[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 27 21:10:35 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
274c7b62 by security tracker role at 2020-05-27T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-13636
+ RESERVED
+CVE-2020-13635
+ RESERVED
+CVE-2020-13634
+ RESERVED
+CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...)
+ TODO: check
+CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...)
+ TODO: check
+CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name ...)
+ TODO: check
+CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...)
+ TODO: check
+CVE-2020-13629
+ RESERVED
+CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
+ TODO: check
+CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
+ TODO: check
+CVE-2020-13626
+ RESERVED
+CVE-2020-13625
+ RESERVED
+CVE-2020-13624
+ RESERVED
CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...)
NOT-FOR-US: JerryScript
CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service (asser ...)
@@ -495,8 +521,8 @@ CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading
NOT-FOR-US: jw.util
CVE-2020-13387
RESERVED
-CVE-2020-13386
- RESERVED
+CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...)
+ TODO: check
CVE-2020-13385
RESERVED
CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...)
@@ -547,7 +573,7 @@ CVE-2020-13362
RESERVED
CVE-2020-13361
RESERVED
-CVE-2019-20806 [media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame]
+CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
- linux 5.2.6-1
[buster] - linux 4.19.118-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -779,8 +805,7 @@ CVE-2020-13255
RESERVED
CVE-2020-13254
RESERVED
-CVE-2020-13253 [sd: OOB access could crash the guest resulting in DoS]
- RESERVED
+CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ...)
- qemu <unfixed> (bug #961297)
[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
[stretch] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
@@ -7456,10 +7481,10 @@ CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienfor
NOT-FOR-US: Jon Hedley AlienForm2
CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...)
NOT-FOR-US: Sophos
-CVE-2020-10946
- RESERVED
-CVE-2020-10945
- RESERVED
+CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
+ TODO: check
+CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server responses. ...)
+ TODO: check
CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-si ...)
- nomad 0.10.5+dfsg1-1
NOTE: https://github.com/hashicorp/nomad/issues/7468
@@ -7485,8 +7510,7 @@ CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resulta
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce
CVE-2020-10937
RESERVED
-CVE-2020-10936 [Security flaws in setuid wrappers]
- RESERVED
+CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
- sympa <unfixed> (bug #961491)
NOTE: https://sympa-community.github.io/security/2020-002.html
NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch
@@ -17585,8 +17609,8 @@ CVE-2020-6776
RESERVED
CVE-2020-6775
RESERVED
-CVE-2020-6774
- RESERVED
+CVE-2020-6774 (Improper Access Control in the Kiosk Mode functionality of Bosch Recor ...)
+ TODO: check
CVE-2020-6773
RESERVED
CVE-2020-6772
@@ -23376,10 +23400,10 @@ CVE-2020-4381
RESERVED
CVE-2020-4380
RESERVED
-CVE-2020-4379
- RESERVED
-CVE-2020-4378
- RESERVED
+CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
+ TODO: check
+CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged au ...)
+ TODO: check
CVE-2020-4377
RESERVED
CVE-2020-4376
@@ -23418,10 +23442,10 @@ CVE-2020-4360
RESERVED
CVE-2020-4359
RESERVED
-CVE-2020-4358
- RESERVED
-CVE-2020-4357
- RESERVED
+CVE-2020-4358 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site ...)
+ TODO: check
+CVE-2020-4357 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attack ...)
+ TODO: check
CVE-2020-4356
RESERVED
CVE-2020-4355
@@ -23434,12 +23458,12 @@ CVE-2020-4352
RESERVED
CVE-2020-4351
RESERVED
-CVE-2020-4350
- RESERVED
-CVE-2020-4349
- RESERVED
-CVE-2020-4348
- RESERVED
+CVE-2020-4350 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
+ TODO: check
+CVE-2020-4349 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
+ TODO: check
+CVE-2020-4348 (IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...)
+ TODO: check
CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subjec ...)
NOT-FOR-US: IBM
CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server ha ...)
@@ -23682,8 +23706,8 @@ CVE-2020-4228
RESERVED
CVE-2020-4227
RESERVED
-CVE-2020-4226
- RESERVED
+CVE-2020-4226 (IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive in ...)
+ TODO: check
CVE-2020-4225
RESERVED
CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...)
@@ -27239,6 +27263,7 @@ CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker can crash a push-notifica
NOTE: https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b
NOTE: https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432
CVE-2019-19721 (An off-by-one error in the DecodeBlock function in codec/sdl_image.c i ...)
+ {DSA-4671-1}
- vlc 3.0.9.2-1
NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b (3.0.9)
CVE-2020-3109
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/274c7b62c11da07c6bf563c90158a89b287a287b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/274c7b62c11da07c6bf563c90158a89b287a287b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200527/af56ec02/attachment.html>
More information about the debian-security-tracker-commits
mailing list