[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 15 08:10:21 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
16956093 by security tracker role at 2020-02-15T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1867,10 +1867,10 @@ CVE-2020-8131
RESERVED
CVE-2020-8130
RESERVED
-CVE-2020-8129
- RESERVED
-CVE-2020-8128
- RESERVED
+CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...)
+ TODO: check
+CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities ...)
+ TODO: check
CVE-2020-8127
RESERVED
CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...)
@@ -6499,8 +6499,8 @@ CVE-2020-6070
RESERVED
CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
NOT-FOR-US: Accusoft ImageGear
-CVE-2020-6068
- RESERVED
+CVE-2020-6068 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
+ TODO: check
CVE-2020-6067 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2020-6066 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
@@ -31593,15 +31593,15 @@ CVE-2019-15596 (A path traversal in statics-server exists in all version that al
NOT-FOR-US: Node module statics-server
CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller =<3.10.6 th ...)
NOT-FOR-US: UniFi Video Controller
-CVE-2019-15594
- RESERVED
+CVE-2019-15594 (GitLab 11.8 and later contains a security vulnerability that allows a ...)
+ TODO: check
CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a user to ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE: https://hackerone.com/reports/557154
NOTE: https://gitlab.com/gitlab-org/gitlab/commit/5af535d919c50951513f5859730afd924a01c29b
-CVE-2019-15592
- RESERVED
+CVE-2019-15592 (GitLab 12.2.2 and below contains a security vulnerability that allows ...)
+ TODO: check
CVE-2019-15591 (An improper access control vulnerability exists in GitLab <12.3.3 t ...)
- gitlab <unfixed>
NOTE: https://hackerone.com/reports/676976
@@ -37261,12 +37261,12 @@ CVE-2019-13969 (Metinfo 6.x allows SQL Injection via the id parameter in an admi
NOT-FOR-US: Metinfo
CVE-2019-13968
RESERVED
-CVE-2019-13967
- RESERVED
-CVE-2019-13966
- RESERVED
-CVE-2019-13965
- RESERVED
+CVE-2019-13967 (iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2019-13966 (In iTop through 2.6.0, an XSS payload can be delivered in certain fiel ...)
+ TODO: check
+CVE-2019-13965 (Because of a lack of sanitization around error messages, multiple Refl ...)
+ TODO: check
CVE-2019-13964
RESERVED
CVE-2019-13963
@@ -45349,7 +45349,7 @@ CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3
[jessie] - gnome-desktop3 <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112
CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() functions ...)
- {DLA-1882-1 DLA-1881-1}
+ {DSA-4624-1 DLA-1882-1 DLA-1881-1}
- atril 1.22.3-1 (unimportant; bug #927821)
[buster] - atril 1.20.3-1+deb10u1
- evince 3.32.0-3 (unimportant; bug #927820)
@@ -50472,7 +50472,7 @@ CVE-2019-1010008 (OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross
CVE-2019-1010007
RESERVED
CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Pos ...)
- {DLA-1882-1 DLA-1881-1}
+ {DSA-4624-1 DLA-1882-1 DLA-1881-1}
- atril 1.22.2-1
[buster] - atril 1.20.3-1+deb10u1
- evince 3.27.92-1
@@ -62948,8 +62948,8 @@ CVE-2019-5188 (A code execution vulnerability exists in the directory rehashing
NOTE: Fixed by: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff
NOTE: Further hardening: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba137571ba13755337e19c9a826dfc874562a36e1b24d3
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
-CVE-2019-5187
- RESERVED
+CVE-2019-5187 (An exploitable out-of-bounds write vulnerability exists in the TIFread ...)
+ TODO: check
CVE-2019-5186
RESERVED
CVE-2019-5185
@@ -64677,8 +64677,8 @@ CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.
NOT-FOR-US: IBM
CVE-2019-4393
RESERVED
-CVE-2019-4392
- RESERVED
+CVE-2019-4392 (HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded cred ...)
+ TODO: check
CVE-2019-4391
RESERVED
CVE-2019-4390
@@ -131482,7 +131482,7 @@ CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections ...)
CVE-2017-1000207 (A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger c ...)
NOT-FOR-US: Swagger-Parser
CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This af ...)
- {DLA-1882-1 DLA-1881-1 DLA-1204-1}
+ {DSA-4624-1 DLA-1882-1 DLA-1881-1 DLA-1204-1}
- atril 1.20.0-1 (low)
[stretch] - atril <no-dsa> (Minor issue)
- evince 3.25.92-1 (low)
@@ -206159,8 +206159,8 @@ CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the Fiddle::
NOTE: Fixed by: https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42
NOTE: Fixed by: https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
NOTE: Fixed by: https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
-CVE-2016-2338
- RESERVED
+CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the Psych::Emitte ...)
+ TODO: check
CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ...)
{DLA-1480-1}
- ruby2.3 2.3.0-1
@@ -272567,8 +272567,7 @@ CVE-2013-4213 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does no
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-4212 (Certain getText methods in the ActionSupport controller in Apache Roll ...)
NOT-FOR-US: Apache Roller
-CVE-2013-4211
- RESERVED
+CVE-2013-4211 (A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to ...)
NOT-FOR-US: OpenX
CVE-2013-4210 (The org.jboss.remoting.transport.socket.ServerThread class in Red Hat ...)
NOT-FOR-US: JBoss Remoting
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16956093fdd1e6f08f59016ebb5af3df7c196d2c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16956093fdd1e6f08f59016ebb5af3df7c196d2c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200215/415f2d19/attachment.html>
More information about the debian-security-tracker-commits
mailing list