[Git][security-tracker-team/security-tracker][master] automatic update

Tue, 25 Feb 2020 00:11:00 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
15cad7e6 by security tracker role at 2020-02-25T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 
because mul ...)
+       TODO: check
+CVE-2020-9384
+       RESERVED
+CVE-2020-9383
+       RESERVED
+CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 
for Med ...)
+       TODO: check
+CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers 
to exe ...)
+       TODO: check
+CVE-2020-9380
+       RESERVED
+CVE-2020-9379
+       RESERVED
+CVE-2020-9378
+       RESERVED
+CVE-2020-9377
+       RESERVED
+CVE-2020-9376
+       RESERVED
+CVE-2020-9375
+       RESERVED
+CVE-2019-20482
+       RESERVED
 CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command 
execution vu ...)
        NOT-FOR-US: TP-Link
 CVE-2020-9373
@@ -1266,10 +1290,10 @@ CVE-2020-8821
        RESERVED
 CVE-2020-8820
        RESERVED
-CVE-2020-8819
-       RESERVED
-CVE-2020-8818
-       RESERVED
+CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 
3.1.15 ...)
+       TODO: check
+CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 
2.0.30 ...)
+       TODO: check
 CVE-2020-8817
        RESERVED
 CVE-2020-8816
@@ -9214,7 +9238,7 @@ CVE-2020-5235 (There is a potentially exploitable out of 
memory condition In Nan
        NOTE: 
https://github.com/nanopb/nanopb/commit/45582f1f97f49e2abfdba1463d1e1027682d9856
        NOTE: 
https://github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3
        NOTE: 
https://github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2
-CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.3 and 2.1.80 
has a vul ...)
+CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.11 and 2.1.90 
has a vu ...)
        NOT-FOR-US: MessagePack for C#
 CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. 
Authentica ...)
        NOT-FOR-US: OAuth2 Proxy
@@ -18186,8 +18210,7 @@ CVE-2020-1940 (The optional initial password change and 
password expiration feat
        NOT-FOR-US: Apache Jackrabbit Oak
 CVE-2020-1939
        RESERVED
-CVE-2020-1938 [Tomcat AJP local file inclusion]
-       RESERVED
+CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken 
when tr ...)
        - tomcat9 9.0.31-1 (bug #952437)
        - tomcat8 <removed> (bug #952438)
        - tomcat7 <removed> (bug #952436)
@@ -18208,13 +18231,11 @@ CVE-2020-1938 [Tomcat AJP local file inclusion]
        NOTE: 
https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2
 (7.0.100)
        NOTE: 
https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba
 (7.0.100)
        NOTE: 
https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645
 (7.0.100)
-CVE-2020-1937
-       RESERVED
+CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with 
the user  ...)
        NOT-FOR-US: Apache Kylin
 CVE-2020-1936
        RESERVED
-CVE-2020-1935
-       RESERVED
+CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 
to 7.0. ...)
        - tomcat9 9.0.31-1
        - tomcat8 <removed>
        - tomcat7 <removed>
@@ -26936,8 +26957,7 @@ CVE-2019-17570 (An untrusted deserialization was found 
in the org.apache.xmlrpc.
        NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/1
        NOTE: Proposed patch: 
https://bugzilla.redhat.com/show_bug.cgi?id=1775193
        NOTE: https://github.com/orangecertcc/xmlrpc-common-deserialization
-CVE-2019-17569
-       RESERVED
+CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 
8.5.48 to 8 ...)
        - tomcat9 9.0.31-1
        - tomcat8 <removed>
        - tomcat7 <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15cad7e613ca88043dc32923fe7509ae652abc87

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15cad7e613ca88043dc32923fe7509ae652abc87
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to