[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
15cad7e6 by security tracker role at 2020-02-25T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...)
+	TODO: check
+CVE-2020-9384
+	RESERVED
+CVE-2020-9383
+	RESERVED
+CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 for Med ...)
+	TODO: check
+CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers to exe ...)
+	TODO: check
+CVE-2020-9380
+	RESERVED
+CVE-2020-9379
+	RESERVED
+CVE-2020-9378
+	RESERVED
+CVE-2020-9377
+	RESERVED
+CVE-2020-9376
+	RESERVED
+CVE-2020-9375
+	RESERVED
+CVE-2019-20482
+	RESERVED
 CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...)
 	NOT-FOR-US: TP-Link
 CVE-2020-9373
@@ -1266,10 +1290,10 @@ CVE-2020-8821
 	RESERVED
 CVE-2020-8820
 	RESERVED
-CVE-2020-8819
-	RESERVED
-CVE-2020-8818
-	RESERVED
+CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3.1.15 ...)
+	TODO: check
+CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...)
+	TODO: check
 CVE-2020-8817
 	RESERVED
 CVE-2020-8816
@@ -9214,7 +9238,7 @@ CVE-2020-5235 (There is a potentially exploitable out of memory condition In Nan
 	NOTE: https://github.com/nanopb/nanopb/commit/45582f1f97f49e2abfdba1463d1e1027682d9856
 	NOTE: https://github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3
 	NOTE: https://github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2
-CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vul ...)
+CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vu ...)
 	NOT-FOR-US: MessagePack for C#
 CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...)
 	NOT-FOR-US: OAuth2 Proxy
@@ -18186,8 +18210,7 @@ CVE-2020-1940 (The optional initial password change and password expiration feat
 	NOT-FOR-US: Apache Jackrabbit Oak
 CVE-2020-1939
 	RESERVED
-CVE-2020-1938 [Tomcat AJP local file inclusion]
-	RESERVED
+CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...)
 	- tomcat9 9.0.31-1 (bug #952437)
 	- tomcat8 <removed> (bug #952438)
 	- tomcat7 <removed> (bug #952436)
@@ -18208,13 +18231,11 @@ CVE-2020-1938 [Tomcat AJP local file inclusion]
 	NOTE: https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2 (7.0.100)
 	NOTE: https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba (7.0.100)
 	NOTE: https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645 (7.0.100)
-CVE-2020-1937
-	RESERVED
+CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the user  ...)
 	NOT-FOR-US: Apache Kylin
 CVE-2020-1936
 	RESERVED
-CVE-2020-1935
-	RESERVED
+CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...)
 	- tomcat9 9.0.31-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -26936,8 +26957,7 @@ CVE-2019-17570 (An untrusted deserialization was found in the org.apache.xmlrpc.
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/1
 	NOTE: Proposed patch: https://bugzilla.redhat.com/show_bug.cgi?id=1775193
 	NOTE: https://github.com/orangecertcc/xmlrpc-common-deserialization
-CVE-2019-17569
-	RESERVED
+CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8 ...)
 	- tomcat9 9.0.31-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15cad7e613ca88043dc32923fe7509ae652abc87

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15cad7e613ca88043dc32923fe7509ae652abc87
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200225/213501ba/attachment.html>