[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jan 3 20:10:37 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c3119195 by security tracker role at 2020-01-03T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,169 @@
+CVE-2020-5394
+	RESERVED
+CVE-2020-5393
+	RESERVED
+CVE-2020-5392
+	RESERVED
+CVE-2020-5391
+	RESERVED
+CVE-2020-5390
+	RESERVED
+CVE-2020-5389
+	RESERVED
+CVE-2020-5388
+	RESERVED
+CVE-2020-5387
+	RESERVED
+CVE-2020-5386
+	RESERVED
+CVE-2020-5385
+	RESERVED
+CVE-2020-5384
+	RESERVED
+CVE-2020-5383
+	RESERVED
+CVE-2020-5382
+	RESERVED
+CVE-2020-5381
+	RESERVED
+CVE-2020-5380
+	RESERVED
+CVE-2020-5379
+	RESERVED
+CVE-2020-5378
+	RESERVED
+CVE-2020-5377
+	RESERVED
+CVE-2020-5376
+	RESERVED
+CVE-2020-5375
+	RESERVED
+CVE-2020-5374
+	RESERVED
+CVE-2020-5373
+	RESERVED
+CVE-2020-5372
+	RESERVED
+CVE-2020-5371
+	RESERVED
+CVE-2020-5370
+	RESERVED
+CVE-2020-5369
+	RESERVED
+CVE-2020-5368
+	RESERVED
+CVE-2020-5367
+	RESERVED
+CVE-2020-5366
+	RESERVED
+CVE-2020-5365
+	RESERVED
+CVE-2020-5364
+	RESERVED
+CVE-2020-5363
+	RESERVED
+CVE-2020-5362
+	RESERVED
+CVE-2020-5361
+	RESERVED
+CVE-2020-5360
+	RESERVED
+CVE-2020-5359
+	RESERVED
+CVE-2020-5358
+	RESERVED
+CVE-2020-5357
+	RESERVED
+CVE-2020-5356
+	RESERVED
+CVE-2020-5355
+	RESERVED
+CVE-2020-5354
+	RESERVED
+CVE-2020-5353
+	RESERVED
+CVE-2020-5352
+	RESERVED
+CVE-2020-5351
+	RESERVED
+CVE-2020-5350
+	RESERVED
+CVE-2020-5349
+	RESERVED
+CVE-2020-5348
+	RESERVED
+CVE-2020-5347
+	RESERVED
+CVE-2020-5346
+	RESERVED
+CVE-2020-5345
+	RESERVED
+CVE-2020-5344
+	RESERVED
+CVE-2020-5343
+	RESERVED
+CVE-2020-5342
+	RESERVED
+CVE-2020-5341
+	RESERVED
+CVE-2020-5340
+	RESERVED
+CVE-2020-5339
+	RESERVED
+CVE-2020-5338
+	RESERVED
+CVE-2020-5337
+	RESERVED
+CVE-2020-5336
+	RESERVED
+CVE-2020-5335
+	RESERVED
+CVE-2020-5334
+	RESERVED
+CVE-2020-5333
+	RESERVED
+CVE-2020-5332
+	RESERVED
+CVE-2020-5331
+	RESERVED
+CVE-2020-5330
+	RESERVED
+CVE-2020-5329
+	RESERVED
+CVE-2020-5328
+	RESERVED
+CVE-2020-5327
+	RESERVED
+CVE-2020-5326
+	RESERVED
+CVE-2020-5325
+	RESERVED
+CVE-2020-5324
+	RESERVED
+CVE-2020-5323
+	RESERVED
+CVE-2020-5322
+	RESERVED
+CVE-2020-5321
+	RESERVED
+CVE-2020-5320
+	RESERVED
+CVE-2020-5319
+	RESERVED
+CVE-2020-5318
+	RESERVED
+CVE-2020-5317
+	RESERVED
+CVE-2020-5316
+	RESERVED
+CVE-2020-5315
+	RESERVED
+CVE-2019-20333
+	RESERVED
+CVE-2019-20332
+	RESERVED
+CVE-2019-20331
+	RESERVED
 CVE-2020-5314
 	RESERVED
 CVE-2020-5313 (libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...)
@@ -9076,8 +9242,8 @@ CVE-2020-1873
 	RESERVED
 CVE-2020-1872
 	RESERVED
-CVE-2020-1871
-	RESERVED
+CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...)
+	TODO: check
 CVE-2020-1870
 	RESERVED
 CVE-2020-1869
@@ -9248,8 +9414,8 @@ CVE-2020-1787
 	RESERVED
 CVE-2020-1786
 	RESERVED
-CVE-2020-1785
-	RESERVED
+CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of ser ...)
+	TODO: check
 CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...)
 	NOT-FOR-US: SCEditor
 CVE-2019-19465
@@ -9308,8 +9474,8 @@ CVE-2019-19443
 	RESERVED
 CVE-2019-19442
 	RESERVED
-CVE-2019-19441
-	RESERVED
+CVE-2019-19441 (HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1 ...)
+	TODO: check
 CVE-2019-19440
 	RESERVED
 CVE-2019-19439
@@ -9786,16 +9952,13 @@ CVE-2019-19312 [Forked project information disclosed via Project API]
 	RESERVED
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19311 [Stored XSS in Group and User profile fields]
-	RESERVED
+CVE-2019-19311 (GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group an ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19310 [Disclosure of AWS secret keys on certain Admin pages]
-	RESERVED
+CVE-2019-19310 (GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Infor ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19309 [Private objects exposed through project import]
-	RESERVED
+CVE-2019-19309 (GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorre ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
 CVE-2019-19330 (The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, ...)
@@ -9937,21 +10100,17 @@ CVE-2019-19265
 	RESERVED
 CVE-2019-19264 (In Simplifile RecordFusion through 2019-11-25, the logs and hist param ...)
 	NOT-FOR-US: Simplifile RecordFusion
-CVE-2019-19263 [Tags pushes from blocked users]
-	RESERVED
+CVE-2019-19263 (GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19262 [Unauthorized access to grafana metrics]
-	RESERVED
+CVE-2019-19262 (GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecur ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-2-released/
-CVE-2019-19261 [DNS Rebind SSRF in various chat notifications]
-	RESERVED
+CVE-2019-19261 (GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19260 [Former project members able to access repository information]
-	RESERVED
+CVE-2019-19260 (GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 ...)
 	[experimental] - gitlab 12.2.9-5
 	- gitlab <unfixed>
 	- gitlab-workhorse 8.8.1+debian-3
@@ -9960,29 +10119,23 @@ CVE-2019-19260 [Former project members able to access repository information]
 	[experimental] - gitaly 1.65.2+dfsg-1
 	- gitaly <unfixed>
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19259 [IDOR when adding users to protected environments]
-	RESERVED
+CVE-2019-19259 (GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an I ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19258 [Branches and Commits exposed to Guest members via integration]
-	RESERVED
+CVE-2019-19258 (GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorre ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19257 [Exposure of related branch names]
-	RESERVED
+CVE-2019-19257 (GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 ...)
 	[experimental] - gitlab 12.2.9-5
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19256 [Disclosure of vulnerability status in dependency list]
-	RESERVED
+CVE-2019-19256 (GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorre ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19255 [Todos created for former project members]
-	RESERVED
+CVE-2019-19255 (GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorre ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19254 [Disclosure of commit count in Cycle Analytics]
-	RESERVED
+CVE-2019-19254 (GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and lat ...)
 	[experimental] - gitlab 12.2.9-5
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
@@ -10382,16 +10535,13 @@ CVE-2019-19090
 	RESERVED
 CVE-2019-19089
 	RESERVED
-CVE-2019-19088 [Path traversal with potential remote code execution]
-	RESERVED
+CVE-2019-19088 (Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Tr ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19087 [Disclosure of comments via Elasticsearch integration]
-	RESERVED
+CVE-2019-19087 (Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions  ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19086 [Disclosure of notes via Elasticsearch integration]
-	RESERVED
+CVE-2019-19086 (Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions  ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
 CVE-2019-19085 (A persistent cross-site scripting (XSS) vulnerability in Octopus Serve ...)
@@ -19214,7 +19364,7 @@ CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff
 CVE-2019-16870
 	RESERVED
 CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...)
-	{DLA-1941-1}
+	{DSA-4597-1 DLA-1941-1}
 	- netty 1:4.1.33-2 (bug #941266)
 	NOTE: https://github.com/netty/netty/issues/9571
 	NOTE: https://github.com/netty/netty/commit/39cafcb05c99f2aa9fce7e6597664c9ed6a63a95
@@ -34673,10 +34823,10 @@ CVE-2019-11996 (Potential security vulnerabilities have been identified with HPE
 	NOT-FOR-US: HPE
 CVE-2019-11995 (Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unaut ...)
 	NOT-FOR-US: HPE UIoT
-CVE-2019-11994
-	RESERVED
-CVE-2019-11993
-	RESERVED
+CVE-2019-11994 (A security vulnerability has been identified in HPE SimpliVity 380 Gen ...)
+	TODO: check
+CVE-2019-11993 (A security vulnerability has been identified in HPE SimpliVity 380 Gen ...)
+	TODO: check
 CVE-2019-11992 (A security vulnerability in HPE OneView for VMware vCenter 9.5 could b ...)
 	NOT-FOR-US: HPE OneView for VMware vCenter
 CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service Processor (SP)  ...)
@@ -53634,8 +53784,8 @@ CVE-2019-5306 (There is a Factory Reset Protection (FRP) bypass security vulnera
 	NOT-FOR-US: Huawei
 CVE-2019-5305 (The image processing module of some Huawei Mate 10 smartphones version ...)
 	NOT-FOR-US: Huawei
-CVE-2019-5304
-	RESERVED
+CVE-2019-5304 (Some Huawei products have a buffer error vulnerability. An unauthentic ...)
+	TODO: check
 CVE-2019-5303
 	RESERVED
 CVE-2019-5302
@@ -54139,10 +54289,10 @@ CVE-2019-5066 (An exploitable use-after-free vulnerability exists in the way LZW
 	NOT-FOR-US: Aspose
 CVE-2019-5065 (An exploitable information disclosure vulnerability exists in the pack ...)
 	NOT-FOR-US: Blynk
-CVE-2019-5064
-	RESERVED
-CVE-2019-5063
-	RESERVED
+CVE-2019-5064 (An exploitable heap buffer overflow vulnerability exists in the data s ...)
+	TODO: check
+CVE-2019-5063 (An exploitable heap buffer overflow vulnerability exists in the data s ...)
+	TODO: check
 CVE-2019-5062 (An exploitable denial-of-service vulnerability exists in the 802.11w s ...)
 	TODO: check
 CVE-2019-5061 (An exploitable denial-of-service vulnerability exists in the hostapd 2 ...)
@@ -280773,8 +280923,7 @@ CVE-2012-4453 (dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedor
 	[squeeze] - dracut <no-dsa> (Minor issue)
 CVE-2012-4452 (MySQL 5.0.88, and possibly other versions and platforms, allows local  ...)
 	- mysql-dfsg-5.0 <not-affected> (Debian never included that 5.0.88 release)
-CVE-2012-4451 [php-ZendFramework: XSS vectors in multiple Zend Framework components ZF2012-03]
-	RESERVED
+CVE-2012-4451 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework  ...)
 	- zendframework <not-affected> (Vulnerable code introduced in 2.x, #688946)
 CVE-2012-4450 (389 Directory Server 1.2.10 does not properly update the ACL when a DN ...)
 	- 389-ds-base 1.2.11.15-1 (bug #688942)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c311919502df4e3fed60631e3a86ac9b0115637a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c311919502df4e3fed60631e3a86ac9b0115637a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200103/8c7ef302/attachment.html>


More information about the debian-security-tracker-commits mailing list