[Git][security-tracker-team/security-tracker][master] automatic update

Sat, 25 Jan 2020 12:11:25 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3ce12aac by security tracker role at 2020-01-25T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute 
arbitrary  ...)
+       TODO: check
 CVE-2020-7979
        RESERVED
 CVE-2020-7978
@@ -849,8 +851,8 @@ CVE-2020-7598
        RESERVED
 CVE-2020-7597
        RESERVED
-CVE-2020-7596
-       RESERVED
+CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to 
execute arb ...)
+       TODO: check
 CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an 
infini ...)
        - libxml2 <unfixed> (bug #949582)
        [jessie] - libxml2 <no-dsa> (Minor issue)
@@ -60034,8 +60036,8 @@ CVE-2019-5185
        RESERVED
 CVE-2019-5184
        RESERVED
-CVE-2019-5183
-       RESERVED
+CVE-2019-5183 (An exploitable type confusion vulnerability exists in AMD 
ATIDXX64.DLL ...)
+       TODO: check
 CVE-2019-5182
        RESERVED
 CVE-2019-5181
@@ -60117,10 +60119,10 @@ CVE-2019-5149
        RESERVED
 CVE-2019-5148
        RESERVED
-CVE-2019-5147
-       RESERVED
-CVE-2019-5146
-       RESERVED
+CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD 
ATIDXX64 ...)
+       TODO: check
+CVE-2019-5146 (An exploitable out-of-bounds read vulnerability exists in AMD 
ATIDXX64 ...)
+       TODO: check
 CVE-2019-5145 (An exploitable use-after-free vulnerability exists in the 
JavaScript e ...)
        NOT-FOR-US: Foxit PDF Reader
 CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the 
derive_taps_ ...)
@@ -60163,8 +60165,8 @@ CVE-2019-5126 (An exploitable use-after-free 
vulnerability exists in the JavaScr
        NOT-FOR-US: Foxit PDF Reader
 CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the 
JPEG2000 pars ...)
        NOT-FOR-US: LEADTOOLS
-CVE-2019-5124
-       RESERVED
+CVE-2019-5124 (An exploitable out-of-bounds read vulnerability exists in AMD 
ATIDXX64 ...)
+       TODO: check
 CVE-2019-5123 (Specially crafted web requests can cause SQL injections in 
YouPHPTube  ...)
        NOT-FOR-US: YouPHPTube
 CVE-2019-5122 (SQL injection vulnerabilities exists in the authenticated part 
of YouP ...)
@@ -75340,7 +75342,7 @@ CVE-2019-0143 (Unhandled exception in Kernel-mode 
drivers for Intel(R) Ethernet
 CVE-2019-0142 (Insufficient access control in ilp60x64.sys driver for Intel(R) 
Ethern ...)
        NOT-FOR-US: ilp60x64.sys driver for Intel
 CVE-2019-0141
-       RESERVED
+       REJECTED
 CVE-2019-0140 (Buffer overflow in firmware for Intel(R) Ethernet 700 Series 
Controlle ...)
        NOT-FOR-US: Intel firmware for Ethernet 700 Series
 CVE-2019-0139 (Insufficient access control in firmware for Intel(R) Ethernet 
700 Seri ...)
@@ -261114,8 +261116,8 @@ CVE-2013-7003 (Multiple cross-site scripting (XSS) 
vulnerabilities in LiveZilla
        NOT-FOR-US: LiveZilla
 CVE-2012-6614
        RESERVED
-CVE-2012-6613
-       RESERVED
+CVE-2012-6613 (D-Link DSR-250N devices with firmware 1.05B73_WW allow 
Persistent Root ...)
+       TODO: check
 CVE-2014-0365
        RESERVED
 CVE-2014-0364 (The ParseRoster component in the Ignite Realtime Smack XMPP API 
before ...)
@@ -276435,8 +276437,8 @@ CVE-2013-1746
        RESERVED
 CVE-2013-1745
        RESERVED
-CVE-2013-1744
-       RESERVED
+CVE-2013-1744 (IRIS citations management tool through 1.3 allows remote 
attackers to  ...)
+       TODO: check
 CVE-2013-1743 (Multiple cross-site scripting (XSS) vulnerabilities in 
report.cgi in B ...)
        - bugzilla <not-affected> (Only affects 4.1 to 4.4)
        - bugzilla4 <itp> (bug #669643)
@@ -279625,8 +279627,8 @@ CVE-2012-6495 (Multiple directory traversal 
vulnerabilities in the (1) twikidraw
        {DSA-2593-1}
        - moin 1.9.5-3
        [wheezy] - moin 1.9.4-8+deb7u1
-CVE-2012-6494
-       RESERVED
+CVE-2012-6494 (Rapid7 Nexpose before 5.5.4 contains a session hijacking 
vulnerability ...)
+       TODO: check
 CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 
Nexpose Secu ...)
        NOT-FOR-US: Rapid7 Nexpose Security Console
 CVE-2012-6492
@@ -280472,11 +280474,9 @@ CVE-2012-6347 (Multiple cross-site scripting (XSS) 
vulnerabilities in Java numbe
        NOT-FOR-US: FortiGate
 CVE-2012-6346 (Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb 
before ...)
        NOT-FOR-US: FortiWeb
-CVE-2012-6345
-       RESERVED
+CVE-2012-6345 (Novell ZENworks Configuration Management before 11.2.4 allows 
obtainin ...)
        NOT-FOR-US: CyberArk Vault
-CVE-2012-6344
-       RESERVED
+CVE-2012-6344 (Novell ZENworks Configuration Management before 11.2.4 allows 
XSS. ...)
        NOT-FOR-US: CyberArk Vault
 CVE-2012-6343
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ce12aac9b6b8fafe80824a4ee154dfef6e9fe09

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ce12aac9b6b8fafe80824a4ee154dfef6e9fe09
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to