[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 6 08:10:34 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f1561993 by security tracker role at 2020-01-06T08:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2020-5518
+ RESERVED
+CVE-2020-5517
+ RESERVED
+CVE-2020-5516
+ RESERVED
+CVE-2020-5515
+ RESERVED
+CVE-2020-5514
+ RESERVED
+CVE-2020-5513
+ RESERVED
+CVE-2020-5512
+ RESERVED
+CVE-2020-5511
+ RESERVED
+CVE-2020-5510
+ RESERVED
+CVE-2020-5509
+ RESERVED
+CVE-2020-5508
+ RESERVED
+CVE-2019-20355
+ RESERVED
+CVE-2019-20354 (The web application component of piSignage before 2.6.4 allows a remot ...)
+ TODO: check
+CVE-2019-20353
+ RESERVED
+CVE-2019-20352 (In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occ ...)
+ TODO: check
+CVE-2019-20351
+ RESERVED
+CVE-2019-20350
+ RESERVED
+CVE-2019-20349
+ RESERVED
+CVE-2019-20348
+ RESERVED
+CVE-2019-20347
+ RESERVED
+CVE-2019-20346
+ RESERVED
+CVE-2019-20345
+ RESERVED
+CVE-2019-20344
+ RESERVED
+CVE-2019-20343
+ RESERVED
+CVE-2019-20342
+ RESERVED
+CVE-2019-20341
+ RESERVED
+CVE-2019-20340
+ RESERVED
+CVE-2019-20339
+ RESERVED
+CVE-2019-20338
+ RESERVED
+CVE-2019-20337 (In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.p ...)
+ TODO: check
+CVE-2019-20336 (In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-resu ...)
+ TODO: check
+CVE-2019-20335
+ RESERVED
CVE-2020-5507
RESERVED
CVE-2020-5506
@@ -429,10 +493,10 @@ CVE-2020-5308
RESERVED
CVE-2020-5307
RESERVED
-CVE-2020-5306
- RESERVED
-CVE-2020-5305
- RESERVED
+CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display name, t ...)
+ TODO: check
+CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of ...)
+ TODO: check
CVE-2020-5304
RESERVED
CVE-2020-5303
@@ -883,10 +947,10 @@ CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in the backend in Open-X
NOT-FOR-US: Open-Xchange App Suite
CVE-2020-5193
RESERVED
-CVE-2020-5192
- RESERVED
-CVE-2020-5191
- RESERVED
+CVE-2020-5192 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...)
+ TODO: check
+CVE-2020-5191 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...)
+ TODO: check
CVE-2020-5190
RESERVED
CVE-2020-5189
@@ -1181,12 +1245,12 @@ CVE-2019-20157
RESERVED
CVE-2019-20156
RESERVED
-CVE-2019-20155
- RESERVED
-CVE-2019-20154
- RESERVED
-CVE-2019-20153
- RESERVED
+CVE-2019-20155 (An issue was discovered in report_edit.jsp in Determine (formerly Sele ...)
+ TODO: check
+CVE-2019-20154 (An issue was discovered in Determine (formerly Selectica) Contract Lif ...)
+ TODO: check
+CVE-2019-20153 (An issue was discovered in Determine (formerly Selectica) Contract Lif ...)
+ TODO: check
CVE-2019-20152
RESERVED
CVE-2019-20151
@@ -3759,8 +3823,8 @@ CVE-2019-20079 (The autocmd feature in window.c in Vim before 8.1.2136 accesses
NOTE: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421
CVE-2019-20078
RESERVED
-CVE-2019-20077
- RESERVED
+CVE-2019-20077 (The Typesetter CMS 5.1 logout functionality is affected by a CSRF vuln ...)
+ TODO: check
CVE-2019-20076 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username par ...)
NOT-FOR-US: Netis DL4323 devices
CVE-2019-20075 (On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). ...)
@@ -3950,8 +4014,8 @@ CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The functi
TODO: check
CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
TODO: check
-CVE-2019-20004
- RESERVED
+CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the ...)
+ TODO: check
CVE-2019-20003
RESERVED
CVE-2019-20002
@@ -4243,8 +4307,7 @@ CVE-2019-19913
RESERVED
CVE-2019-19912
RESERVED
-CVE-2019-19911 [Raise an error for an invalid number of bands in FPX image]
- RESERVED
+CVE-2019-19911 (There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ...)
- pillow <unfixed> (bug #948224)
NOTE: https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d (6.2.2)
CVE-2019-19910 (The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 ...)
@@ -7842,12 +7905,10 @@ CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_str
[stretch] - htmldoc <no-dsa> (Minor issue)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/370
NOTE: https://github.com/michaelrsweet/htmldoc/commit/8a129c520e90fc967351f3e165f967128a88f09c
-CVE-2019-19629 [Disclosure of private code via Elasticsearch integration]
- RESERVED
+CVE-2019-19629 (In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferrin ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/
-CVE-2019-19628 [Path traversal with potential remote code execution]
- RESERVED
+CVE-2019-19628 (In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient par ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/
CVE-2019-19627 (SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-rela ...)
@@ -10206,16 +10267,13 @@ CVE-2019-19316 (When using the Azure backend with a shared access signature (SAS
NOT-FOR-US: Terraform
CVE-2019-19315 (NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitr ...)
NOT-FOR-US: Nalpeiron Licensing Service
-CVE-2019-19314 [Tokens stored in plaintext]
- RESERVED
+CVE-2019-19314 (GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens i ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19313 [Denial of Service in the issue and commit comment pages]
- RESERVED
+CVE-2019-19313 (GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Servi ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19312 [Forked project information disclosed via Project API]
- RESERVED
+CVE-2019-19312 (GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access C ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19311 (GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group an ...)
@@ -10360,10 +10418,10 @@ CVE-2019-19268
RESERVED
CVE-2019-19267
RESERVED
-CVE-2019-19266
- RESERVED
-CVE-2019-19265
- RESERVED
+CVE-2019-19266 (IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably ...)
+ TODO: check
+CVE-2019-19265 (IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably ...)
+ TODO: check
CVE-2019-19264 (In Simplifile RecordFusion through 2019-11-25, the logs and hist param ...)
NOT-FOR-US: Simplifile RecordFusion
CVE-2019-19263 (GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure ...)
@@ -52268,14 +52326,14 @@ CVE-2019-5992 (Cross-site request forgery (CSRF) vulnerability in WordPress Ultr
NOT-FOR-US: WordPress Ultra Simple Paypal Shopping Cart
CVE-2019-5991 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allow ...)
NOT-FOR-US: Cybozu Garoon
-CVE-2019-5990
- RESERVED
-CVE-2019-5989
- RESERVED
-CVE-2019-5988
- RESERVED
-CVE-2019-5987
- RESERVED
+CVE-2019-5990 (Access analysis CGI An-Analyzer released in 2019 June 24 and earlier a ...)
+ TODO: check
+CVE-2019-5989 (DOM-based cross-site scripting vulnerability in Access analysis CGI An ...)
+ TODO: check
+CVE-2019-5988 (Stored cross-site scripting vulnerability in Access analysis CGI An-An ...)
+ TODO: check
+CVE-2019-5987 (Access analysis CGI An-Analyzer released in 2019 June 24 and earlier a ...)
+ TODO: check
CVE-2019-5986 (Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router ...)
NOT-FOR-US: Hikari
CVE-2019-5985 (Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f15619934c2fe7a6f123bc467f162ee4c915619f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f15619934c2fe7a6f123bc467f162ee4c915619f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200106/7be5a2d1/attachment.html>
More information about the debian-security-tracker-commits
mailing list