diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-07-22 20:10:21 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-07-22 20:10:21 +0000 |
commit | 8ad3dc0bd402bba7903c54c56ca56c3e099717c4 (patch) | |
tree | 31c358cf7b2df2032bcb68e4540495e74c327c61 | |
parent | 0dde566372c1966da59ae6868e377cdbf3695be3 (diff) |
automatic update
-rw-r--r-- | data/CVE/2014.list | 4 | ||||
-rw-r--r-- | data/CVE/2017.list | 1 | ||||
-rw-r--r-- | data/CVE/2019.list | 13 | ||||
-rw-r--r-- | data/CVE/2020.list | 121 |
4 files changed, 60 insertions, 79 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list index d710407136..e136da3cef 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -23699,8 +23699,8 @@ CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubunt NOTE: include the faulty patch. CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...) NOT-FOR-US: signond from Ubuntu Touch -CVE-2014-1422 - RESERVED +CVE-2014-1422 (In Ubuntu's trust-store, if a user revokes location access from an app ...) + TODO: check CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...) - mountall <not-affected> (partman-efi in jessie uses secure umask, mount in older releases not affected) NOTE: See https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 309c5b605a..40a27ab30f 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -21340,6 +21340,7 @@ CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 al - ruby2.3 <not-affected> (Specific to Ruby 2.4) - ruby2.1 <not-affected> (Specific to Ruby 2.4) CVE-2017-11464 (A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in G ...) + {DLA-2285-1} - librsvg 2.40.18-1 (bug #869129) [jessie] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9) [wheezy] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 03c9acf73d..5ac678cf69 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1090,6 +1090,7 @@ CVE-2019-20448 CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...) NOT-FOR-US: Jobberbase CMS CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nest ...) + {DLA-2285-1} - librsvg 2.46.4-1 [buster] - librsvg <no-dsa> (Will be fixed via spu) [jessie] - librsvg <no-dsa> (Minor issue) @@ -6031,10 +6032,10 @@ CVE-2019-18621 RESERVED CVE-2019-18620 RESERVED -CVE-2019-18619 - RESERVED -CVE-2019-18618 - RESERVED +CVE-2019-18619 (Incorrect parameter validation in the synaTee component of Synaptics W ...) + TODO: check +CVE-2019-18618 (Incorrect access control in the firmware of Synaptics VFS75xx family f ...) + TODO: check CVE-2019-18617 RESERVED CVE-2019-18616 @@ -11657,8 +11658,8 @@ CVE-2019-16246 (Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a di NOT-FOR-US: Intesync Solismed CVE-2019-16245 (OMERO before 5.6.1 makes the details of each user available to all use ...) NOT-FOR-US: OMERO -CVE-2019-16244 - RESERVED +CVE-2019-16244 (OMERO.server before 5.6.1 allows attackers to bypass the security filt ...) + TODO: check CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocument ...) NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineerin ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 88a8184487..2eb5e4142c 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,13 @@ +CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...) + TODO: check +CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10 ...) + TODO: check +CVE-2020-15894 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...) + TODO: check +CVE-2020-15893 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...) + TODO: check +CVE-2020-15892 (An issue was discovered in apply.cgi on D-Link DAP-1520 devices before ...) + TODO: check CVE-2020-15891 RESERVED CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...) @@ -184,8 +194,8 @@ CVE-2020-15808 RESERVED CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted ...) - libredwg <itp> (bug #595191) -CVE-2020-15806 - RESERVED +CVE-2020-15806 (CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Me ...) + TODO: check CVE-2020-15805 RESERVED CVE-2020-15804 @@ -1662,8 +1672,8 @@ CVE-2020-15126 RESERVED CVE-2020-15125 RESERVED -CVE-2020-15124 - RESERVED +CVE-2020-15124 (In Goobi Viewer Core before version 4.8.3, a path traversal vulnerabil ...) + TODO: check CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload method has a ...) TODO: check CVE-2020-15122 @@ -4380,14 +4390,14 @@ CVE-2020-13937 CVE-2020-13936 RESERVED CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...) - {DSA-4727-1} + {DSA-4727-1 DLA-2286-1} - tomcat9 9.0.37-1 - tomcat8 <removed> NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/3 NOTE: https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5 (8.5.57) NOTE: https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d (9.0.37) CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0. ...) - {DSA-4727-1} + {DSA-4727-1 DLA-2286-1} - tomcat9 9.0.37-1 - tomcat8 <removed> NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/4 @@ -7061,8 +7071,8 @@ CVE-2020-12776 RESERVED CVE-2020-12775 RESERVED -CVE-2020-12774 - RESERVED +CVE-2020-12774 (D-Link DSL-7740C does not properly validate user input, which allows a ...) + TODO: check CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of some Re ...) NOT-FOR-US: Realtek ADSL/PON Modem SoC firmware CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...) @@ -17255,8 +17265,7 @@ CVE-2020-8561 RESERVED CVE-2020-8560 RESERVED -CVE-2020-8559 - RESERVED +CVE-2020-8559 (The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions pri ...) - kubernetes 1.18.5-1 NOTE: https://www.openwall.com/lists/oss-security/2020/07/15/6 CVE-2020-8558 @@ -20105,7 +20114,7 @@ CVE-2020-7265 (Privilege Escalation vulnerability in McAfee Endpoint Security (E NOT-FOR-US: McAfee CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...) NOT-FOR-US: McAfee -CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in McAfee En ...) +CVE-2020-7263 (Improper access control vulnerability in ESconfigTool.exe in McAfee En ...) NOT-FOR-US: ENS for Windows CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...) NOT-FOR-US: McAfee @@ -21902,131 +21911,101 @@ CVE-2020-6538 RESERVED CVE-2020-6537 RESERVED -CVE-2020-6536 - RESERVED +CVE-2020-6536 (Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 a ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6535 - RESERVED +CVE-2020-6535 (Insufficient data validation in WebUI in Google Chrome prior to 84.0.4 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6534 - RESERVED +CVE-2020-6534 (Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6533 - RESERVED +CVE-2020-6533 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6532 RESERVED -CVE-2020-6531 - RESERVED +CVE-2020-6531 (Side-channel information leakage in scroll to text in Google Chrome pr ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6530 - RESERVED +CVE-2020-6530 (Out of bounds memory access in developer tools in Google Chrome prior ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6529 - RESERVED +CVE-2020-6529 (Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6528 - RESERVED +CVE-2020-6528 (Incorrect security UI in basic auth in Google Chrome on iOS prior to 8 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6527 - RESERVED +CVE-2020-6527 (Insufficient policy enforcement in CSP in Google Chrome prior to 84.0. ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6526 - RESERVED +CVE-2020-6526 (Inappropriate implementation in iframe sandbox in Google Chrome prior ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6525 - RESERVED +CVE-2020-6525 (Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 al ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6524 - RESERVED +CVE-2020-6524 (Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.8 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6523 - RESERVED +CVE-2020-6523 (Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 all ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6522 - RESERVED +CVE-2020-6522 (Inappropriate implementation in external protocol handlers in Google C ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6521 - RESERVED +CVE-2020-6521 (Side-channel information leakage in autofill in Google Chrome prior to ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6520 - RESERVED +CVE-2020-6520 (Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6519 - RESERVED +CVE-2020-6519 (Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6518 - RESERVED +CVE-2020-6518 (Use after free in developer tools in Google Chrome prior to 84.0.4147. ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6517 - RESERVED +CVE-2020-6517 (Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6516 - RESERVED +CVE-2020-6516 (Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6515 - RESERVED +CVE-2020-6515 (Use after free in tab strip in Google Chrome prior to 84.0.4147.89 all ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6514 - RESERVED +CVE-2020-6514 (Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6513 - RESERVED +CVE-2020-6513 (Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6512 - RESERVED +CVE-2020-6512 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6511 - RESERVED +CVE-2020-6511 (Information leak in content security policy in Google Chrome prior to ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6510 - RESERVED +CVE-2020-6510 (Heap buffer overflow in background fetch in Google Chrome prior to 84. ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6509 - RESERVED +CVE-2020-6509 (Use after free in extensions in Google Chrome prior to 83.0.4103.116 a ...) {DSA-4714-1} - chromium 83.0.4103.116-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6508 RESERVED -CVE-2020-6507 - RESERVED +CVE-2020-6507 (Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allo ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6506 - RESERVED +CVE-2020-6506 (Insufficient policy enforcement in WebView in Google Chrome on Android ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6505 - RESERVED +CVE-2020-6505 (Use after free in speech in Google Chrome prior to 83.0.4103.106 allow ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) |