[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jan 25 20:10:33 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ce12aac by security tracker role at 2020-01-25T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary  ...)
+	TODO: check
 CVE-2020-7979
 	RESERVED
 CVE-2020-7978
@@ -849,8 +851,8 @@ CVE-2020-7598
 	RESERVED
 CVE-2020-7597
 	RESERVED
-CVE-2020-7596
-	RESERVED
+CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...)
+	TODO: check
 CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
 	- libxml2 <unfixed> (bug #949582)
 	[jessie] - libxml2 <no-dsa> (Minor issue)
@@ -60034,8 +60036,8 @@ CVE-2019-5185
 	RESERVED
 CVE-2019-5184
 	RESERVED
-CVE-2019-5183
-	RESERVED
+CVE-2019-5183 (An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL ...)
+	TODO: check
 CVE-2019-5182
 	RESERVED
 CVE-2019-5181
@@ -60117,10 +60119,10 @@ CVE-2019-5149
 	RESERVED
 CVE-2019-5148
 	RESERVED
-CVE-2019-5147
-	RESERVED
-CVE-2019-5146
-	RESERVED
+CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
+	TODO: check
+CVE-2019-5146 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
+	TODO: check
 CVE-2019-5145 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
 	NOT-FOR-US: Foxit PDF Reader
 CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the derive_taps_ ...)
@@ -60163,8 +60165,8 @@ CVE-2019-5126 (An exploitable use-after-free vulnerability exists in the JavaScr
 	NOT-FOR-US: Foxit PDF Reader
 CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
 	NOT-FOR-US: LEADTOOLS
-CVE-2019-5124
-	RESERVED
+CVE-2019-5124 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
+	TODO: check
 CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube  ...)
 	NOT-FOR-US: YouPHPTube
 CVE-2019-5122 (SQL injection vulnerabilities exists in the authenticated part of YouP ...)
@@ -75340,7 +75342,7 @@ CVE-2019-0143 (Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet
 CVE-2019-0142 (Insufficient access control in ilp60x64.sys driver for Intel(R) Ethern ...)
 	NOT-FOR-US: ilp60x64.sys driver for Intel
 CVE-2019-0141
-	RESERVED
+	REJECTED
 CVE-2019-0140 (Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controlle ...)
 	NOT-FOR-US: Intel firmware for Ethernet 700 Series
 CVE-2019-0139 (Insufficient access control in firmware for Intel(R) Ethernet 700 Seri ...)
@@ -261114,8 +261116,8 @@ CVE-2013-7003 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla
 	NOT-FOR-US: LiveZilla
 CVE-2012-6614
 	RESERVED
-CVE-2012-6613
-	RESERVED
+CVE-2012-6613 (D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root ...)
+	TODO: check
 CVE-2014-0365
 	RESERVED
 CVE-2014-0364 (The ParseRoster component in the Ignite Realtime Smack XMPP API before ...)
@@ -276435,8 +276437,8 @@ CVE-2013-1746
 	RESERVED
 CVE-2013-1745
 	RESERVED
-CVE-2013-1744
-	RESERVED
+CVE-2013-1744 (IRIS citations management tool through 1.3 allows remote attackers to  ...)
+	TODO: check
 CVE-2013-1743 (Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in B ...)
 	- bugzilla <not-affected> (Only affects 4.1 to 4.4)
 	- bugzilla4 <itp> (bug #669643)
@@ -279625,8 +279627,8 @@ CVE-2012-6495 (Multiple directory traversal vulnerabilities in the (1) twikidraw
 	{DSA-2593-1}
 	- moin 1.9.5-3
 	[wheezy] - moin 1.9.4-8+deb7u1
-CVE-2012-6494
-	RESERVED
+CVE-2012-6494 (Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability ...)
+	TODO: check
 CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Secu ...)
 	NOT-FOR-US: Rapid7 Nexpose Security Console
 CVE-2012-6492
@@ -280472,11 +280474,9 @@ CVE-2012-6347 (Multiple cross-site scripting (XSS) vulnerabilities in Java numbe
 	NOT-FOR-US: FortiGate
 CVE-2012-6346 (Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before ...)
 	NOT-FOR-US: FortiWeb
-CVE-2012-6345
-	RESERVED
+CVE-2012-6345 (Novell ZENworks Configuration Management before 11.2.4 allows obtainin ...)
 	NOT-FOR-US: CyberArk Vault
-CVE-2012-6344
-	RESERVED
+CVE-2012-6344 (Novell ZENworks Configuration Management before 11.2.4 allows XSS. ...)
 	NOT-FOR-US: CyberArk Vault
 CVE-2012-6343
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ce12aac9b6b8fafe80824a4ee154dfef6e9fe09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ce12aac9b6b8fafe80824a4ee154dfef6e9fe09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200125/9ad32566/attachment.html>

More information about the debian-security-tracker-commits mailing list