Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 04b6343e by security tracker role at 2020-05-15T08:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,23 @@ +CVE-2020-12887 + RESERVED +CVE-2020-12886 + RESERVED +CVE-2020-12885 + RESERVED +CVE-2020-12884 + RESERVED +CVE-2020-12883 + RESERVED +CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG document, as ...) + TODO: check +CVE-2020-12881 + RESERVED +CVE-2020-12880 + RESERVED +CVE-2020-12879 + RESERVED +CVE-2020-12878 + RESERVED CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...) NOT-FOR-US: Veritas CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...) @@ -992,8 +1012,8 @@ CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely asso NOT-FOR-US: Ivanti CVE-2020-12441 RESERVED -CVE-2020-12440 - RESERVED +CVE-2020-12440 (NGINX through 1.18.0 allows an HTTP request smuggling attack that can ...) + TODO: check CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...) NOT-FOR-US: Grin CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03 ...) @@ -1893,8 +1913,8 @@ CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpres NOT-FOR-US: Advanced Woo Search plugin for WordPress CVE-2020-12069 RESERVED -CVE-2020-12068 - RESERVED +CVE-2020-12068 (An issue was discovered in CODESYS Development System before 3.5.16.0. ...) + TODO: check CVE-2020-12067 RESERVED CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...) @@ -1956,16 +1976,16 @@ CVE-2020-12048 RESERVED CVE-2020-12047 RESERVED -CVE-2020-12046 - RESERVED +CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmwar ...) + TODO: check CVE-2020-12045 RESERVED CVE-2020-12044 RESERVED CVE-2020-12043 RESERVED -CVE-2020-12042 - RESERVED +CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within ...) + TODO: check CVE-2020-12041 RESERVED CVE-2020-12040 @@ -2208,8 +2228,7 @@ CVE-2020-11933 RESERVED CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server logge ...) NOT-FOR-US: Subiquity installer for Ubuntu -CVE-2020-11931 - RESERVED +CVE-2020-11931 (An Ubuntu-specific modification to Pulseaudio to provide security medi ...) NOT-FOR-US: Ubuntu snap packaging of Pulseaudio CVE-2018-21231 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear @@ -6896,24 +6915,24 @@ CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product NOT-FOR-US: LCDS LAquis SCADA CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...) NOT-FOR-US: WebAccess/NMS -CVE-2020-10620 - RESERVED +CVE-2020-10620 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication d ...) + TODO: check CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10618 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) NOT-FOR-US: LCDS LAquis SCADA CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...) NOT-FOR-US: WebAccess/NMS -CVE-2020-10616 - RESERVED +CVE-2020-10616 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specif ...) + TODO: check CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10614 RESERVED CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway -CVE-2020-10612 - RESERVED +CVE-2020-10612 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicat ...) + TODO: check CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10610 @@ -23621,7 +23640,7 @@ CVE-2020-3811 RESERVED CVE-2020-3810 [apt out-of-bounds read in .ar/.tar implemations] RESERVED - {DSA-4685-1} + {DSA-4685-1 DLA-2210-1} - apt 2.1.2 NOTE: https://github.com/Debian/apt/issues/111 NOTE: https://bugs.launchpad.net/bugs/1878177 @@ -35751,10 +35770,10 @@ CVE-2020-0223 RESERVED CVE-2020-0222 RESERVED -CVE-2020-0221 - RESERVED -CVE-2020-0220 - RESERVED +CVE-2020-0221 (Airbrush FW's scratch memory allocator is susceptible to numeric overf ...) + TODO: check +CVE-2020-0220 (In crus_afe_callback of msm-cirrus-playback.c, there is a possible out ...) + TODO: check CVE-2020-0219 RESERVED CVE-2020-0218 @@ -35973,64 +35992,50 @@ CVE-2020-0112 RESERVED CVE-2020-0111 RESERVED -CVE-2020-0110 [sched/psi: Fix OOB write when writing 0 bytes to PSI files] - RESERVED +CVE-2020-0110 (In psi_write of psi.c, there is a possible out of bounds write due to ...) - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/6fcca0fa48118e6d63733eb4644c6cd880c15b8f (5.6-rc2) -CVE-2020-0109 - RESERVED +CVE-2020-0109 (In simulatePackageSuspendBroadcast of NotificationManagerService.java, ...) NOT-FOR-US: Android CVE-2020-0108 RESERVED CVE-2020-0107 RESERVED -CVE-2020-0106 - RESERVED +CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a possible ...) NOT-FOR-US: Android -CVE-2020-0105 - RESERVED +CVE-2020-0105 (In onKeyguardVisibilityChanged of key_store_service.cpp, there is a mi ...) NOT-FOR-US: Android -CVE-2020-0104 - RESERVED +CVE-2020-0104 (In onShowingStateChanged of KeyguardStateMonitor.java, there is a poss ...) NOT-FOR-US: Android -CVE-2020-0103 - RESERVED +CVE-2020-0103 (In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possibl ...) NOT-FOR-US: Android -CVE-2020-0102 - RESERVED +CVE-2020-0102 (In GattServer::SendResponse of gatt_server.cc, there is a possible out ...) NOT-FOR-US: Android -CVE-2020-0101 - RESERVED -CVE-2020-0100 - RESERVED +CVE-2020-0101 (In BnCrypto::onTransact of ICrypto.cpp, there is a possible informatio ...) + TODO: check +CVE-2020-0100 (In onTransact of IHDCP.cpp, there is a possible out of bounds read due ...) + TODO: check CVE-2020-0099 RESERVED -CVE-2020-0098 - RESERVED +CVE-2020-0098 (In navigateUpToLocked of ActivityStack.java, there is a possible permi ...) NOT-FOR-US: Android -CVE-2020-0097 - RESERVED +CVE-2020-0097 (In various methods of PackageManagerService.java, there is a possible ...) NOT-FOR-US: Android -CVE-2020-0096 - RESERVED +CVE-2020-0096 (In startActivities of ActivityStartController.java, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0095 RESERVED -CVE-2020-0094 - RESERVED -CVE-2020-0093 - RESERVED +CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possi ...) + TODO: check +CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a possible out o ...) - libexif <undetermined> NOTE: https://android.googlesource.com/platform/external/libexif/+/0335ffc17f9b9a4831c242bb08ea92f605fde7a6 NOTE: https://github.com/libexif/libexif/issues/42 -CVE-2020-0092 - RESERVED +CVE-2020-0092 (In setHideSensitive of NotificationStackScrollLayout.java, there is a ...) NOT-FOR-US: Android -CVE-2020-0091 - RESERVED +CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for meta fac ...) NOT-FOR-US: Mediatek components for Android -CVE-2020-0090 - RESERVED +CVE-2020-0090 (An improper authorization in the receiver component of Email.Product: ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0089 RESERVED @@ -36084,11 +36089,9 @@ CVE-2020-0066 (In the netlink driver, there is a possible out of bounds write du - linux 4.2.5-1 [jessie] - linux 3.16.7-ckt20-1 NOTE: https://git.kernel.org/linus/db65a3aaf29ecce2e34271d52e8d2336b97bd9fe -CVE-2020-0065 - RESERVED +CVE-2020-0065 (An improper authorization in the receiver component of the Android Sui ...) NOT-FOR-US: Mediatek components for Android -CVE-2020-0064 - RESERVED +CVE-2020-0064 (An improper authorization while processing the provisioning data.Produ ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0063 (In SurfaceFlinger, it is possible to override UI confirmation screen p ...) NOT-FOR-US: Android @@ -36177,8 +36180,7 @@ CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible memory NOT-FOR-US: Android CVE-2020-0025 RESERVED -CVE-2020-0024 - RESERVED +CVE-2020-0024 (In onCreate of SettingsBaseActivity.java, there is a possible unauthor ...) NOT-FOR-US: Android CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there is a pos ...) NOT-FOR-US: Android View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04b6343e6878b9e288b429debefdeed8a25c0d20 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04b6343e6878b9e288b429debefdeed8a25c0d20 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits