[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2df7c8d2 by security tracker role at 2020-06-09T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-13974 (An issue was discovered in the Linux kernel through 5.7.1. drivers/tty ...)
+	TODO: check
+CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...)
+	TODO: check
+CVE-2020-13972
+	RESERVED
+CVE-2020-13971
+	RESERVED
+CVE-2020-13970
+	RESERVED
+CVE-2020-13969
+	RESERVED
+CVE-2020-13968
+	RESERVED
+CVE-2020-13967
+	RESERVED
+CVE-2020-13966
+	RESERVED
+CVE-2020-13963
+	RESERVED
+CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...)
+	TODO: check
+CVE-2020-13961
+	RESERVED
+CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have t ...)
+	TODO: check
 CVE-2020-13959
 	RESERVED
 CVE-2020-13958
@@ -245,8 +271,8 @@ CVE-2020-13846
 	RESERVED
 CVE-2020-13845
 	RESERVED
-CVE-2020-13844
-	RESERVED
+CVE-2020-13844 (Arm Armv8-A core implementations utilizing speculative execution past  ...)
+	TODO: check
 CVE-2020-13843 (An issue was discovered on LG mobile devices with Android OS software  ...)
 	NOT-FOR-US: LG mobile devices
 CVE-2020-13842 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
@@ -425,11 +451,11 @@ CVE-2018-21236 (An issue was discovered in Foxit Reader before 2.4.4. It has a N
 	NOT-FOR-US: Foxit Reader
 CVE-2018-21235 (An issue was discovered in Foxit E-mail advertising system before Sept ...)
 	NOT-FOR-US: Foxit E-mail advertising system
-CVE-2020-13965 [Cross-Site Scripting (XSS) vulnerability via malicious XML messages]
+CVE-2020-13965 (An issue was discovered in Roundcube Webmail before 1.3.12. There is X ...)
 	- roundcube 1.4.5+dfsg.1-1 (bug #962124)
 	NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/ccaccae6653031b809b4347a60021951e19a0e43
 	NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3
-CVE-2020-13964 [Cross-Site Scripting (XSS) vulnerability in template object 'username']
+CVE-2020-13964 (An issue was discovered in Roundcube Webmail before 1.3.12. include/rc ...)
 	- roundcube 1.4.5+dfsg.1-1 (bug #962123)
 	NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5
 	NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19
@@ -25235,14 +25261,14 @@ CVE-2020-4043
 	RESERVED
 CVE-2020-4042
 	RESERVED
-CVE-2020-4041
-	RESERVED
-CVE-2020-4040
-	RESERVED
+CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...)
+	TODO: check
+CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the preview ge ...)
+	TODO: check
 CVE-2020-4039
 	RESERVED
-CVE-2020-4038
-	RESERVED
+CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...)
+	TODO: check
 CVE-2020-4037
 	RESERVED
 CVE-2020-4036



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2df7c8d2dbb9943399a9f0688507db2d9886f1b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2df7c8d2dbb9943399a9f0688507db2d9886f1b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200609/e9a72a14/attachment-0001.html>