[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Feb 27 20:10:30 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
69bc2d44 by security tracker role at 2020-02-27T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-9420
+	RESERVED
+CVE-2020-9419
+	RESERVED
 CVE-2020-XXXX [LTE RRC dissector memory leak]
 	- wireshark 3.2.2-1
 	[jessie] - wireshark <postponed> (Minor issue, can be fixed along in next DLA)
@@ -5393,12 +5397,12 @@ CVE-2020-7044 (In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash.
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f90a3720b73ca140403315126e2a478c4f70ca03
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-01.html
-CVE-2020-7043
-	RESERVED
-CVE-2020-7042
-	RESERVED
-CVE-2020-7041
-	RESERVED
+CVE-2020-7043 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL  ...)
+	TODO: check
+CVE-2020-7042 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL  ...)
+	TODO: check
+CVE-2020-7041 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL  ...)
+	TODO: check
 CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...)
 	{DLA-2095-1}
 	- storebackup <unfixed> (bug #949393)
@@ -5770,10 +5774,10 @@ CVE-2020-6866
 	RESERVED
 CVE-2020-6865
 	RESERVED
-CVE-2020-6864
-	RESERVED
-CVE-2020-6863
-	RESERVED
+CVE-2020-6864 (ZTE E8820V3 router product is impacted by an information leak vulnerab ...)
+	TODO: check
+CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and access cont ...)
+	TODO: check
 CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Informati ...)
 	NOT-FOR-US: ZTE F6x2W
 CVE-2020-6861
@@ -63907,14 +63911,14 @@ CVE-2019-5328
 	RESERVED
 CVE-2019-5327
 	RESERVED
-CVE-2019-5326
-	RESERVED
+CVE-2019-5326 (An administrative application user of or application user with write a ...)
+	TODO: check
 CVE-2019-5325
 	RESERVED
 CVE-2019-5324
 	RESERVED
-CVE-2019-5323
-	RESERVED
+CVE-2019-5323 (There are command injection vulnerabilities present in the AirWave app ...)
+	TODO: check
 CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...)
 	NOT-FOR-US: Edge Switch models
 CVE-2019-5321
@@ -65367,8 +65371,8 @@ CVE-2019-4671
 	RESERVED
 CVE-2019-4670 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
 	NOT-FOR-US: IBM
-CVE-2019-4669
-	RESERVED
+CVE-2019-4669 (IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0  ...)
+	TODO: check
 CVE-2019-4668
 	RESERVED
 CVE-2019-4667
@@ -68313,7 +68317,7 @@ CVE-2019-3422 (The Sec Consult Security Lab reported an information disclosure v
 	NOT-FOR-US: ZTE
 CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
 	NOT-FOR-US: ZTE
-CVE-2019-3420 (The version V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by ...)
+CVE-2019-3420 (All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impa ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3419 (A security vulnerability exists in a management port in the version of ...)
 	NOT-FOR-US: ZTE
@@ -133859,8 +133863,8 @@ CVE-2017-16902 (On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a lo
 	NOT-FOR-US: Vonage VDV-23 115 3.2.11-0.9.40 home router
 CVE-2017-16901
 	RESERVED
-CVE-2017-16900
-	RESERVED
+CVE-2017-16900 (Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the ...)
+	TODO: check
 CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allows remo ...)
 	- fig2dev 1:3.2.6a-5 (bug #881143)
 	[stretch] - fig2dev 1:3.2.6a-2+deb9u1
@@ -231270,8 +231274,7 @@ CVE-2015-2994 (Unrestricted file upload vulnerability in ChangePhoto.jsp in SysA
 	NOT-FOR-US: SysAid Help Desk
 CVE-2015-2993 (SysAid Help Desk before 15.2 does not properly restrict access to cert ...)
 	NOT-FOR-US: SysAid Help Desk
-CVE-2015-2992
-	RESERVED
+CVE-2015-2992 (Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerabi ...)
 	- libstruts1.2-java <not-affected> (Affects 2.0.0 - 2.3.16.3)
 CVE-2015-2991 (Buffer overflow in NScripter before 3.00 allows remote attackers to ex ...)
 	NOT-FOR-US: NScripter



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69bc2d44928a37601f944b21882cffa4a1c86291

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69bc2d44928a37601f944b21882cffa4a1c86291
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200227/2f2f0a59/attachment.html>

More information about the debian-security-tracker-commits mailing list