[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Feb 28 20:10:28 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5785c944 by security tracker role at 2020-02-28T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,51 @@
+CVE-2020-9464
+	RESERVED
+CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary  ...)
+	TODO: check
+CVE-2020-9462
+	RESERVED
+CVE-2020-9461
+	RESERVED
+CVE-2020-9460
+	RESERVED
+CVE-2020-9459
+	RESERVED
+CVE-2020-9458
+	RESERVED
+CVE-2020-9457
+	RESERVED
+CVE-2020-9456
+	RESERVED
+CVE-2020-9455
+	RESERVED
+CVE-2020-9454
+	RESERVED
+CVE-2020-9453
+	RESERVED
+CVE-2020-9452
+	RESERVED
+CVE-2020-9451
+	RESERVED
+CVE-2020-9450
+	RESERVED
+CVE-2020-9449
+	RESERVED
+CVE-2020-9448
+	RESERVED
+CVE-2020-9447 (The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted fi ...)
+	TODO: check
+CVE-2020-9446
+	RESERVED
+CVE-2018-21035
+	RESERVED
 CVE-2020-9445
 	RESERVED
 CVE-2020-9444
 	RESERVED
 CVE-2020-9443
 	RESERVED
-CVE-2020-9442
-	RESERVED
+CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...)
+	TODO: check
 CVE-2020-9441
 	RESERVED
 CVE-2020-9440
@@ -115,8 +155,8 @@ CVE-2020-9401
 	RESERVED
 CVE-2020-9400
 	RESERVED
-CVE-2020-9399
-	RESERVED
+CVE-2020-9399 (The Avast AV parsing engine allows virus-detection bypass via a crafte ...)
+	TODO: check
 CVE-2020-9398 (ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_a ...)
 	NOT-FOR-US: ISPConfig
 CVE-2020-9397
@@ -9408,8 +9448,8 @@ CVE-2020-5249
 	RESERVED
 CVE-2020-5248
 	RESERVED
-CVE-2020-5247
-	RESERVED
+CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and 3.12.2, if an application using Pum ...)
+	TODO: check
 CVE-2020-5246
 	RESERVED
 CVE-2020-5245 (Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary cod ...)
@@ -18688,24 +18728,24 @@ CVE-2020-1883
 	RESERVED
 CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...)
 	NOT-FOR-US: Huawei
-CVE-2020-1881
-	RESERVED
+CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)
+	TODO: check
 CVE-2020-1880
 	RESERVED
 CVE-2020-1879
 	RESERVED
 CVE-2020-1878
 	RESERVED
-CVE-2020-1877
-	RESERVED
-CVE-2020-1876
-	RESERVED
-CVE-2020-1875
-	RESERVED
-CVE-2020-1874
-	RESERVED
-CVE-2020-1873
-	RESERVED
+CVE-2020-1877 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...)
+	TODO: check
+CVE-2020-1876 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...)
+	TODO: check
+CVE-2020-1875 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...)
+	TODO: check
+CVE-2020-1874 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...)
+	TODO: check
+CVE-2020-1873 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)
+	TODO: check
 CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...)
@@ -18728,10 +18768,10 @@ CVE-2020-1863
 	RESERVED
 CVE-2020-1862
 	RESERVED
-CVE-2020-1861
-	RESERVED
-CVE-2020-1860
-	RESERVED
+CVE-2020-1861 (CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700 ...)
+	TODO: check
+CVE-2020-1860 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)
+	TODO: check
 CVE-2020-1859
 	RESERVED
 CVE-2020-1858 (Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V ...)
@@ -18762,8 +18802,8 @@ CVE-2020-1846
 	RESERVED
 CVE-2020-1845
 	RESERVED
-CVE-2020-1844
-	RESERVED
+CVE-2020-1844 (PCManager with versions earlier than 10.0.5.51 have a privilege escala ...)
+	TODO: check
 CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1842 (Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version  ...)
@@ -18866,8 +18906,8 @@ CVE-2020-1794
 	RESERVED
 CVE-2020-1793
 	RESERVED
-CVE-2020-1792
-	RESERVED
+CVE-2020-1792 (Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C ...)
+	TODO: check
 CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1790 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...)
@@ -50519,8 +50559,7 @@ CVE-2019-10066 (An issue was discovered in Open Ticket Request System (OTRS) 7.x
 	NOTE: https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/
 CVE-2019-10065
 	RESERVED
-CVE-2019-10064
-	RESERVED
+CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and random( ...)
 	- wpa 2:2.6-7
 	NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1
 	NOTE: Comment from upstream: https://www.openwall.com/lists/oss-security/2020/02/27/2
@@ -55277,8 +55316,8 @@ CVE-2019-8743 (Multiple memory corruption issues were addressed with improved me
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8742 (The issue was addressed by restricting options offered on a locked dev ...)
 	NOT-FOR-US: Apple
-CVE-2019-8741
-	RESERVED
+CVE-2019-8741 (A denial of service issue was addressed with improved input validation ...)
+	TODO: check
 CVE-2019-8740
 	RESERVED
 CVE-2019-8739 (A memory corruption issue was addressed with improved state management ...)
@@ -55602,7 +55641,7 @@ CVE-2019-8643
 	RESERVED
 CVE-2019-8642
 	RESERVED
-CVE-2019-8641 (An out-of-bounds read was addressed with improved input validation. Th ...)
+CVE-2019-8641 (An out-of-bounds read was addressed with improved input validation. ...)
 	NOT-FOR-US: Apple
 CVE-2019-8640
 	RESERVED
@@ -67699,8 +67738,8 @@ CVE-2019-3700 (yast2-security didn't use secure defaults to protect passwords. T
 	TODO: check
 CVE-2019-3699 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging  ...)
 	NOT-FOR-US: SUSE specific privoxy issue
-CVE-2019-3698
-	RESERVED
+CVE-2019-3698 (UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob sh ...)
+	TODO: check
 CVE-2019-3697 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging  ...)
 	TODO: check
 CVE-2019-3696



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5785c9444c0e596ea28f6c5cb5df1fcbe5cbac53

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5785c9444c0e596ea28f6c5cb5df1fcbe5cbac53
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200228/5b3ad595/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list