[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 27 May 2020 13:11:08 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
274c7b62 by security tracker role at 2020-05-27T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-13636
+       RESERVED
+CVE-2020-13635
+       RESERVED
+CVE-2020-13634
+       RESERVED
+CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. 
...)
+       TODO: check
+CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL 
pointer der ...)
+       TODO: check
+CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to 
the name  ...)
+       TODO: check
+CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free 
in fts3Ev ...)
+       TODO: check
+CVE-2020-13629
+       RESERVED
+CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote 
attackers to in ...)
+       TODO: check
+CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote 
attackers to in ...)
+       TODO: check
+CVE-2020-13626
+       RESERVED
+CVE-2020-13625
+       RESERVED
+CVE-2020-13624
+       RESERVED
 CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of 
service (stack ...)
        NOT-FOR-US: JerryScript
 CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of 
service (asser ...)
@@ -495,8 +521,8 @@ CVE-2020-13388 (An exploitable vulnerability exists in the 
configuration-loading
        NOT-FOR-US: jw.util
 CVE-2020-13387
        RESERVED
-CVE-2020-13386
-       RESERVED
+CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited 
write permis ...)
+       TODO: check
 CVE-2020-13385
        RESERVED
 CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload 
and exec ...)
@@ -547,7 +573,7 @@ CVE-2020-13362
        RESERVED
 CVE-2020-13361
        RESERVED
-CVE-2019-20806 [media: tw5864: Fix possible NULL pointer dereference in 
tw5864_handle_frame]
+CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There 
is a NUL ...)
        - linux 5.2.6-1
        [buster] - linux 4.19.118-1
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -779,8 +805,7 @@ CVE-2020-13255
        RESERVED
 CVE-2020-13254
        RESERVED
-CVE-2020-13253 [sd: OOB access could crash the guest resulting in DoS]
-       RESERVED
+CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated 
address, wh ...)
        - qemu <unfixed> (bug #961297)
        [buster] - qemu <postponed> (Minor issue, can be fixed along in next 
DSA)
        [stretch] - qemu <postponed> (Minor issue, can be fixed along in next 
DSA)
@@ -7456,10 +7481,10 @@ CVE-2020-10948 (Jon Hedley AlienForm2 (typically 
installed as af.cgi or alienfor
        NOT-FOR-US: Jon Hedley AlienForm2
 CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint 
for Soph ...)
        NOT-FOR-US: Sophos
-CVE-2020-10946
-       RESERVED
-CVE-2020-10945
-       RESERVED
+CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote 
attackers to in ...)
+       TODO: check
+CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server 
responses. ...)
+       TODO: check
 CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a 
cross-si ...)
        - nomad 0.10.5+dfsg1-1
        NOTE: https://github.com/hashicorp/nomad/issues/7468
@@ -7485,8 +7510,7 @@ CVE-2020-10938 (GraphicsMagick before 1.3.35 has an 
integer overflow and resulta
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce
 CVE-2020-10937
        RESERVED
-CVE-2020-10936 [Security flaws in setuid wrappers]
-       RESERVED
+CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
        - sympa <unfixed> (bug #961491)
        NOTE: https://sympa-community.github.io/security/2020-002.html
        NOTE: Patch: 
https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch
@@ -17585,8 +17609,8 @@ CVE-2020-6776
        RESERVED
 CVE-2020-6775
        RESERVED
-CVE-2020-6774
-       RESERVED
+CVE-2020-6774 (Improper Access Control in the Kiosk Mode functionality of 
Bosch Recor ...)
+       TODO: check
 CVE-2020-6773
        RESERVED
 CVE-2020-6772
@@ -23376,10 +23400,10 @@ CVE-2020-4381
        RESERVED
 CVE-2020-4380
        RESERVED
-CVE-2020-4379
-       RESERVED
-CVE-2020-4378
-       RESERVED
+CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than 
expected c ...)
+       TODO: check
+CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a 
privileged au ...)
+       TODO: check
 CVE-2020-4377
        RESERVED
 CVE-2020-4376
@@ -23418,10 +23442,10 @@ CVE-2020-4360
        RESERVED
 CVE-2020-4359
        RESERVED
-CVE-2020-4358
-       RESERVED
-CVE-2020-4357
-       RESERVED
+CVE-2020-4358 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to 
cross-site ...)
+       TODO: check
+CVE-2020-4357 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote 
attack ...)
+       TODO: check
 CVE-2020-4356
        RESERVED
 CVE-2020-4355
@@ -23434,12 +23458,12 @@ CVE-2020-4352
        RESERVED
 CVE-2020-4351
        RESERVED
-CVE-2020-4350
-       RESERVED
-CVE-2020-4349
-       RESERVED
-CVE-2020-4348
-       RESERVED
+CVE-2020-4350 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than 
expected c ...)
+       TODO: check
+CVE-2020-4349 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than 
expected c ...)
+       TODO: check
+CVE-2020-4348 (IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 
5.0.4. ...)
+       TODO: check
 CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be 
subjec ...)
        NOT-FOR-US: IBM
 CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management 
server ha ...)
@@ -23682,8 +23706,8 @@ CVE-2020-4228
        RESERVED
 CVE-2020-4227
        RESERVED
-CVE-2020-4226
-       RESERVED
+CVE-2020-4226 (IBM MobileFirst Platform Foundation 8.0.0.0 stores highly 
sensitive in ...)
+       TODO: check
 CVE-2020-4225
        RESERVED
 CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive 
inform ...)
@@ -27239,6 +27263,7 @@ CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker 
can crash a push-notifica
        NOTE: 
https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b
        NOTE: 
https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432
 CVE-2019-19721 (An off-by-one error in the DecodeBlock function in 
codec/sdl_image.c i ...)
+       {DSA-4671-1}
        - vlc 3.0.9.2-1
        NOTE: 
https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b
 (3.0.9)
 CVE-2020-3109



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/274c7b62c11da07c6bf563c90158a89b287a287b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/274c7b62c11da07c6bf563c90158a89b287a287b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to