Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
66ff98b0 by security tracker role at 2020-03-03T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -552,8 +552,8 @@ CVE-2020-9753
RESERVED
CVE-2020-9752
RESERVED
-CVE-2020-9751
- RESERVED
+CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to
download an ...)
+ TODO: check
CVE-2020-9750
RESERVED
CVE-2020-9749
@@ -10251,10 +10251,10 @@ CVE-2020-5406
RESERVED
CVE-2020-5405
RESERVED
-CVE-2020-5404
- RESERVED
-CVE-2020-5403
- RESERVED
+CVE-2020-5404 (The HttpClient from Reactor Netty, versions 0.9.x prior to
0.9.5, and ...)
+ TODO: check
+CVE-2020-5403 (Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed
to a UR ...)
+ TODO: check
CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF
vulnerability ...)
NOT-FOR-US: Cloud Foundry
CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0,
contains GoR ...)
@@ -13212,12 +13212,12 @@ CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows
(includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2020-4199
RESERVED
-CVE-2020-4198
- RESERVED
-CVE-2020-4197
- RESERVED
-CVE-2020-4196
- RESERVED
+CVE-2020-4198 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to
cross-site scrip ...)
+ TODO: check
+CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be
stored loc ...)
+ TODO: check
+CVE-2020-4196 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to
cross-site scrip ...)
+ TODO: check
CVE-2020-4195
RESERVED
CVE-2020-4194
@@ -15421,8 +15421,8 @@ CVE-2019-19794 (The miekg Go DNS package before 1.1.25,
as used in CoreDNS befor
NOTE: https://github.com/miekg/dns/pull/1044
CVE-2019-19793 (In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2
on Wind ...)
NOT-FOR-US: Cyxtera AppGate SDP Client
-CVE-2019-19792
- RESERVED
+CVE-2019-19792 (A permissions issue in ESET Cyber Security before 6.8.300.0
for macOS ...)
+ TODO: check
CVE-2019-19791 [Apache access rules and SOAP/REST endpoints issue]
RESERVED
- lemonldap-ng 2.0.7+ds-1
@@ -19757,18 +19757,18 @@ CVE-2020-1895
RESERVED
CVE-2020-1894
RESERVED
-CVE-2020-1893
- RESERVED
-CVE-2020-1892
- RESERVED
+CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse
reads out ...)
+ TODO: check
+CVE-2020-1892 (Insufficient boundary checks when decoding JSON in JSON_parser
allows ...)
+ TODO: check
CVE-2020-1891
RESERVED
CVE-2020-1890
RESERVED
CVE-2020-1889
RESERVED
-CVE-2020-1888
- RESERVED
+CVE-2020-1888 (Insufficient boundary checks when decoding JSON in
handleBackslash rea ...)
+ TODO: check
CVE-2020-1887
RESERVED
CVE-2020-1886
@@ -28449,8 +28449,8 @@ CVE-2019-17551 (In Apak Wholesale Floorplanning Finance
6.31.8.3 and 6.31.8.5, a
NOT-FOR-US: Apak Wholesale Floorplanning Finance
CVE-2019-17550 (The Blog2Social plugin before 5.9.0 for WordPress is affected
by: Cros ...)
NOT-FOR-US: Blog2Social plugin for WordPress
-CVE-2019-17549
- RESERVED
+CVE-2019-17549 (ESET Cyber Security before 6.8.1.0 is vulnerable to a
denial-of-servic ...)
+ TODO: check
CVE-2019-17548
RESERVED
CVE-2015-9536 (The Easy Digital Downloads (EDD) Twenty-Twelve theme for
WordPress, as ...)
@@ -43745,9 +43745,9 @@ CVE-2019-12918 (Quest KACE Systems Management Appliance
Server Center version 9.
CVE-2019-12917 (A reflected XSS vulnerability exists in Quest KACE Systems
Management ...)
NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-12916
- RESERVED
+ REJECTED
CVE-2019-12915
- RESERVED
+ REJECTED
CVE-2019-12914 (Redbrick Shift through 3.4.3 allows an attacker to extract
authenticat ...)
NOT-FOR-US: Redbrick Shift
CVE-2019-12913 (Redbrick Shift through 3.4.3 allows an attacker to extract
emails of s ...)
@@ -44749,7 +44749,7 @@ CVE-2019-12513 (In NETGEAR Nighthawk X10-R900 prior to
1.0.4.24, by sending a DH
NOT-FOR-US: Netgear
CVE-2019-12512 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker
may execu ...)
NOT-FOR-US: Netgear
-CVE-2019-12511 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker
may execu ...)
+CVE-2019-12511 (In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker
may exec ...)
NOT-FOR-US: Netgear
CVE-2019-12510 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker
may bypas ...)
NOT-FOR-US: Netgear
@@ -68922,10 +68922,10 @@ CVE-2019-3698 (UNIX Symbolic Link (Symlink) Following
vulnerability in the cronj
TODO: check
CVE-2019-3697 (UNIX Symbolic Link (Symlink) Following vulnerability in the
packaging ...)
NOT-FOR-US: SuSE-specific issue in gnump3d (removed for a decade from
Debian)
-CVE-2019-3696
- RESERVED
-CVE-2019-3695
- RESERVED
+CVE-2019-3696 (A Improper Limitation of a Pathname to a Restricted Directory
vulnerab ...)
+ TODO: check
+CVE-2019-3695 (A Improper Control of Generation of Code vulnerability in the
packagin ...)
+ TODO: check
CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the
packaging of ...)
TODO: check
CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman
in SUSE ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66ff98b05bd41bb3d981d86bf271dc271d6c3213
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66ff98b05bd41bb3d981d86bf271dc271d6c3213
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
