[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 28 21:10:34 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
06916de0 by security tracker role at 2020-05-28T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-13661
+ RESERVED
+CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...)
+ TODO: check
+CVE-2020-13659
+ RESERVED
+CVE-2020-13658
+ RESERVED
+CVE-2020-13657
+ RESERVED
+CVE-2020-13656
+ RESERVED
+CVE-2020-13655
+ RESERVED
+CVE-2020-13654
+ RESERVED
+CVE-2020-13653
+ RESERVED
+CVE-2020-13652
+ RESERVED
+CVE-2020-13651
+ RESERVED
+CVE-2020-13650
+ RESERVED
+CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...)
+ TODO: check
+CVE-2020-13648
+ RESERVED
+CVE-2020-13647
+ RESERVED
+CVE-2020-13646
+ RESERVED
+CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...)
+ TODO: check
+CVE-2019-20808
+ RESERVED
+CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted mode ...)
+ TODO: check
CVE-2020-13644 (An issue was discovered in the Accordion plugin before 2.2.9 for WordP ...)
NOT-FOR-US: Accordion plugin for WordPress
CVE-2020-13643 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...)
@@ -600,12 +638,10 @@ CVE-2020-13364
RESERVED
CVE-2020-13363
RESERVED
-CVE-2020-13362 [megasas: OOB read access due to invalid index leads to DoS]
- RESERVED
+CVE-2020-13362 (In QEMU 4.2.0, megasas_lookup_frame in hw/scsi/megasas.c has an out-of ...)
- qemu <unfixed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
-CVE-2020-13361 [es1370: OOB access due to incorrect frame count leads to DoS]
- RESERVED
+CVE-2020-13361 (In QEMU 4.2.0, es1370_transfer_audio in hw/audio/es1370.c does not pro ...)
- qemu <unfixed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
@@ -863,8 +899,8 @@ CVE-2020-13247
RESERVED
CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...)
- gitea <removed>
-CVE-2020-13245
- RESERVED
+CVE-2020-13245 (Certain NETGEAR devices are affected by Missing SSL Certificate Valida ...)
+ TODO: check
CVE-2020-13244
RESERVED
CVE-2020-13243
@@ -1155,16 +1191,19 @@ CVE-2020-13116
CVE-2020-13115
RESERVED
CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...)
+ {DLA-2222-1}
- libexif 0.6.21-9 (bug #961410)
[buster] - libexif <no-dsa> (Minor issue)
[stretch] - libexif <no-dsa> (Minor issue)
NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22)
CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...)
+ {DLA-2222-1}
- libexif 0.6.21-9 (bug #961409)
[buster] - libexif <no-dsa> (Minor issue)
[stretch] - libexif <no-dsa> (Minor issue)
NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22)
CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...)
+ {DLA-2222-1}
- libexif 0.6.21-9 (bug #961407)
[buster] - libexif <no-dsa> (Minor issue)
[stretch] - libexif <no-dsa> (Minor issue)
@@ -3863,10 +3902,10 @@ CVE-2020-11952
RESERVED
CVE-2020-11951
RESERVED
-CVE-2020-11950
- RESERVED
-CVE-2020-11949
- RESERVED
+CVE-2020-11950 (VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XX ...)
+ TODO: check
+CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras before XX ...)
+ TODO: check
CVE-2020-11948
RESERVED
CVE-2020-11947
@@ -7092,8 +7131,8 @@ CVE-2020-11081
RESERVED
CVE-2020-11080
RESERVED
-CVE-2020-11079
- RESERVED
+CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of ...)
+ TODO: check
CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...)
- python-httplib2 0.18.1-1
NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
@@ -11198,7 +11237,7 @@ CVE-2020-9486
CVE-2020-9485
RESERVED
CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...)
- {DLA-2217-1}
+ {DLA-2217-1 DLA-2209-1}
- tomcat9 9.0.35-1 (bug #961209)
- tomcat8 <removed>
- tomcat7 <removed>
@@ -13954,10 +13993,10 @@ CVE-2020-8332
RESERVED
CVE-2020-8331
RESERVED
-CVE-2020-8330
- RESERVED
-CVE-2020-8329
- RESERVED
+CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...)
+ TODO: check
+CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...)
+ TODO: check
CVE-2020-8328
RESERVED
CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...)
@@ -15237,8 +15276,8 @@ CVE-2020-7814
RESERVED
CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
NOT-FOR-US: Kaoni
-CVE-2020-7812
- RESERVED
+CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
+ TODO: check
CVE-2020-7811
RESERVED
CVE-2020-7810
@@ -23398,8 +23437,8 @@ CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could
NOT-FOR-US: IBM
CVE-2020-4420
RESERVED
-CVE-2020-4419
- RESERVED
+CVE-2020-4419 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...)
+ TODO: check
CVE-2020-4418
RESERVED
CVE-2020-4417
@@ -23738,18 +23777,18 @@ CVE-2020-4251
RESERVED
CVE-2020-4250
RESERVED
-CVE-2020-4249
- RESERVED
-CVE-2020-4248
- RESERVED
+CVE-2020-4249 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...)
+ TODO: check
+CVE-2020-4248 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...)
+ TODO: check
CVE-2020-4247
RESERVED
-CVE-2020-4246
- RESERVED
-CVE-2020-4245
- RESERVED
-CVE-2020-4244
- RESERVED
+CVE-2020-4246 (IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable ...)
+ TODO: check
+CVE-2020-4245 (IBM Security Identity Governance and Intelligence 5.2.6 does not requi ...)
+ TODO: check
+CVE-2020-4244 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
+ TODO: check
CVE-2020-4243
RESERVED
CVE-2020-4242 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
@@ -23770,12 +23809,12 @@ CVE-2020-4235 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable
NOT-FOR-US: IBM
CVE-2020-4234
RESERVED
-CVE-2020-4233
- RESERVED
-CVE-2020-4232
- RESERVED
-CVE-2020-4231
- RESERVED
+CVE-2020-4233 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...)
+ TODO: check
+CVE-2020-4232 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
+ TODO: check
+CVE-2020-4231 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
+ TODO: check
CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2020-4229
@@ -85086,7 +85125,7 @@ CVE-2018-20032 (A Denial of Service vulnerability related to message decoding in
CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item deletion ...)
NOT-FOR-US: FlexNet Publisher
CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EX ...)
- {DLA-2214-1}
+ {DLA-2222-1 DLA-2214-1}
- libexif 0.6.21-5.1 (bug #918730)
[stretch] - libexif <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06916de098114f4a87f6b0ccd2923e4e17b4c9fb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06916de098114f4a87f6b0ccd2923e4e17b4c9fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200528/2a964e41/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list