Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2df7c8d2 by security tracker role at 2020-06-09T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-13974 (An issue was discovered in the Linux kernel through 5.7.1.
drivers/tty ...)
+ TODO: check
+CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who
controls ...)
+ TODO: check
+CVE-2020-13972
+ RESERVED
+CVE-2020-13971
+ RESERVED
+CVE-2020-13970
+ RESERVED
+CVE-2020-13969
+ RESERVED
+CVE-2020-13968
+ RESERVED
+CVE-2020-13967
+ RESERVED
+CVE-2020-13966
+ RESERVED
+CVE-2020-13963
+ RESERVED
+CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of
Mumble 1.3.0 ...)
+ TODO: check
+CVE-2020-13961
+ RESERVED
+CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04
devices have t ...)
+ TODO: check
CVE-2020-13959
RESERVED
CVE-2020-13958
@@ -245,8 +271,8 @@ CVE-2020-13846
RESERVED
CVE-2020-13845
RESERVED
-CVE-2020-13844
- RESERVED
+CVE-2020-13844 (Arm Armv8-A core implementations utilizing speculative
execution past ...)
+ TODO: check
CVE-2020-13843 (An issue was discovered on LG mobile devices with Android OS
software ...)
NOT-FOR-US: LG mobile devices
CVE-2020-13842 (An issue was discovered on LG mobile devices with Android OS
7.2, 8.0, ...)
@@ -425,11 +451,11 @@ CVE-2018-21236 (An issue was discovered in Foxit Reader
before 2.4.4. It has a N
NOT-FOR-US: Foxit Reader
CVE-2018-21235 (An issue was discovered in Foxit E-mail advertising system
before Sept ...)
NOT-FOR-US: Foxit E-mail advertising system
-CVE-2020-13965 [Cross-Site Scripting (XSS) vulnerability via malicious XML
messages]
+CVE-2020-13965 (An issue was discovered in Roundcube Webmail before 1.3.12.
There is X ...)
- roundcube 1.4.5+dfsg.1-1 (bug #962124)
NOTE: 1.4.x:
https://github.com/roundcube/roundcubemail/commit/ccaccae6653031b809b4347a60021951e19a0e43
NOTE: 1.3.x:
https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3
-CVE-2020-13964 [Cross-Site Scripting (XSS) vulnerability in template object
'username']
+CVE-2020-13964 (An issue was discovered in Roundcube Webmail before 1.3.12.
include/rc ...)
- roundcube 1.4.5+dfsg.1-1 (bug #962123)
NOTE: 1.4.x:
https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5
NOTE: 1.3.x:
https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19
@@ -25235,14 +25261,14 @@ CVE-2020-4043
RESERVED
CVE-2020-4042
RESERVED
-CVE-2020-4041
- RESERVED
-CVE-2020-4040
- RESERVED
+CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded
files was v ...)
+ TODO: check
+CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the
preview ge ...)
+ TODO: check
CVE-2020-4039
RESERVED
-CVE-2020-4038
- RESERVED
+CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before
versio ...)
+ TODO: check
CVE-2020-4037
RESERVED
CVE-2020-4036
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2df7c8d2dbb9943399a9f0688507db2d9886f1b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2df7c8d2dbb9943399a9f0688507db2d9886f1b6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
