Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
04b6343e by security tracker role at 2020-05-15T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-12887
+ RESERVED
+CVE-2020-12886
+ RESERVED
+CVE-2020-12885
+ RESERVED
+CVE-2020-12884
+ RESERVED
+CVE-2020-12883
+ RESERVED
+CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG
document, as ...)
+ TODO: check
+CVE-2020-12881
+ RESERVED
+CVE-2020-12880
+ RESERVED
+CVE-2020-12879
+ RESERVED
+CVE-2020-12878
+ RESERVED
CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive
information to ...)
NOT-FOR-US: Veritas
CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to
access s ...)
@@ -992,8 +1012,8 @@ CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL
injection that is vaguely asso
NOT-FOR-US: Ivanti
CVE-2020-12441
RESERVED
-CVE-2020-12440
- RESERVED
+CVE-2020-12440 (NGINX through 1.18.0 allows an HTTP request smuggling attack
that can ...)
+ TODO: check
CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect
availability of ...)
NOT-FOR-US: Grin
CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of
PHP-Fusion 9.03 ...)
@@ -1893,8 +1913,8 @@ CVE-2020-12070 (The Advanced Woo Search plugin version
through 1.99 for Wordpres
NOT-FOR-US: Advanced Woo Search plugin for WordPress
CVE-2020-12069
RESERVED
-CVE-2020-12068
- RESERVED
+CVE-2020-12068 (An issue was discovered in CODESYS Development System before
3.5.16.0. ...)
+ TODO: check
CVE-2020-12067
RESERVED
CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds
0.7.x before ...)
@@ -1956,16 +1976,16 @@ CVE-2020-12048
RESERVED
CVE-2020-12047
RESERVED
-CVE-2020-12046
- RESERVED
+CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s
firmwar ...)
+ TODO: check
CVE-2020-12045
RESERVED
CVE-2020-12044
RESERVED
CVE-2020-12043
RESERVED
-CVE-2020-12042
- RESERVED
+CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified
within ...)
+ TODO: check
CVE-2020-12041
RESERVED
CVE-2020-12040
@@ -2208,8 +2228,7 @@ CVE-2020-11933
RESERVED
CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu
Server logge ...)
NOT-FOR-US: Subiquity installer for Ubuntu
-CVE-2020-11931
- RESERVED
+CVE-2020-11931 (An Ubuntu-specific modification to Pulseaudio to provide
security medi ...)
NOT-FOR-US: Ubuntu snap packaging of Pulseaudio
CVE-2018-21231 (Certain NETGEAR devices are affected by incorrect
configuration of sec ...)
NOT-FOR-US: Netgear
@@ -6896,24 +6915,24 @@ CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and
prior. The affected product
NOT-FOR-US: LCDS LAquis SCADA
CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and
executed on ...)
NOT-FOR-US: WebAccess/NMS
-CVE-2020-10620
- RESERVED
+CVE-2020-10620 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC
communication d ...)
+ TODO: check
CVE-2020-10619 (An attacker could use a specially crafted URL to delete files
outside ...)
NOT-FOR-US: WebAccess/NMS
CVE-2020-10618 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected
product is vu ...)
NOT-FOR-US: LCDS LAquis SCADA
CVE-2020-10617 (There are multiple ways an unauthenticated attacker could
perform SQL ...)
NOT-FOR-US: WebAccess/NMS
-CVE-2020-10616
- RESERVED
+CVE-2020-10616 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does
not specif ...)
+ TODO: check
CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through
4.0.122, 2.41 ...)
NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
CVE-2020-10614
RESERVED
CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through
4.0.122, 2.41 ...)
NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
-CVE-2020-10612
- RESERVED
+CVE-2020-10612 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent
communicat ...)
+ TODO: check
CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through
4.0.122, 2.41 ...)
NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
CVE-2020-10610
@@ -23621,7 +23640,7 @@ CVE-2020-3811
RESERVED
CVE-2020-3810 [apt out-of-bounds read in .ar/.tar implemations]
RESERVED
- {DSA-4685-1}
+ {DSA-4685-1 DLA-2210-1}
- apt 2.1.2
NOTE: https://github.com/Debian/apt/issues/111
NOTE: https://bugs.launchpad.net/bugs/1878177
@@ -35751,10 +35770,10 @@ CVE-2020-0223
RESERVED
CVE-2020-0222
RESERVED
-CVE-2020-0221
- RESERVED
-CVE-2020-0220
- RESERVED
+CVE-2020-0221 (Airbrush FW's scratch memory allocator is susceptible to
numeric overf ...)
+ TODO: check
+CVE-2020-0220 (In crus_afe_callback of msm-cirrus-playback.c, there is a
possible out ...)
+ TODO: check
CVE-2020-0219
RESERVED
CVE-2020-0218
@@ -35973,64 +35992,50 @@ CVE-2020-0112
RESERVED
CVE-2020-0111
RESERVED
-CVE-2020-0110 [sched/psi: Fix OOB write when writing 0 bytes to PSI files]
- RESERVED
+CVE-2020-0110 (In psi_write of psi.c, there is a possible out of bounds write
due to ...)
- linux 5.5.13-1
NOTE:
https://git.kernel.org/linus/6fcca0fa48118e6d63733eb4644c6cd880c15b8f (5.6-rc2)
-CVE-2020-0109
- RESERVED
+CVE-2020-0109 (In simulatePackageSuspendBroadcast of
NotificationManagerService.java, ...)
NOT-FOR-US: Android
CVE-2020-0108
RESERVED
CVE-2020-0107
RESERVED
-CVE-2020-0106
- RESERVED
+CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2020-0105
- RESERVED
+CVE-2020-0105 (In onKeyguardVisibilityChanged of key_store_service.cpp, there
is a mi ...)
NOT-FOR-US: Android
-CVE-2020-0104
- RESERVED
+CVE-2020-0104 (In onShowingStateChanged of KeyguardStateMonitor.java, there is
a poss ...)
NOT-FOR-US: Android
-CVE-2020-0103
- RESERVED
+CVE-2020-0103 (In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a
possibl ...)
NOT-FOR-US: Android
-CVE-2020-0102
- RESERVED
+CVE-2020-0102 (In GattServer::SendResponse of gatt_server.cc, there is a
possible out ...)
NOT-FOR-US: Android
-CVE-2020-0101
- RESERVED
-CVE-2020-0100
- RESERVED
+CVE-2020-0101 (In BnCrypto::onTransact of ICrypto.cpp, there is a possible
informatio ...)
+ TODO: check
+CVE-2020-0100 (In onTransact of IHDCP.cpp, there is a possible out of bounds
read due ...)
+ TODO: check
CVE-2020-0099
RESERVED
-CVE-2020-0098
- RESERVED
+CVE-2020-0098 (In navigateUpToLocked of ActivityStack.java, there is a
possible permi ...)
NOT-FOR-US: Android
-CVE-2020-0097
- RESERVED
+CVE-2020-0097 (In various methods of PackageManagerService.java, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2020-0096
- RESERVED
+CVE-2020-0096 (In startActivities of ActivityStartController.java, there is a
possibl ...)
NOT-FOR-US: Android
CVE-2020-0095
RESERVED
-CVE-2020-0094
- RESERVED
-CVE-2020-0093
- RESERVED
+CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is
a possi ...)
+ TODO: check
+CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a
possible out o ...)
- libexif <undetermined>
NOTE:
https://android.googlesource.com/platform/external/libexif/+/0335ffc17f9b9a4831c242bb08ea92f605fde7a6
NOTE: https://github.com/libexif/libexif/issues/42
-CVE-2020-0092
- RESERVED
+CVE-2020-0092 (In setHideSensitive of NotificationStackScrollLayout.java,
there is a ...)
NOT-FOR-US: Android
-CVE-2020-0091
- RESERVED
+CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for
meta fac ...)
NOT-FOR-US: Mediatek components for Android
-CVE-2020-0090
- RESERVED
+CVE-2020-0090 (An improper authorization in the receiver component of
Email.Product: ...)
NOT-FOR-US: Mediatek components for Android
CVE-2020-0089
RESERVED
@@ -36084,11 +36089,9 @@ CVE-2020-0066 (In the netlink driver, there is a
possible out of bounds write du
- linux 4.2.5-1
[jessie] - linux 3.16.7-ckt20-1
NOTE:
https://git.kernel.org/linus/db65a3aaf29ecce2e34271d52e8d2336b97bd9fe
-CVE-2020-0065
- RESERVED
+CVE-2020-0065 (An improper authorization in the receiver component of the
Android Sui ...)
NOT-FOR-US: Mediatek components for Android
-CVE-2020-0064
- RESERVED
+CVE-2020-0064 (An improper authorization while processing the provisioning
data.Produ ...)
NOT-FOR-US: Mediatek components for Android
CVE-2020-0063 (In SurfaceFlinger, it is possible to override UI confirmation
screen p ...)
NOT-FOR-US: Android
@@ -36177,8 +36180,7 @@ CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp,
there is possible memory
NOT-FOR-US: Android
CVE-2020-0025
RESERVED
-CVE-2020-0024
- RESERVED
+CVE-2020-0024 (In onCreate of SettingsBaseActivity.java, there is a possible
unauthor ...)
NOT-FOR-US: Android
CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there
is a pos ...)
NOT-FOR-US: Android
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04b6343e6878b9e288b429debefdeed8a25c0d20
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04b6343e6878b9e288b429debefdeed8a25c0d20
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
