[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed May 27 21:10:35 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
274c7b62 by security tracker role at 2020-05-27T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-13636
+	RESERVED
+CVE-2020-13635
+	RESERVED
+CVE-2020-13634
+	RESERVED
+CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...)
+	TODO: check
+CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...)
+	TODO: check
+CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name  ...)
+	TODO: check
+CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...)
+	TODO: check
+CVE-2020-13629
+	RESERVED
+CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
+	TODO: check
+CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
+	TODO: check
+CVE-2020-13626
+	RESERVED
+CVE-2020-13625
+	RESERVED
+CVE-2020-13624
+	RESERVED
 CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...)
 	NOT-FOR-US: JerryScript
 CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service (asser ...)
@@ -495,8 +521,8 @@ CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading
 	NOT-FOR-US: jw.util
 CVE-2020-13387
 	RESERVED
-CVE-2020-13386
-	RESERVED
+CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...)
+	TODO: check
 CVE-2020-13385
 	RESERVED
 CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...)
@@ -547,7 +573,7 @@ CVE-2020-13362
 	RESERVED
 CVE-2020-13361
 	RESERVED
-CVE-2019-20806 [media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame]
+CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
 	- linux 5.2.6-1
 	[buster] - linux 4.19.118-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -779,8 +805,7 @@ CVE-2020-13255
 	RESERVED
 CVE-2020-13254
 	RESERVED
-CVE-2020-13253 [sd: OOB access could crash the guest resulting in DoS]
-	RESERVED
+CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ...)
 	- qemu <unfixed> (bug #961297)
 	[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
 	[stretch] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
@@ -7456,10 +7481,10 @@ CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienfor
 	NOT-FOR-US: Jon Hedley AlienForm2
 CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...)
 	NOT-FOR-US: Sophos
-CVE-2020-10946
-	RESERVED
-CVE-2020-10945
-	RESERVED
+CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
+	TODO: check
+CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server responses. ...)
+	TODO: check
 CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-si ...)
 	- nomad 0.10.5+dfsg1-1
 	NOTE: https://github.com/hashicorp/nomad/issues/7468
@@ -7485,8 +7510,7 @@ CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resulta
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce
 CVE-2020-10937
 	RESERVED
-CVE-2020-10936 [Security flaws in setuid wrappers]
-	RESERVED
+CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
 	- sympa <unfixed> (bug #961491)
 	NOTE: https://sympa-community.github.io/security/2020-002.html
 	NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch
@@ -17585,8 +17609,8 @@ CVE-2020-6776
 	RESERVED
 CVE-2020-6775
 	RESERVED
-CVE-2020-6774
-	RESERVED
+CVE-2020-6774 (Improper Access Control in the Kiosk Mode functionality of Bosch Recor ...)
+	TODO: check
 CVE-2020-6773
 	RESERVED
 CVE-2020-6772
@@ -23376,10 +23400,10 @@ CVE-2020-4381
 	RESERVED
 CVE-2020-4380
 	RESERVED
-CVE-2020-4379
-	RESERVED
-CVE-2020-4378
-	RESERVED
+CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
+	TODO: check
+CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged au ...)
+	TODO: check
 CVE-2020-4377
 	RESERVED
 CVE-2020-4376
@@ -23418,10 +23442,10 @@ CVE-2020-4360
 	RESERVED
 CVE-2020-4359
 	RESERVED
-CVE-2020-4358
-	RESERVED
-CVE-2020-4357
-	RESERVED
+CVE-2020-4358 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site ...)
+	TODO: check
+CVE-2020-4357 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attack ...)
+	TODO: check
 CVE-2020-4356
 	RESERVED
 CVE-2020-4355
@@ -23434,12 +23458,12 @@ CVE-2020-4352
 	RESERVED
 CVE-2020-4351
 	RESERVED
-CVE-2020-4350
-	RESERVED
-CVE-2020-4349
-	RESERVED
-CVE-2020-4348
-	RESERVED
+CVE-2020-4350 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
+	TODO: check
+CVE-2020-4349 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
+	TODO: check
+CVE-2020-4348 (IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...)
+	TODO: check
 CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subjec ...)
 	NOT-FOR-US: IBM
 CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server ha ...)
@@ -23682,8 +23706,8 @@ CVE-2020-4228
 	RESERVED
 CVE-2020-4227
 	RESERVED
-CVE-2020-4226
-	RESERVED
+CVE-2020-4226 (IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive in ...)
+	TODO: check
 CVE-2020-4225
 	RESERVED
 CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...)
@@ -27239,6 +27263,7 @@ CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker can crash a push-notifica
 	NOTE: https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b
 	NOTE: https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432
 CVE-2019-19721 (An off-by-one error in the DecodeBlock function in codec/sdl_image.c i ...)
+	{DSA-4671-1}
 	- vlc 3.0.9.2-1
 	NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b (3.0.9)
 CVE-2020-3109



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/274c7b62c11da07c6bf563c90158a89b287a287b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/274c7b62c11da07c6bf563c90158a89b287a287b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200527/af56ec02/attachment.html>


More information about the debian-security-tracker-commits mailing list