[Git][security-tracker-team/security-tracker][master] automatic update

Thu Mar 19 08:10:47 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e40455d by security tracker role at 2020-03-19T08:10:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,20 @@
-CVE-2020-10674 [shell injection RCE]
+CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
+	TODO: check
+CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
+	TODO: check
+CVE-2020-10671
+	RESERVED
+CVE-2020-10670
+	RESERVED
+CVE-2020-10669
+	RESERVED
+CVE-2020-10668
+	RESERVED
+CVE-2020-10667
+	RESERVED
+CVE-2020-10666
+	RESERVED
+CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...)
 	- libperlspeak-perl <unfixed> (bug #954238)
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173
 CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...)
@@ -189,7 +205,7 @@ CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allo
 	NOT-FOR-US: drf-jwt
 CVE-2020-10593
 	RESERVED
-	 - tor 0.4.2.7-1
+	- tor 0.4.2.7-1
 	[buster] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
 	[stretch] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
 	[jessie] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
@@ -197,7 +213,7 @@ CVE-2020-10593
 	NOTE: https://bugs.torproject.org/33119
 CVE-2020-10592
 	RESERVED
-	 - tor 0.4.2.7-1
+	- tor 0.4.2.7-1
 	NOTE: https://blog.torproject.org/new-releases-03510-0419-0427
 	NOTE: https://bugs.torproject.org/33119
 CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...)
@@ -669,8 +685,8 @@ CVE-2020-10367
 	RESERVED
 CVE-2020-10366
 	RESERVED
-CVE-2020-10365
-	RESERVED
+CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...)
+	TODO: check
 CVE-2020-10364
 	RESERVED
 CVE-2020-10363
@@ -2594,8 +2610,7 @@ CVE-2020-9480
 	RESERVED
 CVE-2020-9479
 	RESERVED
-CVE-2019-20485 [potential DoS by holding a monitor job while querying QEMU guest-agent]
-	RESERVED
+CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...)
 	[experimental] - libvirt 6.0.0-1
 	- libvirt <unfixed> (low; bug #953078)
 	[buster] - libvirt <no-dsa> (Minor issue)
@@ -2713,8 +2728,8 @@ CVE-2020-9425
 	RESERVED
 CVE-2020-9424
 	RESERVED
-CVE-2020-9423
-	RESERVED
+CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...)
+	TODO: check
 CVE-2020-9422
 	RESERVED
 CVE-2020-9421
@@ -7661,12 +7676,12 @@ CVE-2020-7260
 	RESERVED
 CVE-2020-7259
 	RESERVED
-CVE-2020-7258
-	RESERVED
+CVE-2020-7258 (Cross site scripting vulnerability in McAfee Network Security Manageme ...)
+	TODO: check
 CVE-2020-7257
 	RESERVED
-CVE-2020-7256
-	RESERVED
+CVE-2020-7256 (Cross site scripting vulnerability in McAfee Network Security Manageme ...)
+	TODO: check
 CVE-2020-7255
 	RESERVED
 CVE-2020-7254 (Privilege Escalation vulnerability in the command line interface in Mc ...)
@@ -19720,10 +19735,10 @@ CVE-2019-19679 (In "Xray Test Management for Jira" prior to version 3.5.5, remot
 	NOT-FOR-US: Xray Test Management for Jira
 CVE-2019-19678 (In "Xray Test Management for Jira" prior to version 3.5.5, remote auth ...)
 	NOT-FOR-US: Xray Test Management for Jira
-CVE-2019-19677
-	RESERVED
-CVE-2019-19676
-	RESERVED
+CVE-2019-19677 (arxes-tolina 3.0.0 allows User Enumeration. ...)
+	TODO: check
+CVE-2019-19676 (A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain r ...)
+	TODO: check
 CVE-2019-19675 (In Ivanti Workspace Control before 10.3.180.0. a locally authenticated ...)
 	NOT-FOR-US: Ivanti Workspace Control
 CVE-2019-19674
@@ -23411,8 +23426,8 @@ CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access Denied outcome for a certai
 	NOT-FOR-US: Pimcore
 CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022 ...)
 	NOT-FOR-US: Signify Philips Taolight
-CVE-2019-18979
-	RESERVED
+CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine fla ...)
+	TODO: check
 CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...)
 	{DLA-2096-1}
 	- ruby-rack-cors 1.1.1-1 (bug #944849)
@@ -30281,7 +30296,7 @@ CVE-2019-17547 (In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecf7c6b288e11e7e7f75387c5e9e93e423b98397
 CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ...)
-	{DSA-4608-1 DLA-2009-1}
+	{DSA-4608-1 DLA-2147-1 DLA-2009-1}
 	- gdal <unfixed> (unimportant)
 	- tiff 4.0.10+git190818-1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e40455d634246cac16c7dafdca594bd25cd43a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e40455d634246cac16c7dafdca594bd25cd43a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200319/800117f9/attachment.html>
