[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 03 Jan 2020 12:11:20 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c3119195 by security tracker role at 2020-01-03T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,169 @@
+CVE-2020-5394
+       RESERVED
+CVE-2020-5393
+       RESERVED
+CVE-2020-5392
+       RESERVED
+CVE-2020-5391
+       RESERVED
+CVE-2020-5390
+       RESERVED
+CVE-2020-5389
+       RESERVED
+CVE-2020-5388
+       RESERVED
+CVE-2020-5387
+       RESERVED
+CVE-2020-5386
+       RESERVED
+CVE-2020-5385
+       RESERVED
+CVE-2020-5384
+       RESERVED
+CVE-2020-5383
+       RESERVED
+CVE-2020-5382
+       RESERVED
+CVE-2020-5381
+       RESERVED
+CVE-2020-5380
+       RESERVED
+CVE-2020-5379
+       RESERVED
+CVE-2020-5378
+       RESERVED
+CVE-2020-5377
+       RESERVED
+CVE-2020-5376
+       RESERVED
+CVE-2020-5375
+       RESERVED
+CVE-2020-5374
+       RESERVED
+CVE-2020-5373
+       RESERVED
+CVE-2020-5372
+       RESERVED
+CVE-2020-5371
+       RESERVED
+CVE-2020-5370
+       RESERVED
+CVE-2020-5369
+       RESERVED
+CVE-2020-5368
+       RESERVED
+CVE-2020-5367
+       RESERVED
+CVE-2020-5366
+       RESERVED
+CVE-2020-5365
+       RESERVED
+CVE-2020-5364
+       RESERVED
+CVE-2020-5363
+       RESERVED
+CVE-2020-5362
+       RESERVED
+CVE-2020-5361
+       RESERVED
+CVE-2020-5360
+       RESERVED
+CVE-2020-5359
+       RESERVED
+CVE-2020-5358
+       RESERVED
+CVE-2020-5357
+       RESERVED
+CVE-2020-5356
+       RESERVED
+CVE-2020-5355
+       RESERVED
+CVE-2020-5354
+       RESERVED
+CVE-2020-5353
+       RESERVED
+CVE-2020-5352
+       RESERVED
+CVE-2020-5351
+       RESERVED
+CVE-2020-5350
+       RESERVED
+CVE-2020-5349
+       RESERVED
+CVE-2020-5348
+       RESERVED
+CVE-2020-5347
+       RESERVED
+CVE-2020-5346
+       RESERVED
+CVE-2020-5345
+       RESERVED
+CVE-2020-5344
+       RESERVED
+CVE-2020-5343
+       RESERVED
+CVE-2020-5342
+       RESERVED
+CVE-2020-5341
+       RESERVED
+CVE-2020-5340
+       RESERVED
+CVE-2020-5339
+       RESERVED
+CVE-2020-5338
+       RESERVED
+CVE-2020-5337
+       RESERVED
+CVE-2020-5336
+       RESERVED
+CVE-2020-5335
+       RESERVED
+CVE-2020-5334
+       RESERVED
+CVE-2020-5333
+       RESERVED
+CVE-2020-5332
+       RESERVED
+CVE-2020-5331
+       RESERVED
+CVE-2020-5330
+       RESERVED
+CVE-2020-5329
+       RESERVED
+CVE-2020-5328
+       RESERVED
+CVE-2020-5327
+       RESERVED
+CVE-2020-5326
+       RESERVED
+CVE-2020-5325
+       RESERVED
+CVE-2020-5324
+       RESERVED
+CVE-2020-5323
+       RESERVED
+CVE-2020-5322
+       RESERVED
+CVE-2020-5321
+       RESERVED
+CVE-2020-5320
+       RESERVED
+CVE-2020-5319
+       RESERVED
+CVE-2020-5318
+       RESERVED
+CVE-2020-5317
+       RESERVED
+CVE-2020-5316
+       RESERVED
+CVE-2020-5315
+       RESERVED
+CVE-2019-20333
+       RESERVED
+CVE-2019-20332
+       RESERVED
+CVE-2019-20331
+       RESERVED
 CVE-2020-5314
        RESERVED
 CVE-2020-5313 (libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer 
overfl ...)
@@ -9076,8 +9242,8 @@ CVE-2020-1873
        RESERVED
 CVE-2020-1872
        RESERVED
-CVE-2020-1871
-       RESERVED
+CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; 
V500R00 ...)
+       TODO: check
 CVE-2020-1870
        RESERVED
 CVE-2020-1869
@@ -9248,8 +9414,8 @@ CVE-2020-1787
        RESERVED
 CVE-2020-1786
        RESERVED
-CVE-2020-1785
-       RESERVED
+CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial 
of ser ...)
+       TODO: check
 CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...)
        NOT-FOR-US: SCEditor
 CVE-2019-19465
@@ -9308,8 +9474,8 @@ CVE-2019-19443
        RESERVED
 CVE-2019-19442
        RESERVED
-CVE-2019-19441
-       RESERVED
+CVE-2019-19441 (HUAWEI P30 smart phones with versions earlier than 
10.0.0.166(C00E66R1 ...)
+       TODO: check
 CVE-2019-19440
        RESERVED
 CVE-2019-19439
@@ -9786,16 +9952,13 @@ CVE-2019-19312 [Forked project information disclosed 
via Project API]
        RESERVED
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19311 [Stored XSS in Group and User profile fields]
-       RESERVED
+CVE-2019-19311 (GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in 
group an ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19310 [Disclosure of AWS secret keys on certain Admin pages]
-       RESERVED
+CVE-2019-19310 (GitLab Enterprise Edition (EE) 9.0 and later through 12.5 
allows Infor ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19309 [Private objects exposed through project import]
-       RESERVED
+CVE-2019-19309 (GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has 
Incorre ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
 CVE-2019-19330 (The HTTP/2 implementation in HAProxy before 2.0.10 mishandles 
headers, ...)
@@ -9937,21 +10100,17 @@ CVE-2019-19265
        RESERVED
 CVE-2019-19264 (In Simplifile RecordFusion through 2019-11-25, the logs and 
hist param ...)
        NOT-FOR-US: Simplifile RecordFusion
-CVE-2019-19263 [Tags pushes from blocked users]
-       RESERVED
+CVE-2019-19263 (GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has 
Insecure ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19262 [Unauthorized access to grafana metrics]
-       RESERVED
+CVE-2019-19262 (GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has 
Insecur ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-2-released/
-CVE-2019-19261 [DNS Rebind SSRF in various chat notifications]
-       RESERVED
+CVE-2019-19261 (GitLab Enterprise Edition (EE) 6.7 and later through 12.5 
allows SSRF. ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19260 [Former project members able to access repository information]
-       RESERVED
+CVE-2019-19260 (GitLab Community Edition (CE) and Enterprise Edition (EE) 
through 12.5 ...)
        [experimental] - gitlab 12.2.9-5
        - gitlab <unfixed>
        - gitlab-workhorse 8.8.1+debian-3
@@ -9960,29 +10119,23 @@ CVE-2019-19260 [Former project members able to access 
repository information]
        [experimental] - gitaly 1.65.2+dfsg-1
        - gitaly <unfixed>
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19259 [IDOR when adding users to protected environments]
-       RESERVED
+CVE-2019-19259 (GitLab Enterprise Edition (EE) 11.3 and later through 12.5 
allows an I ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19258 [Branches and Commits exposed to Guest members via integration]
-       RESERVED
+CVE-2019-19258 (GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has 
Incorre ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19257 [Exposure of related branch names]
-       RESERVED
+CVE-2019-19257 (GitLab Community Edition (CE) and Enterprise Edition (EE) 
through 12.5 ...)
        [experimental] - gitlab 12.2.9-5
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19256 [Disclosure of vulnerability status in dependency list]
-       RESERVED
+CVE-2019-19256 (GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has 
Incorre ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19255 [Todos created for former project members]
-       RESERVED
+CVE-2019-19255 (GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has 
Incorre ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19254 [Disclosure of commit count in Cycle Analytics]
-       RESERVED
+CVE-2019-19254 (GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 
and lat ...)
        [experimental] - gitlab 12.2.9-5
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
@@ -10382,16 +10535,13 @@ CVE-2019-19090
        RESERVED
 CVE-2019-19089
        RESERVED
-CVE-2019-19088 [Path traversal with potential remote code execution]
-       RESERVED
+CVE-2019-19088 (Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows 
Directory Tr ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19087 [Disclosure of comments via Elasticsearch integration]
-       RESERVED
+CVE-2019-19087 (Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure 
Permissions  ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
-CVE-2019-19086 [Disclosure of notes via Elasticsearch integration]
-       RESERVED
+CVE-2019-19086 (Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure 
Permissions  ...)
        - gitlab <not-affected> (Only affects Gitlab EE)
        NOTE: 
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
 CVE-2019-19085 (A persistent cross-site scripting (XSS) vulnerability in 
Octopus Serve ...)
@@ -19214,7 +19364,7 @@ CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 
3.1.4024.0, and Beckhoff
 CVE-2019-16870
        RESERVED
 CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the 
colon in HT ...)
-       {DLA-1941-1}
+       {DSA-4597-1 DLA-1941-1}
        - netty 1:4.1.33-2 (bug #941266)
        NOTE: https://github.com/netty/netty/issues/9571
        NOTE: 
https://github.com/netty/netty/commit/39cafcb05c99f2aa9fce7e6597664c9ed6a63a95
@@ -34673,10 +34823,10 @@ CVE-2019-11996 (Potential security vulnerabilities 
have been identified with HPE
        NOT-FOR-US: HPE
 CVE-2019-11995 (Security vulnerabilities in HPE UIoT version 1.2.4.2 could 
allow unaut ...)
        NOT-FOR-US: HPE UIoT
-CVE-2019-11994
-       RESERVED
-CVE-2019-11993
-       RESERVED
+CVE-2019-11994 (A security vulnerability has been identified in HPE SimpliVity 
380 Gen ...)
+       TODO: check
+CVE-2019-11993 (A security vulnerability has been identified in HPE SimpliVity 
380 Gen ...)
+       TODO: check
 CVE-2019-11992 (A security vulnerability in HPE OneView for VMware vCenter 9.5 
could b ...)
        NOT-FOR-US: HPE OneView for VMware vCenter
 CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service 
Processor (SP)  ...)
@@ -53634,8 +53784,8 @@ CVE-2019-5306 (There is a Factory Reset Protection 
(FRP) bypass security vulnera
        NOT-FOR-US: Huawei
 CVE-2019-5305 (The image processing module of some Huawei Mate 10 smartphones 
version ...)
        NOT-FOR-US: Huawei
-CVE-2019-5304
-       RESERVED
+CVE-2019-5304 (Some Huawei products have a buffer error vulnerability. An 
unauthentic ...)
+       TODO: check
 CVE-2019-5303
        RESERVED
 CVE-2019-5302
@@ -54139,10 +54289,10 @@ CVE-2019-5066 (An exploitable use-after-free 
vulnerability exists in the way LZW
        NOT-FOR-US: Aspose
 CVE-2019-5065 (An exploitable information disclosure vulnerability exists in 
the pack ...)
        NOT-FOR-US: Blynk
-CVE-2019-5064
-       RESERVED
-CVE-2019-5063
-       RESERVED
+CVE-2019-5064 (An exploitable heap buffer overflow vulnerability exists in the 
data s ...)
+       TODO: check
+CVE-2019-5063 (An exploitable heap buffer overflow vulnerability exists in the 
data s ...)
+       TODO: check
 CVE-2019-5062 (An exploitable denial-of-service vulnerability exists in the 
802.11w s ...)
        TODO: check
 CVE-2019-5061 (An exploitable denial-of-service vulnerability exists in the 
hostapd 2 ...)
@@ -280773,8 +280923,7 @@ CVE-2012-4453 (dracut.sh in dracut, as used in Red 
Hat Enterprise Linux 6, Fedor
        [squeeze] - dracut <no-dsa> (Minor issue)
 CVE-2012-4452 (MySQL 5.0.88, and possibly other versions and platforms, allows 
local  ...)
        - mysql-dfsg-5.0 <not-affected> (Debian never included that 5.0.88 
release)
-CVE-2012-4451 [php-ZendFramework: XSS vectors in multiple Zend Framework 
components ZF2012-03]
-       RESERVED
+CVE-2012-4451 (Multiple cross-site scripting (XSS) vulnerabilities in Zend 
Framework  ...)
        - zendframework <not-affected> (Vulnerable code introduced in 2.x, 
#688946)
 CVE-2012-4450 (389 Directory Server 1.2.10 does not properly update the ACL 
when a DN ...)
        - 389-ds-base 1.2.11.15-1 (bug #688942)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c311919502df4e3fed60631e3a86ac9b0115637a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c311919502df4e3fed60631e3a86ac9b0115637a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to