[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
549213d2 by security tracker role at 2020-05-12T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-12799
+       RESERVED
+CVE-2020-12798
+       RESERVED
+CVE-2020-12797
+       RESERVED
+CVE-2020-12796
+       RESERVED
+CVE-2020-12795
+       RESERVED
+CVE-2020-12794
+       RESERVED
+CVE-2020-12793
+       RESERVED
+CVE-2020-12792
+       RESERVED
+CVE-2020-12791
+       RESERVED
 CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, 
helpers/DynamicMet ...)
        NOT-FOR-US: SEOmatic plugin for Craft CMS
 CVE-2020-12789
@@ -5170,10 +5188,10 @@ CVE-2020-11074
        RESERVED
 CVE-2020-11073
        RESERVED
-CVE-2020-11072
-       RESERVED
-CVE-2020-11071
-       RESERVED
+CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 
1.2.1, users ...)
+       TODO: check
+CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a 
vulnerability w ...)
+       TODO: check
 CVE-2020-11070
        RESERVED
 CVE-2020-11069
@@ -7933,8 +7951,8 @@ CVE-2020-10069
        RESERVED
 CVE-2020-10068
        RESERVED
-CVE-2020-10067
-       RESERVED
+CVE-2020-10067 (A malicious userspace application can cause a integer overflow 
and byp ...)
+       TODO: check
 CVE-2020-10066
        RESERVED
 CVE-2020-10065
@@ -7947,12 +7965,12 @@ CVE-2020-10062
        RESERVED
 CVE-2020-10061
        RESERVED
-CVE-2020-10060
-       RESERVED
-CVE-2020-10059
-       RESERVED
-CVE-2020-10058
-       RESERVED
+CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, 
objects\[1]  ...)
+       TODO: check
+CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows 
for a m ...)
+       TODO: check
+CVE-2020-10058 (Multiple syscalls in the Kscan subsystem perform insufficient 
argument ...)
+       TODO: check
 CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass 
because the  ...)
        NOT-FOR-US: cPanel
 CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup 
Restoration (SE ...)
@@ -8353,8 +8371,8 @@ CVE-2020-9842
        RESERVED
 CVE-2020-9841
        RESERVED
-CVE-2020-9840
-       RESERVED
+CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed 
with impr ...)
+       TODO: check
 CVE-2020-9839
        RESERVED
 CVE-2020-9838
@@ -8501,26 +8519,26 @@ CVE-2020-9768 (A use after free issue was addressed 
with improved memory managem
        NOT-FOR-US: Apple
 CVE-2020-9767
        RESERVED
-CVE-2020-10028
-       RESERVED
-CVE-2020-10027
-       RESERVED
+CVE-2020-10028 (Multiple syscalls with insufficient argument validation See 
NCC-ZEP-00 ...)
+       TODO: check
+CVE-2020-10027 (An attacker who has obtained code execution within a user 
thread is ab ...)
+       TODO: check
 CVE-2020-10026
-       RESERVED
+       REJECTED
 CVE-2020-10025
-       RESERVED
-CVE-2020-10024
-       RESERVED
-CVE-2020-10023
-       RESERVED
-CVE-2020-10022
-       RESERVED
-CVE-2020-10021
-       RESERVED
+       REJECTED
+CVE-2020-10024 (The arm platform-specific code uses a signed integer 
comparison when v ...)
+       TODO: check
+CVE-2020-10023 (The shell subsystem contains a buffer overflow, whereby an 
adversary w ...)
+       TODO: check
+CVE-2020-10022 (A malformed JSON payload that is received from an UpdateHub 
server may ...)
+       TODO: check
+CVE-2020-10021 (Out-of-bounds Write in the USB Mass Storage memoryWrite 
handler with u ...)
+       TODO: check
 CVE-2020-10020
        REJECTED
-CVE-2020-10019
-       RESERVED
+CVE-2020-10019 (USB DFU has a potential buffer overflow where the requested 
length (wL ...)
+       TODO: check
 CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which 
are the  ...)
        {DSA-4641-1}
        - webkit2gtk 2.28.0-2
@@ -13518,8 +13536,8 @@ CVE-2020-7649
        RESERVED
 CVE-2020-7648
        RESERVED
-CVE-2020-7647
-       RESERVED
+CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 
inclusive and b ...)
+       TODO: check
 CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary 
commands.It is ...)
        TODO: check
 CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary 
commands, ...)
@@ -17813,16 +17831,16 @@ CVE-2020-5839
        RESERVED
 CVE-2020-5838
        RESERVED
-CVE-2020-5837
-       RESERVED
-CVE-2020-5836
-       RESERVED
-CVE-2020-5835
-       RESERVED
-CVE-2020-5834
-       RESERVED
-CVE-2020-5833
-       RESERVED
+CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect 
file perm ...)
+       TODO: check
+CVE-2020-5836 (Symantec Endpoint Protection, prior to 14.3, can potentially 
reset the ...)
+       TODO: check
+CVE-2020-5835 (Symantec Endpoint Protection Manager, prior to 14.3, has a race 
condit ...)
+       TODO: check
+CVE-2020-5834 (Symantec Endpoint Protection Manager, prior to 14.3, may be 
susceptibl ...)
+       TODO: check
+CVE-2020-5833 (Symantec Endpoint Protection Manager, prior to 14.3, may be 
susceptibl ...)
+       TODO: check
 CVE-2020-5832 (Symantec Data Center Security Manager Component, prior to 6.8.2 
(aka 6 ...)
        NOT-FOR-US: Symantec
 CVE-2020-5831 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 
MP1, ma ...)
@@ -29355,8 +29373,7 @@ CVE-2020-1726 (A flaw was discovered in Podman where it 
incorrectly allows conta
        - podman <itp> (bug #930440)
 CVE-2020-1725
        RESERVED
-CVE-2020-1724
-       RESERVED
+CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This 
flaw allow ...)
        NOT-FOR-US: Keycloak
 CVE-2020-1723
        RESERVED
@@ -152852,7 +152869,7 @@ CVE-2017-14202 (Improper Restriction of Operations 
within the Bounds of a Memory
 CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a 
serial or te ...)
        NOT-FOR-US: Zephyr
 CVE-2017-14200
-       RESERVED
+       REJECTED
 CVE-2017-14199 (A buffer overflow has been found in the Zephyr Project's 
getaddrinfo() ...)
        NOT-FOR-US: Zephyr OS
 CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 
5.4.x befor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/549213d2c217c8b88c64fd2d37138f7fb58bcb4c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/549213d2c217c8b88c64fd2d37138f7fb58bcb4c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits