[Git][security-tracker-team/security-tracker][master] automatic update

Tue Apr 21 09:10:21 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
830329a9 by security tracker role at 2020-04-21T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2020-11968
+	RESERVED
+CVE-2020-11967
+	RESERVED
+CVE-2020-11966
+	RESERVED
+CVE-2020-11965
+	RESERVED
+CVE-2020-11964
+	RESERVED
+CVE-2020-11963
+	RESERVED
+CVE-2020-11962
+	RESERVED
+CVE-2020-11961
+	RESERVED
+CVE-2020-11960
+	RESERVED
+CVE-2020-11959
+	RESERVED
+CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/sc ...)
+	TODO: check
+CVE-2020-11957
+	RESERVED
+CVE-2020-11956
+	RESERVED
+CVE-2020-11955
+	RESERVED
+CVE-2020-11954
+	RESERVED
+CVE-2020-11953
+	RESERVED
+CVE-2020-11952
+	RESERVED
+CVE-2020-11951
+	RESERVED
+CVE-2020-11950
+	RESERVED
+CVE-2020-11949
+	RESERVED
+CVE-2020-11948
+	RESERVED
+CVE-2020-11947
+	RESERVED
+CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...)
+	TODO: check
+CVE-2020-11945
+	RESERVED
+CVE-2020-11944 (Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call_ ...)
+	TODO: check
 CVE-2020-11943
 	RESERVED
 CVE-2020-11942
@@ -3216,8 +3266,8 @@ CVE-2020-11012
 	RESERVED
 CVE-2020-11011
 	RESERVED
-CVE-2020-11010
-	RESERVED
+CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of S ...)
+	TODO: check
 CVE-2020-11009
 	RESERVED
 CVE-2020-11008
@@ -3432,8 +3482,8 @@ CVE-2020-10937
 	RESERVED
 CVE-2020-10936
 	RESERVED
-CVE-2020-10935
-	RESERVED
+CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with resulta ...)
+	TODO: check
 CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. ...)
 	NOT-FOR-US: Acyba AcyMailing
 CVE-2020-10933
@@ -7019,10 +7069,10 @@ CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to
 	[jessie] - qtwebsockets-opensource-src <no-dsa> (Minor issue)
 	NOTE: https://bugreports.qt.io/browse/QTBUG-70693
 	NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735
-CVE-2020-9445
-	RESERVED
-CVE-2020-9444
-	RESERVED
+CVE-2020-9445 (Zulip Server before 2.1.3 allows XSS via the modal_link feature in the ...)
+	TODO: check
+CVE-2020-9444 (Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown f ...)
+	TODO: check
 CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an Electron web ...)
 	NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server)
 CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...)
@@ -7456,16 +7506,16 @@ CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Proce
 	NOT-FOR-US: CKEditor plugin
 CVE-2020-9280 (In SilverStripe through 4.5, files uploaded via Forms to folders migra ...)
 	NOT-FOR-US: SilverStripe
-CVE-2020-9279
-	RESERVED
-CVE-2020-9278
-	RESERVED
-CVE-2020-9277
-	RESERVED
-CVE-2020-9276
-	RESERVED
-CVE-2020-9275
-	RESERVED
+CVE-2020-9279 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A har ...)
+	TODO: check
+CVE-2020-9278 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The d ...)
+	TODO: check
+CVE-2020-9277 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authe ...)
+	TODO: check
+CVE-2020-9276 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The f ...)
+	TODO: check
+CVE-2020-9275 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm ...)
+	TODO: check
 CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer  ...)
 	{DLA-2123-1}
 	- pure-ftpd 1.0.49-4 (bug #952666)
@@ -7918,8 +7968,8 @@ CVE-2020-9072
 	RESERVED
 CVE-2020-9071
 	RESERVED
-CVE-2020-9070
-	RESERVED
+CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...)
+	TODO: check
 CVE-2020-9069
 	RESERVED
 CVE-2020-9068
@@ -26403,8 +26453,8 @@ CVE-2020-1805
 	RESERVED
 CVE-2020-1804
 	RESERVED
-CVE-2020-1803
-	RESERVED
+CVE-2020-1803 (Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C63 ...)
+	TODO: check
 CVE-2020-1802 (There is an insufficient integrity validation vulnerability in several ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1801 (There is an improper authentication vulnerability in several smartphon ...)
@@ -27735,8 +27785,8 @@ CVE-2019-19110
 	RESERVED
 CVE-2019-19109
 	RESERVED
-CVE-2019-19108
-	RESERVED
+CVE-2019-19108 (An authentication weakness in the SNMP service in B&R Automation R ...)
+	TODO: check
 CVE-2019-19107
 	RESERVED
 CVE-2019-19106
@@ -57978,7 +58028,7 @@ CVE-2019-10149 (A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Impr
 	NOTE: https://github.com/Exim/exim/commit/7ea1237c783e380d7bdb86c90b13d8203c7ecf26 (exim-4.92-RC1)
 	NOTE: https://git.exim.org/exim.git/commit/d740d2111f189760593a303124ff6b9b1f83453d (exim-4_91+fixes)
 CVE-2019-10148
-	RESERVED
+	REJECTED
 CVE-2019-10147 (rkt through version 1.30.0 does not isolate processes in containers th ...)
 	- rkt <unfixed> (bug #929781)
 	NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/830329a93af4450e4deae32580691d2b541252f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/830329a93af4450e4deae32580691d2b541252f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200421/6281db68/attachment.html>
