[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon May 25 09:10:22 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a5cecd1 by security tracker role at 2020-05-25T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-13440 (ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. ...)
+	TODO: check
+CVE-2020-13439 (ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_de ...)
+	TODO: check
+CVE-2020-13438 (ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c ...)
+	TODO: check
+CVE-2020-13437
+	RESERVED
+CVE-2020-13436
+	RESERVED
+CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarge ...)
+	TODO: check
+CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf  ...)
+	TODO: check
+CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...)
+	TODO: check
+CVE-2020-13432
+	RESERVED
+CVE-2020-13431
+	RESERVED
 CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...)
 	- grafana <removed>
 	NOTE: https://github.com/grafana/grafana/pull/24539
@@ -19949,8 +19969,8 @@ CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0
 	NOT-FOR-US: GRANDIT
 CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows  ...)
 	NOT-FOR-US: PALLET CONTROL
-CVE-2020-5537
-	RESERVED
+CVE-2020-5537 (Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code executi ...)
+	TODO: check
 CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...)
 	NOT-FOR-US: OpenBlocks IoT VX2
 CVE-2020-5535 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a5cecd1e67e0ed3fbc99596f0fbe389125e94c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a5cecd1e67e0ed3fbc99596f0fbe389125e94c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200525/fa7330d7/attachment.html>

More information about the debian-security-tracker-commits mailing list