[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 27 Feb 2020 12:10:42 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
69bc2d44 by security tracker role at 2020-02-27T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-9420
+       RESERVED
+CVE-2020-9419
+       RESERVED
 CVE-2020-XXXX [LTE RRC dissector memory leak]
        - wireshark 3.2.2-1
        [jessie] - wireshark <postponed> (Minor issue, can be fixed along in 
next DLA)
@@ -5393,12 +5397,12 @@ CVE-2020-7044 (In Wireshark 3.2.x before 3.2.1, the 
WASSP dissector could crash.
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f90a3720b73ca140403315126e2a478c4f70ca03
        NOTE: https://www.wireshark.org/security/wnpa-sec-2020-01.html
-CVE-2020-7043
-       RESERVED
-CVE-2020-7042
-       RESERVED
-CVE-2020-7041
-       RESERVED
+CVE-2020-7043 (An issue was discovered in openfortivpn 1.11.0 when used with 
OpenSSL  ...)
+       TODO: check
+CVE-2020-7042 (An issue was discovered in openfortivpn 1.11.0 when used with 
OpenSSL  ...)
+       TODO: check
+CVE-2020-7041 (An issue was discovered in openfortivpn 1.11.0 when used with 
OpenSSL  ...)
+       TODO: check
 CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the 
/tmp/storeBack ...)
        {DLA-2095-1}
        - storebackup <unfixed> (bug #949393)
@@ -5770,10 +5774,10 @@ CVE-2020-6866
        RESERVED
 CVE-2020-6865
        RESERVED
-CVE-2020-6864
-       RESERVED
-CVE-2020-6863
-       RESERVED
+CVE-2020-6864 (ZTE E8820V3 router product is impacted by an information leak 
vulnerab ...)
+       TODO: check
+CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and 
access cont ...)
+       TODO: check
 CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by 
Informati ...)
        NOT-FOR-US: ZTE F6x2W
 CVE-2020-6861
@@ -63907,14 +63911,14 @@ CVE-2019-5328
        RESERVED
 CVE-2019-5327
        RESERVED
-CVE-2019-5326
-       RESERVED
+CVE-2019-5326 (An administrative application user of or application user with 
write a ...)
+       TODO: check
 CVE-2019-5325
        RESERVED
 CVE-2019-5324
        RESERVED
-CVE-2019-5323
-       RESERVED
+CVE-2019-5323 (There are command injection vulnerabilities present in the 
AirWave app ...)
+       TODO: check
 CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is 
present ...)
        NOT-FOR-US: Edge Switch models
 CVE-2019-5321
@@ -65367,8 +65371,8 @@ CVE-2019-4671
        RESERVED
 CVE-2019-4670 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
allow a  ...)
        NOT-FOR-US: IBM
-CVE-2019-4669
-       RESERVED
+CVE-2019-4669 (IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 
8.6.0.0  ...)
+       TODO: check
 CVE-2019-4668
        RESERVED
 CVE-2019-4667
@@ -68313,7 +68317,7 @@ CVE-2019-3422 (The Sec Consult Security Lab reported an 
information disclosure v
        NOT-FOR-US: ZTE
 CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE 
produc ...)
        NOT-FOR-US: ZTE
-CVE-2019-3420 (The version V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are 
impacted by ...)
+CVE-2019-3420 (All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product 
are impa ...)
        NOT-FOR-US: ZTE
 CVE-2019-3419 (A security vulnerability exists in a management port in the 
version of ...)
        NOT-FOR-US: ZTE
@@ -133859,8 +133863,8 @@ CVE-2017-16902 (On the Vonage VDV-23 115 
3.2.11-0.9.40 home router, sending a lo
        NOT-FOR-US: Vonage VDV-23 115 3.2.11-0.9.40 home router
 CVE-2017-16901
        RESERVED
-CVE-2017-16900
-       RESERVED
+CVE-2017-16900 (Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 
allows the ...)
+       TODO: check
 CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a 
allows remo ...)
        - fig2dev 1:3.2.6a-5 (bug #881143)
        [stretch] - fig2dev 1:3.2.6a-2+deb9u1
@@ -231270,8 +231274,7 @@ CVE-2015-2994 (Unrestricted file upload vulnerability 
in ChangePhoto.jsp in SysA
        NOT-FOR-US: SysAid Help Desk
 CVE-2015-2993 (SysAid Help Desk before 15.2 does not properly restrict access 
to cert ...)
        NOT-FOR-US: SysAid Help Desk
-CVE-2015-2992
-       RESERVED
+CVE-2015-2992 (Apache Struts before 2.3.20 has a cross-site scripting (XSS) 
vulnerabi ...)
        - libstruts1.2-java <not-affected> (Affects 2.0.0 - 2.3.16.3)
 CVE-2015-2991 (Buffer overflow in NScripter before 3.00 allows remote 
attackers to ex ...)
        NOT-FOR-US: NScripter



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69bc2d44928a37601f944b21882cffa4a1c86291

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69bc2d44928a37601f944b21882cffa4a1c86291
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to