Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e4bc5052 by security tracker role at 2020-06-12T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-14054
+ RESERVED
+CVE-2020-14053
+ RESERVED
+CVE-2020-14052
+ RESERVED
+CVE-2020-14051
+ RESERVED
+CVE-2020-14050
+ RESERVED
CVE-2020-14049
RESERVED
CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115
allows remo ...)
@@ -23,26 +33,26 @@ CVE-2020-14039
CVE-2020-XXXX [Editor: Ensure latest comments can only be viewed from public
posts]
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47984
-CVE-2020-4050 [Administration: Add a new filter to extend set-screen-option]
+CVE-2020-4050 (In affected versions of WordPress, misuse of the
`set-screen-option` f ...)
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47951
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
NOTE:
https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
-CVE-2020-4049 [Themes: Ensure a broken theme name is returned properly]
+CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the
name of ...)
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47950
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p
NOTE:
https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148
-CVE-2020-4048 [Formatting: Ensure that wp_validate_redirect() sanitizes a
wider variety of characters]
+CVE-2020-4048 (In affected versions of WordPress, due to an issue in
wp_validate_redi ...)
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47949
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5
NOTE:
https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693
-CVE-2020-4046 [Embeds: Ensure that the title attribute is set correctly on
embeds]
+CVE-2020-4046 (In affected versions of WordPress, users with low privileges
(like con ...)
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47947
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf
-CVE-2020-4047 [Editor: Prevent HTML decoding on by setting the proper editor
context]
+CVE-2020-4047 (In affected versions of WordPress, authenticated users with
upload per ...)
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47948
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27
@@ -115,8 +125,8 @@ CVE-2020-14006
RESERVED
CVE-2020-14005
RESERVED
-CVE-2020-14004
- RESERVED
+CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The
prepare-dir ...)
+ TODO: check
CVE-2020-14003
RESERVED
CVE-2020-14002
@@ -889,7 +899,7 @@ CVE-2019-20809 (The price oracle in PriceOracle.sol in
Compound Finance Compound
CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger
an out-of ...)
- qemu <unfixed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html
-CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google
Exposure Not ...)
+CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the
Apple/Goog ...)
TODO: check
CVE-2020-13701
RESERVED
@@ -902,6 +912,7 @@ CVE-2020-13698
CVE-2020-13697
RESERVED
CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The
function de ...)
+ {DLA-2246-1}
- xawtv <unfixed> (bug #962221)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6
NOTE: Fixed by:
https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3
@@ -3907,7 +3918,7 @@ CVE-2020-12411
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
CVE-2020-12410
RESERVED
- {DSA-4702-1 DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -3928,7 +3939,7 @@ CVE-2020-12407
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
CVE-2020-12406
RESERVED
- {DSA-4702-1 DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -3937,7 +3948,7 @@ CVE-2020-12406
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
CVE-2020-12405
RESERVED
- {DSA-4702-1 DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -3956,7 +3967,7 @@ CVE-2020-12400
RESERVED
CVE-2020-12399 [Force a fixed length for DSA exponentiation]
RESERVED
- {DSA-4702-1 DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- nss 2:3.53-1 (bug #961752)
@@ -3968,7 +3979,7 @@ CVE-2020-12399 [Force a fixed length for DSA
exponentiation]
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399
CVE-2020-12398
RESERVED
- {DSA-4702-1}
+ {DSA-4702-1 DLA-2247-1}
- thunderbird 1:68.9.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398
CVE-2020-12397 (By encoding Unicode whitespace characters within the From
email header ...)
@@ -9592,8 +9603,7 @@ CVE-2020-10733
- postgresql-11 <not-affected> (Windows-specific)
- postgresql-9.6 <not-affected> (Windows-specific)
NOTE: https://www.postgresql.org/about/news/2038/
-CVE-2020-10732 [uninitialized kernel data leak in userspace coredumps]
- RESERVED
+CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of
Userspace cor ...)
{DSA-4699-1 DSA-4698-1 DLA-2242-1}
- linux 5.6.14-2
[jessie] - linux <ignored> (Does not affect supported architectures)
@@ -12132,24 +12142,24 @@ CVE-2020-9653
RESERVED
CVE-2020-9652
RESERVED
-CVE-2020-9651
- RESERVED
+CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a
cross-site sc ...)
+ TODO: check
CVE-2020-9650
RESERVED
CVE-2020-9649
RESERVED
-CVE-2020-9648
- RESERVED
-CVE-2020-9647
- RESERVED
+CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a
cross-site sc ...)
+ TODO: check
+CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a
cross-site sc ...)
+ TODO: check
CVE-2020-9646
RESERVED
-CVE-2020-9645
- RESERVED
-CVE-2020-9644
- RESERVED
-CVE-2020-9643
- RESERVED
+CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind
server- ...)
+ TODO: check
+CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a
cross-site sc ...)
+ TODO: check
+CVE-2020-9643 (Adobe Experience Manager versions 6.5 and earlier have a
server-side r ...)
+ TODO: check
CVE-2020-9642
RESERVED
CVE-2020-9641
@@ -12162,14 +12172,13 @@ CVE-2020-9638
RESERVED
CVE-2020-9637
RESERVED
-CVE-2020-9636
- RESERVED
-CVE-2020-9635
- RESERVED
-CVE-2020-9634
- RESERVED
-CVE-2020-9633
- RESERVED
+CVE-2020-9636 (Adobe Framemaker versions 2019.0.5 and below have a memory
corruption ...)
+ TODO: check
+CVE-2020-9635 (Adobe Framemaker versions 2019.0.5 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-9634 (Adobe Framemaker versions 2019.0.5 and below have an
out-of-bounds wri ...)
+ TODO: check
+CVE-2020-9633 (Adobe Flash Player versions 32.0.0.371 and earlier, 32.0.0.371
and ear ...)
NOT-FOR-US: Adobe
CVE-2020-9632
RESERVED
@@ -25113,8 +25122,8 @@ CVE-2020-4253 (IBM Content Navigator 3.0CD does not
invalidate session after log
NOT-FOR-US: IBM
CVE-2020-4252 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is
vulner ...)
NOT-FOR-US: IBM
-CVE-2020-4251
- RESERVED
+CVE-2020-4251 (IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to
cross-site sc ...)
+ TODO: check
CVE-2020-4250
RESERVED
CVE-2020-4249 (IBM Security Identity Governance and Intelligence 5.2.6 could
disclose ...)
@@ -26406,12 +26415,12 @@ CVE-2020-3932 (A vulnerable SNMP in Draytek
VigorAP910C cannot be disabled, whic
NOT-FOR-US: Draytek VigorAP910C
CVE-2020-3931
RESERVED
-CVE-2020-3930
- RESERVED
-CVE-2020-3929
- RESERVED
-CVE-2020-3928
- RESERVED
+CVE-2020-3930 (GeoVision Door Access Control device family improperly stores
and cont ...)
+ TODO: check
+CVE-2020-3929 (GeoVision Door Access Control device family employs shared
cryptograph ...)
+ TODO: check
+CVE-2020-3928 (GeoVision Door Access Control device family is hardcoded with a
root p ...)
+ TODO: check
CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign
security pl ...)
NOT-FOR-US: ServiSign security plugin
CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign
security pl ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4bc50528a28c3ea41343d488202ee2c6215c938
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4bc50528a28c3ea41343d488202ee2c6215c938
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
