[Git][security-tracker-team/security-tracker][master] automatic update

Fri Nov 20 20:10:47 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39b1f3ca by security tracker role at 2020-11-20T20:10:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,11 @@
+CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 co ...)
+	TODO: check
+CVE-2020-28973
+	RESERVED
+CVE-2020-28972
+	RESERVED
 CVE-2020-26235 [RUSTSEC-2020-0071: time: Potential segfault in the time crate]
+	RESERVED
 	- rust-time <not-affected> (Vulnerable methods introduced in v0.2.7)
 	NOTE: https://github.com/time-rs/time/security/advisories/GHSA-wcg3-cvx6-7396
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0071.html
@@ -222,8 +229,8 @@ CVE-2020-28879
 	RESERVED
 CVE-2020-28878
 	RESERVED
-CVE-2020-28877
-	RESERVED
+CVE-2020-28877 (Buffer overflow in in the copy_msg_element function for the devDiscove ...)
+	TODO: check
 CVE-2020-28876
 	RESERVED
 CVE-2020-28875
@@ -286,8 +293,8 @@ CVE-2020-28847
 	RESERVED
 CVE-2020-28846
 	RESERVED
-CVE-2020-28845
-	RESERVED
+CVE-2020-28845 (A CSV injection vulnerability in the Admin portal for Netskope 75.0 al ...)
+	TODO: check
 CVE-2020-28844
 	RESERVED
 CVE-2020-28843
@@ -9143,8 +9150,8 @@ CVE-2020-26238
 	RESERVED
 CVE-2020-26237
 	RESERVED
-CVE-2020-26236
-	RESERVED
+CVE-2020-26236 (In ScratchVerifier before commit a603769, an attacker can hijack the v ...)
+	TODO: check
 CVE-2020-26234
 	RESERVED
 CVE-2020-26233
@@ -10031,8 +10038,8 @@ CVE-2020-25841
 	RESERVED
 CVE-2020-25840
 	RESERVED
-CVE-2020-25839
-	RESERVED
+CVE-2020-25839 (NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected b ...)
+	TODO: check
 CVE-2020-25838
 	RESERVED
 CVE-2020-25837 (Sensitive information disclosure vulnerability in Micro Focus Self Ser ...)
@@ -20774,10 +20781,10 @@ CVE-2020-20742
 	RESERVED
 CVE-2020-20741
 	RESERVED
-CVE-2020-20740
-	RESERVED
-CVE-2020-20739
-	RESERVED
+CVE-2020-20740 (PDFResurrect before 0.20 lack of header validation checks causes heap- ...)
+	TODO: check
+CVE-2020-20739 (im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips befo ...)
+	TODO: check
 CVE-2020-20738
 	RESERVED
 CVE-2020-20737
@@ -22918,10 +22925,10 @@ CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authenticat
 	NOT-FOR-US: Niushop B2B2C Multi-Business Basic Edition
 CVE-2020-19669
 	RESERVED
-CVE-2020-19668
-	RESERVED
-CVE-2020-19667
-	RESERVED
+CVE-2020-19668 (Unverified indexs into the array lead to out of bound access in the gi ...)
+	TODO: check
+CVE-2020-19667 (Stack-based buffer overflow and unconditional jump in ReadXPMImage in  ...)
+	TODO: check
 CVE-2020-19666
 	RESERVED
 CVE-2020-19665
@@ -36993,8 +37000,7 @@ CVE-2020-13673
 	RESERVED
 CVE-2020-13672
 	RESERVED
-CVE-2020-13671 [SA-CORE-2020-012]
-	RESERVED
+CVE-2020-13671 (Drupal core does not properly sanitize certain filenames on uploaded f ...)
 	{DLA-2458-1}
 	- drupal7 <removed>
 	NOTE: https://www.drupal.org/sa-core-2020-012
@@ -53341,8 +53347,8 @@ CVE-2020-7844
 	RESERVED
 CVE-2020-7843
 	RESERVED
-CVE-2020-7842
-	RESERVED
+CVE-2020-7842 (Improper Input validation vulnerability exists in Netis Korea D'live A ...)
+	TODO: check
 CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATFORM w ...)
 	NOT-FOR-US: TOBESOFT XPLATFORM
 CVE-2020-7840
@@ -60870,8 +60876,8 @@ CVE-2020-4939
 	RESERVED
 CVE-2020-4938
 	RESERVED
-CVE-2020-4937
-	RESERVED
+CVE-2020-4937 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 u ...)
+	TODO: check
 CVE-2020-4936
 	RESERVED
 CVE-2020-4935
@@ -61266,8 +61272,8 @@ CVE-2020-4741 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to
 	NOT-FOR-US: IBM
 CVE-2020-4740 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML  ...)
 	NOT-FOR-US: IBM
-CVE-2020-4739
-	RESERVED
+CVE-2020-4739 (IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, ...)
+	TODO: check
 CVE-2020-4738
 	RESERVED
 CVE-2020-4737
@@ -62763,10 +62769,10 @@ CVE-2020-4007
 	RESERVED
 CVE-2020-4006
 	RESERVED
-CVE-2020-4005
-	RESERVED
-CVE-2020-4004
-	RESERVED
+CVE-2020-4005 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...)
+	TODO: check
+CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...)
+	TODO: check
 CVE-2020-4003
 	RESERVED
 CVE-2020-4002



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39b1f3ca12dcd4871dc014509169e8c60bb74f6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39b1f3ca12dcd4871dc014509169e8c60bb74f6c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201120/09aa60d8/attachment.html>
