[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Dec 24 08:10:24 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a2dc03c by security tracker role at 2019-12-24T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buff ...)
+	TODO: check
+CVE-2019-19952 (In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function  ...)
+	TODO: check
+CVE-2019-19951 (In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buff ...)
+	TODO: check
+CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free  ...)
+	TODO: check
+CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in  ...)
+	TODO: check
+CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks of unin ...)
+	TODO: check
+CVE-2019-19946
+	RESERVED
+CVE-2019-19945
+	RESERVED
 CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c ...)
 	NOT-FOR-US: libIEC61850
 CVE-2019-19943
@@ -5206,7 +5224,7 @@ CVE-2019-19504
 	RESERVED
 CVE-2019-19503
 	RESERVED
-CVE-2019-19502 (pluginconfig.php in the Image Uploader and Browser plugin before 4.1.9 ...)
+CVE-2019-19502 (Code injection in pluginconfig.php in Image Uploader and Browser for C ...)
 	NOT-FOR-US: ckeditor plugin
 CVE-2019-19501 (VeraCrypt 1.24 allows Local Privilege Escalation during execution of V ...)
 	NOT-FOR-US: VeraCrypt
@@ -5909,7 +5927,7 @@ CVE-2020-1691
 	RESERVED
 CVE-2020-1690
 	RESERVED
-CVE-2019-19364 (In Sony Catalyst Production Suite through 2019.1 (1.1.0.21) and Cataly ...)
+CVE-2019-19364 (A weak malicious user can escalate its privilege whenever CatalystProd ...)
 	NOT-FOR-US: Sony Catalyst Production Suite
 CVE-2019-19363
 	RESERVED
@@ -11091,8 +11109,8 @@ CVE-2019-18238
 	RESERVED
 CVE-2019-18237
 	RESERVED
-CVE-2019-18236
-	RESERVED
+CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC Editor Ver ...)
+	TODO: check
 CVE-2019-18235
 	RESERVED
 CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL injection ...)
@@ -11149,8 +11167,8 @@ CVE-2019-18213 (XML Language Server (aka lsp4xml) before 0.9.1, as used in Red H
 	NOT-FOR-US: XML Language Server (aka lsp4xml)
 CVE-2019-18212 (XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0. ...)
 	NOT-FOR-US: XML Language Server (aka lsp4xml)
-CVE-2019-18211
-	RESERVED
+CVE-2019-18211 (An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTok ...)
+	TODO: check
 CVE-2019-18210
 	RESERVED
 CVE-2019-18209 (templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser doe ...)
@@ -29248,10 +29266,10 @@ CVE-2019-12570 (A SQL injection vulnerability in the Xpert Solution "Server Stat
 	NOT-FOR-US: Xpert Solution "Server Status by Hostname/IP" plugin for WordPress
 CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows) could all ...)
 	NOT-FOR-US: Viber
-CVE-2019-12568
-	RESERVED
-CVE-2019-12567
-	RESERVED
+CVE-2019-12568 (Stack-based overflow vulnerability in the logMess function in Open TFT ...)
+	TODO: check
+CVE-2019-12567 (Stack-based overflow vulnerability in the logMess function in Open TFT ...)
+	TODO: check
 CVE-2019-12566 (The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS i ...)
 	NOT-FOR-US: WP Statistics plugin for WordPress
 CVE-2019-12565
@@ -42289,8 +42307,8 @@ CVE-2019-8295
 	RESERVED
 CVE-2019-8294
 	RESERVED
-CVE-2019-8293
-	RESERVED
+CVE-2019-8293 (Due to a logic error in the code, upload-image-with-ajax v1.0 allows a ...)
+	TODO: check
 CVE-2019-8292 (Online Store System v1.0 delete_product.php doesn't check to see if a  ...)
 	NOT-FOR-US: Online Store System
 CVE-2019-8291 (Online Store System v1.0 delete_file.php doesn't check to see if a use ...)
@@ -44150,10 +44168,10 @@ CVE-2019-7491
 	RESERVED
 CVE-2019-7490
 	RESERVED
-CVE-2019-7489
-	RESERVED
-CVE-2019-7488
-	RESERVED
+CVE-2019-7489 (A vulnerability in SonicWall Email Security appliance allow an unauthe ...)
+	TODO: check
+CVE-2019-7488 (Weak default password cause vulnerability in SonicWall Email Security  ...)
+	TODO: check
 CVE-2019-7487 (Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operati ...)
 	TODO: check
 CVE-2019-7486 (Code injection in SonicWall SMA100 allows an authenticated user to exe ...)
@@ -47598,8 +47616,8 @@ CVE-2019-6149 (An unquoted search path vulnerability was identified in Lenovo Dy
 	NOT-FOR-US: Lenovo
 CVE-2019-6148
 	RESERVED
-CVE-2019-6147
-	RESERVED
+CVE-2019-6147 (Forcepoint NGFW Security Management Center (SMC) versions lower than 6 ...)
+	TODO: check
 CVE-2019-6146
 	RESERVED
 CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1 have an un ...)
@@ -49135,83 +49153,83 @@ CVE-2019-5586 (A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet
 CVE-2019-5585 (An improper access control vulnerability in FortiClientMac before 6.0. ...)
 	NOT-FOR-US: Fortiguard FortiClientMac
 CVE-2019-5584
-	RESERVED
+	REJECTED
 CVE-2019-5583
-	RESERVED
+	REJECTED
 CVE-2019-5582
-	RESERVED
+	REJECTED
 CVE-2019-5581
-	RESERVED
+	REJECTED
 CVE-2019-5580
-	RESERVED
+	REJECTED
 CVE-2019-5579
-	RESERVED
+	REJECTED
 CVE-2019-5578
-	RESERVED
+	REJECTED
 CVE-2019-5577
-	RESERVED
+	REJECTED
 CVE-2019-5576
-	RESERVED
+	REJECTED
 CVE-2019-5575
-	RESERVED
+	REJECTED
 CVE-2019-5574
-	RESERVED
+	REJECTED
 CVE-2019-5573
-	RESERVED
+	REJECTED
 CVE-2019-5572
-	RESERVED
+	REJECTED
 CVE-2019-5571
-	RESERVED
+	REJECTED
 CVE-2019-5570
-	RESERVED
+	REJECTED
 CVE-2019-5569
-	RESERVED
+	REJECTED
 CVE-2019-5568
-	RESERVED
+	REJECTED
 CVE-2019-5567
-	RESERVED
+	REJECTED
 CVE-2019-5566
-	RESERVED
+	REJECTED
 CVE-2019-5565
-	RESERVED
+	REJECTED
 CVE-2019-5564
-	RESERVED
+	REJECTED
 CVE-2019-5563
-	RESERVED
+	REJECTED
 CVE-2019-5562
-	RESERVED
+	REJECTED
 CVE-2019-5561
-	RESERVED
+	REJECTED
 CVE-2019-5560
-	RESERVED
+	REJECTED
 CVE-2019-5559
-	RESERVED
+	REJECTED
 CVE-2019-5558
-	RESERVED
+	REJECTED
 CVE-2019-5557
-	RESERVED
+	REJECTED
 CVE-2019-5556
-	RESERVED
+	REJECTED
 CVE-2019-5555
-	RESERVED
+	REJECTED
 CVE-2019-5554
-	RESERVED
+	REJECTED
 CVE-2019-5553
-	RESERVED
+	REJECTED
 CVE-2019-5552
-	RESERVED
+	REJECTED
 CVE-2019-5551
-	RESERVED
+	REJECTED
 CVE-2019-5550
-	RESERVED
+	REJECTED
 CVE-2019-5549
-	RESERVED
+	REJECTED
 CVE-2019-5548
-	RESERVED
+	REJECTED
 CVE-2019-5547
-	RESERVED
+	REJECTED
 CVE-2019-5546
-	RESERVED
+	REJECTED
 CVE-2019-5545
 	RESERVED
 CVE-2019-5544 (OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap ove ...)
@@ -49226,8 +49244,8 @@ CVE-2019-5541 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 1
 	NOT-FOR-US: VMware
 CVE-2019-5540 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
 	NOT-FOR-US: VMware
-CVE-2019-5539
-	RESERVED
+CVE-2019-5539 (VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10 ...)
+	TODO: check
 CVE-2019-5538 (Sensitive information disclosure vulnerability resulting from a lack o ...)
 	NOT-FOR-US: VMware
 CVE-2019-5537 (Sensitive information disclosure vulnerability resulting from a lack o ...)
@@ -50122,7 +50140,7 @@ CVE-2019-5146
 	RESERVED
 CVE-2019-5145
 	RESERVED
-CVE-2019-5144 (A freed memory access vulnerability exists in the SVG Marker Element f ...)
+CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the derive_taps_ ...)
 	NOT-FOR-US: Kakadu Software SDK
 CVE-2019-5143
 	RESERVED
@@ -89234,12 +89252,12 @@ CVE-2018-10391 (An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the
 	NOT-FOR-US: WUZHI CMS
 CVE-2018-10390
 	RESERVED
-CVE-2018-10389
-	RESERVED
-CVE-2018-10388
-	RESERVED
-CVE-2018-10387
-	RESERVED
+CVE-2018-10389 (Format string vulnerability in the logMess function in TFTP Server MT  ...)
+	TODO: check
+CVE-2018-10388 (Format string vulnerability in the logMess function in TFTP Server SP  ...)
+	TODO: check
+CVE-2018-10387 (Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier a ...)
+	TODO: check
 CVE-2018-10386
 	RESERVED
 CVE-2018-10385



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a2dc03c20959fb75616795a3c71b7c3d7d1e4fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a2dc03c20959fb75616795a3c71b7c3d7d1e4fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191224/c2755a46/attachment.html>

More information about the debian-security-tracker-commits mailing list