[Git][security-tracker-team/security-tracker][master] automatic update

Tue May 12 09:10:23 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
549213d2 by security tracker role at 2020-05-12T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-12799
+	RESERVED
+CVE-2020-12798
+	RESERVED
+CVE-2020-12797
+	RESERVED
+CVE-2020-12796
+	RESERVED
+CVE-2020-12795
+	RESERVED
+CVE-2020-12794
+	RESERVED
+CVE-2020-12793
+	RESERVED
+CVE-2020-12792
+	RESERVED
+CVE-2020-12791
+	RESERVED
 CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMet ...)
 	NOT-FOR-US: SEOmatic plugin for Craft CMS
 CVE-2020-12789
@@ -5170,10 +5188,10 @@ CVE-2020-11074
 	RESERVED
 CVE-2020-11073
 	RESERVED
-CVE-2020-11072
-	RESERVED
-CVE-2020-11071
-	RESERVED
+CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1, users ...)
+	TODO: check
+CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability w ...)
+	TODO: check
 CVE-2020-11070
 	RESERVED
 CVE-2020-11069
@@ -7933,8 +7951,8 @@ CVE-2020-10069
 	RESERVED
 CVE-2020-10068
 	RESERVED
-CVE-2020-10067
-	RESERVED
+CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...)
+	TODO: check
 CVE-2020-10066
 	RESERVED
 CVE-2020-10065
@@ -7947,12 +7965,12 @@ CVE-2020-10062
 	RESERVED
 CVE-2020-10061
 	RESERVED
-CVE-2020-10060
-	RESERVED
-CVE-2020-10059
-	RESERVED
-CVE-2020-10058
-	RESERVED
+CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1]  ...)
+	TODO: check
+CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...)
+	TODO: check
+CVE-2020-10058 (Multiple syscalls in the Kscan subsystem perform insufficient argument ...)
+	TODO: check
 CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass because the  ...)
 	NOT-FOR-US: cPanel
 CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SE ...)
@@ -8353,8 +8371,8 @@ CVE-2020-9842
 	RESERVED
 CVE-2020-9841
 	RESERVED
-CVE-2020-9840
-	RESERVED
+CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...)
+	TODO: check
 CVE-2020-9839
 	RESERVED
 CVE-2020-9838
@@ -8501,26 +8519,26 @@ CVE-2020-9768 (A use after free issue was addressed with improved memory managem
 	NOT-FOR-US: Apple
 CVE-2020-9767
 	RESERVED
-CVE-2020-10028
-	RESERVED
-CVE-2020-10027
-	RESERVED
+CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...)
+	TODO: check
+CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...)
+	TODO: check
 CVE-2020-10026
-	RESERVED
+	REJECTED
 CVE-2020-10025
-	RESERVED
-CVE-2020-10024
-	RESERVED
-CVE-2020-10023
-	RESERVED
-CVE-2020-10022
-	RESERVED
-CVE-2020-10021
-	RESERVED
+	REJECTED
+CVE-2020-10024 (The arm platform-specific code uses a signed integer comparison when v ...)
+	TODO: check
+CVE-2020-10023 (The shell subsystem contains a buffer overflow, whereby an adversary w ...)
+	TODO: check
+CVE-2020-10022 (A malformed JSON payload that is received from an UpdateHub server may ...)
+	TODO: check
+CVE-2020-10021 (Out-of-bounds Write in the USB Mass Storage memoryWrite handler with u ...)
+	TODO: check
 CVE-2020-10020
 	REJECTED
-CVE-2020-10019
-	RESERVED
+CVE-2020-10019 (USB DFU has a potential buffer overflow where the requested length (wL ...)
+	TODO: check
 CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the  ...)
 	{DSA-4641-1}
 	- webkit2gtk 2.28.0-2
@@ -13518,8 +13536,8 @@ CVE-2020-7649
 	RESERVED
 CVE-2020-7648
 	RESERVED
-CVE-2020-7647
-	RESERVED
+CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...)
+	TODO: check
 CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary commands.It is ...)
 	TODO: check
 CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...)
@@ -17813,16 +17831,16 @@ CVE-2020-5839
 	RESERVED
 CVE-2020-5838
 	RESERVED
-CVE-2020-5837
-	RESERVED
-CVE-2020-5836
-	RESERVED
-CVE-2020-5835
-	RESERVED
-CVE-2020-5834
-	RESERVED
-CVE-2020-5833
-	RESERVED
+CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...)
+	TODO: check
+CVE-2020-5836 (Symantec Endpoint Protection, prior to 14.3, can potentially reset the ...)
+	TODO: check
+CVE-2020-5835 (Symantec Endpoint Protection Manager, prior to 14.3, has a race condit ...)
+	TODO: check
+CVE-2020-5834 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...)
+	TODO: check
+CVE-2020-5833 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...)
+	TODO: check
 CVE-2020-5832 (Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6 ...)
 	NOT-FOR-US: Symantec
 CVE-2020-5831 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
@@ -29355,8 +29373,7 @@ CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows conta
 	- podman <itp> (bug #930440)
 CVE-2020-1725
 	RESERVED
-CVE-2020-1724
-	RESERVED
+CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This flaw allow ...)
 	NOT-FOR-US: Keycloak
 CVE-2020-1723
 	RESERVED
@@ -152852,7 +152869,7 @@ CVE-2017-14202 (Improper Restriction of Operations within the Bounds of a Memory
 CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a serial or te ...)
 	NOT-FOR-US: Zephyr
 CVE-2017-14200
-	RESERVED
+	REJECTED
 CVE-2017-14199 (A buffer overflow has been found in the Zephyr Project's getaddrinfo() ...)
 	NOT-FOR-US: Zephyr OS
 CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x befor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/549213d2c217c8b88c64fd2d37138f7fb58bcb4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/549213d2c217c8b88c64fd2d37138f7fb58bcb4c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200512/b382d002/attachment.html>
