[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Feb 14 20:10:29 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b9a68bc by security tracker role at 2020-02-14T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-8995
+	RESERVED
+CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP SDK before ...)
+	TODO: check
+CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...)
+	TODO: check
 CVE-2020-8994
 	RESERVED
 CVE-2020-8993
@@ -314,8 +320,8 @@ CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary co
 	NOT-FOR-US: Foxit PhantomPDF
 CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit Reader
-CVE-2020-8843
-	RESERVED
+CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...)
+	TODO: check
 CVE-2020-8842
 	RESERVED
 CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...)
@@ -822,10 +828,10 @@ CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. A
 	NOT-FOR-US: Askey devices
 CVE-2020-8613
 	RESERVED
-CVE-2020-8612
-	RESERVED
-CVE-2020-8611
-	RESERVED
+CVE-2020-8612 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...)
+	TODO: check
+CVE-2020-8611 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...)
+	TODO: check
 CVE-2020-8610
 	RESERVED
 CVE-2020-8609
@@ -870,8 +876,8 @@ CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9
 	NOT-FOR-US: Participants Database plugin for WordPress
 CVE-2020-8595 (Istio 1.3 through 1.4.3 allows authentication bypass. The Authenticati ...)
 	NOT-FOR-US: itsio
-CVE-2020-8594
-	RESERVED
+CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...)
+	TODO: check
 CVE-2020-8593
 	RESERVED
 CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...)
@@ -3824,8 +3830,8 @@ CVE-2020-7253
 	RESERVED
 CVE-2020-7252
 	RESERVED
-CVE-2020-7251
-	RESERVED
+CVE-2020-7251 (Improper access control vulnerability in Configuration Tool in McAfee  ...)
+	TODO: check
 CVE-2020-7250
 	RESERVED
 CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...)
@@ -7563,8 +7569,8 @@ CVE-2020-5534
 	RESERVED
 CVE-2020-5533
 	RESERVED
-CVE-2020-5532
-	RESERVED
+CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for ...)
+	TODO: check
 CVE-2020-5531
 	RESERVED
 CVE-2020-5530
@@ -11600,10 +11606,10 @@ CVE-2019-20048 (An issue was discovered on Alcatel-Lucent OmniVista 8770 devices
 	NOT-FOR-US: Alcatel-Lucent OmniVista 8770 devices
 CVE-2019-20047 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and  ...)
 	NOT-FOR-US: Alcatel-Lucent OmniVista 4760 devices
-CVE-2019-20046
-	RESERVED
-CVE-2019-20045
-	RESERVED
+CVE-2019-20046 (The Synergy Systems & Solutions PLC & RTU system has a vulnera ...)
+	TODO: check
+CVE-2019-20045 (The Synergy Systems & Solutions PLC & RTU system has a vulnera ...)
+	TODO: check
 CVE-2019-20044
 	RESERVED
 CVE-2019-20040
@@ -12335,8 +12341,8 @@ CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers
 	NOTE: When fixing this issue make sure to apply as well
 	NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
 	NOTE: to not open CVE-2019-19926.
-CVE-2019-19879
-	RESERVED
+CVE-2019-19879 (HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain ...)
+	TODO: check
 CVE-2019-19878
 	RESERVED
 CVE-2019-19877
@@ -14093,23 +14099,23 @@ CVE-2019-19767 (The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize
 CVE-2019-19766 (The Bitwarden server through 1.32.0 has a potentially unwanted KDF. ...)
 	NOT-FOR-US: Bitwarden server
 CVE-2019-19765
-	RESERVED
+	REJECTED
 CVE-2019-19764
-	RESERVED
+	REJECTED
 CVE-2019-19763
-	RESERVED
+	REJECTED
 CVE-2019-19762
-	RESERVED
+	REJECTED
 CVE-2019-19761
 	RESERVED
 CVE-2019-19760
 	RESERVED
 CVE-2019-19759
 	RESERVED
-CVE-2019-19758
-	RESERVED
-CVE-2019-19757
-	RESERVED
+CVE-2019-19758 (A vulnerability in the web interface of Lenovo EZ Media & Backup C ...)
+	TODO: check
+CVE-2019-19757 (An internal product security audit of Lenovo XClarity Administrator (L ...)
+	TODO: check
 CVE-2019-19756
 	RESERVED
 CVE-2019-19755
@@ -15519,10 +15525,10 @@ CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP Aut
 	NOT-FOR-US: Ktor
 CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML Ext ...)
 	NOT-FOR-US: Modoboa
-CVE-2018-21033
-	RESERVED
-CVE-2018-21032
-	RESERVED
+CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Au ...)
+	TODO: check
+CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi ...)
+	TODO: check
 CVE-2020-2509
 	RESERVED
 CVE-2020-2508
@@ -45978,8 +45984,8 @@ CVE-2019-11217 (The GitController in Jakub Chodounsky Bonobo Git Server before 6
 	NOT-FOR-US: Bonobo Git Server
 CVE-2019-11216 (BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the i ...)
 	NOT-FOR-US: BMC Smart Reporting
-CVE-2019-11215
-	RESERVED
+CVE-2019-11215 (In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writ ...)
+	TODO: check
 CVE-2019-11214
 	RESERVED
 CVE-2019-11213 (In Pulse Secure Pulse Desktop Client and Network Connect, an attacker  ...)
@@ -60408,18 +60414,18 @@ CVE-2019-6197
 	RESERVED
 CVE-2019-6196
 	RESERVED
-CVE-2019-6195
-	RESERVED
-CVE-2019-6194
-	RESERVED
-CVE-2019-6193
-	RESERVED
+CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...)
+	TODO: check
+CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in  ...)
+	TODO: check
+CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo XClarit ...)
+	TODO: check
 CVE-2019-6192 (A potential vulnerability has been reported in Lenovo Power Management ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-6191 (A potential vulnerability in the discontinued LenovoPaper software ver ...)
 	NOT-FOR-US: Lenovo
-CVE-2019-6190
-	RESERVED
+CVE-2019-6190 (Lenovo was notified of a potential denial of service vulnerability, af ...)
+	TODO: check
 CVE-2019-6189 (A potential vulnerability was reported in Lenovo System Interface Foun ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b9a68bca18b52a74f0efcd61692037ffbde5ace

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b9a68bca18b52a74f0efcd61692037ffbde5ace
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200214/c4616b2f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list