[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Apr 20 17:37:59 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bf017044 by Moritz Muehlenhoff at 2020-04-20T18:37:32+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30817,9 +30817,9 @@ CVE-2020-0560 (Improper permissions in the installer for the Intel(R) Renesas El
CVE-2020-0559
RESERVED
CVE-2020-0558 (Improper buffer restrictions in kernel mode driver for Intel(R) PROSet ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0557 (Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi produc ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...)
{DSA-4647-1}
- bluez 5.50-1.1 (bug #953770)
@@ -30870,7 +30870,7 @@ CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authentic
NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
CVE-2020-0547 (Incorrect default permissions in the installer for Intel(R) Data Migra ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Modu ...)
NOT-FOR-US: Intel
CVE-2020-0545
@@ -31445,7 +31445,7 @@ CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible
CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a p ...)
NOT-FOR-US: Symantec
CVE-2019-18376 (A CSRF token disclosure vulnerability allows a remote attacker, with a ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2019-18375 (The ASG and ProxySG management consoles are susceptible to a session h ...)
NOT-FOR-US: ASG and ProxySG management consoles
CVE-2019-18374 (Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & ...)
@@ -32723,9 +32723,9 @@ CVE-2020-0081 (In finalize of AssetManager.java, there is possible memory corrup
CVE-2020-0080 (In onOpActiveChanged and related methods of AppOpsControllerImpl.java, ...)
NOT-FOR-US: Android
CVE-2020-0079 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0078 (In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0077 (In authorize_enroll of the FPC IRIS TrustZone app, there is a possible ...)
NOT-FOR-US: Android
CVE-2020-0076 (In get_auth_result of the FPC IRIS TrustZone app, there is a possible ...)
@@ -32745,7 +32745,7 @@ CVE-2020-0070 (In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a po
CVE-2020-0069 (In the ioctl handlers of the Mediatek Command Queue driver, there is a ...)
NOT-FOR-US: Mediatek components for Android
CVE-2020-0068 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0067 (In f2fs_xattr_generic_list of xattr.c, there is a possible out of boun ...)
- linux 5.5.13-1
NOTE: https://git.kernel.org/linus/688078e7f36c293dae25b338ddc9e0a2790f6e06
@@ -45369,7 +45369,7 @@ CVE-2019-14118
CVE-2019-14117
RESERVED
CVE-2019-14116 (Privilege escalation by using an altered debug policy image can occur ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14115
RESERVED
CVE-2019-14114 (Buffer overflow in WLAN firmware while parsing GTK IE containing GTK k ...)
@@ -45796,7 +45796,7 @@ CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code exec
NOTE: https://www.exim.org/static/doc/security/CVE-2019-13917.txt
NOTE: https://git.exim.org/exim.git/commit/21aa05977abff1eaa69bb97ef99080220915f7c0
CVE-2019-13916 (An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6. ...)
- TODO: check
+ NOT-FOR-US: Cypress
CVE-2019-13915 (b3log Wide before 1.6.0 allows three types of attacks to access arbitr ...)
NOT-FOR-US: b3log Wide
CVE-2019-13914
@@ -52078,13 +52078,13 @@ CVE-2019-12004
CVE-2019-12003
RESERVED
CVE-2019-12002 (A remote session reuse vulnerability leading to access restriction byp ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-12001 (A remote session reuse vulnerability leading to access restriction byp ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-12000
RESERVED
CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE OpenCal ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote vulnerabili ...)
NOT-FOR-US: HPE Superdome Flex Server
CVE-2019-11997 (A potential security vulnerability has been identified in HPE enhanced ...)
@@ -68846,7 +68846,7 @@ CVE-2019-6205 (A memory corruption issue was addressed with improved lock state
CVE-2019-6204 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2019-6203 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6202 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2019-6201 (Multiple memory corruption issues were addressed with improved memory ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf017044eee1e5229d518bb771b27093f544b210
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf017044eee1e5229d518bb771b27093f544b210
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200420/3dca3256/attachment.html>
More information about the debian-security-tracker-commits
mailing list