[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu May 28 21:10:34 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06916de0 by security tracker role at 2020-05-28T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-13661
+	RESERVED
+CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...)
+	TODO: check
+CVE-2020-13659
+	RESERVED
+CVE-2020-13658
+	RESERVED
+CVE-2020-13657
+	RESERVED
+CVE-2020-13656
+	RESERVED
+CVE-2020-13655
+	RESERVED
+CVE-2020-13654
+	RESERVED
+CVE-2020-13653
+	RESERVED
+CVE-2020-13652
+	RESERVED
+CVE-2020-13651
+	RESERVED
+CVE-2020-13650
+	RESERVED
+CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...)
+	TODO: check
+CVE-2020-13648
+	RESERVED
+CVE-2020-13647
+	RESERVED
+CVE-2020-13646
+	RESERVED
+CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...)
+	TODO: check
+CVE-2019-20808
+	RESERVED
+CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted mode  ...)
+	TODO: check
 CVE-2020-13644 (An issue was discovered in the Accordion plugin before 2.2.9 for WordP ...)
 	NOT-FOR-US: Accordion plugin for WordPress
 CVE-2020-13643 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...)
@@ -600,12 +638,10 @@ CVE-2020-13364
 	RESERVED
 CVE-2020-13363
 	RESERVED
-CVE-2020-13362 [megasas: OOB read access due to invalid index leads to DoS]
-	RESERVED
+CVE-2020-13362 (In QEMU 4.2.0, megasas_lookup_frame in hw/scsi/megasas.c has an out-of ...)
 	- qemu <unfixed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
-CVE-2020-13361 [es1370: OOB access due to incorrect frame count leads to DoS]
-	RESERVED
+CVE-2020-13361 (In QEMU 4.2.0, es1370_transfer_audio in hw/audio/es1370.c does not pro ...)
 	- qemu <unfixed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
 CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
@@ -863,8 +899,8 @@ CVE-2020-13247
 	RESERVED
 CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...)
 	- gitea <removed>
-CVE-2020-13245
-	RESERVED
+CVE-2020-13245 (Certain NETGEAR devices are affected by Missing SSL Certificate Valida ...)
+	TODO: check
 CVE-2020-13244
 	RESERVED
 CVE-2020-13243
@@ -1155,16 +1191,19 @@ CVE-2020-13116
 CVE-2020-13115
 	RESERVED
 CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...)
+	{DLA-2222-1}
 	- libexif 0.6.21-9 (bug #961410)
 	[buster] - libexif <no-dsa> (Minor issue)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22)
 CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...)
+	{DLA-2222-1}
 	- libexif 0.6.21-9 (bug #961409)
 	[buster] - libexif <no-dsa> (Minor issue)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22)
 CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...)
+	{DLA-2222-1}
 	- libexif 0.6.21-9 (bug #961407)
 	[buster] - libexif <no-dsa> (Minor issue)
 	[stretch] - libexif <no-dsa> (Minor issue)
@@ -3863,10 +3902,10 @@ CVE-2020-11952
 	RESERVED
 CVE-2020-11951
 	RESERVED
-CVE-2020-11950
-	RESERVED
-CVE-2020-11949
-	RESERVED
+CVE-2020-11950 (VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XX ...)
+	TODO: check
+CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras before XX ...)
+	TODO: check
 CVE-2020-11948
 	RESERVED
 CVE-2020-11947
@@ -7092,8 +7131,8 @@ CVE-2020-11081
 	RESERVED
 CVE-2020-11080
 	RESERVED
-CVE-2020-11079
-	RESERVED
+CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of  ...)
+	TODO: check
 CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...)
 	- python-httplib2 0.18.1-1
 	NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
@@ -11198,7 +11237,7 @@ CVE-2020-9486
 CVE-2020-9485
 	RESERVED
 CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to  ...)
-	{DLA-2217-1}
+	{DLA-2217-1 DLA-2209-1}
 	- tomcat9 9.0.35-1 (bug #961209)
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -13954,10 +13993,10 @@ CVE-2020-8332
 	RESERVED
 CVE-2020-8331
 	RESERVED
-CVE-2020-8330
-	RESERVED
-CVE-2020-8329
-	RESERVED
+CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...)
+	TODO: check
+CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...)
+	TODO: check
 CVE-2020-8328
 	RESERVED
 CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...)
@@ -15237,8 +15276,8 @@ CVE-2020-7814
 	RESERVED
 CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
 	NOT-FOR-US: Kaoni
-CVE-2020-7812
-	RESERVED
+CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
+	TODO: check
 CVE-2020-7811
 	RESERVED
 CVE-2020-7810
@@ -23398,8 +23437,8 @@ CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could
 	NOT-FOR-US: IBM
 CVE-2020-4420
 	RESERVED
-CVE-2020-4419
-	RESERVED
+CVE-2020-4419 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...)
+	TODO: check
 CVE-2020-4418
 	RESERVED
 CVE-2020-4417
@@ -23738,18 +23777,18 @@ CVE-2020-4251
 	RESERVED
 CVE-2020-4250
 	RESERVED
-CVE-2020-4249
-	RESERVED
-CVE-2020-4248
-	RESERVED
+CVE-2020-4249 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...)
+	TODO: check
+CVE-2020-4248 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a  ...)
+	TODO: check
 CVE-2020-4247
 	RESERVED
-CVE-2020-4246
-	RESERVED
-CVE-2020-4245
-	RESERVED
-CVE-2020-4244
-	RESERVED
+CVE-2020-4246 (IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable  ...)
+	TODO: check
+CVE-2020-4245 (IBM Security Identity Governance and Intelligence 5.2.6 does not requi ...)
+	TODO: check
+CVE-2020-4244 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
+	TODO: check
 CVE-2020-4243
 	RESERVED
 CVE-2020-4242 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
@@ -23770,12 +23809,12 @@ CVE-2020-4235 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable
 	NOT-FOR-US: IBM
 CVE-2020-4234
 	RESERVED
-CVE-2020-4233
-	RESERVED
-CVE-2020-4232
-	RESERVED
-CVE-2020-4231
-	RESERVED
+CVE-2020-4233 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a  ...)
+	TODO: check
+CVE-2020-4232 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
+	TODO: check
+CVE-2020-4231 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
+	TODO: check
 CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
 	NOT-FOR-US: IBM
 CVE-2020-4229
@@ -85086,7 +85125,7 @@ CVE-2018-20032 (A Denial of Service vulnerability related to message decoding in
 CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item deletion  ...)
 	NOT-FOR-US: FlexNet Publisher
 CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EX ...)
-	{DLA-2214-1}
+	{DLA-2222-1 DLA-2214-1}
 	- libexif 0.6.21-5.1 (bug #918730)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06916de098114f4a87f6b0ccd2923e4e17b4c9fb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06916de098114f4a87f6b0ccd2923e4e17b4c9fb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200528/2a964e41/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list