[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 15 08:10:33 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50f3f863 by security tracker role at 2020-12-15T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2020-35472
+ RESERVED
+CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and truncated datagrams, as dem ...)
+ TODO: check
+CVE-2020-35470 (Envoy before 1.16.1 logs an incorrect downstream address because it co ...)
+ TODO: check
+CVE-2020-35469
+ RESERVED
+CVE-2020-35468
+ RESERVED
+CVE-2020-35467
+ RESERVED
+CVE-2020-35466
+ RESERVED
+CVE-2020-35465
+ RESERVED
+CVE-2020-35464
+ RESERVED
+CVE-2020-35463
+ RESERVED
+CVE-2020-35462
+ RESERVED
+CVE-2020-35461
+ RESERVED
+CVE-2020-35460 (common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows dir ...)
+ TODO: check
+CVE-2020-35459
+ RESERVED
+CVE-2020-35458
+ RESERVED
+CVE-2020-35457 (** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that ...)
+ TODO: check
+CVE-2020-35456
+ RESERVED
+CVE-2020-35455
+ RESERVED
+CVE-2020-35454
+ RESERVED
+CVE-2020-35453
+ RESERVED
CVE-2020-35452
RESERVED
CVE-2020-35451
@@ -2601,12 +2641,12 @@ CVE-2020-29513
RESERVED
CVE-2020-29512
RESERVED
-CVE-2020-29511
- RESERVED
-CVE-2020-29510
- RESERVED
-CVE-2020-29509
- RESERVED
+CVE-2020-29511 (The encoding/xml package in Go (all versions) does not correctly prese ...)
+ TODO: check
+CVE-2020-29510 (The encoding/xml package in Go versions 1.15 and earlier does not corr ...)
+ TODO: check
+CVE-2020-29509 (The encoding/xml package in Go (all versions) does not correctly prese ...)
+ TODO: check
CVE-2020-29508
RESERVED
CVE-2020-29507
@@ -3289,10 +3329,10 @@ CVE-2020-29306
RESERVED
CVE-2020-29305
RESERVED
-CVE-2020-29304
- RESERVED
-CVE-2020-29303
- RESERVED
+CVE-2020-29304 (A cross-site scripting (XSS) vulnerability exists in the SabaiApps Wor ...)
+ TODO: check
+CVE-2020-29303 (A cross-site scripting (XSS) vulnerability in the SabaiApp Directories ...)
+ TODO: check
CVE-2020-29302
RESERVED
CVE-2020-29301
@@ -4265,10 +4305,10 @@ CVE-2020-28863
RESERVED
CVE-2020-28862
RESERVED
-CVE-2020-28861
- RESERVED
-CVE-2020-28860
- RESERVED
+CVE-2020-28861 (OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to ...)
+ TODO: check
+CVE-2020-28860 (OpenAssetDigital Asset Management (DAM) through 12.0.19 does not corre ...)
+ TODO: check
CVE-2020-28859 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
CVE-2020-28858 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
@@ -6371,8 +6411,8 @@ CVE-2020-28398
RESERVED
CVE-2020-28397
RESERVED
-CVE-2020-28396
- RESERVED
+CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...)
+ TODO: check
CVE-2020-28395
RESERVED
CVE-2020-28394
@@ -11166,8 +11206,8 @@ CVE-2020-27254
RESERVED
CVE-2020-27253 (A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx ...)
NOT-FOR-US: FactoryTalk
-CVE-2020-27252
- RESERVED
+CVE-2020-27252 (Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race ...)
+ TODO: check
CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
NOT-FOR-US: FactoryTalk
CVE-2020-27250
@@ -15863,22 +15903,22 @@ CVE-2020-25237
RESERVED
CVE-2020-25236
RESERVED
-CVE-2020-25235
- RESERVED
-CVE-2020-25234
- RESERVED
-CVE-2020-25233
- RESERVED
-CVE-2020-25232
- RESERVED
-CVE-2020-25231
- RESERVED
-CVE-2020-25230
- RESERVED
-CVE-2020-25229
- RESERVED
-CVE-2020-25228
- RESERVED
+CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ TODO: check
+CVE-2020-25234 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ TODO: check
+CVE-2020-25233 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ TODO: check
+CVE-2020-25232 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ TODO: check
+CVE-2020-25231 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ TODO: check
+CVE-2020-25230 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ TODO: check
+CVE-2020-25229 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ TODO: check
+CVE-2020-25228 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ TODO: check
CVE-2020-25227
RESERVED
CVE-2020-25226
@@ -16016,16 +16056,16 @@ CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer o
NOT-FOR-US: Paradox IP150
CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
NOT-FOR-US: LAquis SCADA
-CVE-2020-25187
- RESERVED
+CVE-2020-25187 (Medtronic MyCareLink Smart 25000 all versions are vulnerable when an a ...)
+ TODO: check
CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...)
NOT-FOR-US: LeviStudioU Release
CVE-2020-25185 (The affected product is vulnerable to five post-authentication buffer ...)
NOT-FOR-US: Paradox IP150
CVE-2020-25184
RESERVED
-CVE-2020-25183
- RESERVED
+CVE-2020-25183 (Medtronic MyCareLink Smart 25000 all versions contain an authenticatio ...)
+ TODO: check
CVE-2020-25182
RESERVED
CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer over ...)
@@ -26219,8 +26259,8 @@ CVE-2020-20191
RESERVED
CVE-2020-20190
RESERVED
-CVE-2020-20189
- RESERVED
+CVE-2020-20189 (SQL Injection vulnerability in NewPK 1.1 via the title parameter to ad ...)
+ TODO: check
CVE-2020-20188
RESERVED
CVE-2020-20187
@@ -26229,10 +26269,10 @@ CVE-2020-20186
RESERVED
CVE-2020-20185
RESERVED
-CVE-2020-20184
- RESERVED
-CVE-2020-20183
- RESERVED
+CVE-2020-20184 (GateOne allows remote attackers to execute arbitrary commands via shel ...)
+ TODO: check
+CVE-2020-20183 (Insecure direct object reference vulnerability in Zyxel’s P1302- ...)
+ TODO: check
CVE-2020-20182
RESERVED
CVE-2020-20181
@@ -34648,12 +34688,12 @@ CVE-2020-16106
RESERVED
CVE-2020-16105
RESERVED
-CVE-2020-16104
- RESERVED
-CVE-2020-16103
- RESERVED
-CVE-2020-16102
- RESERVED
+CVE-2020-16104 (SQL Injection vulnerability in Enterprise Data Interface of Gallagher ...)
+ TODO: check
+CVE-2020-16103 (Type confusion in Gallagher Command Centre Server allows a remote atta ...)
+ TODO: check
+CVE-2020-16102 (Improper Authentication vulnerability in Gallagher Command Centre Serv ...)
+ TODO: check
CVE-2020-16101 (It is possible for an unauthenticated remote DCOM websocket connection ...)
NOT-FOR-US: Gallagher Command Centre Server
CVE-2020-16100 (It is possible for an unauthenticated remote DCOM websocket connection ...)
@@ -35512,8 +35552,8 @@ CVE-2020-15798
RESERVED
CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
NOT-FOR-US: DCA Vantage Analyzer
-CVE-2020-15796
- RESERVED
+CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
+ TODO: check
CVE-2020-15795
RESERVED
CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions). ...)
@@ -35530,7 +35570,7 @@ CVE-2020-15789 (A vulnerability has been identified in Polarion Subversion Webcl
NOT-FOR-US: Siemens
CVE-2020-15788 (A vulnerability has been identified in Polarion Subversion Webclient ( ...)
NOT-FOR-US: Siemens
-CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI United Comfort Pane ...)
+CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI Unified Comfort Pan ...)
NOT-FOR-US: Siemens
CVE-2020-15786 (A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Ge ...)
NOT-FOR-US: Siemens
@@ -39406,8 +39446,7 @@ CVE-2020-14370 (An information disclosure vulnerability was found in containers/
NOTE: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074
CVE-2020-14369 (This release fixes a Cross Site Request Forgery vulnerability was foun ...)
NOT-FOR-US: Red Hat CloudForm
-CVE-2020-14368
- RESERVED
+CVE-2020-14368 (A flaw was found in Eclipse Che in versions prior to 7.14.0 that impac ...)
NOT-FOR-US: Eclipse Che
CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating the PID ...)
- chrony 3.5.1-1 (unimportant)
@@ -56561,26 +56600,23 @@ CVE-2020-8288
RESERVED
CVE-2020-8287
RESERVED
-CVE-2020-8286 [Inferior OCSP verification]
- RESERVED
+CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...)
- curl <unfixed> (bug #977161)
NOTE: https://curl.se/docs/CVE-2020-8286.html
NOTE: https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 (curl-7_74_0)
-CVE-2020-8285 [FTP wildcard stack overflow]
- RESERVED
+CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recu ...)
- curl <unfixed> (bug #977162)
NOTE: https://curl.se/docs/CVE-2020-8285.html
NOTE: https://github.com/curl/curl/issues/6255
NOTE: https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d (curl-7_74_0)
-CVE-2020-8284 [trusting FTP PASV responses]
- RESERVED
+CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 7.73.0 ...)
- curl <unfixed> (bug #977163)
NOTE: https://curl.se/docs/CVE-2020-8284.html
NOTE: https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (curl-7_74_0)
-CVE-2020-8283
- RESERVED
-CVE-2020-8282
- RESERVED
+CVE-2020-8283 (An authorised user on a Windows host running Citrix Universal Print Se ...)
+ TODO: check
+CVE-2020-8282 (A security issue was found in EdgePower 24V/54V firmware v1.7.0 and ea ...)
+ TODO: check
CVE-2020-8281
RESERVED
CVE-2020-8280
@@ -56636,10 +56672,10 @@ CVE-2020-8260 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2020-8259 (Insufficient protection of the server-side encryption keys in Nextclou ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2020-8258
- RESERVED
-CVE-2020-8257
- RESERVED
+CVE-2020-8258 (Improper privilege management on services run by Citrix Gateway Plug-i ...)
+ TODO: check
+CVE-2020-8257 (Improper privilege management on services run by Citrix Gateway Plug-i ...)
+ TODO: check
CVE-2020-8256 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web int ...)
NOT-FOR-US: Pulse Connect Secure
CVE-2020-8255 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web inter ...)
@@ -56705,8 +56741,7 @@ CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware &
NOT-FOR-US: Edgeswitch
CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...)
NOT-FOR-US: Edgeswitch
-CVE-2020-8231
- RESERVED
+CVE-2020-8231 (Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can us ...)
{DLA-2382-1}
- curl 7.72.0-1 (bug #968831)
[buster] - curl <no-dsa> (Minor issue)
@@ -56845,8 +56880,7 @@ CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18
- node-jison <not-affected> (Vulnerable code not included in Debian source)
NOTE: https://hackerone.com/reports/690010
NOTE: ports/ is stripped/excluded in the src:node-jison source package.
-CVE-2020-8177
- RESERVED
+CVE-2020-8177 (curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of na ...)
{DLA-2295-1}
- curl 7.72.0-1 (bug #965281)
[buster] - curl <no-dsa> (Minor issue)
@@ -56871,8 +56905,7 @@ CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6
NOT-FOR-US: AirMax AirOS
CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...)
NOT-FOR-US: AirMax AirOS
-CVE-2020-8169
- RESERVED
+CVE-2020-8169 (curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure ...)
- curl 7.72.0-1 (bug #965280)
[buster] - curl <no-dsa> (Minor issue)
[stretch] - curl <not-affected> (Vulnerable code introduced later)
@@ -58428,7 +58461,7 @@ CVE-2020-7591 (A vulnerability has been identified in SIPORT MP (All versions &l
NOT-FOR-US: Siemens
CVE-2020-7590 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
NOT-FOR-US: DCA Vantage Analyzer
-CVE-2020-7589 (A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS variant ...)
+CVE-2020-7589 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
CVE-2020-7588 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...)
NOT-FOR-US: Siemens
@@ -74921,20 +74954,20 @@ CVE-2019-19291 (A vulnerability has been identified in SiNVR 3 Central Control S
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19290 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
-CVE-2019-19289
- RESERVED
-CVE-2019-19288
- RESERVED
-CVE-2019-19287
- RESERVED
-CVE-2019-19286
- RESERVED
-CVE-2019-19285
- RESERVED
-CVE-2019-19284
- RESERVED
-CVE-2019-19283
- RESERVED
+CVE-2019-19289 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...)
+ TODO: check
+CVE-2019-19288 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...)
+ TODO: check
+CVE-2019-19287 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...)
+ TODO: check
+CVE-2019-19286 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...)
+ TODO: check
+CVE-2019-19285 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...)
+ TODO: check
+CVE-2019-19284 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...)
+ TODO: check
+CVE-2019-19283 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...)
+ TODO: check
CVE-2019-19282 (A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), ...)
NOT-FOR-US: Siemens
CVE-2019-19281 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
@@ -80296,48 +80329,46 @@ CVE-2020-0472
RESERVED
CVE-2020-0471
RESERVED
-CVE-2020-0470
- RESERVED
-CVE-2020-0469
- RESERVED
-CVE-2020-0468
- RESERVED
-CVE-2020-0467
- RESERVED
-CVE-2020-0466
- RESERVED
+CVE-2020-0470 (In extend_frame_highbd of restoration.c, there is a possible out of bo ...)
+ TODO: check
+CVE-2020-0469 (In addEscrowToken of LockSettingsService.java, there is a possible los ...)
+ TODO: check
+CVE-2020-0468 (In listen() and related functions of TelephonyRegistry.java, there is ...)
+ TODO: check
+CVE-2020-0467 (In onUserStopped of Vpn.java, there is a possible resetting of user pr ...)
+ TODO: check
+CVE-2020-0466 (In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a poss ...)
- linux 5.8.7-1
[buster] - linux 4.19.146-1
[stretch] - linux 4.9.240-1
NOTE: https://git.kernel.org/linus/52c479697c9b73f628140dcdfcd39ea302d05482
NOTE: https://git.kernel.org/linus/a9ed4a6560b8562b7e2e2bed9527e88001f7b682
-CVE-2020-0465
- RESERVED
+CVE-2020-0465 (In various methods of hid-multitouch.c, there is a possible out of bou ...)
- linux 5.8.7-1
[buster] - linux 4.19.146-1
[stretch] - linux 4.9.240-1
NOTE: https://git.kernel.org/linus/35556bed836f8dc07ac55f69c8d17dce3e7f0e25
NOTE: https://git.kernel.org/linus/bce1305c0ece3dc549663605e567655dd701752c
-CVE-2020-0464
- RESERVED
-CVE-2020-0463
- RESERVED
+CVE-2020-0464 (In resolv_cache_lookup of res_cache.cpp, there is a possible side chan ...)
+ TODO: check
+CVE-2020-0463 (In sdp_server_handle_client_req of sdp_server.cc, there is a possible ...)
+ TODO: check
CVE-2020-0462
RESERVED
CVE-2020-0461
RESERVED
-CVE-2020-0460
- RESERVED
-CVE-2020-0459
- RESERVED
-CVE-2020-0458
- RESERVED
-CVE-2020-0457
- RESERVED
-CVE-2020-0456
- RESERVED
-CVE-2020-0455
- RESERVED
+CVE-2020-0460 (In createNameCredentialDialog of CertInstaller.java, there exists the ...)
+ TODO: check
+CVE-2020-0459 (In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, th ...)
+ TODO: check
+CVE-2020-0458 (In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEnc ...)
+ TODO: check
+CVE-2020-0457 (There is a possible out of bounds write due to a missing bounds check. ...)
+ TODO: check
+CVE-2020-0456 (There is a possible out of bounds write due to a missing bounds check. ...)
+ TODO: check
+CVE-2020-0455 (There is a possible out of bounds write due to a missing bounds check. ...)
+ TODO: check
CVE-2020-0454 (In callCallbackForRequest of ConnectivityService.java, there is a poss ...)
NOT-FOR-US: Android
CVE-2020-0453 (In updateNotification of BeamTransferManager.java, there is a possible ...)
@@ -80360,8 +80391,7 @@ CVE-2020-0446 (There is a possible out of bounds write due to a missing bounds c
NOT-FOR-US: MediaTek components for Android
CVE-2020-0445 (There is a possible out of bounds write due to a missing bounds check. ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2020-0444
- RESERVED
+CVE-2020-0444 (In audit_free_lsm_field of auditfilter.c, there is a possible bad kfre ...)
- linux 5.5.13-1
[buster] - linux 4.19.118-1
[stretch] - linux 4.9.228-1
@@ -80372,8 +80402,8 @@ CVE-2020-0442 (In Message and toBundle of Notification.java, there is a possible
NOT-FOR-US: Android
CVE-2020-0441 (In Message and toBundle of Notification.java, there is a possible reso ...)
NOT-FOR-US: Android
-CVE-2020-0440
- RESERVED
+CVE-2020-0440 (In createVirtualDisplay of DisplayManagerService.java, there is a poss ...)
+ TODO: check
CVE-2020-0439 (In generatePackageInfo of PackageManagerService.java, there is a possi ...)
NOT-FOR-US: Android
CVE-2020-0438 (In the AIBinder_Class constructor of ibinder.cpp, there is a possible ...)
@@ -80698,7 +80728,7 @@ CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypa
NOT-FOR-US: Android
CVE-2020-0295 (In Telecom, there is a possible permission bypass due to an unsafe Pen ...)
NOT-FOR-US: Android
-CVE-2020-0294 (In the wallpaper manager, there is a possible permission bypass due to ...)
+CVE-2020-0294 (In bindWallpaperComponentLocked of WallpaperManagerService.java, there ...)
NOT-FOR-US: Android
CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...)
NOT-FOR-US: Android
@@ -81105,8 +81135,8 @@ CVE-2020-0101 (In BnCrypto::onTransact of ICrypto.cpp, there is a possible infor
NOT-FOR-US: Android media framework
CVE-2020-0100 (In onTransact of IHDCP.cpp, there is a possible out of bounds read due ...)
NOT-FOR-US: Android media framework
-CVE-2020-0099
- RESERVED
+CVE-2020-0099 (In addWindow of WindowManagerService.java, there is a possible window ...)
+ TODO: check
CVE-2020-0098 (In navigateUpToLocked of ActivityStack.java, there is a possible permi ...)
NOT-FOR-US: Android
CVE-2020-0097 (In various methods of PackageManagerService.java, there is a possible ...)
@@ -81285,14 +81315,14 @@ CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there i
NOT-FOR-US: Android
CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible failur ...)
NOT-FOR-US: Android
-CVE-2020-0019
- RESERVED
+CVE-2020-0019 (In the Broadcom Nexus firmware, there is an insecure default password. ...)
+ TODO: check
CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there is a p ...)
NOT-FOR-US: Android
CVE-2020-0017 (In multiple places, it was possible for the primary user’s dicti ...)
NOT-FOR-US: Android
-CVE-2020-0016
- RESERVED
+CVE-2020-0016 (In the Broadcom Nexus firmware, there is an insecure default password. ...)
+ TODO: check
CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to overlay ...)
NOT-FOR-US: Android
CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TOAST w ...)
@@ -103792,11 +103822,11 @@ CVE-2019-10923 (A vulnerability has been identified in Development/Evaluation Ki
NOT-FOR-US: Siemens
CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
-CVE-2019-10921 (A vulnerability has been identified in LOGO!8 BM (All versions). Unenc ...)
+CVE-2019-10921 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
-CVE-2019-10920 (A vulnerability has been identified in LOGO!8 BM (All versions). Proje ...)
+CVE-2019-10920 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
-CVE-2019-10919 (A vulnerability has been identified in LOGO!8 BM (All versions). Attac ...)
+CVE-2019-10919 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
CVE-2019-10918 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
@@ -175549,7 +175579,7 @@ CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic &
NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers P ...)
NOT-FOR-US: Desigo
-CVE-2018-4833 (A vulnerability has been identified in RFID 181-EIP (All versions), RU ...)
+CVE-2018-4833 (A vulnerability has been identified in RFID 181EIP (All versions), RUG ...)
NOT-FOR-US: Siemens
CVE-2018-4832 (A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All ...)
NOT-FOR-US: Siemens
@@ -203045,9 +203075,9 @@ CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Module
NOT-FOR-US: Siemens
CVE-2017-12736 (A vulnerability has been identified in RUGGEDCOM ROS for RSL910 device ...)
NOT-FOR-US: Siemens
-CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An attac ...)
+CVE-2017-12735 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
-CVE-2017-12734 (A vulnerability has been identified in Siemens LOGO! devices before V1 ...)
+CVE-2017-12734 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
CVE-2017-12733 (A Missing Authentication for Critical Function issue was discovered in ...)
NOT-FOR-US: SiteSentinel
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50f3f8638faa39d8cf15bbe52de77a2bcdd89590
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50f3f8638faa39d8cf15bbe52de77a2bcdd89590
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201215/1fca69bf/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list