[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 17 08:10:38 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34c0451d by security tracker role at 2020-01-17T08:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-7215
+ RESERVED
+CVE-2020-7214
+ RESERVED
+CVE-2020-7213
+ RESERVED
+CVE-2020-7212
+ RESERVED
+CVE-2020-7211
+ RESERVED
+CVE-2020-7210
+ RESERVED
CVE-2020-7209
RESERVED
CVE-2020-7208
@@ -330,10 +342,10 @@ CVE-2020-7050
RESERVED
CVE-2020-7049
RESERVED
-CVE-2020-7048
- RESERVED
-CVE-2020-7047
- RESERVED
+CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...)
+ TODO: check
+CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...)
+ TODO: check
CVE-2020-7046
RESERVED
CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...)
@@ -355,8 +367,7 @@ CVE-2020-7041
RESERVED
CVE-2020-7040
RESERVED
-CVE-2020-7039 [OOB buffer access while emulating tcp protocols in tcp_emu()]
- RESERVED
+CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...)
- libslirp <unfixed> (bug #949084)
- qemu 1:4.1-2
- qemu-kvm <removed>
@@ -3817,8 +3828,8 @@ CVE-2020-5400
RESERVED
CVE-2020-5399
RESERVED
-CVE-2020-5398
- RESERVED
+CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...)
+ TODO: check
CVE-2020-5397
RESERVED
CVE-2020-5396
@@ -8781,10 +8792,10 @@ CVE-2019-19804
RESERVED
CVE-2019-19803
RESERVED
-CVE-2019-19802
- RESERVED
-CVE-2019-19801
- RESERVED
+CVE-2019-19802 (In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8. ...)
+ TODO: check
+CVE-2019-19801 (In Gallagher Command Centre Server versions of v8.10 prior to v8.10.11 ...)
+ TODO: check
CVE-2019-19800
RESERVED
CVE-2019-19799
@@ -14395,8 +14406,8 @@ CVE-2019-19144
RESERVED
CVE-2019-19143
RESERVED
-CVE-2019-19142
- RESERVED
+CVE-2019-19142 (Intelbras WRN240 devices do not require authentication to replace the ...)
+ TODO: check
CVE-2019-19141 (The Camera Upload functionality in Plex Media Server through 1.18.2.20 ...)
NOT-FOR-US: Plex Media Server
CVE-2019-19140
@@ -22184,8 +22195,8 @@ CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string functi
[stretch] - libtomcrypt <no-dsa> (Minor issue)
NOTE: https://github.com/libtom/libtomcrypt/issues/507
NOTE: https://github.com/libtom/libtomcrypt/pull/508
-CVE-2019-17361
- RESERVED
+CVE-2019-17361 (In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh ...)
+ TODO: check
CVE-2019-17360 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 a ...)
NOT-FOR-US: Hitachi
CVE-2018-21026 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 a ...)
@@ -26586,8 +26597,8 @@ CVE-2019-15744 (The Sony Xperia Xperia XZs Android device with a build fingerpri
NOT-FOR-US: Sony
CVE-2019-15743 (The Sony Xperia Touch Android device with a build fingerprint of Sony/ ...)
NOT-FOR-US: Sony
-CVE-2019-15742
- RESERVED
+CVE-2019-15742 (A local privilege-escalation vulnerability exists in the Poly Plantron ...)
+ TODO: check
CVE-2019-15741 (An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsaf ...)
NOT-FOR-US: GitLab Omnibus
CVE-2019-15740 (An issue was discovered in GitLab Community and Enterprise Edition 7.9 ...)
@@ -47065,8 +47076,7 @@ CVE-2019-9505 (The PrinterLogic Print Management software, versions up to and in
NOT-FOR-US: PrinterLogic Print Management
CVE-2019-9504
RESERVED
-CVE-2019-9503 [brcmfmac: add subtype check for event handling in data path]
- RESERVED
+CVE-2019-9503 (The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c ...)
{DSA-4465-1 DLA-1824-1 DLA-1799-1}
- linux 4.19.37-4
NOTE: https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1)
@@ -47074,8 +47084,7 @@ CVE-2019-9502
RESERVED
CVE-2019-9501
RESERVED
-CVE-2019-9500 [brcmfmac: assure SSID length from firmware is limited]
- RESERVED
+CVE-2019-9500 (The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc ...)
{DSA-4465-1 DLA-1824-1}
- linux 4.19.37-4
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -58245,8 +58254,8 @@ CVE-2019-5147
RESERVED
CVE-2019-5146
RESERVED
-CVE-2019-5145
- RESERVED
+CVE-2019-5145 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
+ TODO: check
CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the derive_taps_ ...)
NOT-FOR-US: Kakadu Software SDK
CVE-2019-5143
@@ -58273,18 +58282,18 @@ CVE-2019-5133 (An exploitable out-of-bounds write vulnerability exists in the ig
NOT-FOR-US: ImageGear
CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
NOT-FOR-US: ImageGear
-CVE-2019-5131
- RESERVED
-CVE-2019-5130
- RESERVED
+CVE-2019-5131 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
+ TODO: check
+CVE-2019-5130 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
+ TODO: check
CVE-2019-5129 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
NOT-FOR-US: YouPHPTube Encoder
CVE-2019-5128 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
NOT-FOR-US: YouPHPTube Encoder
CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
NOT-FOR-US: YouPHPTube Encoder
-CVE-2019-5126
- RESERVED
+CVE-2019-5126 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
+ TODO: check
CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
NOT-FOR-US: LEADTOOLS
CVE-2019-5124
@@ -60665,8 +60674,8 @@ CVE-2019-3999
RESERVED
CVE-2019-3998
RESERVED
-CVE-2019-3997
- RESERVED
+CVE-2019-3997 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
+ TODO: check
CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy ...)
NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-3995 (ELOG 3.1.4-57bea22 and below is affected by a denial of service vulner ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c0451dca1dd5e9e71522a9fb3a159bad582d6e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c0451dca1dd5e9e71522a9fb3a159bad582d6e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200117/543eb35b/attachment.html>
More information about the debian-security-tracker-commits
mailing list