[Git][security-tracker-team/security-tracker][master] automatic update

Fri, 14 Feb 2020 12:10:40 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9b9a68bc by security tracker role at 2020-02-14T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-8995
+       RESERVED
+CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP 
SDK before ...)
+       TODO: check
+CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when 
the pat ...)
+       TODO: check
 CVE-2020-8994
        RESERVED
 CVE-2020-8993
@@ -314,8 +320,8 @@ CVE-2020-8845 (This vulnerability allows remote atackers to 
execute arbitrary co
        NOT-FOR-US: Foxit PhantomPDF
 CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary 
code o ...)
        NOT-FOR-US: Foxit Reader
-CVE-2020-8843
-       RESERVED
+CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under 
certain circ ...)
+       TODO: check
 CVE-2020-8842
        RESERVED
 CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type 
paramete ...)
@@ -822,10 +828,10 @@ CVE-2020-8614 (An issue was discovered on Askey AP4000W 
TDC_V1.01.003 devices. A
        NOT-FOR-US: Askey devices
 CVE-2020-8613
        RESERVED
-CVE-2020-8612
-       RESERVED
-CVE-2020-8611
-       RESERVED
+CVE-2020-8612 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 
before 2 ...)
+       TODO: check
+CVE-2020-8611 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 
before 2 ...)
+       TODO: check
 CVE-2020-8610
        RESERVED
 CVE-2020-8609
@@ -870,8 +876,8 @@ CVE-2020-8596 (participants-database.php in the 
Participants Database plugin 1.9
        NOT-FOR-US: Participants Database plugin for WordPress
 CVE-2020-8595 (Istio 1.3 through 1.4.3 allows authentication bypass. The 
Authenticati ...)
        NOT-FOR-US: itsio
-CVE-2020-8594
-       RESERVED
+CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored 
XSS vu ...)
+       TODO: check
 CVE-2020-8593
        RESERVED
 CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to 
com.eg ...)
@@ -3824,8 +3830,8 @@ CVE-2020-7253
        RESERVED
 CVE-2020-7252
        RESERVED
-CVE-2020-7251
-       RESERVED
+CVE-2020-7251 (Improper access control vulnerability in Configuration Tool in 
McAfee  ...)
+       TODO: check
 CVE-2020-7250
        RESERVED
 CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID 
field on th ...)
@@ -7563,8 +7569,8 @@ CVE-2020-5534
        RESERVED
 CVE-2020-5533
        RESERVED
-CVE-2020-5532
-       RESERVED
+CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo 
App for ...)
+       TODO: check
 CVE-2020-5531
        RESERVED
 CVE-2020-5530
@@ -11600,10 +11606,10 @@ CVE-2019-20048 (An issue was discovered on 
Alcatel-Lucent OmniVista 8770 devices
        NOT-FOR-US: Alcatel-Lucent OmniVista 8770 devices
 CVE-2019-20047 (An issue was discovered on Alcatel-Lucent OmniVista 4760 
devices, and  ...)
        NOT-FOR-US: Alcatel-Lucent OmniVista 4760 devices
-CVE-2019-20046
-       RESERVED
-CVE-2019-20045
-       RESERVED
+CVE-2019-20046 (The Synergy Systems & Solutions PLC & RTU system has a 
vulnera ...)
+       TODO: check
+CVE-2019-20045 (The Synergy Systems & Solutions PLC & RTU system has a 
vulnera ...)
+       TODO: check
 CVE-2019-20044
        RESERVED
 CVE-2019-20040
@@ -12335,8 +12341,8 @@ CVE-2019-19880 (exprListAppendList in window.c in 
SQLite 3.30.1 allows attackers
        NOTE: When fixing this issue make sure to apply as well
        NOTE: 
https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
        NOTE: to not open CVE-2019-19926.
-CVE-2019-19879
-       RESERVED
+CVE-2019-19879 (HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in 
certain ...)
+       TODO: check
 CVE-2019-19878
        RESERVED
 CVE-2019-19877
@@ -14093,23 +14099,23 @@ CVE-2019-19767 (The Linux kernel before 5.4.2 
mishandles ext4_expand_extra_isize
 CVE-2019-19766 (The Bitwarden server through 1.32.0 has a potentially unwanted 
KDF. ...)
        NOT-FOR-US: Bitwarden server
 CVE-2019-19765
-       RESERVED
+       REJECTED
 CVE-2019-19764
-       RESERVED
+       REJECTED
 CVE-2019-19763
-       RESERVED
+       REJECTED
 CVE-2019-19762
-       RESERVED
+       REJECTED
 CVE-2019-19761
        RESERVED
 CVE-2019-19760
        RESERVED
 CVE-2019-19759
        RESERVED
-CVE-2019-19758
-       RESERVED
-CVE-2019-19757
-       RESERVED
+CVE-2019-19758 (A vulnerability in the web interface of Lenovo EZ Media & 
Backup C ...)
+       TODO: check
+CVE-2019-19757 (An internal product security audit of Lenovo XClarity 
Administrator (L ...)
+       TODO: check
 CVE-2019-19756
        RESERVED
 CVE-2019-19755
@@ -15519,10 +15525,10 @@ CVE-2019-19703 (In Ktor through 1.2.6, the client 
resends data from the HTTP Aut
        NOT-FOR-US: Ktor
 CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an 
XML Ext ...)
        NOT-FOR-US: Modoboa
-CVE-2018-21033
-       RESERVED
-CVE-2018-21032
-       RESERVED
+CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, 
Hitachi Au ...)
+       TODO: check
+CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and 
Hitachi ...)
+       TODO: check
 CVE-2020-2509
        RESERVED
 CVE-2020-2508
@@ -45978,8 +45984,8 @@ CVE-2019-11217 (The GitController in Jakub Chodounsky 
Bonobo Git Server before 6
        NOT-FOR-US: Bonobo Git Server
 CVE-2019-11216 (BMC Smart Reporting 7.3 20180418 allows authenticated XXE 
within the i ...)
        NOT-FOR-US: BMC Smart Reporting
-CVE-2019-11215
-       RESERVED
+CVE-2019-11215 (In Combodo iTop 2.2.0 through 2.6.0, if the configuration file 
is writ ...)
+       TODO: check
 CVE-2019-11214
        RESERVED
 CVE-2019-11213 (In Pulse Secure Pulse Desktop Client and Network Connect, an 
attacker  ...)
@@ -60408,18 +60414,18 @@ CVE-2019-6197
        RESERVED
 CVE-2019-6196
        RESERVED
-CVE-2019-6195
-       RESERVED
-CVE-2019-6194
-       RESERVED
-CVE-2019-6193
-       RESERVED
+CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller 
(XCC) ver ...)
+       TODO: check
+CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was 
reported in  ...)
+       TODO: check
+CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo 
XClarit ...)
+       TODO: check
 CVE-2019-6192 (A potential vulnerability has been reported in Lenovo Power 
Management ...)
        NOT-FOR-US: Lenovo
 CVE-2019-6191 (A potential vulnerability in the discontinued LenovoPaper 
software ver ...)
        NOT-FOR-US: Lenovo
-CVE-2019-6190
-       RESERVED
+CVE-2019-6190 (Lenovo was notified of a potential denial of service 
vulnerability, af ...)
+       TODO: check
 CVE-2019-6189 (A potential vulnerability was reported in Lenovo System 
Interface Foun ...)
        NOT-FOR-US: Lenovo
 CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo 
ThinkP ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b9a68bca18b52a74f0efcd61692037ffbde5ace

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b9a68bca18b52a74f0efcd61692037ffbde5ace
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to