[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 3 20:10:37 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c3119195 by security tracker role at 2020-01-03T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,169 @@
+CVE-2020-5394
+ RESERVED
+CVE-2020-5393
+ RESERVED
+CVE-2020-5392
+ RESERVED
+CVE-2020-5391
+ RESERVED
+CVE-2020-5390
+ RESERVED
+CVE-2020-5389
+ RESERVED
+CVE-2020-5388
+ RESERVED
+CVE-2020-5387
+ RESERVED
+CVE-2020-5386
+ RESERVED
+CVE-2020-5385
+ RESERVED
+CVE-2020-5384
+ RESERVED
+CVE-2020-5383
+ RESERVED
+CVE-2020-5382
+ RESERVED
+CVE-2020-5381
+ RESERVED
+CVE-2020-5380
+ RESERVED
+CVE-2020-5379
+ RESERVED
+CVE-2020-5378
+ RESERVED
+CVE-2020-5377
+ RESERVED
+CVE-2020-5376
+ RESERVED
+CVE-2020-5375
+ RESERVED
+CVE-2020-5374
+ RESERVED
+CVE-2020-5373
+ RESERVED
+CVE-2020-5372
+ RESERVED
+CVE-2020-5371
+ RESERVED
+CVE-2020-5370
+ RESERVED
+CVE-2020-5369
+ RESERVED
+CVE-2020-5368
+ RESERVED
+CVE-2020-5367
+ RESERVED
+CVE-2020-5366
+ RESERVED
+CVE-2020-5365
+ RESERVED
+CVE-2020-5364
+ RESERVED
+CVE-2020-5363
+ RESERVED
+CVE-2020-5362
+ RESERVED
+CVE-2020-5361
+ RESERVED
+CVE-2020-5360
+ RESERVED
+CVE-2020-5359
+ RESERVED
+CVE-2020-5358
+ RESERVED
+CVE-2020-5357
+ RESERVED
+CVE-2020-5356
+ RESERVED
+CVE-2020-5355
+ RESERVED
+CVE-2020-5354
+ RESERVED
+CVE-2020-5353
+ RESERVED
+CVE-2020-5352
+ RESERVED
+CVE-2020-5351
+ RESERVED
+CVE-2020-5350
+ RESERVED
+CVE-2020-5349
+ RESERVED
+CVE-2020-5348
+ RESERVED
+CVE-2020-5347
+ RESERVED
+CVE-2020-5346
+ RESERVED
+CVE-2020-5345
+ RESERVED
+CVE-2020-5344
+ RESERVED
+CVE-2020-5343
+ RESERVED
+CVE-2020-5342
+ RESERVED
+CVE-2020-5341
+ RESERVED
+CVE-2020-5340
+ RESERVED
+CVE-2020-5339
+ RESERVED
+CVE-2020-5338
+ RESERVED
+CVE-2020-5337
+ RESERVED
+CVE-2020-5336
+ RESERVED
+CVE-2020-5335
+ RESERVED
+CVE-2020-5334
+ RESERVED
+CVE-2020-5333
+ RESERVED
+CVE-2020-5332
+ RESERVED
+CVE-2020-5331
+ RESERVED
+CVE-2020-5330
+ RESERVED
+CVE-2020-5329
+ RESERVED
+CVE-2020-5328
+ RESERVED
+CVE-2020-5327
+ RESERVED
+CVE-2020-5326
+ RESERVED
+CVE-2020-5325
+ RESERVED
+CVE-2020-5324
+ RESERVED
+CVE-2020-5323
+ RESERVED
+CVE-2020-5322
+ RESERVED
+CVE-2020-5321
+ RESERVED
+CVE-2020-5320
+ RESERVED
+CVE-2020-5319
+ RESERVED
+CVE-2020-5318
+ RESERVED
+CVE-2020-5317
+ RESERVED
+CVE-2020-5316
+ RESERVED
+CVE-2020-5315
+ RESERVED
+CVE-2019-20333
+ RESERVED
+CVE-2019-20332
+ RESERVED
+CVE-2019-20331
+ RESERVED
CVE-2020-5314
RESERVED
CVE-2020-5313 (libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...)
@@ -9076,8 +9242,8 @@ CVE-2020-1873
RESERVED
CVE-2020-1872
RESERVED
-CVE-2020-1871
- RESERVED
+CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...)
+ TODO: check
CVE-2020-1870
RESERVED
CVE-2020-1869
@@ -9248,8 +9414,8 @@ CVE-2020-1787
RESERVED
CVE-2020-1786
RESERVED
-CVE-2020-1785
- RESERVED
+CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of ser ...)
+ TODO: check
CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...)
NOT-FOR-US: SCEditor
CVE-2019-19465
@@ -9308,8 +9474,8 @@ CVE-2019-19443
RESERVED
CVE-2019-19442
RESERVED
-CVE-2019-19441
- RESERVED
+CVE-2019-19441 (HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1 ...)
+ TODO: check
CVE-2019-19440
RESERVED
CVE-2019-19439
@@ -9786,16 +9952,13 @@ CVE-2019-19312 [Forked project information disclosed via Project API]
RESERVED
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19311 [Stored XSS in Group and User profile fields]
- RESERVED
+CVE-2019-19311 (GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group an ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19310 [Disclosure of AWS secret keys on certain Admin pages]
- RESERVED
+CVE-2019-19310 (GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Infor ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19309 [Private objects exposed through project import]
- RESERVED
+CVE-2019-19309 (GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorre ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19330 (The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, ...)
@@ -9937,21 +10100,17 @@ CVE-2019-19265
RESERVED
CVE-2019-19264 (In Simplifile RecordFusion through 2019-11-25, the logs and hist param ...)
NOT-FOR-US: Simplifile RecordFusion
-CVE-2019-19263 [Tags pushes from blocked users]
- RESERVED
+CVE-2019-19263 (GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19262 [Unauthorized access to grafana metrics]
- RESERVED
+CVE-2019-19262 (GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecur ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-2-released/
-CVE-2019-19261 [DNS Rebind SSRF in various chat notifications]
- RESERVED
+CVE-2019-19261 (GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19260 [Former project members able to access repository information]
- RESERVED
+CVE-2019-19260 (GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 ...)
[experimental] - gitlab 12.2.9-5
- gitlab <unfixed>
- gitlab-workhorse 8.8.1+debian-3
@@ -9960,29 +10119,23 @@ CVE-2019-19260 [Former project members able to access repository information]
[experimental] - gitaly 1.65.2+dfsg-1
- gitaly <unfixed>
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19259 [IDOR when adding users to protected environments]
- RESERVED
+CVE-2019-19259 (GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an I ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19258 [Branches and Commits exposed to Guest members via integration]
- RESERVED
+CVE-2019-19258 (GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorre ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19257 [Exposure of related branch names]
- RESERVED
+CVE-2019-19257 (GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 ...)
[experimental] - gitlab 12.2.9-5
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19256 [Disclosure of vulnerability status in dependency list]
- RESERVED
+CVE-2019-19256 (GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorre ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19255 [Todos created for former project members]
- RESERVED
+CVE-2019-19255 (GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorre ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19254 [Disclosure of commit count in Cycle Analytics]
- RESERVED
+CVE-2019-19254 (GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and lat ...)
[experimental] - gitlab 12.2.9-5
- gitlab <unfixed>
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
@@ -10382,16 +10535,13 @@ CVE-2019-19090
RESERVED
CVE-2019-19089
RESERVED
-CVE-2019-19088 [Path traversal with potential remote code execution]
- RESERVED
+CVE-2019-19088 (Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Tr ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19087 [Disclosure of comments via Elasticsearch integration]
- RESERVED
+CVE-2019-19087 (Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19086 [Disclosure of notes via Elasticsearch integration]
- RESERVED
+CVE-2019-19086 (Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19085 (A persistent cross-site scripting (XSS) vulnerability in Octopus Serve ...)
@@ -19214,7 +19364,7 @@ CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff
CVE-2019-16870
RESERVED
CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...)
- {DLA-1941-1}
+ {DSA-4597-1 DLA-1941-1}
- netty 1:4.1.33-2 (bug #941266)
NOTE: https://github.com/netty/netty/issues/9571
NOTE: https://github.com/netty/netty/commit/39cafcb05c99f2aa9fce7e6597664c9ed6a63a95
@@ -34673,10 +34823,10 @@ CVE-2019-11996 (Potential security vulnerabilities have been identified with HPE
NOT-FOR-US: HPE
CVE-2019-11995 (Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unaut ...)
NOT-FOR-US: HPE UIoT
-CVE-2019-11994
- RESERVED
-CVE-2019-11993
- RESERVED
+CVE-2019-11994 (A security vulnerability has been identified in HPE SimpliVity 380 Gen ...)
+ TODO: check
+CVE-2019-11993 (A security vulnerability has been identified in HPE SimpliVity 380 Gen ...)
+ TODO: check
CVE-2019-11992 (A security vulnerability in HPE OneView for VMware vCenter 9.5 could b ...)
NOT-FOR-US: HPE OneView for VMware vCenter
CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) ...)
@@ -53634,8 +53784,8 @@ CVE-2019-5306 (There is a Factory Reset Protection (FRP) bypass security vulnera
NOT-FOR-US: Huawei
CVE-2019-5305 (The image processing module of some Huawei Mate 10 smartphones version ...)
NOT-FOR-US: Huawei
-CVE-2019-5304
- RESERVED
+CVE-2019-5304 (Some Huawei products have a buffer error vulnerability. An unauthentic ...)
+ TODO: check
CVE-2019-5303
RESERVED
CVE-2019-5302
@@ -54139,10 +54289,10 @@ CVE-2019-5066 (An exploitable use-after-free vulnerability exists in the way LZW
NOT-FOR-US: Aspose
CVE-2019-5065 (An exploitable information disclosure vulnerability exists in the pack ...)
NOT-FOR-US: Blynk
-CVE-2019-5064
- RESERVED
-CVE-2019-5063
- RESERVED
+CVE-2019-5064 (An exploitable heap buffer overflow vulnerability exists in the data s ...)
+ TODO: check
+CVE-2019-5063 (An exploitable heap buffer overflow vulnerability exists in the data s ...)
+ TODO: check
CVE-2019-5062 (An exploitable denial-of-service vulnerability exists in the 802.11w s ...)
TODO: check
CVE-2019-5061 (An exploitable denial-of-service vulnerability exists in the hostapd 2 ...)
@@ -280773,8 +280923,7 @@ CVE-2012-4453 (dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedor
[squeeze] - dracut <no-dsa> (Minor issue)
CVE-2012-4452 (MySQL 5.0.88, and possibly other versions and platforms, allows local ...)
- mysql-dfsg-5.0 <not-affected> (Debian never included that 5.0.88 release)
-CVE-2012-4451 [php-ZendFramework: XSS vectors in multiple Zend Framework components ZF2012-03]
- RESERVED
+CVE-2012-4451 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework ...)
- zendframework <not-affected> (Vulnerable code introduced in 2.x, #688946)
CVE-2012-4450 (389 Directory Server 1.2.10 does not properly update the ACL when a DN ...)
- 389-ds-base 1.2.11.15-1 (bug #688942)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c311919502df4e3fed60631e3a86ac9b0115637a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c311919502df4e3fed60631e3a86ac9b0115637a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200103/8c7ef302/attachment.html>
More information about the debian-security-tracker-commits
mailing list