[Git][security-tracker-team/security-tracker][master] automatic update

Tue Mar 3 20:10:26 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66ff98b0 by security tracker role at 2020-03-03T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -552,8 +552,8 @@ CVE-2020-9753
 	RESERVED
 CVE-2020-9752
 	RESERVED
-CVE-2020-9751
-	RESERVED
+CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an  ...)
+	TODO: check
 CVE-2020-9750
 	RESERVED
 CVE-2020-9749
@@ -10251,10 +10251,10 @@ CVE-2020-5406
 	RESERVED
 CVE-2020-5405
 	RESERVED
-CVE-2020-5404
-	RESERVED
-CVE-2020-5403
-	RESERVED
+CVE-2020-5404 (The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and  ...)
+	TODO: check
+CVE-2020-5403 (Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a UR ...)
+	TODO: check
 CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability  ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoR ...)
@@ -13212,12 +13212,12 @@ CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
 	NOT-FOR-US: IBM
 CVE-2020-4199
 	RESERVED
-CVE-2020-4198
-	RESERVED
-CVE-2020-4197
-	RESERVED
-CVE-2020-4196
-	RESERVED
+CVE-2020-4198 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
+	TODO: check
+CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored loc ...)
+	TODO: check
+CVE-2020-4196 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
+	TODO: check
 CVE-2020-4195
 	RESERVED
 CVE-2020-4194
@@ -15421,8 +15421,8 @@ CVE-2019-19794 (The miekg Go DNS package before 1.1.25, as used in CoreDNS befor
 	NOTE: https://github.com/miekg/dns/pull/1044
 CVE-2019-19793 (In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Wind ...)
 	NOT-FOR-US: Cyxtera AppGate SDP Client
-CVE-2019-19792
-	RESERVED
+CVE-2019-19792 (A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS  ...)
+	TODO: check
 CVE-2019-19791 [Apache access rules and SOAP/REST endpoints issue]
 	RESERVED
 	- lemonldap-ng 2.0.7+ds-1
@@ -19757,18 +19757,18 @@ CVE-2020-1895
 	RESERVED
 CVE-2020-1894
 	RESERVED
-CVE-2020-1893
-	RESERVED
-CVE-2020-1892
-	RESERVED
+CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out  ...)
+	TODO: check
+CVE-2020-1892 (Insufficient boundary checks when decoding JSON in JSON_parser allows  ...)
+	TODO: check
 CVE-2020-1891
 	RESERVED
 CVE-2020-1890
 	RESERVED
 CVE-2020-1889
 	RESERVED
-CVE-2020-1888
-	RESERVED
+CVE-2020-1888 (Insufficient boundary checks when decoding JSON in handleBackslash rea ...)
+	TODO: check
 CVE-2020-1887
 	RESERVED
 CVE-2020-1886
@@ -28449,8 +28449,8 @@ CVE-2019-17551 (In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, a
 	NOT-FOR-US: Apak Wholesale Floorplanning Finance
 CVE-2019-17550 (The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cros ...)
 	NOT-FOR-US: Blog2Social plugin for WordPress
-CVE-2019-17549
-	RESERVED
+CVE-2019-17549 (ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-servic ...)
+	TODO: check
 CVE-2019-17548
 	RESERVED
 CVE-2015-9536 (The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as ...)
@@ -43745,9 +43745,9 @@ CVE-2019-12918 (Quest KACE Systems Management Appliance Server Center version 9.
 CVE-2019-12917 (A reflected XSS vulnerability exists in Quest KACE Systems Management  ...)
 	NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
 CVE-2019-12916
-	RESERVED
+	REJECTED
 CVE-2019-12915
-	RESERVED
+	REJECTED
 CVE-2019-12914 (Redbrick Shift through 3.4.3 allows an attacker to extract authenticat ...)
 	NOT-FOR-US: Redbrick Shift
 CVE-2019-12913 (Redbrick Shift through 3.4.3 allows an attacker to extract emails of s ...)
@@ -44749,7 +44749,7 @@ CVE-2019-12513 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DH
 	NOT-FOR-US: Netgear
 CVE-2019-12512 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execu ...)
 	NOT-FOR-US: Netgear
-CVE-2019-12511 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may execu ...)
+CVE-2019-12511 (In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may exec ...)
 	NOT-FOR-US: Netgear
 CVE-2019-12510 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypas ...)
 	NOT-FOR-US: Netgear
@@ -68922,10 +68922,10 @@ CVE-2019-3698 (UNIX Symbolic Link (Symlink) Following vulnerability in the cronj
 	TODO: check
 CVE-2019-3697 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging  ...)
 	NOT-FOR-US: SuSE-specific issue in gnump3d (removed for a decade from Debian)
-CVE-2019-3696
-	RESERVED
-CVE-2019-3695
-	RESERVED
+CVE-2019-3696 (A Improper Limitation of a Pathname to a Restricted Directory vulnerab ...)
+	TODO: check
+CVE-2019-3695 (A Improper Control of Generation of Code vulnerability in the packagin ...)
+	TODO: check
 CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the packaging of  ...)
 	TODO: check
 CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman in SUSE  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66ff98b05bd41bb3d981d86bf271dc271d6c3213

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66ff98b05bd41bb3d981d86bf271dc271d6c3213
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200303/ddf941aa/attachment.html>
