SUSE Openstack Cloud 8 before ...) + TODO: check +CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7 ...) + TODO: check CVE-2019-3681 RESERVED CVE-2019-3680 @@ -46217,6 +46255,7 @@ CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory co CVE-2019-2216 RESERVED CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an ...) + {DLA-2068-1} - linux 4.15.4-1 NOTE: Fixed by: https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f CVE-2019-2214 (In binder_transaction of binder.c, there is a possible out of bounds w ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 0754d01919..0ad277766a 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -729,8 +729,8 @@ CVE-2020-6864 RESERVED CVE-2020-6863 RESERVED -CVE-2020-6862 - RESERVED +CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Informati ...) + TODO: check CVE-2020-6861 RESERVED CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...) @@ -3721,8 +3721,8 @@ CVE-2020-5399 RESERVED CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...) TODO: check -CVE-2020-5397 - RESERVED +CVE-2020-5397 (Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ...) + TODO: check CVE-2020-5396 RESERVED CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...) @@ -6655,8 +6655,8 @@ CVE-2020-3942 RESERVED CVE-2020-3941 (The repair operation of VMware Tools for Windows 10.x.y has a race con ...) NOT-FOR-US: VMware Tools for Windows -CVE-2020-3940 - RESERVED +CVE-2020-3940 (VMware Workspace ONE SDK and dependent mobile application updates addr ...) + TODO: check CVE-2020-3939 RESERVED CVE-2020-3938 |