[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7a2dc03c by security tracker role at 2019-12-24T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a 
heap-based buff ...)
+       TODO: check
+CVE-2019-19952 (In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the 
function  ...)
+       TODO: check
+CVE-2019-19951 (In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a 
heap-based buff ...)
+       TODO: check
+CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a 
use-after-free  ...)
+       TODO: check
+CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer 
over-read in ...)
+       TODO: check
+CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer 
overflow in  ...)
+       TODO: check
+CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks 
of unin ...)
+       TODO: check
+CVE-2019-19946
+       RESERVED
+CVE-2019-19945
+       RESERVED
 CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in 
mms/asn1/ber_decode.c ...)
        NOT-FOR-US: libIEC61850
 CVE-2019-19943
@@ -5206,7 +5224,7 @@ CVE-2019-19504
        RESERVED
 CVE-2019-19503
        RESERVED
-CVE-2019-19502 (pluginconfig.php in the Image Uploader and Browser plugin 
before 4.1.9 ...)
+CVE-2019-19502 (Code injection in pluginconfig.php in Image Uploader and 
Browser for C ...)
        NOT-FOR-US: ckeditor plugin
 CVE-2019-19501 (VeraCrypt 1.24 allows Local Privilege Escalation during 
execution of V ...)
        NOT-FOR-US: VeraCrypt
@@ -5909,7 +5927,7 @@ CVE-2020-1691
        RESERVED
 CVE-2020-1690
        RESERVED
-CVE-2019-19364 (In Sony Catalyst Production Suite through 2019.1 (1.1.0.21) 
and Cataly ...)
+CVE-2019-19364 (A weak malicious user can escalate its privilege whenever 
CatalystProd ...)
        NOT-FOR-US: Sony Catalyst Production Suite
 CVE-2019-19363
        RESERVED
@@ -11091,8 +11109,8 @@ CVE-2019-18238
        RESERVED
 CVE-2019-18237
        RESERVED
-CVE-2019-18236
-       RESERVED
+CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC 
Editor Ver ...)
+       TODO: check
 CVE-2019-18235
        RESERVED
 CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL 
injection ...)
@@ -11149,8 +11167,8 @@ CVE-2019-18213 (XML Language Server (aka lsp4xml) 
before 0.9.1, as used in Red H
        NOT-FOR-US: XML Language Server (aka lsp4xml)
 CVE-2019-18212 (XMLLanguageService.java in XML Language Server (aka lsp4xml) 
before 0. ...)
        NOT-FOR-US: XML Language Server (aka lsp4xml)
-CVE-2019-18211
-       RESERVED
+CVE-2019-18211 (An issue was discovered in Orckestra C1 CMS through 6.6. The 
EntityTok ...)
+       TODO: check
 CVE-2019-18210
        RESERVED
 CVE-2019-18209 (templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the 
browser doe ...)
@@ -29248,10 +29266,10 @@ CVE-2019-12570 (A SQL injection vulnerability in the 
Xpert Solution "Server Stat
        NOT-FOR-US: Xpert Solution "Server Status by Hostname/IP" plugin for 
WordPress
 CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows) 
could all ...)
        NOT-FOR-US: Viber
-CVE-2019-12568
-       RESERVED
-CVE-2019-12567
-       RESERVED
+CVE-2019-12568 (Stack-based overflow vulnerability in the logMess function in 
Open TFT ...)
+       TODO: check
+CVE-2019-12567 (Stack-based overflow vulnerability in the logMess function in 
Open TFT ...)
+       TODO: check
 CVE-2019-12566 (The WP Statistics plugin through 12.6.5 for Wordpress has 
stored XSS i ...)
        NOT-FOR-US: WP Statistics plugin for WordPress
 CVE-2019-12565
@@ -42289,8 +42307,8 @@ CVE-2019-8295
        RESERVED
 CVE-2019-8294
        RESERVED
-CVE-2019-8293
-       RESERVED
+CVE-2019-8293 (Due to a logic error in the code, upload-image-with-ajax v1.0 
allows a ...)
+       TODO: check
 CVE-2019-8292 (Online Store System v1.0 delete_product.php doesn't check to 
see if a  ...)
        NOT-FOR-US: Online Store System
 CVE-2019-8291 (Online Store System v1.0 delete_file.php doesn't check to see 
if a use ...)
@@ -44150,10 +44168,10 @@ CVE-2019-7491
        RESERVED
 CVE-2019-7490
        RESERVED
-CVE-2019-7489
-       RESERVED
-CVE-2019-7488
-       RESERVED
+CVE-2019-7489 (A vulnerability in SonicWall Email Security appliance allow an 
unauthe ...)
+       TODO: check
+CVE-2019-7488 (Weak default password cause vulnerability in SonicWall Email 
Security  ...)
+       TODO: check
 CVE-2019-7487 (Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows 
operati ...)
        TODO: check
 CVE-2019-7486 (Code injection in SonicWall SMA100 allows an authenticated user 
to exe ...)
@@ -47598,8 +47616,8 @@ CVE-2019-6149 (An unquoted search path vulnerability 
was identified in Lenovo Dy
        NOT-FOR-US: Lenovo
 CVE-2019-6148
        RESERVED
-CVE-2019-6147
-       RESERVED
+CVE-2019-6147 (Forcepoint NGFW Security Management Center (SMC) versions lower 
than 6 ...)
+       TODO: check
 CVE-2019-6146
        RESERVED
 CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1 
have an un ...)
@@ -49135,83 +49153,83 @@ CVE-2019-5586 (A reflected Cross-Site-Scripting (XSS) 
vulnerability in Fortinet
 CVE-2019-5585 (An improper access control vulnerability in FortiClientMac 
before 6.0. ...)
        NOT-FOR-US: Fortiguard FortiClientMac
 CVE-2019-5584
-       RESERVED
+       REJECTED
 CVE-2019-5583
-       RESERVED
+       REJECTED
 CVE-2019-5582
-       RESERVED
+       REJECTED
 CVE-2019-5581
-       RESERVED
+       REJECTED
 CVE-2019-5580
-       RESERVED
+       REJECTED
 CVE-2019-5579
-       RESERVED
+       REJECTED
 CVE-2019-5578
-       RESERVED
+       REJECTED
 CVE-2019-5577
-       RESERVED
+       REJECTED
 CVE-2019-5576
-       RESERVED
+       REJECTED
 CVE-2019-5575
-       RESERVED
+       REJECTED
 CVE-2019-5574
-       RESERVED
+       REJECTED
 CVE-2019-5573
-       RESERVED
+       REJECTED
 CVE-2019-5572
-       RESERVED
+       REJECTED
 CVE-2019-5571
-       RESERVED
+       REJECTED
 CVE-2019-5570
-       RESERVED
+       REJECTED
 CVE-2019-5569
-       RESERVED
+       REJECTED
 CVE-2019-5568
-       RESERVED
+       REJECTED
 CVE-2019-5567
-       RESERVED
+       REJECTED
 CVE-2019-5566
-       RESERVED
+       REJECTED
 CVE-2019-5565
-       RESERVED
+       REJECTED
 CVE-2019-5564
-       RESERVED
+       REJECTED
 CVE-2019-5563
-       RESERVED
+       REJECTED
 CVE-2019-5562
-       RESERVED
+       REJECTED
 CVE-2019-5561
-       RESERVED
+       REJECTED
 CVE-2019-5560
-       RESERVED
+       REJECTED
 CVE-2019-5559
-       RESERVED
+       REJECTED
 CVE-2019-5558
-       RESERVED
+       REJECTED
 CVE-2019-5557
-       RESERVED
+       REJECTED
 CVE-2019-5556
-       RESERVED
+       REJECTED
 CVE-2019-5555
-       RESERVED
+       REJECTED
 CVE-2019-5554
-       RESERVED
+       REJECTED
 CVE-2019-5553
-       RESERVED
+       REJECTED
 CVE-2019-5552
-       RESERVED
+       REJECTED
 CVE-2019-5551
-       RESERVED
+       REJECTED
 CVE-2019-5550
-       RESERVED
+       REJECTED
 CVE-2019-5549
-       RESERVED
+       REJECTED
 CVE-2019-5548
-       RESERVED
+       REJECTED
 CVE-2019-5547
-       RESERVED
+       REJECTED
 CVE-2019-5546
-       RESERVED
+       REJECTED
 CVE-2019-5545
        RESERVED
 CVE-2019-5544 (OpenSLP as used in ESXi and the Horizon DaaS appliances has a 
heap ove ...)
@@ -49226,8 +49244,8 @@ CVE-2019-5541 (VMware Workstation (15.x before 15.5.1) 
and Fusion (11.x before 1
        NOT-FOR-US: VMware
 CVE-2019-5540 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 
11.5.1 ...)
        NOT-FOR-US: VMware
-CVE-2019-5539
-       RESERVED
+CVE-2019-5539 (VMware Workstation (15.x prior to 15.5.1) and Horizon View 
Agent (7.10 ...)
+       TODO: check
 CVE-2019-5538 (Sensitive information disclosure vulnerability resulting from a 
lack o ...)
        NOT-FOR-US: VMware
 CVE-2019-5537 (Sensitive information disclosure vulnerability resulting from a 
lack o ...)
@@ -50122,7 +50140,7 @@ CVE-2019-5146
        RESERVED
 CVE-2019-5145
        RESERVED
-CVE-2019-5144 (A freed memory access vulnerability exists in the SVG Marker 
Element f ...)
+CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the 
derive_taps_ ...)
        NOT-FOR-US: Kakadu Software SDK
 CVE-2019-5143
        RESERVED
@@ -89234,12 +89252,12 @@ CVE-2018-10391 (An issue was discovered in WUZHI CMS 
4.1.0. There is XSS via the
        NOT-FOR-US: WUZHI CMS
 CVE-2018-10390
        RESERVED
-CVE-2018-10389
-       RESERVED
-CVE-2018-10388
-       RESERVED
-CVE-2018-10387
-       RESERVED
+CVE-2018-10389 (Format string vulnerability in the logMess function in TFTP 
Server MT  ...)
+       TODO: check
+CVE-2018-10388 (Format string vulnerability in the logMess function in TFTP 
Server SP  ...)
+       TODO: check
+CVE-2018-10387 (Heap-based overflow vulnerability in TFTP Server SP 1.66 and 
earlier a ...)
+       TODO: check
 CVE-2018-10386
        RESERVED
 CVE-2018-10385



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a2dc03c20959fb75616795a3c71b7c3d7d1e4fc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a2dc03c20959fb75616795a3c71b7c3d7d1e4fc
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits