[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 28 Feb 2020 12:10:45 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5785c944 by security tracker role at 2020-02-28T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,51 @@
+CVE-2020-9464
+       RESERVED
+CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute 
arbitrary  ...)
+       TODO: check
+CVE-2020-9462
+       RESERVED
+CVE-2020-9461
+       RESERVED
+CVE-2020-9460
+       RESERVED
+CVE-2020-9459
+       RESERVED
+CVE-2020-9458
+       RESERVED
+CVE-2020-9457
+       RESERVED
+CVE-2020-9456
+       RESERVED
+CVE-2020-9455
+       RESERVED
+CVE-2020-9454
+       RESERVED
+CVE-2020-9453
+       RESERVED
+CVE-2020-9452
+       RESERVED
+CVE-2020-9451
+       RESERVED
+CVE-2020-9450
+       RESERVED
+CVE-2020-9449
+       RESERVED
+CVE-2020-9448
+       RESERVED
+CVE-2020-9447 (The file-upload feature in GwtUpload 1.0.3 allows XSS via a 
crafted fi ...)
+       TODO: check
+CVE-2020-9446
+       RESERVED
+CVE-2018-21035
+       RESERVED
 CVE-2020-9445
        RESERVED
 CVE-2020-9444
        RESERVED
 CVE-2020-9443
        RESERVED
-CVE-2020-9442
-       RESERVED
+CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions 
for %PRO ...)
+       TODO: check
 CVE-2020-9441
        RESERVED
 CVE-2020-9440
@@ -115,8 +155,8 @@ CVE-2020-9401
        RESERVED
 CVE-2020-9400
        RESERVED
-CVE-2020-9399
-       RESERVED
+CVE-2020-9399 (The Avast AV parsing engine allows virus-detection bypass via a 
crafte ...)
+       TODO: check
 CVE-2020-9398 (ISPConfig before 3.1.15p3, when the undocumented 
reverse_proxy_panel_a ...)
        NOT-FOR-US: ISPConfig
 CVE-2020-9397
@@ -9408,8 +9448,8 @@ CVE-2020-5249
        RESERVED
 CVE-2020-5248
        RESERVED
-CVE-2020-5247
-       RESERVED
+CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and 3.12.2, if an application 
using Pum ...)
+       TODO: check
 CVE-2020-5246
        RESERVED
 CVE-2020-5245 (Dropwizard-Validation before 1.3.19, and 2.0.2 may allow 
arbitrary cod ...)
@@ -18688,24 +18728,24 @@ CVE-2020-1883
        RESERVED
 CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 
10.0.0.180(C185E6 ...)
        NOT-FOR-US: Huawei
-CVE-2020-1881
-       RESERVED
+CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of 
V500R001C3 ...)
+       TODO: check
 CVE-2020-1880
        RESERVED
 CVE-2020-1879
        RESERVED
 CVE-2020-1878
        RESERVED
-CVE-2020-1877
-       RESERVED
-CVE-2020-1876
-       RESERVED
-CVE-2020-1875
-       RESERVED
-CVE-2020-1874
-       RESERVED
-CVE-2020-1873
-       RESERVED
+CVE-2020-1877 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; 
V500R0 ...)
+       TODO: check
+CVE-2020-1876 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; 
V500R0 ...)
+       TODO: check
+CVE-2020-1875 (NIP6800;Secospace USG6600;USG9500 products versions of 
V500R001C30; V5 ...)
+       TODO: check
+CVE-2020-1874 (NIP6800;Secospace USG6600;USG9500 products versions of 
V500R001C30; V5 ...)
+       TODO: check
+CVE-2020-1873 (NIP6800;Secospace USG6600;USG9500 products with versions of 
V500R001C3 ...)
+       TODO: check
 CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 
9.1.0.201(C01E ...)
        NOT-FOR-US: Huawei
 CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; 
V500R00 ...)
@@ -18728,10 +18768,10 @@ CVE-2020-1863
        RESERVED
 CVE-2020-1862
        RESERVED
-CVE-2020-1861
-       RESERVED
-CVE-2020-1860
-       RESERVED
+CVE-2020-1861 (CloudEngine 12800 with versions of 
V200R001C00SPC600,V200R001C00SPC700 ...)
+       TODO: check
+CVE-2020-1860 (NIP6800;Secospace USG6600;USG9500 products with versions of 
V500R001C3 ...)
+       TODO: check
 CVE-2020-1859
        RESERVED
 CVE-2020-1858 (Huawei products NIP6800 versions V500R001C30, 
V500R001C60SPC500, and V ...)
@@ -18762,8 +18802,8 @@ CVE-2020-1846
        RESERVED
 CVE-2020-1845
        RESERVED
-CVE-2020-1844
-       RESERVED
+CVE-2020-1844 (PCManager with versions earlier than 10.0.5.51 have a privilege 
escala ...)
+       TODO: check
 CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 
1.0.0.71(SP1), ...)
        NOT-FOR-US: Huawei
 CVE-2020-1842 (Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A 
version  ...)
@@ -18866,8 +18906,8 @@ CVE-2020-1794
        RESERVED
 CVE-2020-1793
        RESERVED
-CVE-2020-1792
-       RESERVED
+CVE-2020-1792 (Honor V10 smartphones with versions earlier than BKL-AL20 
10.0.0.156(C ...)
+       TODO: check
 CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 
10.0.0.185(C00E7 ...)
        NOT-FOR-US: Huawei
 CVE-2020-1790 (GaussDB 200 with version of 6.5.1 have a command injection 
vulnerabili ...)
@@ -50519,8 +50559,7 @@ CVE-2019-10066 (An issue was discovered in Open Ticket 
Request System (OTRS) 7.x
        NOTE: 
https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/
 CVE-2019-10065
        RESERVED
-CVE-2019-10064
-       RESERVED
+CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and 
random( ...)
        - wpa 2:2.6-7
        NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1
        NOTE: Comment from upstream: 
https://www.openwall.com/lists/oss-security/2020/02/27/2
@@ -55277,8 +55316,8 @@ CVE-2019-8743 (Multiple memory corruption issues were 
addressed with improved me
        NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8742 (The issue was addressed by restricting options offered on a 
locked dev ...)
        NOT-FOR-US: Apple
-CVE-2019-8741
-       RESERVED
+CVE-2019-8741 (A denial of service issue was addressed with improved input 
validation ...)
+       TODO: check
 CVE-2019-8740
        RESERVED
 CVE-2019-8739 (A memory corruption issue was addressed with improved state 
management ...)
@@ -55602,7 +55641,7 @@ CVE-2019-8643
        RESERVED
 CVE-2019-8642
        RESERVED
-CVE-2019-8641 (An out-of-bounds read was addressed with improved input 
validation. Th ...)
+CVE-2019-8641 (An out-of-bounds read was addressed with improved input 
validation. ...)
        NOT-FOR-US: Apple
 CVE-2019-8640
        RESERVED
@@ -67699,8 +67738,8 @@ CVE-2019-3700 (yast2-security didn't use secure 
defaults to protect passwords. T
        TODO: check
 CVE-2019-3699 (UNIX Symbolic Link (Symlink) Following vulnerability in the 
packaging  ...)
        NOT-FOR-US: SUSE specific privoxy issue
-CVE-2019-3698
-       RESERVED
+CVE-2019-3698 (UNIX Symbolic Link (Symlink) Following vulnerability in the 
cronjob sh ...)
+       TODO: check
 CVE-2019-3697 (UNIX Symbolic Link (Symlink) Following vulnerability in the 
packaging  ...)
        TODO: check
 CVE-2019-3696



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5785c9444c0e596ea28f6c5cb5df1fcbe5cbac53

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5785c9444c0e596ea28f6c5cb5df1fcbe5cbac53
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to