[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 22 Jul 2020 13:11:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6059a5c6 by security tracker role at 2020-07-22T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link 
DAP-1522 devic ...)
+       TODO: check
+CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x 
before 1.10 ...)
+       TODO: check
+CVE-2020-15894 (An issue was discovered on D-Link DIR-816L devices 2.x before 
1.10b04B ...)
+       TODO: check
+CVE-2020-15893 (An issue was discovered on D-Link DIR-816L devices 2.x before 
1.10b04B ...)
+       TODO: check
+CVE-2020-15892 (An issue was discovered in apply.cgi on D-Link DAP-1520 
devices before ...)
+       TODO: check
 CVE-2020-15891
        RESERVED
 CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because 
__gc hand ...)
@@ -184,8 +194,8 @@ CVE-2020-15808
        RESERVED
 CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via 
crafted  ...)
        - libredwg <itp> (bug #595191)
-CVE-2020-15806
-       RESERVED
+CVE-2020-15806 (CODESYS Control runtime system before 3.5.16.10 allows 
Uncontrolled Me ...)
+       TODO: check
 CVE-2020-15805
        RESERVED
 CVE-2020-15804
@@ -1731,8 +1741,8 @@ CVE-2020-15126
        RESERVED
 CVE-2020-15125
        RESERVED
-CVE-2020-15124
-       RESERVED
+CVE-2020-15124 (In Goobi Viewer Core before version 4.8.3, a path traversal 
vulnerabil ...)
+       TODO: check
 CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload 
method has a  ...)
        TODO: check
 CVE-2020-15122
@@ -4792,14 +4802,14 @@ CVE-2020-13937
 CVE-2020-13936
        RESERVED
 CVE-2020-13935 (The payload length in a WebSocket frame was not correctly 
validated in ...)
-       {DSA-4727-1}
+       {DSA-4727-1 DLA-2286-1}
        - tomcat9 9.0.37-1
        - tomcat8 <removed>
        NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/3
        NOTE: 
https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5
 (8.5.57)
        NOTE: 
https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d
 (9.0.37)
 CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 
10.0.0-M6, 9.0. ...)
-       {DSA-4727-1}
+       {DSA-4727-1 DLA-2286-1}
        - tomcat9 9.0.37-1
        - tomcat8 <removed>
        NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/4
@@ -7613,8 +7623,8 @@ CVE-2020-12776
        RESERVED
 CVE-2020-12775
        RESERVED
-CVE-2020-12774
-       RESERVED
+CVE-2020-12774 (D-Link DSL-7740C does not properly validate user input, which 
allows a ...)
+       TODO: check
 CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of 
some Re ...)
        NOT-FOR-US: Realtek ADSL/PON Modem SoC firmware
 CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA 
authenticator t ...)
@@ -19596,8 +19606,7 @@ CVE-2020-8561
        RESERVED
 CVE-2020-8560
        RESERVED
-CVE-2020-8559
-       RESERVED
+CVE-2020-8559 (The Kubernetes kube-apiserver in versions v1.6-v1.15, and 
versions pri ...)
        - kubernetes 1.18.5-1
        NOTE: https://www.openwall.com/lists/oss-security/2020/07/15/6
 CVE-2020-8558
@@ -19710,6 +19719,7 @@ CVE-2020-8516 (** DISPUTED ** The daemon in Tor through 
0.4.1.8 and 0.4.2.x thro
        NOTE: https://trac.torproject.org/projects/tor/ticket/33129
        NOTE: 
http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html
 CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file 
with nest ...)
+       {DLA-2285-1}
        - librsvg 2.46.4-1
        [buster] - librsvg <no-dsa> (Will be fixed via spu)
        [jessie] - librsvg <no-dsa> (Minor issue)
@@ -22647,7 +22657,7 @@ CVE-2020-7265 (Privilege Escalation vulnerability in 
McAfee Endpoint Security (E
        NOT-FOR-US: McAfee
 CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security 
(ENS) f ...)
        NOT-FOR-US: McAfee
-CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in 
McAfee En ...)
+CVE-2020-7263 (Improper access control vulnerability in ESconfigTool.exe in 
McAfee En ...)
        NOT-FOR-US: ENS for Windows
 CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat 
Defens ...)
        NOT-FOR-US: McAfee
@@ -24505,131 +24515,101 @@ CVE-2020-6538
        RESERVED
 CVE-2020-6537
        RESERVED
-CVE-2020-6536
-       RESERVED
+CVE-2020-6536 (Incorrect security UI in PWAs in Google Chrome prior to 
84.0.4147.89 a ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6535
-       RESERVED
+CVE-2020-6535 (Insufficient data validation in WebUI in Google Chrome prior to 
84.0.4 ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6534
-       RESERVED
+CVE-2020-6534 (Heap buffer overflow in WebRTC in Google Chrome prior to 
84.0.4147.89  ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6533
-       RESERVED
+CVE-2020-6533 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 
allowed a  ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6532
        RESERVED
-CVE-2020-6531
-       RESERVED
+CVE-2020-6531 (Side-channel information leakage in scroll to text in Google 
Chrome pr ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6530
-       RESERVED
+CVE-2020-6530 (Out of bounds memory access in developer tools in Google Chrome 
prior  ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6529
-       RESERVED
+CVE-2020-6529 (Inappropriate implementation in WebRTC in Google Chrome prior 
to 84.0. ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6528
-       RESERVED
+CVE-2020-6528 (Incorrect security UI in basic auth in Google Chrome on iOS 
prior to 8 ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6527
-       RESERVED
+CVE-2020-6527 (Insufficient policy enforcement in CSP in Google Chrome prior 
to 84.0. ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6526
-       RESERVED
+CVE-2020-6526 (Inappropriate implementation in iframe sandbox in Google Chrome 
prior  ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6525
-       RESERVED
+CVE-2020-6525 (Heap buffer overflow in Skia in Google Chrome prior to 
84.0.4147.89 al ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6524
-       RESERVED
+CVE-2020-6524 (Heap buffer overflow in WebAudio in Google Chrome prior to 
84.0.4147.8 ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6523
-       RESERVED
+CVE-2020-6523 (Out of bounds write in Skia in Google Chrome prior to 
84.0.4147.89 all ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6522
-       RESERVED
+CVE-2020-6522 (Inappropriate implementation in external protocol handlers in 
Google C ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6521
-       RESERVED
+CVE-2020-6521 (Side-channel information leakage in autofill in Google Chrome 
prior to ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6520
-       RESERVED
+CVE-2020-6520 (Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 
allowed ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6519
-       RESERVED
+CVE-2020-6519 (Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 
allowed a  ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6518
-       RESERVED
+CVE-2020-6518 (Use after free in developer tools in Google Chrome prior to 
84.0.4147. ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6517
-       RESERVED
+CVE-2020-6517 (Heap buffer overflow in history in Google Chrome prior to 
84.0.4147.89 ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6516
-       RESERVED
+CVE-2020-6516 (Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 
allowed a ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6515
-       RESERVED
+CVE-2020-6515 (Use after free in tab strip in Google Chrome prior to 
84.0.4147.89 all ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6514
-       RESERVED
+CVE-2020-6514 (Inappropriate implementation in WebRTC in Google Chrome prior 
to 84.0. ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6513
-       RESERVED
+CVE-2020-6513 (Heap buffer overflow in PDFium in Google Chrome prior to 
84.0.4147.89  ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6512
-       RESERVED
+CVE-2020-6512 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 
allowed a  ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6511
-       RESERVED
+CVE-2020-6511 (Information leak in content security policy in Google Chrome 
prior to  ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6510
-       RESERVED
+CVE-2020-6510 (Heap buffer overflow in background fetch in Google Chrome prior 
to 84. ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6509
-       RESERVED
+CVE-2020-6509 (Use after free in extensions in Google Chrome prior to 
83.0.4103.116 a ...)
        {DSA-4714-1}
        - chromium 83.0.4103.116-1
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6508
        RESERVED
-CVE-2020-6507
-       RESERVED
+CVE-2020-6507 (Out of bounds write in V8 in Google Chrome prior to 
83.0.4103.106 allo ...)
        {DSA-4714-1}
        - chromium 83.0.4103.106-1
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6506
-       RESERVED
+CVE-2020-6506 (Insufficient policy enforcement in WebView in Google Chrome on 
Android ...)
        {DSA-4714-1}
        - chromium 83.0.4103.106-1
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6505
-       RESERVED
+CVE-2020-6505 (Use after free in speech in Google Chrome prior to 
83.0.4103.106 allow ...)
        {DSA-4714-1}
        - chromium 83.0.4103.106-1
        [stretch] - chromium <end-of-life> (see DSA 4562)
@@ -42311,10 +42291,10 @@ CVE-2019-18621
        RESERVED
 CVE-2019-18620
        RESERVED
-CVE-2019-18619
-       RESERVED
-CVE-2019-18618
-       RESERVED
+CVE-2019-18619 (Incorrect parameter validation in the synaTee component of 
Synaptics W ...)
+       TODO: check
+CVE-2019-18618 (Incorrect access control in the firmware of Synaptics VFS75xx 
family f ...)
+       TODO: check
 CVE-2019-18617
        RESERVED
 CVE-2019-18616
@@ -49817,8 +49797,8 @@ CVE-2019-16246 (Intesync Solismed 3.3sp1 allows Local 
File Inclusion (LFI), a di
        NOT-FOR-US: Intesync Solismed
 CVE-2019-16245 (OMERO before 5.6.1 makes the details of each user available to 
all use ...)
        NOT-FOR-US: OMERO
-CVE-2019-16244
-       RESERVED
+CVE-2019-16244 (OMERO.server before 5.6.1 allows attackers to bypass the 
security filt ...)
+       TODO: check
 CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an 
undocument ...)
        NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
 CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an 
engineerin ...)
@@ -169881,6 +169861,7 @@ CVE-2017-11465 (The parser_yyerror function in the 
UTF-8 parser in Ruby 2.4.1 al
        - ruby2.3 <not-affected> (Specific to Ruby 2.4)
        - ruby2.1 <not-affected> (Specific to Ruby 2.4)
 CVE-2017-11464 (A SIGFPE is raised in the function box_blur_line of 
rsvg-filter.c in G ...)
+       {DLA-2285-1}
        - librsvg 2.40.18-1 (bug #869129)
        [jessie] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9)
        [wheezy] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9)
@@ -281583,8 +281564,8 @@ CVE-2014-1424 (apparmor_parser in the apparmor 
package before 2.8.95~2430-0ubunt
        NOTE: include the faulty patch.
 CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in 
Ubuntu Touch ...)
        NOT-FOR-US: signond from Ubuntu Touch
-CVE-2014-1422
-       RESERVED
+CVE-2014-1422 (In Ubuntu's trust-store, if a user revokes location access from 
an app ...)
+       TODO: check
 CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly 
handle the u ...)
        - mountall <not-affected> (partman-efi in jessie uses secure umask, 
mount in older releases not affected)
        NOTE: See 
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6059a5c63c016d70adf82dd12196baaef263e3d6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6059a5c63c016d70adf82dd12196baaef263e3d6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to