[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Dec 27 08:10:32 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e669bb5d by security tracker role at 2019-12-27T08:10:19Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2019-20043
+	RESERVED
+CVE-2019-20042
+	RESERVED
+CVE-2019-20041
+	RESERVED
+CVE-2019-20040
+	RESERVED
+CVE-2019-20039
+	RESERVED
+CVE-2019-20038
+	RESERVED
+CVE-2019-20037
+	RESERVED
+CVE-2019-20036
+	RESERVED
+CVE-2019-20035
+	RESERVED
+CVE-2019-20034
+	RESERVED
+CVE-2019-20033
+	RESERVED
+CVE-2019-20032
+	RESERVED
+CVE-2019-20031
+	RESERVED
+CVE-2019-20030
+	RESERVED
+CVE-2019-20029
+	RESERVED
+CVE-2019-20028
+	RESERVED
+CVE-2019-20027
+	RESERVED
+CVE-2019-20026
+	RESERVED
+CVE-2019-20025
+	RESERVED
+CVE-2019-20024 (A heap-based buffer overflow was discovered in image_buffer_resize in  ...)
+	TODO: check
+CVE-2019-20023 (A memory leak was discovered in image_buffer_resize in fromsixel.c in  ...)
+	TODO: check
+CVE-2019-20022 (An invalid memory address dereference was discovered in load_pnm in fr ...)
+	TODO: check
+CVE-2019-20021 (A heap-based buffer over-read was discovered in canUnpack in p_mach.cp ...)
+	TODO: check
+CVE-2019-20020 (A stack-based buffer over-read was discovered in ReadNextStructField i ...)
+	TODO: check
+CVE-2019-20019 (An attempted excessive memory allocation was discovered in Mat_VarRead ...)
+	TODO: check
+CVE-2019-20018 (A stack-based buffer over-read was discovered in ReadNextCell in mat5. ...)
+	TODO: check
+CVE-2019-20017 (A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5  ...)
+	TODO: check
+CVE-2019-20016 (libmysofa 0.9 does not properly restrict recursive function calls, as  ...)
+	TODO: check
+CVE-2019-20015 (An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead  ...)
+	TODO: check
+CVE-2019-20014 (An issue was discovered in GNU LibreDWG before 0.93. There is a double ...)
+	TODO: check
+CVE-2019-20013 (An issue was discovered in GNU LibreDWG before 0.93. Crafted input wil ...)
+	TODO: check
+CVE-2019-20012 (An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead  ...)
+	TODO: check
+CVE-2019-20011 (An issue was discovered in GNU LibreDWG 0.92. There is a heap-based bu ...)
+	TODO: check
+CVE-2019-20010 (An issue was discovered in GNU LibreDWG 0.92. There is a use-after-fre ...)
+	TODO: check
+CVE-2019-20009 (An issue was discovered in GNU LibreDWG before 0.93. Crafted input wil ...)
+	TODO: check
+CVE-2019-20008 (In Archery before 1.3, inserting an XSS payload into a project name (e ...)
+	TODO: check
+CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezx ...)
+	TODO: check
+CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
+	TODO: check
+CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
+	TODO: check
+CVE-2019-20004
+	RESERVED
 CVE-2019-20003
 	RESERVED
 CVE-2019-20002
@@ -1080,12 +1160,12 @@ CVE-2019-19835
 	RESERVED
 CVE-2019-19834
 	RESERVED
-CVE-2019-16781
+CVE-2019-16781 (In WordPress before 5.3.1, authenticated users with lower privileges ( ...)
 	- wordpress <unfixed> (bug #946905)
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v
 	NOTE: https://hackerone.com/reports/731301
 	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
-CVE-2019-16780
+CVE-2019-16780 (WordPress users with lower privileges (like contributors) can inject J ...)
 	- wordpress <unfixed> (bug #946905)
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/505dd6a20b6fc3d06130018c1caeff764248c29e
@@ -5886,8 +5966,8 @@ CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit befor
 	NOTE: not supposed to release an application with the debug library.
 CVE-2019-19390
 	RESERVED
-CVE-2019-19389
-	RESERVED
+CVE-2019-19389 (JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP R ...)
+	TODO: check
 CVE-2019-19388 (A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_d ...)
 	NOT-FOR-US: FusionPBX
 CVE-2019-19387 (A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_inter ...)
@@ -210652,8 +210732,7 @@ CVE-2015-5291 (Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM
 	[experimental] - polarssl 1.3.14-0.1
 	- polarssl <unfixed> (bug #801413)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
-CVE-2015-5290 [Remote denial of service using MONITOR command]
-	RESERVED
+CVE-2015-5290 (ircd-ratbox 3.0.9 mishandles the MONITOR command which allows remote a ...)
 	- charybdis 3.4.2-5
 	[jessie] - charybdis 3.4.2-5~deb8u1
 	[wheezy] - charybdis <no-dsa> (Minor issue)
@@ -259655,8 +259734,7 @@ CVE-2013-4319 (pbs_mom in Terascale Open-Source Resource and Queue Manager (aka
 	{DSA-2770-1}
 	- torque 2.4.16+dfsg-1.1 (bug #722306)
 	NOTE: http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html
-CVE-2013-4318
-	RESERVED
+CVE-2013-4318 (File injection vulnerability in Ruby gem Features 0.3.0 allows remote  ...)
 	NOT-FOR-US: Ruby gem Features
 	NOTE: http://www.openwall.com/lists/oss-security/2013/09/09/9
 CVE-2013-4317 (In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API  ...)
@@ -262719,14 +262797,14 @@ CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N30
 	NOT-FOR-US: Belkin N300 router
 CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...)
 	NOT-FOR-US: Belkin N300
-CVE-2013-3088
-	RESERVED
+CVE-2013-3088 (Belkin N900 router (F9K1104v1) contains an Authentication Bypass using ...)
+	TODO: check
 CVE-2013-3087 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 rou ...)
 	NOT-FOR-US: Belkin N900 router
 CVE-2013-3086 (Cross-site request forgery (CSRF) vulnerability in util_system.html in ...)
 	NOT-FOR-US: Belkin N900
-CVE-2013-3085
-	RESERVED
+CVE-2013-3085 (An authentication bypass exists in the web management interface in Bel ...)
+	TODO: check
 CVE-2013-3084 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5 ...)
 	NOT-FOR-US: Belkin router
 CVE-2013-3083 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_sett ...)
@@ -265795,8 +265873,7 @@ CVE-2013-2012 (autojump before 21.5.8 allows local users to gain privileges via
 	- autojump <not-affected> (vulnerable code not present for unstable)
 	NOTE: experimental affected as per 21.5.1-1, see #706252
 	NOTE: experimental fixed as 21.5.1-2
-CVE-2013-2011
-	RESERVED
+CVE-2013-2011 (WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execu ...)
 	NOT-FOR-US: WP Super Cache
 	NOTE: this issue exists because of an incomplete fix for CVE-2013-2009
 CVE-2013-2010
@@ -277259,8 +277336,7 @@ CVE-2012-4422 (wp-admin/plugins.php in WordPress before 3.4.2, when the multisit
 	- wordpress 3.4.2+dfsg-1
 CVE-2012-4421 (The create_post function in wp-includes/class-wp-atom-server.php in Wo ...)
 	- wordpress 3.4.2+dfsg-1
-CVE-2012-4420 [Duplicate of CVE-2012-4416]
-	RESERVED
+CVE-2012-4420 (An information disclosure flaw was found in the way the Java Virtual M ...)
 	NOT-FOR-US: Duplicate of CVE-2012-4416
 CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor b ...)
 	{DSA-2548-1}
@@ -279710,8 +279786,8 @@ CVE-2012-3463 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action
 	- rails <not-affected> (Only affects RoR 3.x)
 	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/09/8
-CVE-2012-3462
-	RESERVED
+CVE-2012-3462 (A flaw was found in SSSD version 1.9.0. The SSSD's access-provider log ...)
+	TODO: check
 CVE-2012-3461 (The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_d ...)
 	{DSA-2526-1}
 	- libotr 3.2.1-1 (medium; bug #684121)
@@ -281587,8 +281663,7 @@ CVE-2012-2737 (The user_change_icon_file_authorized_cb function in /usr/libexec/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/28/9
 	NOTE: http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=832532
-CVE-2012-2736 [NetworkManager: creating new WPA-secured wireless network results in insecure network being created instead]
-	RESERVED
+CVE-2012-2736 (In NetworkManager 0.9.2.0, when a new wireless network was created wit ...)
 	- network-manager 0.9.4.0-1 (low; bug #655972)
 	[squeeze] - network-manager 0.8.1-6+squeeze2
 CVE-2012-2735 (Session fixation vulnerability in Cumin before 0.1.5444, as used in Re ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e669bb5d0950b9264429631b95249f61b13d9542

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e669bb5d0950b9264429631b95249f61b13d9542
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191227/fe85be05/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list