[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 26 20:10:34 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f85e549c by security tracker role at 2020-02-26T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-9418
+ RESERVED
CVE-2020-9417
RESERVED
CVE-2020-9416
@@ -184,8 +186,8 @@ CVE-2020-9339 (SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
NOT-FOR-US: SOPlanning
CVE-2020-9338 (SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. ...)
NOT-FOR-US: SOPlanning
-CVE-2020-9337
- RESERVED
+CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encod ...)
+ TODO: check
CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings ...)
NOT-FOR-US: fauzantrif eLection
CVE-2020-6802 [mutation XSS vulnerability]
@@ -333,8 +335,8 @@ CVE-2020-9276
RESERVED
CVE-2020-9275
RESERVED
-CVE-2020-9274
- RESERVED
+CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...)
+ TODO: check
CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...)
{DLA-2115-1}
- proftpd-dfsg 1.3.6c-1 (bug #951800)
@@ -1071,10 +1073,10 @@ CVE-2020-8954
RESERVED
CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...)
NOT-FOR-US: OpenVPN Access Server
-CVE-2020-8952
- RESERVED
-CVE-2020-8951
- RESERVED
+CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...)
+ TODO: check
+CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Des ...)
+ TODO: check
CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...)
NOT-FOR-US: Radeon AMD User Experience Program Launcher
CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...)
@@ -8976,7 +8978,7 @@ CVE-2020-5392
CVE-2020-5391
RESERVED
CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML docum ...)
- {DSA-4630-1}
+ {DSA-4630-1 DLA-2119-1}
- python-pysaml2 4.5.0-7 (bug #949322)
NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0)
CVE-2020-5389
@@ -12808,24 +12810,24 @@ CVE-2019-19996 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A
NOT-FOR-US: Intelbras IWR 3000N devices
CVE-2019-19995 (A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, lead ...)
NOT-FOR-US: Intelbras IWR 3000N devices
-CVE-2019-19994
- RESERVED
-CVE-2019-19993
- RESERVED
-CVE-2019-19992
- RESERVED
-CVE-2019-19991
- RESERVED
-CVE-2019-19990
- RESERVED
-CVE-2019-19989
- RESERVED
-CVE-2019-19988
- RESERVED
-CVE-2019-19987
- RESERVED
-CVE-2019-19986
- RESERVED
+CVE-2019-19994 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...)
+ TODO: check
+CVE-2019-19993 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...)
+ TODO: check
+CVE-2019-19992 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...)
+ TODO: check
+CVE-2019-19991 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...)
+ TODO: check
+CVE-2019-19990 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...)
+ TODO: check
+CVE-2019-19989 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...)
+ TODO: check
+CVE-2019-19988 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...)
+ TODO: check
+CVE-2019-19987 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...)
+ TODO: check
+CVE-2019-19986 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...)
+ TODO: check
CVE-2019-19985 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...)
NOT-FOR-US: WordPress plugin
CVE-2019-19984 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...)
@@ -13448,7 +13450,7 @@ CVE-2019-19868
RESERVED
CVE-2019-19867
RESERVED
-CVE-2019-19866 (Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obta ...)
+CVE-2019-19866 (Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V1 ...)
NOT-FOR-US: Atos Unify OpenScape UC Web Client
CVE-2019-19865 (Atos Unify OpenScape UC Web Client 1.0 allows XSS. An attacker could e ...)
NOT-FOR-US: Atos Unify OpenScape UC Web Client
@@ -15027,28 +15029,28 @@ CVE-2020-3177
RESERVED
CVE-2020-3176
RESERVED
-CVE-2020-3175
- RESERVED
-CVE-2020-3174
- RESERVED
-CVE-2020-3173
- RESERVED
-CVE-2020-3172
- RESERVED
-CVE-2020-3171
- RESERVED
-CVE-2020-3170
- RESERVED
-CVE-2020-3169
- RESERVED
-CVE-2020-3168
- RESERVED
-CVE-2020-3167
- RESERVED
-CVE-2020-3166
- RESERVED
-CVE-2020-3165
- RESERVED
+CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...)
+ TODO: check
+CVE-2020-3174 (A vulnerability in the anycast gateway feature of Cisco NX-OS Software ...)
+ TODO: check
+CVE-2020-3173 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...)
+ TODO: check
+CVE-2020-3172 (A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS ...)
+ TODO: check
+CVE-2020-3171 (A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS ...)
+ TODO: check
+CVE-2020-3170 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
+ TODO: check
+CVE-2020-3169 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
+ TODO: check
+CVE-2020-3168 (A vulnerability in the Secure Login Enhancements capability of Cisco N ...)
+ TODO: check
+CVE-2020-3167 (A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manage ...)
+ TODO: check
+CVE-2020-3166 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
+ TODO: check
+CVE-2020-3165 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
+ TODO: check
CVE-2020-3164
RESERVED
CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...)
@@ -19884,8 +19886,8 @@ CVE-2019-19136
RESERVED
CVE-2019-19135
RESERVED
-CVE-2019-19134
- RESERVED
+CVE-2019-19134 (The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to ...)
+ TODO: check
CVE-2019-19133 (The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected ...)
NOT-FOR-US: CSS Hero plugin for WordPress
CVE-2019-19132
@@ -27946,10 +27948,10 @@ CVE-2019-17277
RESERVED
CVE-2019-17276
RESERVED
-CVE-2019-17275
- RESERVED
-CVE-2019-17274
- RESERVED
+CVE-2019-17275 (OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arb ...)
+ TODO: check
+CVE-2019-17274 (NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC ...)
+ TODO: check
CVE-2019-17273 (E-Series SANtricity OS Controller Software version 11.60.0 is suscepti ...)
NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are suscept ...)
@@ -28512,31 +28514,31 @@ CVE-2019-17040 (contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of
NOTE: https://github.com/rsyslog/rsyslog/pull/3875
NOTE: pmdb2diag module not complied in Debian.
CVE-2019-17039
- RESERVED
+ REJECTED
CVE-2019-17038
- RESERVED
+ REJECTED
CVE-2019-17037
- RESERVED
+ REJECTED
CVE-2019-17036
- RESERVED
+ REJECTED
CVE-2019-17035
- RESERVED
+ REJECTED
CVE-2019-17034
- RESERVED
+ REJECTED
CVE-2019-17033
- RESERVED
+ REJECTED
CVE-2019-17032
- RESERVED
+ REJECTED
CVE-2019-17031
- RESERVED
+ REJECTED
CVE-2019-17030
- RESERVED
+ REJECTED
CVE-2019-17029
- RESERVED
+ REJECTED
CVE-2019-17028
- RESERVED
+ REJECTED
CVE-2019-17027
- RESERVED
+ REJECTED
CVE-2019-17026
RESERVED
{DSA-4603-1 DSA-4600-1 DLA-2093-1 DLA-2071-1}
@@ -65196,8 +65198,8 @@ CVE-2019-4728
RESERVED
CVE-2019-4727
RESERVED
-CVE-2019-4726
- RESERVED
+CVE-2019-4726 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
+ TODO: check
CVE-2019-4725
RESERVED
CVE-2019-4724
@@ -65452,12 +65454,12 @@ CVE-2019-4600 (IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sen
NOT-FOR-US: IBM
CVE-2019-4599
RESERVED
-CVE-2019-4598
- RESERVED
-CVE-2019-4597
- RESERVED
-CVE-2019-4596
- RESERVED
+CVE-2019-4598 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
+ TODO: check
+CVE-2019-4597 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
+ TODO: check
+CVE-2019-4596 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
+ TODO: check
CVE-2019-4595 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 c ...)
NOT-FOR-US: IBM
CVE-2019-4594
@@ -65574,8 +65576,8 @@ CVE-2019-4539 (IBM Security Directory Server 6.4.0 does not properly neutralize
NOT-FOR-US: IBM
CVE-2019-4538 (IBM Security Directory Server 6.4.0 could allow a remote attacker to c ...)
NOT-FOR-US: IBM
-CVE-2019-4537
- RESERVED
+CVE-2019-4537 (IBM WebSphere Service Registry and Repository 8.5 could allow a user t ...)
+ TODO: check
CVE-2019-4536 (IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a ...)
NOT-FOR-US: IBM
CVE-2019-4535
@@ -67358,7 +67360,7 @@ CVE-2019-3798 (Cloud Foundry Cloud Controller API Release, versions prior to 1.7
CVE-2019-3797 (This affects Spring Data JPA in versions up to and including 2.1.5, 2. ...)
NOT-FOR-US: Spring Data JPA
CVE-2019-3796
- RESERVED
+ REJECTED
CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, ...)
{DLA-1794-1}
- libspring-security-2.0-java <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f85e549cb14e8ce4bb40188b01bfa01b0c0bdc16
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f85e549cb14e8ce4bb40188b01bfa01b0c0bdc16
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200226/2ea35113/attachment.html>
More information about the debian-security-tracker-commits
mailing list