[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 21 21:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c1605c6 by security tracker role at 2020-05-21T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,219 @@
+CVE-2020-13360
+ RESERVED
+CVE-2020-13359
+ RESERVED
+CVE-2020-13358
+ RESERVED
+CVE-2020-13357
+ RESERVED
+CVE-2020-13356
+ RESERVED
+CVE-2020-13355
+ RESERVED
+CVE-2020-13354
+ RESERVED
+CVE-2020-13353
+ RESERVED
+CVE-2020-13352
+ RESERVED
+CVE-2020-13351
+ RESERVED
+CVE-2020-13350
+ RESERVED
+CVE-2020-13349
+ RESERVED
+CVE-2020-13348
+ RESERVED
+CVE-2020-13347
+ RESERVED
+CVE-2020-13346
+ RESERVED
+CVE-2020-13345
+ RESERVED
+CVE-2020-13344
+ RESERVED
+CVE-2020-13343
+ RESERVED
+CVE-2020-13342
+ RESERVED
+CVE-2020-13341
+ RESERVED
+CVE-2020-13340
+ RESERVED
+CVE-2020-13339
+ RESERVED
+CVE-2020-13338
+ RESERVED
+CVE-2020-13337
+ RESERVED
+CVE-2020-13336
+ RESERVED
+CVE-2020-13335
+ RESERVED
+CVE-2020-13334
+ RESERVED
+CVE-2020-13333
+ RESERVED
+CVE-2020-13332
+ RESERVED
+CVE-2020-13331
+ RESERVED
+CVE-2020-13330
+ RESERVED
+CVE-2020-13329
+ RESERVED
+CVE-2020-13328
+ RESERVED
+CVE-2020-13327
+ RESERVED
+CVE-2020-13326
+ RESERVED
+CVE-2020-13325
+ RESERVED
+CVE-2020-13324
+ RESERVED
+CVE-2020-13323
+ RESERVED
+CVE-2020-13322
+ RESERVED
+CVE-2020-13321
+ RESERVED
+CVE-2020-13320
+ RESERVED
+CVE-2020-13319
+ RESERVED
+CVE-2020-13318
+ RESERVED
+CVE-2020-13317
+ RESERVED
+CVE-2020-13316
+ RESERVED
+CVE-2020-13315
+ RESERVED
+CVE-2020-13314
+ RESERVED
+CVE-2020-13313
+ RESERVED
+CVE-2020-13312
+ RESERVED
+CVE-2020-13311
+ RESERVED
+CVE-2020-13310
+ RESERVED
+CVE-2020-13309
+ RESERVED
+CVE-2020-13308
+ RESERVED
+CVE-2020-13307
+ RESERVED
+CVE-2020-13306
+ RESERVED
+CVE-2020-13305
+ RESERVED
+CVE-2020-13304
+ RESERVED
+CVE-2020-13303
+ RESERVED
+CVE-2020-13302
+ RESERVED
+CVE-2020-13301
+ RESERVED
+CVE-2020-13300
+ RESERVED
+CVE-2020-13299
+ RESERVED
+CVE-2020-13298
+ RESERVED
+CVE-2020-13297
+ RESERVED
+CVE-2020-13296
+ RESERVED
+CVE-2020-13295
+ RESERVED
+CVE-2020-13294
+ RESERVED
+CVE-2020-13293
+ RESERVED
+CVE-2020-13292
+ RESERVED
+CVE-2020-13291
+ RESERVED
+CVE-2020-13290
+ RESERVED
+CVE-2020-13289
+ RESERVED
+CVE-2020-13288
+ RESERVED
+CVE-2020-13287
+ RESERVED
+CVE-2020-13286
+ RESERVED
+CVE-2020-13285
+ RESERVED
+CVE-2020-13284
+ RESERVED
+CVE-2020-13283
+ RESERVED
+CVE-2020-13282
+ RESERVED
+CVE-2020-13281
+ RESERVED
+CVE-2020-13280
+ RESERVED
+CVE-2020-13279
+ RESERVED
+CVE-2020-13278
+ RESERVED
+CVE-2020-13277
+ RESERVED
+CVE-2020-13276
+ RESERVED
+CVE-2020-13275
+ RESERVED
+CVE-2020-13274
+ RESERVED
+CVE-2020-13273
+ RESERVED
+CVE-2020-13272
+ RESERVED
+CVE-2020-13271
+ RESERVED
+CVE-2020-13270
+ RESERVED
+CVE-2020-13269
+ RESERVED
+CVE-2020-13268
+ RESERVED
+CVE-2020-13267
+ RESERVED
+CVE-2020-13266
+ RESERVED
+CVE-2020-13265
+ RESERVED
+CVE-2020-13264
+ RESERVED
+CVE-2020-13263
+ RESERVED
+CVE-2020-13262
+ RESERVED
+CVE-2020-13261
+ RESERVED
+CVE-2020-13260
+ RESERVED
+CVE-2020-13259
+ RESERVED
+CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...)
+ TODO: check
+CVE-2020-13257
+ RESERVED
+CVE-2020-13256
+ RESERVED
+CVE-2020-13255
+ RESERVED
+CVE-2020-13254
+ RESERVED
+CVE-2020-13253
+ RESERVED
CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...)
TODO: check
CVE-2020-13251
@@ -301,20 +517,17 @@ CVE-2020-13116
RESERVED
CVE-2020-13115
RESERVED
-CVE-2020-13114 [Add a failsafe on the maximum number of Canon MakerNote subtags]
- RESERVED
+CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...)
- libexif <unfixed>
[buster] - libexif <no-dsa> (Minor issue)
[stretch] - libexif <no-dsa> (Minor issue)
NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22)
-CVE-2020-13113 [Ensure the MakerNote data pointers are initialized with NULL]
- RESERVED
+CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...)
- libexif <unfixed>
[buster] - libexif <no-dsa> (Minor issue)
[stretch] - libexif <no-dsa> (Minor issue)
NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22)
-CVE-2020-13112 [Fix MakerNote tag size overflow issues at read time]
- RESERVED
+CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...)
- libexif <unfixed>
[buster] - libexif <no-dsa> (Minor issue)
[stretch] - libexif <no-dsa> (Minor issue)
@@ -882,7 +1095,7 @@ CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CC
NOT-FOR-US: eQ-3 Homematic Central Control Unit
CVE-2020-12833
RESERVED
-CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. ...)
+CVE-2020-12832 (WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerabi ...)
NOT-FOR-US: simple-file-list plugin for WordPress
CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ...)
- frr <unfixed> (unimportant)
@@ -897,8 +1110,8 @@ CVE-2020-12829
[stretch] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026
-CVE-2020-12828
- RESERVED
+CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...)
+ TODO: check
CVE-2020-12827
RESERVED
CVE-2019-20796
@@ -1826,8 +2039,8 @@ CVE-2020-12433
RESERVED
CVE-2020-12432
RESERVED
-CVE-2020-12431
- RESERVED
+CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software ...)
+ TODO: check
CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...)
[experimental] - libvirt 6.2.0-1
- libvirt <unfixed> (low; bug #959447)
@@ -4485,7 +4698,7 @@ CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and
NOT-FOR-US: Open Upload
CVE-2020-11711
RESERVED
-CVE-2020-11710 (An issue was discovered in docker-kong (for Kong) through 2.0.3. The a ...)
+CVE-2020-11710 (** DISPUTED ** An issue was discovered in docker-kong (for Kong) throu ...)
NOT-FOR-US: docker-kong
CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...)
- chromium <unfixed>
@@ -7338,8 +7551,7 @@ CVE-2020-10740
CVE-2020-10739
RESERVED
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-10738
- RESERVED
+CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...)
- moodle <removed>
CVE-2020-10737 [oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack]
RESERVED
@@ -11271,8 +11483,8 @@ CVE-2020-9071
RESERVED
CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...)
NOT-FOR-US: Huawei
-CVE-2020-9069
- RESERVED
+CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...)
+ TODO: check
CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...)
NOT-FOR-US: Huawei
CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...)
@@ -11319,8 +11531,8 @@ CVE-2020-9047
RESERVED
CVE-2020-9046
RESERVED
-CVE-2020-9045
- RESERVED
+CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...)
+ TODO: check
CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...)
NOT-FOR-US: Johnson Controls
CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...)
@@ -12472,8 +12684,8 @@ CVE-2020-8574
RESERVED
CVE-2020-8573
RESERVED
-CVE-2020-8572
- RESERVED
+CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...)
+ TODO: check
CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...)
NOT-FOR-US: StorageGRID
CVE-2020-8570
@@ -14303,8 +14515,8 @@ CVE-2020-7810
RESERVED
CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...)
NOT-FOR-US: ALSong
-CVE-2020-7808
- RESERVED
+CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...)
+ TODO: check
CVE-2020-7807
RESERVED
CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...)
@@ -14609,8 +14821,8 @@ CVE-2020-7657
RESERVED
CVE-2020-7656 (jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...)
TODO: check
-CVE-2020-7655
- RESERVED
+CVE-2020-7655 (netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP ...)
+ TODO: check
CVE-2020-7654
RESERVED
CVE-2020-7653
@@ -19112,8 +19324,8 @@ CVE-2020-5754
RESERVED
CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...)
TODO: check
-CVE-2020-5752
- RESERVED
+CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a ...)
+ TODO: check
CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
NOT-FOR-US: TCExam
CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
@@ -30000,8 +30212,8 @@ CVE-2020-1801 (There is an improper authentication vulnerability in several smar
NOT-FOR-US: Huawei
CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P ...)
NOT-FOR-US: Huawei
-CVE-2020-1799
- RESERVED
+CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00 ...)
+ TODO: check
CVE-2020-1798
RESERVED
CVE-2020-1797
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c1605c672a08dc69be1f27db2c24059bee42908
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c1605c672a08dc69be1f27db2c24059bee42908
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200521/ab5bb44e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list