[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Feb 15 08:10:21 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16956093 by security tracker role at 2020-02-15T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1867,10 +1867,10 @@ CVE-2020-8131
 	RESERVED
 CVE-2020-8130
 	RESERVED
-CVE-2020-8129
-	RESERVED
-CVE-2020-8128
-	RESERVED
+CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...)
+	TODO: check
+CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities  ...)
+	TODO: check
 CVE-2020-8127
 	RESERVED
 CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...)
@@ -6499,8 +6499,8 @@ CVE-2020-6070
 	RESERVED
 CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
 	NOT-FOR-US: Accusoft ImageGear
-CVE-2020-6068
-	RESERVED
+CVE-2020-6068 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
+	TODO: check
 CVE-2020-6067 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
 	NOT-FOR-US: Accusoft ImageGear
 CVE-2020-6066 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
@@ -31593,15 +31593,15 @@ CVE-2019-15596 (A path traversal in statics-server exists in all version that al
 	NOT-FOR-US: Node module statics-server
 CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller =<3.10.6 th ...)
 	NOT-FOR-US: UniFi Video Controller
-CVE-2019-15594
-	RESERVED
+CVE-2019-15594 (GitLab 11.8 and later contains a security vulnerability that allows a  ...)
+	TODO: check
 CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a user to  ...)
 	[experimental] - gitlab 12.0.8-1
 	- gitlab <unfixed>
 	NOTE: https://hackerone.com/reports/557154
 	NOTE: https://gitlab.com/gitlab-org/gitlab/commit/5af535d919c50951513f5859730afd924a01c29b
-CVE-2019-15592
-	RESERVED
+CVE-2019-15592 (GitLab 12.2.2 and below contains a security vulnerability that allows  ...)
+	TODO: check
 CVE-2019-15591 (An improper access control vulnerability exists in GitLab <12.3.3 t ...)
 	- gitlab <unfixed>
 	NOTE: https://hackerone.com/reports/676976
@@ -37261,12 +37261,12 @@ CVE-2019-13969 (Metinfo 6.x allows SQL Injection via the id parameter in an admi
 	NOT-FOR-US: Metinfo
 CVE-2019-13968
 	RESERVED
-CVE-2019-13967
-	RESERVED
-CVE-2019-13966
-	RESERVED
-CVE-2019-13965
-	RESERVED
+CVE-2019-13967 (iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of  ...)
+	TODO: check
+CVE-2019-13966 (In iTop through 2.6.0, an XSS payload can be delivered in certain fiel ...)
+	TODO: check
+CVE-2019-13965 (Because of a lack of sanitization around error messages, multiple Refl ...)
+	TODO: check
 CVE-2019-13964
 	RESERVED
 CVE-2019-13963
@@ -45349,7 +45349,7 @@ CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3
 	[jessie] - gnome-desktop3 <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112
 CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() functions ...)
-	{DLA-1882-1 DLA-1881-1}
+	{DSA-4624-1 DLA-1882-1 DLA-1881-1}
 	- atril 1.22.3-1 (unimportant; bug #927821)
 	[buster] - atril 1.20.3-1+deb10u1
 	- evince 3.32.0-3 (unimportant; bug #927820)
@@ -50472,7 +50472,7 @@ CVE-2019-1010008 (OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross
 CVE-2019-1010007
 	RESERVED
 CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Pos ...)
-	{DLA-1882-1 DLA-1881-1}
+	{DSA-4624-1 DLA-1882-1 DLA-1881-1}
 	- atril 1.22.2-1
 	[buster] - atril 1.20.3-1+deb10u1
 	- evince 3.27.92-1
@@ -62948,8 +62948,8 @@ CVE-2019-5188 (A code execution vulnerability exists in the directory rehashing
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff
 	NOTE: Further hardening: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba137571ba13755337e19c9a826dfc874562a36e1b24d3
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
-CVE-2019-5187
-	RESERVED
+CVE-2019-5187 (An exploitable out-of-bounds write vulnerability exists in the TIFread ...)
+	TODO: check
 CVE-2019-5186
 	RESERVED
 CVE-2019-5185
@@ -64677,8 +64677,8 @@ CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.
 	NOT-FOR-US: IBM
 CVE-2019-4393
 	RESERVED
-CVE-2019-4392
-	RESERVED
+CVE-2019-4392 (HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded cred ...)
+	TODO: check
 CVE-2019-4391
 	RESERVED
 CVE-2019-4390
@@ -131482,7 +131482,7 @@ CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections ...)
 CVE-2017-1000207 (A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger c ...)
 	NOT-FOR-US: Swagger-Parser
 CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This af ...)
-	{DLA-1882-1 DLA-1881-1 DLA-1204-1}
+	{DSA-4624-1 DLA-1882-1 DLA-1881-1 DLA-1204-1}
 	- atril 1.20.0-1 (low)
 	[stretch] - atril <no-dsa> (Minor issue)
 	- evince 3.25.92-1 (low)
@@ -206159,8 +206159,8 @@ CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the Fiddle::
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
-CVE-2016-2338
-	RESERVED
+CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the Psych::Emitte ...)
+	TODO: check
 CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ...)
 	{DLA-1480-1}
 	- ruby2.3 2.3.0-1
@@ -272567,8 +272567,7 @@ CVE-2013-4213 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does no
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2013-4212 (Certain getText methods in the ActionSupport controller in Apache Roll ...)
 	NOT-FOR-US: Apache Roller
-CVE-2013-4211
-	RESERVED
+CVE-2013-4211 (A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to ...)
 	NOT-FOR-US: OpenX
 CVE-2013-4210 (The org.jboss.remoting.transport.socket.ServerThread class in Red Hat  ...)
 	NOT-FOR-US: JBoss Remoting



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16956093fdd1e6f08f59016ebb5af3df7c196d2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16956093fdd1e6f08f59016ebb5af3df7c196d2c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200215/415f2d19/attachment.html>

More information about the debian-security-tracker-commits mailing list