[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue May 26 21:10:35 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88471b63 by security tracker role at 2020-05-26T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,215 @@
-CVE-2020-13487
+CVE-2020-13592
RESERVED
+CVE-2020-13591
+ RESERVED
+CVE-2020-13590
+ RESERVED
+CVE-2020-13589
+ RESERVED
+CVE-2020-13588
+ RESERVED
+CVE-2020-13587
+ RESERVED
+CVE-2020-13586
+ RESERVED
+CVE-2020-13585
+ RESERVED
+CVE-2020-13584
+ RESERVED
+CVE-2020-13583
+ RESERVED
+CVE-2020-13582
+ RESERVED
+CVE-2020-13581
+ RESERVED
+CVE-2020-13580
+ RESERVED
+CVE-2020-13579
+ RESERVED
+CVE-2020-13578
+ RESERVED
+CVE-2020-13577
+ RESERVED
+CVE-2020-13576
+ RESERVED
+CVE-2020-13575
+ RESERVED
+CVE-2020-13574
+ RESERVED
+CVE-2020-13573
+ RESERVED
+CVE-2020-13572
+ RESERVED
+CVE-2020-13571
+ RESERVED
+CVE-2020-13570
+ RESERVED
+CVE-2020-13569
+ RESERVED
+CVE-2020-13568
+ RESERVED
+CVE-2020-13567
+ RESERVED
+CVE-2020-13566
+ RESERVED
+CVE-2020-13565
+ RESERVED
+CVE-2020-13564
+ RESERVED
+CVE-2020-13563
+ RESERVED
+CVE-2020-13562
+ RESERVED
+CVE-2020-13561
+ RESERVED
+CVE-2020-13560
+ RESERVED
+CVE-2020-13559
+ RESERVED
+CVE-2020-13558
+ RESERVED
+CVE-2020-13557
+ RESERVED
+CVE-2020-13556
+ RESERVED
+CVE-2020-13555
+ RESERVED
+CVE-2020-13554
+ RESERVED
+CVE-2020-13553
+ RESERVED
+CVE-2020-13552
+ RESERVED
+CVE-2020-13551
+ RESERVED
+CVE-2020-13550
+ RESERVED
+CVE-2020-13549
+ RESERVED
+CVE-2020-13548
+ RESERVED
+CVE-2020-13547
+ RESERVED
+CVE-2020-13546
+ RESERVED
+CVE-2020-13545
+ RESERVED
+CVE-2020-13544
+ RESERVED
+CVE-2020-13543
+ RESERVED
+CVE-2020-13542
+ RESERVED
+CVE-2020-13541
+ RESERVED
+CVE-2020-13540
+ RESERVED
+CVE-2020-13539
+ RESERVED
+CVE-2020-13538
+ RESERVED
+CVE-2020-13537
+ RESERVED
+CVE-2020-13536
+ RESERVED
+CVE-2020-13535
+ RESERVED
+CVE-2020-13534
+ RESERVED
+CVE-2020-13533
+ RESERVED
+CVE-2020-13532
+ RESERVED
+CVE-2020-13531
+ RESERVED
+CVE-2020-13530
+ RESERVED
+CVE-2020-13529
+ RESERVED
+CVE-2020-13528
+ RESERVED
+CVE-2020-13527
+ RESERVED
+CVE-2020-13526
+ RESERVED
+CVE-2020-13525
+ RESERVED
+CVE-2020-13524
+ RESERVED
+CVE-2020-13523
+ RESERVED
+CVE-2020-13522
+ RESERVED
+CVE-2020-13521
+ RESERVED
+CVE-2020-13520
+ RESERVED
+CVE-2020-13519
+ RESERVED
+CVE-2020-13518
+ RESERVED
+CVE-2020-13517
+ RESERVED
+CVE-2020-13516
+ RESERVED
+CVE-2020-13515
+ RESERVED
+CVE-2020-13514
+ RESERVED
+CVE-2020-13513
+ RESERVED
+CVE-2020-13512
+ RESERVED
+CVE-2020-13511
+ RESERVED
+CVE-2020-13510
+ RESERVED
+CVE-2020-13509
+ RESERVED
+CVE-2020-13508
+ RESERVED
+CVE-2020-13507
+ RESERVED
+CVE-2020-13506
+ RESERVED
+CVE-2020-13505
+ RESERVED
+CVE-2020-13504
+ RESERVED
+CVE-2020-13503
+ RESERVED
+CVE-2020-13502
+ RESERVED
+CVE-2020-13501
+ RESERVED
+CVE-2020-13500
+ RESERVED
+CVE-2020-13499
+ RESERVED
+CVE-2020-13498
+ RESERVED
+CVE-2020-13497
+ RESERVED
+CVE-2020-13496
+ RESERVED
+CVE-2020-13495
+ RESERVED
+CVE-2020-13494
+ RESERVED
+CVE-2020-13493
+ RESERVED
+CVE-2020-13492
+ RESERVED
+CVE-2020-13491
+ RESERVED
+CVE-2020-13490
+ RESERVED
+CVE-2020-13489
+ RESERVED
+CVE-2020-13488
+ RESERVED
+CVE-2020-13487 (The bbPress plugin through 2.6.4 for WordPress has stored XSS in the F ...)
+ TODO: check
CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious red ...)
NOT-FOR-US: Craft CMS plugin
CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist ...)
@@ -2453,12 +2663,10 @@ CVE-2020-12397 (By encoding Unicode whitespace characters within the From email
{DSA-4683-1 DLA-2206-1}
- thunderbird 1:68.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12397
-CVE-2020-12396
- RESERVED
+CVE-2020-12396 (Mozilla developers and community members reported memory safety bugs p ...)
- firefox 76.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12396
-CVE-2020-12395
- RESERVED
+CVE-2020-12395 (Mozilla developers and community members reported memory safety bugs p ...)
{DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
- firefox 76.0-1
- firefox-esr 68.8.0esr-1
@@ -2466,20 +2674,17 @@ CVE-2020-12395
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12395
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12395
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12395
-CVE-2020-12394
- RESERVED
+CVE-2020-12394 (A logic flaw in our location bar implementation could have allowed a l ...)
- firefox 76.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12394
-CVE-2020-12393
- RESERVED
+CVE-2020-12393 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12393
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12393
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12393
-CVE-2020-12392
- RESERVED
+CVE-2020-12392 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...)
{DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
- firefox 76.0-1
- firefox-esr 68.8.0esr-1
@@ -2487,28 +2692,23 @@ CVE-2020-12392
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12392
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831
-CVE-2020-12391
- RESERVED
+CVE-2020-12391 (Documents formed using data: URLs in an OBJECT element failed to inher ...)
- firefox 76.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12391
-CVE-2020-12390
- RESERVED
+CVE-2020-12390 (Incorrect origin serialization of URLs with IPv6 addresses could lead ...)
- firefox 76.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12390
-CVE-2020-12389
- RESERVED
+CVE-2020-12389 (The Firefox content processes did not sufficiently lockdown access con ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12389
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12389
-CVE-2020-12388
- RESERVED
+CVE-2020-12388 (The Firefox content processes did not sufficiently lockdown access con ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12388
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12388
-CVE-2020-12387
- RESERVED
+CVE-2020-12387 (A race condition when running shutdown code for Web Worker led to a us ...)
{DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
- firefox 76.0-1
- firefox-esr 68.8.0esr-1
@@ -3472,7 +3672,7 @@ CVE-2020-11972 (Apache Camel RabbitMQ enables Java deserialization by default. A
CVE-2020-11971 (Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, ...)
NOT-FOR-US: Apache Camel
CVE-2020-11970
- RESERVED
+ REJECTED
CVE-2020-11969
RESERVED
CVE-2020-11968 (In the web-panel in IQrouter through 3.3.1, remote attackers can read ...)
@@ -7853,8 +8053,7 @@ CVE-2020-10753
RESERVED
CVE-2020-10752
RESERVED
-CVE-2020-10751
- RESERVED
+CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation ...)
- linux 5.6.14-1
NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6
CVE-2020-10750
@@ -7963,8 +8162,7 @@ CVE-2020-10720
[jessie] - linux 3.16.76-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1781204
NOTE: Fixed by: https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef
-CVE-2020-10719
- RESERVED
+CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...)
- undertow <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459
TODO: check, no details on Red Hat bugreport
@@ -13899,14 +14097,14 @@ CVE-2020-8173
RESERVED
CVE-2020-8172
RESERVED
-CVE-2020-8171
- RESERVED
-CVE-2020-8170
- RESERVED
+CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...)
+ TODO: check
+CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...)
+ TODO: check
CVE-2020-8169
RESERVED
-CVE-2020-8168
- RESERVED
+CVE-2020-8168 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...)
+ TODO: check
CVE-2020-8167
RESERVED
CVE-2020-8166
@@ -17065,8 +17263,7 @@ CVE-2019-20378 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS
NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
CVE-2019-20377 (TopList before 2019-09-03 allows XSS via a title. ...)
NOT-FOR-US: TopList
-CVE-2020-6831
- RESERVED
+CVE-2020-6831 (A buffer overflow could occur when parsing and validating SCTP chunks ...)
{DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
- firefox 76.0-1
- firefox-esr 68.8.0esr-1
@@ -17076,8 +17273,8 @@ CVE-2020-6831
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-6831
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831
-CVE-2020-6830
- RESERVED
+CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be passe ...)
+ TODO: check
CVE-2020-6829
RESERVED
CVE-2020-6828 (A malicious Android application could craft an Intent that would have ...)
@@ -25095,13 +25292,11 @@ CVE-2020-3814
RESERVED
CVE-2020-3813
RESERVED
-CVE-2020-3812
- RESERVED
+CVE-2020-3812 (qmail-verify as used in netqmail 1.06 is prone to an information discl ...)
{DSA-4692-1}
- netqmail 1.06-6.2 (bug #961060)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
-CVE-2020-3811
- RESERVED
+CVE-2020-3811 (qmail-verify as used in netqmail 1.06 is prone to a mail-address verif ...)
{DSA-4692-1}
- netqmail 1.06-6.2 (bug #961060)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
@@ -94023,7 +94218,7 @@ CVE-2018-18407 (A heap-based buffer over-read was discovered in the tcpreplay-ed
NOTE: https://github.com/appneta/tcpreplay/commit/1d7561a4d542842a1aeabf55bfd4aaf88b3a1071
CVE-2018-18406 (An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 bu ...)
NOT-FOR-US: Tufin SecureTrack
-CVE-2018-18405 (jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG ele ...)
+CVE-2018-18405 (** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribut ...)
- jquery <removed> (unimportant)
CVE-2018-18404
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88471b63dd707e5bc5cb06bccb5a626d45ab1b99
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88471b63dd707e5bc5cb06bccb5a626d45ab1b99
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200526/c12b3c40/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list