Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7c1605c6 by security tracker role at 2020-05-21T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,219 @@ +CVE-2020-13360 + RESERVED +CVE-2020-13359 + RESERVED +CVE-2020-13358 + RESERVED +CVE-2020-13357 + RESERVED +CVE-2020-13356 + RESERVED +CVE-2020-13355 + RESERVED +CVE-2020-13354 + RESERVED +CVE-2020-13353 + RESERVED +CVE-2020-13352 + RESERVED +CVE-2020-13351 + RESERVED +CVE-2020-13350 + RESERVED +CVE-2020-13349 + RESERVED +CVE-2020-13348 + RESERVED +CVE-2020-13347 + RESERVED +CVE-2020-13346 + RESERVED +CVE-2020-13345 + RESERVED +CVE-2020-13344 + RESERVED +CVE-2020-13343 + RESERVED +CVE-2020-13342 + RESERVED +CVE-2020-13341 + RESERVED +CVE-2020-13340 + RESERVED +CVE-2020-13339 + RESERVED +CVE-2020-13338 + RESERVED +CVE-2020-13337 + RESERVED +CVE-2020-13336 + RESERVED +CVE-2020-13335 + RESERVED +CVE-2020-13334 + RESERVED +CVE-2020-13333 + RESERVED +CVE-2020-13332 + RESERVED +CVE-2020-13331 + RESERVED +CVE-2020-13330 + RESERVED +CVE-2020-13329 + RESERVED +CVE-2020-13328 + RESERVED +CVE-2020-13327 + RESERVED +CVE-2020-13326 + RESERVED +CVE-2020-13325 + RESERVED +CVE-2020-13324 + RESERVED +CVE-2020-13323 + RESERVED +CVE-2020-13322 + RESERVED +CVE-2020-13321 + RESERVED +CVE-2020-13320 + RESERVED +CVE-2020-13319 + RESERVED +CVE-2020-13318 + RESERVED +CVE-2020-13317 + RESERVED +CVE-2020-13316 + RESERVED +CVE-2020-13315 + RESERVED +CVE-2020-13314 + RESERVED +CVE-2020-13313 + RESERVED +CVE-2020-13312 + RESERVED +CVE-2020-13311 + RESERVED +CVE-2020-13310 + RESERVED +CVE-2020-13309 + RESERVED +CVE-2020-13308 + RESERVED +CVE-2020-13307 + RESERVED +CVE-2020-13306 + RESERVED +CVE-2020-13305 + RESERVED +CVE-2020-13304 + RESERVED +CVE-2020-13303 + RESERVED +CVE-2020-13302 + RESERVED +CVE-2020-13301 + RESERVED +CVE-2020-13300 + RESERVED +CVE-2020-13299 + RESERVED +CVE-2020-13298 + RESERVED +CVE-2020-13297 + RESERVED +CVE-2020-13296 + RESERVED +CVE-2020-13295 + RESERVED +CVE-2020-13294 + RESERVED +CVE-2020-13293 + RESERVED +CVE-2020-13292 + RESERVED +CVE-2020-13291 + RESERVED +CVE-2020-13290 + RESERVED +CVE-2020-13289 + RESERVED +CVE-2020-13288 + RESERVED +CVE-2020-13287 + RESERVED +CVE-2020-13286 + RESERVED +CVE-2020-13285 + RESERVED +CVE-2020-13284 + RESERVED +CVE-2020-13283 + RESERVED +CVE-2020-13282 + RESERVED +CVE-2020-13281 + RESERVED +CVE-2020-13280 + RESERVED +CVE-2020-13279 + RESERVED +CVE-2020-13278 + RESERVED +CVE-2020-13277 + RESERVED +CVE-2020-13276 + RESERVED +CVE-2020-13275 + RESERVED +CVE-2020-13274 + RESERVED +CVE-2020-13273 + RESERVED +CVE-2020-13272 + RESERVED +CVE-2020-13271 + RESERVED +CVE-2020-13270 + RESERVED +CVE-2020-13269 + RESERVED +CVE-2020-13268 + RESERVED +CVE-2020-13267 + RESERVED +CVE-2020-13266 + RESERVED +CVE-2020-13265 + RESERVED +CVE-2020-13264 + RESERVED +CVE-2020-13263 + RESERVED +CVE-2020-13262 + RESERVED +CVE-2020-13261 + RESERVED +CVE-2020-13260 + RESERVED +CVE-2020-13259 + RESERVED +CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) + TODO: check +CVE-2020-13257 + RESERVED +CVE-2020-13256 + RESERVED +CVE-2020-13255 + RESERVED +CVE-2020-13254 + RESERVED +CVE-2020-13253 + RESERVED CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...) TODO: check CVE-2020-13251 @@ -301,20 +517,17 @@ CVE-2020-13116 RESERVED CVE-2020-13115 RESERVED -CVE-2020-13114 [Add a failsafe on the maximum number of Canon MakerNote subtags] - RESERVED +CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...) - libexif <unfixed> [buster] - libexif <no-dsa> (Minor issue) [stretch] - libexif <no-dsa> (Minor issue) NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22) -CVE-2020-13113 [Ensure the MakerNote data pointers are initialized with NULL] - RESERVED +CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...) - libexif <unfixed> [buster] - libexif <no-dsa> (Minor issue) [stretch] - libexif <no-dsa> (Minor issue) NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22) -CVE-2020-13112 [Fix MakerNote tag size overflow issues at read time] - RESERVED +CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...) - libexif <unfixed> [buster] - libexif <no-dsa> (Minor issue) [stretch] - libexif <no-dsa> (Minor issue) @@ -882,7 +1095,7 @@ CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CC NOT-FOR-US: eQ-3 Homematic Central Control Unit CVE-2020-12833 RESERVED -CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. ...) +CVE-2020-12832 (WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerabi ...) NOT-FOR-US: simple-file-list plugin for WordPress CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ...) - frr <unfixed> (unimportant) @@ -897,8 +1110,8 @@ CVE-2020-12829 [stretch] - qemu <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026 -CVE-2020-12828 - RESERVED +CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...) + TODO: check CVE-2020-12827 RESERVED CVE-2019-20796 @@ -1826,8 +2039,8 @@ CVE-2020-12433 RESERVED CVE-2020-12432 RESERVED -CVE-2020-12431 - RESERVED +CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software ...) + TODO: check CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...) [experimental] - libvirt 6.2.0-1 - libvirt <unfixed> (low; bug #959447) @@ -4485,7 +4698,7 @@ CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and NOT-FOR-US: Open Upload CVE-2020-11711 RESERVED -CVE-2020-11710 (An issue was discovered in docker-kong (for Kong) through 2.0.3. The a ...) +CVE-2020-11710 (** DISPUTED ** An issue was discovered in docker-kong (for Kong) throu ...) NOT-FOR-US: docker-kong CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...) - chromium <unfixed> @@ -7338,8 +7551,7 @@ CVE-2020-10740 CVE-2020-10739 RESERVED NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) -CVE-2020-10738 - RESERVED +CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...) - moodle <removed> CVE-2020-10737 [oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack] RESERVED @@ -11271,8 +11483,8 @@ CVE-2020-9071 RESERVED CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...) NOT-FOR-US: Huawei -CVE-2020-9069 - RESERVED +CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...) + TODO: check CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...) NOT-FOR-US: Huawei CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...) @@ -11319,8 +11531,8 @@ CVE-2020-9047 RESERVED CVE-2020-9046 RESERVED -CVE-2020-9045 - RESERVED +CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...) + TODO: check CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...) NOT-FOR-US: Johnson Controls CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...) @@ -12472,8 +12684,8 @@ CVE-2020-8574 RESERVED CVE-2020-8573 RESERVED -CVE-2020-8572 - RESERVED +CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...) + TODO: check CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...) NOT-FOR-US: StorageGRID CVE-2020-8570 @@ -14303,8 +14515,8 @@ CVE-2020-7810 RESERVED CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...) NOT-FOR-US: ALSong -CVE-2020-7808 - RESERVED +CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...) + TODO: check CVE-2020-7807 RESERVED CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...) @@ -14609,8 +14821,8 @@ CVE-2020-7657 RESERVED CVE-2020-7656 (jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...) TODO: check -CVE-2020-7655 - RESERVED +CVE-2020-7655 (netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP ...) + TODO: check CVE-2020-7654 RESERVED CVE-2020-7653 @@ -19112,8 +19324,8 @@ CVE-2020-5754 RESERVED CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...) TODO: check -CVE-2020-5752 - RESERVED +CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a ...) + TODO: check CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...) @@ -30000,8 +30212,8 @@ CVE-2020-1801 (There is an improper authentication vulnerability in several smar NOT-FOR-US: Huawei CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P ...) NOT-FOR-US: Huawei -CVE-2020-1799 - RESERVED +CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00 ...) + TODO: check CVE-2020-1798 RESERVED CVE-2020-1797 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c1605c672a08dc69be1f27db2c24059bee42908 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c1605c672a08dc69be1f27db2c24059bee42908 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits