[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu May 21 21:10:32 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c1605c6 by security tracker role at 2020-05-21T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,219 @@
+CVE-2020-13360
+	RESERVED
+CVE-2020-13359
+	RESERVED
+CVE-2020-13358
+	RESERVED
+CVE-2020-13357
+	RESERVED
+CVE-2020-13356
+	RESERVED
+CVE-2020-13355
+	RESERVED
+CVE-2020-13354
+	RESERVED
+CVE-2020-13353
+	RESERVED
+CVE-2020-13352
+	RESERVED
+CVE-2020-13351
+	RESERVED
+CVE-2020-13350
+	RESERVED
+CVE-2020-13349
+	RESERVED
+CVE-2020-13348
+	RESERVED
+CVE-2020-13347
+	RESERVED
+CVE-2020-13346
+	RESERVED
+CVE-2020-13345
+	RESERVED
+CVE-2020-13344
+	RESERVED
+CVE-2020-13343
+	RESERVED
+CVE-2020-13342
+	RESERVED
+CVE-2020-13341
+	RESERVED
+CVE-2020-13340
+	RESERVED
+CVE-2020-13339
+	RESERVED
+CVE-2020-13338
+	RESERVED
+CVE-2020-13337
+	RESERVED
+CVE-2020-13336
+	RESERVED
+CVE-2020-13335
+	RESERVED
+CVE-2020-13334
+	RESERVED
+CVE-2020-13333
+	RESERVED
+CVE-2020-13332
+	RESERVED
+CVE-2020-13331
+	RESERVED
+CVE-2020-13330
+	RESERVED
+CVE-2020-13329
+	RESERVED
+CVE-2020-13328
+	RESERVED
+CVE-2020-13327
+	RESERVED
+CVE-2020-13326
+	RESERVED
+CVE-2020-13325
+	RESERVED
+CVE-2020-13324
+	RESERVED
+CVE-2020-13323
+	RESERVED
+CVE-2020-13322
+	RESERVED
+CVE-2020-13321
+	RESERVED
+CVE-2020-13320
+	RESERVED
+CVE-2020-13319
+	RESERVED
+CVE-2020-13318
+	RESERVED
+CVE-2020-13317
+	RESERVED
+CVE-2020-13316
+	RESERVED
+CVE-2020-13315
+	RESERVED
+CVE-2020-13314
+	RESERVED
+CVE-2020-13313
+	RESERVED
+CVE-2020-13312
+	RESERVED
+CVE-2020-13311
+	RESERVED
+CVE-2020-13310
+	RESERVED
+CVE-2020-13309
+	RESERVED
+CVE-2020-13308
+	RESERVED
+CVE-2020-13307
+	RESERVED
+CVE-2020-13306
+	RESERVED
+CVE-2020-13305
+	RESERVED
+CVE-2020-13304
+	RESERVED
+CVE-2020-13303
+	RESERVED
+CVE-2020-13302
+	RESERVED
+CVE-2020-13301
+	RESERVED
+CVE-2020-13300
+	RESERVED
+CVE-2020-13299
+	RESERVED
+CVE-2020-13298
+	RESERVED
+CVE-2020-13297
+	RESERVED
+CVE-2020-13296
+	RESERVED
+CVE-2020-13295
+	RESERVED
+CVE-2020-13294
+	RESERVED
+CVE-2020-13293
+	RESERVED
+CVE-2020-13292
+	RESERVED
+CVE-2020-13291
+	RESERVED
+CVE-2020-13290
+	RESERVED
+CVE-2020-13289
+	RESERVED
+CVE-2020-13288
+	RESERVED
+CVE-2020-13287
+	RESERVED
+CVE-2020-13286
+	RESERVED
+CVE-2020-13285
+	RESERVED
+CVE-2020-13284
+	RESERVED
+CVE-2020-13283
+	RESERVED
+CVE-2020-13282
+	RESERVED
+CVE-2020-13281
+	RESERVED
+CVE-2020-13280
+	RESERVED
+CVE-2020-13279
+	RESERVED
+CVE-2020-13278
+	RESERVED
+CVE-2020-13277
+	RESERVED
+CVE-2020-13276
+	RESERVED
+CVE-2020-13275
+	RESERVED
+CVE-2020-13274
+	RESERVED
+CVE-2020-13273
+	RESERVED
+CVE-2020-13272
+	RESERVED
+CVE-2020-13271
+	RESERVED
+CVE-2020-13270
+	RESERVED
+CVE-2020-13269
+	RESERVED
+CVE-2020-13268
+	RESERVED
+CVE-2020-13267
+	RESERVED
+CVE-2020-13266
+	RESERVED
+CVE-2020-13265
+	RESERVED
+CVE-2020-13264
+	RESERVED
+CVE-2020-13263
+	RESERVED
+CVE-2020-13262
+	RESERVED
+CVE-2020-13261
+	RESERVED
+CVE-2020-13260
+	RESERVED
+CVE-2020-13259
+	RESERVED
+CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...)
+	TODO: check
+CVE-2020-13257
+	RESERVED
+CVE-2020-13256
+	RESERVED
+CVE-2020-13255
+	RESERVED
+CVE-2020-13254
+	RESERVED
+CVE-2020-13253
+	RESERVED
 CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary  ...)
 	TODO: check
 CVE-2020-13251
@@ -301,20 +517,17 @@ CVE-2020-13116
 	RESERVED
 CVE-2020-13115
 	RESERVED
-CVE-2020-13114 [Add a failsafe on the maximum number of Canon MakerNote subtags]
-	RESERVED
+CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...)
 	- libexif <unfixed>
 	[buster] - libexif <no-dsa> (Minor issue)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22)
-CVE-2020-13113 [Ensure the MakerNote data pointers are initialized with NULL]
-	RESERVED
+CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...)
 	- libexif <unfixed>
 	[buster] - libexif <no-dsa> (Minor issue)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22)
-CVE-2020-13112 [Fix MakerNote tag size overflow issues at read time]
-	RESERVED
+CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...)
 	- libexif <unfixed>
 	[buster] - libexif <no-dsa> (Minor issue)
 	[stretch] - libexif <no-dsa> (Minor issue)
@@ -882,7 +1095,7 @@ CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CC
 	NOT-FOR-US: eQ-3 Homematic Central Control Unit
 CVE-2020-12833
 	RESERVED
-CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. ...)
+CVE-2020-12832 (WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerabi ...)
 	NOT-FOR-US: simple-file-list plugin for WordPress
 CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ...)
 	- frr <unfixed> (unimportant)
@@ -897,8 +1110,8 @@ CVE-2020-12829
 	[stretch] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026
-CVE-2020-12828
-	RESERVED
+CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...)
+	TODO: check
 CVE-2020-12827
 	RESERVED
 CVE-2019-20796
@@ -1826,8 +2039,8 @@ CVE-2020-12433
 	RESERVED
 CVE-2020-12432
 	RESERVED
-CVE-2020-12431
-	RESERVED
+CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software  ...)
+	TODO: check
 CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...)
 	[experimental] - libvirt 6.2.0-1
 	- libvirt <unfixed> (low; bug #959447)
@@ -4485,7 +4698,7 @@ CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and
 	NOT-FOR-US: Open Upload
 CVE-2020-11711
 	RESERVED
-CVE-2020-11710 (An issue was discovered in docker-kong (for Kong) through 2.0.3. The a ...)
+CVE-2020-11710 (** DISPUTED ** An issue was discovered in docker-kong (for Kong) throu ...)
 	NOT-FOR-US: docker-kong
 CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...)
 	- chromium <unfixed>
@@ -7338,8 +7551,7 @@ CVE-2020-10740
 CVE-2020-10739
 	RESERVED
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-10738
-	RESERVED
+CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...)
 	- moodle <removed>
 CVE-2020-10737 [oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack]
 	RESERVED
@@ -11271,8 +11483,8 @@ CVE-2020-9071
 	RESERVED
 CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...)
 	NOT-FOR-US: Huawei
-CVE-2020-9069
-	RESERVED
+CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...)
+	TODO: check
 CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The  ...)
@@ -11319,8 +11531,8 @@ CVE-2020-9047
 	RESERVED
 CVE-2020-9046
 	RESERVED
-CVE-2020-9045
-	RESERVED
+CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...)
+	TODO: check
 CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...)
 	NOT-FOR-US: Johnson Controls
 CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...)
@@ -12472,8 +12684,8 @@ CVE-2020-8574
 	RESERVED
 CVE-2020-8573
 	RESERVED
-CVE-2020-8572
-	RESERVED
+CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...)
+	TODO: check
 CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...)
 	NOT-FOR-US: StorageGRID
 CVE-2020-8570
@@ -14303,8 +14515,8 @@ CVE-2020-7810
 	RESERVED
 CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM)  ...)
 	NOT-FOR-US: ALSong
-CVE-2020-7808
-	RESERVED
+CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...)
+	TODO: check
 CVE-2020-7807
 	RESERVED
 CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...)
@@ -14609,8 +14821,8 @@ CVE-2020-7657
 	RESERVED
 CVE-2020-7656 (jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...)
 	TODO: check
-CVE-2020-7655
-	RESERVED
+CVE-2020-7655 (netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP  ...)
+	TODO: check
 CVE-2020-7654
 	RESERVED
 CVE-2020-7653
@@ -19112,8 +19324,8 @@ CVE-2020-5754
 	RESERVED
 CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...)
 	TODO: check
-CVE-2020-5752
-	RESERVED
+CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a  ...)
+	TODO: check
 CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
 	NOT-FOR-US: TCExam
 CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
@@ -30000,8 +30212,8 @@ CVE-2020-1801 (There is an improper authentication vulnerability in several smar
 	NOT-FOR-US: Huawei
 CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P ...)
 	NOT-FOR-US: Huawei
-CVE-2020-1799
-	RESERVED
+CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00 ...)
+	TODO: check
 CVE-2020-1798
 	RESERVED
 CVE-2020-1797



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c1605c672a08dc69be1f27db2c24059bee42908

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c1605c672a08dc69be1f27db2c24059bee42908
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200521/ab5bb44e/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list