[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 16 08:10:25 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9f091f5f by security tracker role at 2020-03-16T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,19 @@
-CVE-2020-10589
+CVE-2020-10595
RESERVED
-CVE-2020-10588
+CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
+ TODO: check
+CVE-2020-10593
+ RESERVED
+CVE-2020-10592
+ RESERVED
+CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...)
+ TODO: check
+CVE-2020-10590
RESERVED
+CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...)
+ TODO: check
+CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...)
+ TODO: check
CVE-2020-10587 (antiX and MX Linux allow local users to achieve root access via "persi ...)
NOT-FOR-US: antiX and MX Linux
CVE-2020-10586
@@ -2865,14 +2877,14 @@ CVE-2020-9292
RESERVED
CVE-2020-9291
RESERVED
-CVE-2020-9290
- RESERVED
+CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online ...)
+ TODO: check
CVE-2020-9289
RESERVED
CVE-2020-9288
RESERVED
-CVE-2020-9287
- RESERVED
+CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...)
+ TODO: check
CVE-2020-9286
RESERVED
CVE-2020-9285
@@ -6717,20 +6729,20 @@ CVE-2020-7609
RESERVED
CVE-2020-7608
RESERVED
-CVE-2020-7607
- RESERVED
-CVE-2020-7606
- RESERVED
-CVE-2020-7605
- RESERVED
-CVE-2020-7604
- RESERVED
-CVE-2020-7603
- RESERVED
-CVE-2020-7602
- RESERVED
-CVE-2020-7601
- RESERVED
+CVE-2020-7607 (gulp-styledocco through 0.0.3 allows execution of arbitrary commands. ...)
+ TODO: check
+CVE-2020-7606 (docker-compose-remote-api through 0.1.4 allows execution of arbitrary ...)
+ TODO: check
+CVE-2020-7605 (gulp-tape through 1.0.0 allows execution of arbitrary commands. It is ...)
+ TODO: check
+CVE-2020-7604 (pulverizr through 0.7.0 allows execution of arbitrary commands. Within ...)
+ TODO: check
+CVE-2020-7603 (closure-compiler-stream through 0.1.15 allows execution of arbitrary c ...)
+ TODO: check
+CVE-2020-7602 (node-prompt-here through 1.0.1 allows execution of arbitrary commands. ...)
+ TODO: check
+CVE-2020-7601 (gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. I ...)
+ TODO: check
CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object properties. The ...)
NOT-FOR-US: querymen nodejs module
CVE-2020-7599
@@ -11312,18 +11324,18 @@ CVE-2020-5549
RESERVED
CVE-2020-5548
RESERVED
-CVE-2020-5547
- RESERVED
-CVE-2020-5546
- RESERVED
-CVE-2020-5545
- RESERVED
-CVE-2020-5544
- RESERVED
-CVE-2020-5543
- RESERVED
-CVE-2020-5542
- RESERVED
+CVE-2020-5547 (Resource Management Errors vulnerability in TCP function included in t ...)
+ TODO: check
+CVE-2020-5546 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
+ TODO: check
+CVE-2020-5545 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...)
+ TODO: check
+CVE-2020-5544 (Null Pointer Dereference vulnerability in TCP function included in the ...)
+ TODO: check
+CVE-2020-5543 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...)
+ TODO: check
+CVE-2020-5542 (Buffer error vulnerability in TCP function included in the firmware of ...)
+ TODO: check
CVE-2020-5541
RESERVED
CVE-2020-5540
@@ -15676,7 +15688,7 @@ CVE-2019-19955
CVE-2019-19954 (Signal Desktop before 1.29.1 on Windows allows local users to gain pri ...)
- signal-desktop <itp> (bug #842943)
CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buff ...)
- {DLA-2084-1}
+ {DSA-4640-1 DLA-2084-1}
- graphicsmagick 1.4+really1.3.34-1 (bug #947311)
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/617/
@@ -15686,12 +15698,12 @@ CVE-2019-19952 (In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the fun
NOTE: https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c (7.x)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ef923841437bb57bd9b55fc0bf40ddc99b93c2b (6.x)
CVE-2019-19951 (In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buff ...)
- {DLA-2084-1}
+ {DSA-4640-1 DLA-2084-1}
- graphicsmagick 1.4~hg16039-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/608/
CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free ...)
- {DLA-2084-1}
+ {DSA-4640-1 DLA-2084-1}
- graphicsmagick 1.4~hg16039-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/
@@ -28337,12 +28349,12 @@ CVE-2020-0090
RESERVED
CVE-2020-0089
RESERVED
-CVE-2020-0088
- RESERVED
+CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible re ...)
+ TODO: check
CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...)
NOT-FOR-US: Android
-CVE-2020-0086
- RESERVED
+CVE-2020-0086 (In readCString of Parcel.cpp, there is a possible out of bounds write ...)
+ TODO: check
CVE-2020-0085 (In setBluetoothTethering of PanService.java, there is a possible permi ...)
NOT-FOR-US: Android
CVE-2020-0084 (In several functions of NotificationManagerService.java, there are mis ...)
@@ -29597,8 +29609,8 @@ CVE-2019-17656
RESERVED
CVE-2019-17655
RESERVED
-CVE-2019-17654
- RESERVED
+CVE-2019-17654 (An Insufficient Verification of Data Authenticity vulnerability in For ...)
+ TODO: check
CVE-2019-17653 (A Cross-Site Request Forgery (CSRF) vulnerability in the user interfac ...)
NOT-FOR-US: Fortiguard
CVE-2019-17652 (A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 a ...)
@@ -35233,8 +35245,8 @@ CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to
NOT-FOR-US: FortiExtender
CVE-2019-15709
RESERVED
-CVE-2019-15708
- RESERVED
+CVE-2019-15708 (A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6. ...)
+ TODO: check
CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
NOT-FOR-US: FortiMail admin webUI
CVE-2019-15706
@@ -56012,10 +56024,10 @@ CVE-2019-9476
RESERVED
CVE-2019-9475
RESERVED
-CVE-2019-9474
- RESERVED
-CVE-2019-9473
- RESERVED
+CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ TODO: check
CVE-2019-9472 (In DCRYPTO_equals of compare.c, there is a possible timing attack due ...)
NOT-FOR-US: Android
CVE-2019-9471 (In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds ...)
@@ -63166,8 +63178,8 @@ CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder all
NOT-FOR-US: Fortinet
CVE-2019-6697
RESERVED
-CVE-2019-6696
- RESERVED
+CVE-2019-6696 (An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6. ...)
+ TODO: check
CVE-2019-6695 (Lack of root file system integrity checking in Fortinet FortiManager V ...)
NOT-FOR-US: Fortinet
CVE-2019-6694
@@ -75760,8 +75772,8 @@ CVE-2019-2218 (In createSessionInternal of PackageInstallerService.java, there i
NOT-FOR-US: Android
CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corrupt ...)
NOT-FOR-US: Android
-CVE-2019-2216
- RESERVED
+CVE-2019-2216 (In overlay notifications, there is a possible hidden notification due ...)
+ TODO: check
CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an ...)
{DLA-2114-1 DLA-2068-1}
- linux 4.15.4-1
@@ -76058,10 +76070,10 @@ CVE-2019-2091 (In GetPermittedAccessibilityServicesForUser of DevicePolicyManage
NOT-FOR-US: Android
CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there ...)
NOT-FOR-US: Android
-CVE-2019-2089
- RESERVED
-CVE-2019-2088
- RESERVED
+CVE-2019-2089 (In app uninstallation, there is a possible set of permissions that may ...)
+ TODO: check
+CVE-2019-2088 (In StatsService, there is a possible out of bounds read. This could le ...)
+ TODO: check
CVE-2019-2087 (In libxaac, there is a possible out of bounds write due to a missing b ...)
NOT-FOR-US: Android
CVE-2019-2086 (In libxaac, there is a possible out of bounds write due to a missing b ...)
@@ -76120,8 +76132,8 @@ CVE-2019-2060 (In libxaac, there is a possible out of bounds read due to a missi
NOT-FOR-US: Android
CVE-2019-2059 (In libxaac, there is a possible out of bounds write due to a missing b ...)
NOT-FOR-US: Android
-CVE-2019-2058
- RESERVED
+CVE-2019-2058 (In libAACdec, there is a possible out of bounds read. This could lead ...)
+ TODO: check
CVE-2019-2057
RESERVED
CVE-2019-2056
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f091f5fbfad03783038e13e2170f601a4eb9d2a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f091f5fbfad03783038e13e2170f601a4eb9d2a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200316/67597c54/attachment.html>
More information about the debian-security-tracker-commits
mailing list