[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri May 15 09:10:27 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04b6343e by security tracker role at 2020-05-15T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-12887
+	RESERVED
+CVE-2020-12886
+	RESERVED
+CVE-2020-12885
+	RESERVED
+CVE-2020-12884
+	RESERVED
+CVE-2020-12883
+	RESERVED
+CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG document, as ...)
+	TODO: check
+CVE-2020-12881
+	RESERVED
+CVE-2020-12880
+	RESERVED
+CVE-2020-12879
+	RESERVED
+CVE-2020-12878
+	RESERVED
 CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...)
 	NOT-FOR-US: Veritas
 CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...)
@@ -992,8 +1012,8 @@ CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely asso
 	NOT-FOR-US: Ivanti
 CVE-2020-12441
 	RESERVED
-CVE-2020-12440
-	RESERVED
+CVE-2020-12440 (NGINX through 1.18.0 allows an HTTP request smuggling attack that can  ...)
+	TODO: check
 CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...)
 	NOT-FOR-US: Grin
 CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03 ...)
@@ -1893,8 +1913,8 @@ CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpres
 	NOT-FOR-US: Advanced Woo Search plugin for WordPress
 CVE-2020-12069
 	RESERVED
-CVE-2020-12068
-	RESERVED
+CVE-2020-12068 (An issue was discovered in CODESYS Development System before 3.5.16.0. ...)
+	TODO: check
 CVE-2020-12067
 	RESERVED
 CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...)
@@ -1956,16 +1976,16 @@ CVE-2020-12048
 	RESERVED
 CVE-2020-12047
 	RESERVED
-CVE-2020-12046
-	RESERVED
+CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmwar ...)
+	TODO: check
 CVE-2020-12045
 	RESERVED
 CVE-2020-12044
 	RESERVED
 CVE-2020-12043
 	RESERVED
-CVE-2020-12042
-	RESERVED
+CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within  ...)
+	TODO: check
 CVE-2020-12041
 	RESERVED
 CVE-2020-12040
@@ -2208,8 +2228,7 @@ CVE-2020-11933
 	RESERVED
 CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server logge ...)
 	NOT-FOR-US: Subiquity installer for Ubuntu
-CVE-2020-11931
-	RESERVED
+CVE-2020-11931 (An Ubuntu-specific modification to Pulseaudio to provide security medi ...)
 	NOT-FOR-US: Ubuntu snap packaging of Pulseaudio
 CVE-2018-21231 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
 	NOT-FOR-US: Netgear
@@ -6896,24 +6915,24 @@ CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product
 	NOT-FOR-US: LCDS LAquis SCADA
 CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on  ...)
 	NOT-FOR-US: WebAccess/NMS
-CVE-2020-10620
-	RESERVED
+CVE-2020-10620 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication d ...)
+	TODO: check
 CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside  ...)
 	NOT-FOR-US: WebAccess/NMS
 CVE-2020-10618 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...)
 	NOT-FOR-US: LCDS LAquis SCADA
 CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL  ...)
 	NOT-FOR-US: WebAccess/NMS
-CVE-2020-10616
-	RESERVED
+CVE-2020-10616 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specif ...)
+	TODO: check
 CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
 	NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
 CVE-2020-10614
 	RESERVED
 CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
 	NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
-CVE-2020-10612
-	RESERVED
+CVE-2020-10612 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicat ...)
+	TODO: check
 CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
 	NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
 CVE-2020-10610
@@ -23621,7 +23640,7 @@ CVE-2020-3811
 	RESERVED
 CVE-2020-3810 [apt out-of-bounds read in .ar/.tar implemations]
 	RESERVED
-	{DSA-4685-1}
+	{DSA-4685-1 DLA-2210-1}
 	- apt 2.1.2
 	NOTE: https://github.com/Debian/apt/issues/111
 	NOTE: https://bugs.launchpad.net/bugs/1878177
@@ -35751,10 +35770,10 @@ CVE-2020-0223
 	RESERVED
 CVE-2020-0222
 	RESERVED
-CVE-2020-0221
-	RESERVED
-CVE-2020-0220
-	RESERVED
+CVE-2020-0221 (Airbrush FW's scratch memory allocator is susceptible to numeric overf ...)
+	TODO: check
+CVE-2020-0220 (In crus_afe_callback of msm-cirrus-playback.c, there is a possible out ...)
+	TODO: check
 CVE-2020-0219
 	RESERVED
 CVE-2020-0218
@@ -35973,64 +35992,50 @@ CVE-2020-0112
 	RESERVED
 CVE-2020-0111
 	RESERVED
-CVE-2020-0110 [sched/psi: Fix OOB write when writing 0 bytes to PSI files]
-	RESERVED
+CVE-2020-0110 (In psi_write of psi.c, there is a possible out of bounds write due to  ...)
 	- linux 5.5.13-1
 	NOTE: https://git.kernel.org/linus/6fcca0fa48118e6d63733eb4644c6cd880c15b8f (5.6-rc2)
-CVE-2020-0109
-	RESERVED
+CVE-2020-0109 (In simulatePackageSuspendBroadcast of NotificationManagerService.java, ...)
 	NOT-FOR-US: Android
 CVE-2020-0108
 	RESERVED
 CVE-2020-0107
 	RESERVED
-CVE-2020-0106
-	RESERVED
+CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a possible  ...)
 	NOT-FOR-US: Android
-CVE-2020-0105
-	RESERVED
+CVE-2020-0105 (In onKeyguardVisibilityChanged of key_store_service.cpp, there is a mi ...)
 	NOT-FOR-US: Android
-CVE-2020-0104
-	RESERVED
+CVE-2020-0104 (In onShowingStateChanged of KeyguardStateMonitor.java, there is a poss ...)
 	NOT-FOR-US: Android
-CVE-2020-0103
-	RESERVED
+CVE-2020-0103 (In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possibl ...)
 	NOT-FOR-US: Android
-CVE-2020-0102
-	RESERVED
+CVE-2020-0102 (In GattServer::SendResponse of gatt_server.cc, there is a possible out ...)
 	NOT-FOR-US: Android
-CVE-2020-0101
-	RESERVED
-CVE-2020-0100
-	RESERVED
+CVE-2020-0101 (In BnCrypto::onTransact of ICrypto.cpp, there is a possible informatio ...)
+	TODO: check
+CVE-2020-0100 (In onTransact of IHDCP.cpp, there is a possible out of bounds read due ...)
+	TODO: check
 CVE-2020-0099
 	RESERVED
-CVE-2020-0098
-	RESERVED
+CVE-2020-0098 (In navigateUpToLocked of ActivityStack.java, there is a possible permi ...)
 	NOT-FOR-US: Android
-CVE-2020-0097
-	RESERVED
+CVE-2020-0097 (In various methods of PackageManagerService.java, there is a possible  ...)
 	NOT-FOR-US: Android
-CVE-2020-0096
-	RESERVED
+CVE-2020-0096 (In startActivities of ActivityStartController.java, there is a possibl ...)
 	NOT-FOR-US: Android
 CVE-2020-0095
 	RESERVED
-CVE-2020-0094
-	RESERVED
-CVE-2020-0093
-	RESERVED
+CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possi ...)
+	TODO: check
+CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a possible out o ...)
 	- libexif <undetermined>
 	NOTE: https://android.googlesource.com/platform/external/libexif/+/0335ffc17f9b9a4831c242bb08ea92f605fde7a6
 	NOTE: https://github.com/libexif/libexif/issues/42
-CVE-2020-0092
-	RESERVED
+CVE-2020-0092 (In setHideSensitive of NotificationStackScrollLayout.java, there is a  ...)
 	NOT-FOR-US: Android
-CVE-2020-0091
-	RESERVED
+CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for meta fac ...)
 	NOT-FOR-US: Mediatek components for Android
-CVE-2020-0090
-	RESERVED
+CVE-2020-0090 (An improper authorization in the receiver component of Email.Product:  ...)
 	NOT-FOR-US: Mediatek components for Android
 CVE-2020-0089
 	RESERVED
@@ -36084,11 +36089,9 @@ CVE-2020-0066 (In the netlink driver, there is a possible out of bounds write du
 	- linux 4.2.5-1
 	[jessie] - linux 3.16.7-ckt20-1
 	NOTE: https://git.kernel.org/linus/db65a3aaf29ecce2e34271d52e8d2336b97bd9fe
-CVE-2020-0065
-	RESERVED
+CVE-2020-0065 (An improper authorization in the receiver component of the Android Sui ...)
 	NOT-FOR-US: Mediatek components for Android
-CVE-2020-0064
-	RESERVED
+CVE-2020-0064 (An improper authorization while processing the provisioning data.Produ ...)
 	NOT-FOR-US: Mediatek components for Android
 CVE-2020-0063 (In SurfaceFlinger, it is possible to override UI confirmation screen p ...)
 	NOT-FOR-US: Android
@@ -36177,8 +36180,7 @@ CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible memory
 	NOT-FOR-US: Android
 CVE-2020-0025
 	RESERVED
-CVE-2020-0024
-	RESERVED
+CVE-2020-0024 (In onCreate of SettingsBaseActivity.java, there is a possible unauthor ...)
 	NOT-FOR-US: Android
 CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there is a pos ...)
 	NOT-FOR-US: Android



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04b6343e6878b9e288b429debefdeed8a25c0d20

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04b6343e6878b9e288b429debefdeed8a25c0d20
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200515/72f910cf/attachment.html>

More information about the debian-security-tracker-commits mailing list