Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
830329a9 by security tracker role at 2020-04-21T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2020-11968
+ RESERVED
+CVE-2020-11967
+ RESERVED
+CVE-2020-11966
+ RESERVED
+CVE-2020-11965
+ RESERVED
+CVE-2020-11964
+ RESERVED
+CVE-2020-11963
+ RESERVED
+CVE-2020-11962
+ RESERVED
+CVE-2020-11961
+ RESERVED
+CVE-2020-11960
+ RESERVED
+CVE-2020-11959
+ RESERVED
+CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in
parse/sc ...)
+ TODO: check
+CVE-2020-11957
+ RESERVED
+CVE-2020-11956
+ RESERVED
+CVE-2020-11955
+ RESERVED
+CVE-2020-11954
+ RESERVED
+CVE-2020-11953
+ RESERVED
+CVE-2020-11952
+ RESERVED
+CVE-2020-11951
+ RESERVED
+CVE-2020-11950
+ RESERVED
+CVE-2020-11949
+ RESERVED
+CVE-2020-11948
+ RESERVED
+CVE-2020-11947
+ RESERVED
+CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an
unauthenticated us ...)
+ TODO: check
+CVE-2020-11945
+ RESERVED
+CVE-2020-11944 (Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in
__call_ ...)
+ TODO: check
CVE-2020-11943
RESERVED
CVE-2020-11942
@@ -3216,8 +3266,8 @@ CVE-2020-11012
RESERVED
CVE-2020-11011
RESERVED
-CVE-2020-11010
- RESERVED
+CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various
forms of S ...)
+ TODO: check
CVE-2020-11009
RESERVED
CVE-2020-11008
@@ -3432,8 +3482,8 @@ CVE-2020-10937
RESERVED
CVE-2020-10936
RESERVED
-CVE-2020-10935
- RESERVED
+CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with
resulta ...)
+ TODO: check
CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by
admins. ...)
NOT-FOR-US: Acyba AcyMailing
CVE-2020-10933
@@ -7019,10 +7069,10 @@ CVE-2018-21035 (In Qt through 5.14.1, the WebSocket
implementation accepts up to
[jessie] - qtwebsockets-opensource-src <no-dsa> (Minor issue)
NOTE: https://bugreports.qt.io/browse/QTBUG-70693
NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735
-CVE-2020-9445
- RESERVED
-CVE-2020-9444
- RESERVED
+CVE-2020-9445 (Zulip Server before 2.1.3 allows XSS via the modal_link feature
in the ...)
+ TODO: check
+CVE-2020-9444 (Zulip Server before 2.1.3 allows reverse tabnabbing via the
Markdown f ...)
+ TODO: check
CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an
Electron web ...)
NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server)
CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions
for %PRO ...)
@@ -7456,16 +7506,16 @@ CVE-2020-9281 (A cross-site scripting (XSS)
vulnerability in the HTML Data Proce
NOT-FOR-US: CKEditor plugin
CVE-2020-9280 (In SilverStripe through 4.5, files uploaded via Forms to
folders migra ...)
NOT-FOR-US: SilverStripe
-CVE-2020-9279
- RESERVED
-CVE-2020-9278
- RESERVED
-CVE-2020-9277
- RESERVED
-CVE-2020-9276
- RESERVED
-CVE-2020-9275
- RESERVED
+CVE-2020-9279 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B
devices. A har ...)
+ TODO: check
+CVE-2020-9278 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B
devices. The d ...)
+ TODO: check
+CVE-2020-9277 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B
devices. Authe ...)
+ TODO: check
+CVE-2020-9276 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B
devices. The f ...)
+ TODO: check
+CVE-2020-9275 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B
devices. A cfm ...)
+ TODO: check
CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized
pointer ...)
{DLA-2123-1}
- pure-ftpd 1.0.49-4 (bug #952666)
@@ -7918,8 +7968,8 @@ CVE-2020-9072
RESERVED
CVE-2020-9071
RESERVED
-CVE-2020-9070
- RESERVED
+CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than
10.0.0.205( ...)
+ TODO: check
CVE-2020-9069
RESERVED
CVE-2020-9068
@@ -26403,8 +26453,8 @@ CVE-2020-1805
RESERVED
CVE-2020-1804
RESERVED
-CVE-2020-1803
- RESERVED
+CVE-2020-1803 (Huawei smartphones Honor V20 with versions earlier than
10.0.0.179(C63 ...)
+ TODO: check
CVE-2020-1802 (There is an insufficient integrity validation vulnerability in
several ...)
NOT-FOR-US: Huawei
CVE-2020-1801 (There is an improper authentication vulnerability in several
smartphon ...)
@@ -27735,8 +27785,8 @@ CVE-2019-19110
RESERVED
CVE-2019-19109
RESERVED
-CVE-2019-19108
- RESERVED
+CVE-2019-19108 (An authentication weakness in the SNMP service in B&R
Automation R ...)
+ TODO: check
CVE-2019-19107
RESERVED
CVE-2019-19106
@@ -57978,7 +58028,7 @@ CVE-2019-10149 (A flaw was found in Exim versions 4.87
to 4.91 (inclusive). Impr
NOTE:
https://github.com/Exim/exim/commit/7ea1237c783e380d7bdb86c90b13d8203c7ecf26
(exim-4.92-RC1)
NOTE:
https://git.exim.org/exim.git/commit/d740d2111f189760593a303124ff6b9b1f83453d
(exim-4_91+fixes)
CVE-2019-10148
- RESERVED
+ REJECTED
CVE-2019-10147 (rkt through version 1.30.0 does not isolate processes in
containers th ...)
- rkt <unfixed> (bug #929781)
NOTE:
https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/830329a93af4450e4deae32580691d2b541252f5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/830329a93af4450e4deae32580691d2b541252f5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
