[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jul 18 09:10:21 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14cb8f5c by security tracker role at 2020-07-18T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious applicat ...)
+	TODO: check
 CVE-2020-15815
 	RESERVED
 CVE-2020-15814
@@ -1587,12 +1589,12 @@ CVE-2020-15112
 	RESERVED
 CVE-2020-15111
 	RESERVED
-CVE-2020-15110
-	RESERVED
+CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able  ...)
+	TODO: check
 CVE-2020-15109
 	RESERVED
-CVE-2020-15108
-	RESERVED
+CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of "Clon ...)
+	TODO: check
 CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...)
 	TODO: check
 CVE-2020-15106
@@ -14584,8 +14586,8 @@ CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based
 	NOT-FOR-US: Advantech WebAccess
 CVE-2020-10606
 	RESERVED
-CVE-2020-10605
-	RESERVED
+CVE-2020-10605 (Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests ...)
+	TODO: check
 CVE-2020-10604
 	RESERVED
 CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...)
@@ -17747,22 +17749,22 @@ CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3)
 	NOT-FOR-US: HUAWEI
 CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 1 ...)
 	NOT-FOR-US: HUAWEI
-CVE-2020-9259
-	RESERVED
+CVE-2020-9259 (Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00 ...)
+	TODO: check
 CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P ...)
 	NOT-FOR-US: HUAWEI
-CVE-2020-9257
-	RESERVED
-CVE-2020-9256
-	RESERVED
-CVE-2020-9255
-	RESERVED
-CVE-2020-9254
-	RESERVED
+CVE-2020-9257 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...)
+	TODO: check
+CVE-2020-9256 (Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C ...)
+	TODO: check
+CVE-2020-9255 (Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E ...)
+	TODO: check
+CVE-2020-9254 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...)
+	TODO: check
 CVE-2020-9253
 	RESERVED
-CVE-2020-9252
-	RESERVED
+CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI M ...)
+	TODO: check
 CVE-2020-9251
 	RESERVED
 CVE-2020-9250
@@ -17811,8 +17813,8 @@ CVE-2020-9229
 	RESERVED
 CVE-2020-9228
 	RESERVED
-CVE-2020-9227
-	RESERVED
+CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166  ...)
+	TODO: check
 CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
 	NOT-FOR-US: HUAWEI
 CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...)
@@ -18061,10 +18063,10 @@ CVE-2020-9104
 	RESERVED
 CVE-2020-9103
 	RESERVED
-CVE-2020-9102
-	RESERVED
-CVE-2020-9101
-	RESERVED
+CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...)
+	TODO: check
+CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...)
+	TODO: check
 CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...)
@@ -19346,7 +19348,7 @@ CVE-2020-8575
 	RESERVED
 CVE-2020-8574
 	RESERVED
-CVE-2020-8573 (The NetApp HCI H610S Baseboard Management Controller (BMC) is shipped  ...)
+CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers ...)
 	NOT-FOR-US: NetApp
 CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...)
 	NOT-FOR-US: Element OS
@@ -21251,8 +21253,8 @@ CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version conta
 	NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library
 CVE-2020-7819
 	RESERVED
-CVE-2020-7818
-	RESERVED
+CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, ...)
+	TODO: check
 CVE-2020-7817
 	RESERVED
 CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...)
@@ -22595,8 +22597,8 @@ CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resol
 	NOT-FOR-US: LinuxKI
 CVE-2020-7207
 	RESERVED
-CVE-2020-7206
-	RESERVED
+CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has  ...)
+	TODO: check
 CVE-2020-7205
 	RESERVED
 CVE-2020-7204
@@ -26239,12 +26241,12 @@ CVE-2020-5771
 	RESERVED
 CVE-2020-5770
 	RESERVED
-CVE-2020-5769
-	RESERVED
-CVE-2020-5768
-	RESERVED
-CVE-2020-5767
-	RESERVED
+CVE-2020-5769 (Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 ...)
+	TODO: check
+CVE-2020-5768 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2020-5767 (Cross-site request forgery in Icegram Email Subscribers & Newslett ...)
+	TODO: check
 CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerabi ...)
@@ -26259,14 +26261,14 @@ CVE-2020-5761
 	RESERVED
 CVE-2020-5760
 	RESERVED
-CVE-2020-5759
-	RESERVED
-CVE-2020-5758
-	RESERVED
-CVE-2020-5757
-	RESERVED
-CVE-2020-5756
-	RESERVED
+CVE-2020-5759 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
+	TODO: check
+CVE-2020-5758 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
+	TODO: check
+CVE-2020-5757 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
+	TODO: check
+CVE-2020-5756 (Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenti ...)
+	TODO: check
 CVE-2020-5755 (Webroot endpoint agents prior to version v9.0.28.48 did not protect th ...)
 	NOT-FOR-US: Webroot
 CVE-2020-5754 (Webroot endpoint agents prior to version v9.0.28.48 allows remote atta ...)
@@ -30250,8 +30252,8 @@ CVE-2020-4106
 	RESERVED
 CVE-2020-4105
 	RESERVED
-CVE-2020-4104
-	RESERVED
+CVE-2020-4104 (HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) wi ...)
+	TODO: check
 CVE-2020-4103
 	RESERVED
 CVE-2020-4102
@@ -43731,8 +43733,8 @@ CVE-2020-0307
 	RESERVED
 CVE-2020-0306
 	RESERVED
-CVE-2020-0305
-	RESERVED
+CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...)
+	TODO: check
 CVE-2020-0304
 	RESERVED
 CVE-2020-0303
@@ -43879,28 +43881,21 @@ CVE-2020-0233 (In main of main.cpp, there is possible memory corruption due to a
 	NOT-FOR-US: Android
 CVE-2020-0232 (Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds  ...)
 	NOT-FOR-US: Pixel kernel drivers
-CVE-2020-0231
-	RESERVED
+CVE-2020-0231 (There is a possible out of bounds write due to an incorrect bounds che ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2020-0230
-	RESERVED
+CVE-2020-0230 (There is a possible out of bounds write due to an incorrect bounds che ...)
 	NOT-FOR-US: MediaTek components for Android
 CVE-2020-0229
 	RESERVED
-CVE-2020-0228
-	RESERVED
+CVE-2020-0228 (There is an improper configuration of recorder related service. Produc ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2020-0227
-	RESERVED
+CVE-2020-0227 (In onCommand of CompanionDeviceManagerService.java, there is a possibl ...)
 	NOT-FOR-US: Android
-CVE-2020-0226
-	RESERVED
+CVE-2020-0226 (In createWithSurfaceParent of Client.cpp, there is a possible out of b ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0225
-	RESERVED
+CVE-2020-0225 (In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder. ...)
 	NOT-FOR-US: Android
-CVE-2020-0224
-	RESERVED
+CVE-2020-0224 (In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out ...)
 	NOT-FOR-US: Android
 CVE-2020-0223 (This is an unbounded write into kernel global memory, via a user-contr ...)
 	NOT-FOR-US: Pixel kernel drivers
@@ -44117,13 +44112,11 @@ CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a poss
 	NOT-FOR-US: Android
 CVE-2020-0123
 	RESERVED
-CVE-2020-0122
-	RESERVED
+CVE-2020-0122 (In the permission declaration for com.google.android.providers.gsf.per ...)
 	NOT-FOR-US: Android
 CVE-2020-0121 (In updateUidProcState of AppOpsService.java, there is a possible permi ...)
 	NOT-FOR-US: Android
-CVE-2020-0120
-	RESERVED
+CVE-2020-0120 (In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possib ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0119 (In addOrUpdateNetworkInternal and related functions of WifiConfigManag ...)
 	NOT-FOR-US: Android
@@ -44153,8 +44146,7 @@ CVE-2020-0109 (In simulatePackageSuspendBroadcast of NotificationManagerService.
 	NOT-FOR-US: Android
 CVE-2020-0108
 	RESERVED
-CVE-2020-0107
-	RESERVED
+CVE-2020-0107 (In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible ...)
 	NOT-FOR-US: Android
 CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a possible  ...)
 	NOT-FOR-US: Android
@@ -63692,8 +63684,8 @@ CVE-2019-12002 (A remote session reuse vulnerability leading to access restricti
 	NOT-FOR-US: HPE
 CVE-2019-12001 (A remote session reuse vulnerability leading to access restriction byp ...)
 	NOT-FOR-US: HPE
-CVE-2019-12000
-	RESERVED
+CVE-2019-12000 (HPE has found a potential Remote Access Restriction Bypass in HPE MSE  ...)
+	TODO: check
 CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE OpenCal ...)
 	NOT-FOR-US: HPE
 CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote vulnerabili ...)
@@ -85403,8 +85395,8 @@ CVE-2019-4092 (IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attack
 	NOT-FOR-US: IBM
 CVE-2019-4091 ("HCL Marketing Platform is vulnerable to cross-site scripting during a ...)
 	TODO: check
-CVE-2019-4090
-	RESERVED
+CVE-2019-4090 ("HCL Campaign is vulnerable to cross-site scripting when a user provid ...)
+	TODO: check
 CVE-2019-4089
 	RESERVED
 CVE-2019-4088 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14cb8f5cbcefdcd1dba8c2361c63344f45756064

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14cb8f5cbcefdcd1dba8c2361c63344f45756064
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200718/d4c05b47/attachment.html>


More information about the debian-security-tracker-commits mailing list