[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 17 Jan 2020 00:11:46 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
34c0451d by security tracker role at 2020-01-17T08:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-7215
+       RESERVED
+CVE-2020-7214
+       RESERVED
+CVE-2020-7213
+       RESERVED
+CVE-2020-7212
+       RESERVED
+CVE-2020-7211
+       RESERVED
+CVE-2020-7210
+       RESERVED
 CVE-2020-7209
        RESERVED
 CVE-2020-7208
@@ -330,10 +342,10 @@ CVE-2020-7050
        RESERVED
 CVE-2020-7049
        RESERVED
-CVE-2020-7048
-       RESERVED
-CVE-2020-7047
-       RESERVED
+CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a 
flaw t ...)
+       TODO: check
+CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a 
flaw t ...)
+       TODO: check
 CVE-2020-7046
        RESERVED
 CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could 
crash. Thi ...)
@@ -355,8 +367,7 @@ CVE-2020-7041
        RESERVED
 CVE-2020-7040
        RESERVED
-CVE-2020-7039 [OOB buffer access while emulating tcp protocols in tcp_emu()]
-       RESERVED
+CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, 
misman ...)
        - libslirp <unfixed> (bug #949084)
        - qemu 1:4.1-2
        - qemu-kvm <removed>
@@ -3817,8 +3828,8 @@ CVE-2020-5400
        RESERVED
 CVE-2020-5399
        RESERVED
-CVE-2020-5398
-       RESERVED
+CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 
5.1.x pri ...)
+       TODO: check
 CVE-2020-5397
        RESERVED
 CVE-2020-5396
@@ -8781,10 +8792,10 @@ CVE-2019-19804
        RESERVED
 CVE-2019-19803
        RESERVED
-CVE-2019-19802
-       RESERVED
-CVE-2019-19801
-       RESERVED
+CVE-2019-19802 (In Gallagher Command Centre Server v8.10 prior to 
v8.10.1134(MR4), v8. ...)
+       TODO: check
+CVE-2019-19801 (In Gallagher Command Centre Server versions of v8.10 prior to 
v8.10.11 ...)
+       TODO: check
 CVE-2019-19800
        RESERVED
 CVE-2019-19799
@@ -14395,8 +14406,8 @@ CVE-2019-19144
        RESERVED
 CVE-2019-19143
        RESERVED
-CVE-2019-19142
-       RESERVED
+CVE-2019-19142 (Intelbras WRN240 devices do not require authentication to 
replace the  ...)
+       TODO: check
 CVE-2019-19141 (The Camera Upload functionality in Plex Media Server through 
1.18.2.20 ...)
        NOT-FOR-US: Plex Media Server
 CVE-2019-19140
@@ -22184,8 +22195,8 @@ CVE-2019-17362 (In LibTomCrypt through 1.18.2, the 
der_decode_utf8_string functi
        [stretch] - libtomcrypt <no-dsa> (Minor issue)
        NOTE: https://github.com/libtom/libtomcrypt/issues/507
        NOTE: https://github.com/libtom/libtomcrypt/pull/508
-CVE-2019-17361
-       RESERVED
+CVE-2019-17361 (In SaltStack Salt through 2019.2.0, the salt-api NEST API with 
the ssh ...)
+       TODO: check
 CVE-2019-17360 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 
8.7.0-00 a ...)
        NOT-FOR-US: Hitachi
 CVE-2018-21026 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 
8.6.5-00 a ...)
@@ -26586,8 +26597,8 @@ CVE-2019-15744 (The Sony Xperia Xperia XZs Android 
device with a build fingerpri
        NOT-FOR-US: Sony
 CVE-2019-15743 (The Sony Xperia Touch Android device with a build fingerprint 
of Sony/ ...)
        NOT-FOR-US: Sony
-CVE-2019-15742
-       RESERVED
+CVE-2019-15742 (A local privilege-escalation vulnerability exists in the Poly 
Plantron ...)
+       TODO: check
 CVE-2019-15741 (An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. 
An unsaf ...)
        NOT-FOR-US: GitLab Omnibus
 CVE-2019-15740 (An issue was discovered in GitLab Community and Enterprise 
Edition 7.9 ...)
@@ -47065,8 +47076,7 @@ CVE-2019-9505 (The PrinterLogic Print Management 
software, versions up to and in
        NOT-FOR-US: PrinterLogic Print Management
 CVE-2019-9504
        RESERVED
-CVE-2019-9503 [brcmfmac: add subtype check for event handling in data path]
-       RESERVED
+CVE-2019-9503 (The Broadcom brcmfmac WiFi driver prior to commit 
a4176ec356c73a46c07c ...)
        {DSA-4465-1 DLA-1824-1 DLA-1799-1}
        - linux 4.19.37-4
        NOTE: 
https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1)
@@ -47074,8 +47084,7 @@ CVE-2019-9502
        RESERVED
 CVE-2019-9501
        RESERVED
-CVE-2019-9500 [brcmfmac: assure SSID length from firmware is limited]
-       RESERVED
+CVE-2019-9500 (The Broadcom brcmfmac WiFi driver prior to commit 
1b5e2423164b3670e8bc ...)
        {DSA-4465-1 DLA-1824-1}
        - linux 4.19.37-4
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -58245,8 +58254,8 @@ CVE-2019-5147
        RESERVED
 CVE-2019-5146
        RESERVED
-CVE-2019-5145
-       RESERVED
+CVE-2019-5145 (An exploitable use-after-free vulnerability exists in the 
JavaScript e ...)
+       TODO: check
 CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the 
derive_taps_ ...)
        NOT-FOR-US: Kakadu Software SDK
 CVE-2019-5143
@@ -58273,18 +58282,18 @@ CVE-2019-5133 (An exploitable out-of-bounds write 
vulnerability exists in the ig
        NOT-FOR-US: ImageGear
 CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the 
igcore1 ...)
        NOT-FOR-US: ImageGear
-CVE-2019-5131
-       RESERVED
-CVE-2019-5130
-       RESERVED
+CVE-2019-5131 (An exploitable use-after-free vulnerability exists in the 
JavaScript e ...)
+       TODO: check
+CVE-2019-5130 (An exploitable use-after-free vulnerability exists in the 
JavaScript e ...)
+       TODO: check
 CVE-2019-5129 (A command injection have been found in YouPHPTube Encoder. A 
successfu ...)
        NOT-FOR-US: YouPHPTube Encoder
 CVE-2019-5128 (A command injection have been found in YouPHPTube Encoder. A 
successfu ...)
        NOT-FOR-US: YouPHPTube Encoder
 CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A 
successfu ...)
        NOT-FOR-US: YouPHPTube Encoder
-CVE-2019-5126
-       RESERVED
+CVE-2019-5126 (An exploitable use-after-free vulnerability exists in the 
JavaScript e ...)
+       TODO: check
 CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the 
JPEG2000 pars ...)
        NOT-FOR-US: LEADTOOLS
 CVE-2019-5124
@@ -60665,8 +60674,8 @@ CVE-2019-3999
        RESERVED
 CVE-2019-3998
        RESERVED
-CVE-2019-3997
-       RESERVED
+CVE-2019-3997 (Authentication bypass using an alternate path or channel in 
SimpliSafe ...)
+       TODO: check
 CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request 
proxy  ...)
        NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2019-3995 (ELOG 3.1.4-57bea22 and below is affected by a denial of service 
vulner ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c0451dca1dd5e9e71522a9fb3a159bad582d6e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c0451dca1dd5e9e71522a9fb3a159bad582d6e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to