[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Mar 16 08:10:25 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f091f5f by security tracker role at 2020-03-16T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,19 @@
-CVE-2020-10589
+CVE-2020-10595
 	RESERVED
-CVE-2020-10588
+CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
+	TODO: check
+CVE-2020-10593
+	RESERVED
+CVE-2020-10592
+	RESERVED
+CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...)
+	TODO: check
+CVE-2020-10590
 	RESERVED
+CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...)
+	TODO: check
+CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...)
+	TODO: check
 CVE-2020-10587 (antiX and MX Linux allow local users to achieve root access via "persi ...)
 	NOT-FOR-US: antiX and MX Linux
 CVE-2020-10586
@@ -2865,14 +2877,14 @@ CVE-2020-9292
 	RESERVED
 CVE-2020-9291
 	RESERVED
-CVE-2020-9290
-	RESERVED
+CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online  ...)
+	TODO: check
 CVE-2020-9289
 	RESERVED
 CVE-2020-9288
 	RESERVED
-CVE-2020-9287
-	RESERVED
+CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...)
+	TODO: check
 CVE-2020-9286
 	RESERVED
 CVE-2020-9285
@@ -6717,20 +6729,20 @@ CVE-2020-7609
 	RESERVED
 CVE-2020-7608
 	RESERVED
-CVE-2020-7607
-	RESERVED
-CVE-2020-7606
-	RESERVED
-CVE-2020-7605
-	RESERVED
-CVE-2020-7604
-	RESERVED
-CVE-2020-7603
-	RESERVED
-CVE-2020-7602
-	RESERVED
-CVE-2020-7601
-	RESERVED
+CVE-2020-7607 (gulp-styledocco through 0.0.3 allows execution of arbitrary commands.  ...)
+	TODO: check
+CVE-2020-7606 (docker-compose-remote-api through 0.1.4 allows execution of arbitrary  ...)
+	TODO: check
+CVE-2020-7605 (gulp-tape through 1.0.0 allows execution of arbitrary commands. It is  ...)
+	TODO: check
+CVE-2020-7604 (pulverizr through 0.7.0 allows execution of arbitrary commands. Within ...)
+	TODO: check
+CVE-2020-7603 (closure-compiler-stream through 0.1.15 allows execution of arbitrary c ...)
+	TODO: check
+CVE-2020-7602 (node-prompt-here through 1.0.1 allows execution of arbitrary commands. ...)
+	TODO: check
+CVE-2020-7601 (gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. I ...)
+	TODO: check
 CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object properties. The  ...)
 	NOT-FOR-US: querymen nodejs module
 CVE-2020-7599
@@ -11312,18 +11324,18 @@ CVE-2020-5549
 	RESERVED
 CVE-2020-5548
 	RESERVED
-CVE-2020-5547
-	RESERVED
-CVE-2020-5546
-	RESERVED
-CVE-2020-5545
-	RESERVED
-CVE-2020-5544
-	RESERVED
-CVE-2020-5543
-	RESERVED
-CVE-2020-5542
-	RESERVED
+CVE-2020-5547 (Resource Management Errors vulnerability in TCP function included in t ...)
+	TODO: check
+CVE-2020-5546 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
+	TODO: check
+CVE-2020-5545 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...)
+	TODO: check
+CVE-2020-5544 (Null Pointer Dereference vulnerability in TCP function included in the ...)
+	TODO: check
+CVE-2020-5543 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...)
+	TODO: check
+CVE-2020-5542 (Buffer error vulnerability in TCP function included in the firmware of ...)
+	TODO: check
 CVE-2020-5541
 	RESERVED
 CVE-2020-5540
@@ -15676,7 +15688,7 @@ CVE-2019-19955
 CVE-2019-19954 (Signal Desktop before 1.29.1 on Windows allows local users to gain pri ...)
 	- signal-desktop <itp> (bug #842943)
 CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buff ...)
-	{DLA-2084-1}
+	{DSA-4640-1 DLA-2084-1}
 	- graphicsmagick 1.4+really1.3.34-1 (bug #947311)
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/617/
@@ -15686,12 +15698,12 @@ CVE-2019-19952 (In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the fun
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c (7.x)
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ef923841437bb57bd9b55fc0bf40ddc99b93c2b (6.x)
 CVE-2019-19951 (In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buff ...)
-	{DLA-2084-1}
+	{DSA-4640-1 DLA-2084-1}
 	- graphicsmagick 1.4~hg16039-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/608/
 CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free  ...)
-	{DLA-2084-1}
+	{DSA-4640-1 DLA-2084-1}
 	- graphicsmagick 1.4~hg16039-1
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/
@@ -28337,12 +28349,12 @@ CVE-2020-0090
 	RESERVED
 CVE-2020-0089
 	RESERVED
-CVE-2020-0088
-	RESERVED
+CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible re ...)
+	TODO: check
 CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...)
 	NOT-FOR-US: Android
-CVE-2020-0086
-	RESERVED
+CVE-2020-0086 (In readCString of Parcel.cpp, there is a possible out of bounds write  ...)
+	TODO: check
 CVE-2020-0085 (In setBluetoothTethering of PanService.java, there is a possible permi ...)
 	NOT-FOR-US: Android
 CVE-2020-0084 (In several functions of NotificationManagerService.java, there are mis ...)
@@ -29597,8 +29609,8 @@ CVE-2019-17656
 	RESERVED
 CVE-2019-17655
 	RESERVED
-CVE-2019-17654
-	RESERVED
+CVE-2019-17654 (An Insufficient Verification of Data Authenticity vulnerability in For ...)
+	TODO: check
 CVE-2019-17653 (A Cross-Site Request Forgery (CSRF) vulnerability in the user interfac ...)
 	NOT-FOR-US: Fortiguard
 CVE-2019-17652 (A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 a ...)
@@ -35233,8 +35245,8 @@ CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to
 	NOT-FOR-US: FortiExtender
 CVE-2019-15709
 	RESERVED
-CVE-2019-15708
-	RESERVED
+CVE-2019-15708 (A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6. ...)
+	TODO: check
 CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
 	NOT-FOR-US: FortiMail admin webUI
 CVE-2019-15706
@@ -56012,10 +56024,10 @@ CVE-2019-9476
 	RESERVED
 CVE-2019-9475
 	RESERVED
-CVE-2019-9474
-	RESERVED
-CVE-2019-9473
-	RESERVED
+CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
+	TODO: check
+CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
+	TODO: check
 CVE-2019-9472 (In DCRYPTO_equals of compare.c, there is a possible timing attack due  ...)
 	NOT-FOR-US: Android
 CVE-2019-9471 (In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds  ...)
@@ -63166,8 +63178,8 @@ CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder all
 	NOT-FOR-US: Fortinet
 CVE-2019-6697
 	RESERVED
-CVE-2019-6696
-	RESERVED
+CVE-2019-6696 (An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6. ...)
+	TODO: check
 CVE-2019-6695 (Lack of root file system integrity checking in Fortinet FortiManager V ...)
 	NOT-FOR-US: Fortinet
 CVE-2019-6694
@@ -75760,8 +75772,8 @@ CVE-2019-2218 (In createSessionInternal of PackageInstallerService.java, there i
 	NOT-FOR-US: Android
 CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corrupt ...)
 	NOT-FOR-US: Android
-CVE-2019-2216
-	RESERVED
+CVE-2019-2216 (In overlay notifications, there is a possible hidden notification due  ...)
+	TODO: check
 CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an  ...)
 	{DLA-2114-1 DLA-2068-1}
 	- linux 4.15.4-1
@@ -76058,10 +76070,10 @@ CVE-2019-2091 (In GetPermittedAccessibilityServicesForUser of DevicePolicyManage
 	NOT-FOR-US: Android
 CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there  ...)
 	NOT-FOR-US: Android
-CVE-2019-2089
-	RESERVED
-CVE-2019-2088
-	RESERVED
+CVE-2019-2089 (In app uninstallation, there is a possible set of permissions that may ...)
+	TODO: check
+CVE-2019-2088 (In StatsService, there is a possible out of bounds read. This could le ...)
+	TODO: check
 CVE-2019-2087 (In libxaac, there is a possible out of bounds write due to a missing b ...)
 	NOT-FOR-US: Android
 CVE-2019-2086 (In libxaac, there is a possible out of bounds write due to a missing b ...)
@@ -76120,8 +76132,8 @@ CVE-2019-2060 (In libxaac, there is a possible out of bounds read due to a missi
 	NOT-FOR-US: Android
 CVE-2019-2059 (In libxaac, there is a possible out of bounds write due to a missing b ...)
 	NOT-FOR-US: Android
-CVE-2019-2058
-	RESERVED
+CVE-2019-2058 (In libAACdec, there is a possible out of bounds read. This could lead  ...)
+	TODO: check
 CVE-2019-2057
 	RESERVED
 CVE-2019-2056



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f091f5fbfad03783038e13e2170f601a4eb9d2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f091f5fbfad03783038e13e2170f601a4eb9d2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200316/67597c54/attachment.html>


More information about the debian-security-tracker-commits mailing list