[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Jul 18 09:10:21 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
14cb8f5c by security tracker role at 2020-07-18T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious applicat ...)
+ TODO: check
CVE-2020-15815
RESERVED
CVE-2020-15814
@@ -1587,12 +1589,12 @@ CVE-2020-15112
RESERVED
CVE-2020-15111
RESERVED
-CVE-2020-15110
- RESERVED
+CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able ...)
+ TODO: check
CVE-2020-15109
RESERVED
-CVE-2020-15108
- RESERVED
+CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of "Clon ...)
+ TODO: check
CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...)
TODO: check
CVE-2020-15106
@@ -14584,8 +14586,8 @@ CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based
NOT-FOR-US: Advantech WebAccess
CVE-2020-10606
RESERVED
-CVE-2020-10605
- RESERVED
+CVE-2020-10605 (Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests ...)
+ TODO: check
CVE-2020-10604
RESERVED
CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...)
@@ -17747,22 +17749,22 @@ CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3)
NOT-FOR-US: HUAWEI
CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 1 ...)
NOT-FOR-US: HUAWEI
-CVE-2020-9259
- RESERVED
+CVE-2020-9259 (Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00 ...)
+ TODO: check
CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P ...)
NOT-FOR-US: HUAWEI
-CVE-2020-9257
- RESERVED
-CVE-2020-9256
- RESERVED
-CVE-2020-9255
- RESERVED
-CVE-2020-9254
- RESERVED
+CVE-2020-9257 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...)
+ TODO: check
+CVE-2020-9256 (Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C ...)
+ TODO: check
+CVE-2020-9255 (Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E ...)
+ TODO: check
+CVE-2020-9254 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...)
+ TODO: check
CVE-2020-9253
RESERVED
-CVE-2020-9252
- RESERVED
+CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI M ...)
+ TODO: check
CVE-2020-9251
RESERVED
CVE-2020-9250
@@ -17811,8 +17813,8 @@ CVE-2020-9229
RESERVED
CVE-2020-9228
RESERVED
-CVE-2020-9227
- RESERVED
+CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 ...)
+ TODO: check
CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
NOT-FOR-US: HUAWEI
CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...)
@@ -18061,10 +18063,10 @@ CVE-2020-9104
RESERVED
CVE-2020-9103
RESERVED
-CVE-2020-9102
- RESERVED
-CVE-2020-9101
- RESERVED
+CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...)
+ TODO: check
+CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...)
+ TODO: check
CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...)
NOT-FOR-US: Huawei
CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...)
@@ -19346,7 +19348,7 @@ CVE-2020-8575
RESERVED
CVE-2020-8574
RESERVED
-CVE-2020-8573 (The NetApp HCI H610S Baseboard Management Controller (BMC) is shipped ...)
+CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers ...)
NOT-FOR-US: NetApp
CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...)
NOT-FOR-US: Element OS
@@ -21251,8 +21253,8 @@ CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version conta
NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library
CVE-2020-7819
RESERVED
-CVE-2020-7818
- RESERVED
+CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, ...)
+ TODO: check
CVE-2020-7817
RESERVED
CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...)
@@ -22595,8 +22597,8 @@ CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resol
NOT-FOR-US: LinuxKI
CVE-2020-7207
RESERVED
-CVE-2020-7206
- RESERVED
+CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has ...)
+ TODO: check
CVE-2020-7205
RESERVED
CVE-2020-7204
@@ -26239,12 +26241,12 @@ CVE-2020-5771
RESERVED
CVE-2020-5770
RESERVED
-CVE-2020-5769
- RESERVED
-CVE-2020-5768
- RESERVED
-CVE-2020-5767
- RESERVED
+CVE-2020-5769 (Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 ...)
+ TODO: check
+CVE-2020-5768 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2020-5767 (Cross-site request forgery in Icegram Email Subscribers & Newslett ...)
+ TODO: check
CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Wordpress plugin
CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerabi ...)
@@ -26259,14 +26261,14 @@ CVE-2020-5761
RESERVED
CVE-2020-5760
RESERVED
-CVE-2020-5759
- RESERVED
-CVE-2020-5758
- RESERVED
-CVE-2020-5757
- RESERVED
-CVE-2020-5756
- RESERVED
+CVE-2020-5759 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
+ TODO: check
+CVE-2020-5758 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
+ TODO: check
+CVE-2020-5757 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
+ TODO: check
+CVE-2020-5756 (Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenti ...)
+ TODO: check
CVE-2020-5755 (Webroot endpoint agents prior to version v9.0.28.48 did not protect th ...)
NOT-FOR-US: Webroot
CVE-2020-5754 (Webroot endpoint agents prior to version v9.0.28.48 allows remote atta ...)
@@ -30250,8 +30252,8 @@ CVE-2020-4106
RESERVED
CVE-2020-4105
RESERVED
-CVE-2020-4104
- RESERVED
+CVE-2020-4104 (HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) wi ...)
+ TODO: check
CVE-2020-4103
RESERVED
CVE-2020-4102
@@ -43731,8 +43733,8 @@ CVE-2020-0307
RESERVED
CVE-2020-0306
RESERVED
-CVE-2020-0305
- RESERVED
+CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...)
+ TODO: check
CVE-2020-0304
RESERVED
CVE-2020-0303
@@ -43879,28 +43881,21 @@ CVE-2020-0233 (In main of main.cpp, there is possible memory corruption due to a
NOT-FOR-US: Android
CVE-2020-0232 (Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds ...)
NOT-FOR-US: Pixel kernel drivers
-CVE-2020-0231
- RESERVED
+CVE-2020-0231 (There is a possible out of bounds write due to an incorrect bounds che ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2020-0230
- RESERVED
+CVE-2020-0230 (There is a possible out of bounds write due to an incorrect bounds che ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0229
RESERVED
-CVE-2020-0228
- RESERVED
+CVE-2020-0228 (There is an improper configuration of recorder related service. Produc ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2020-0227
- RESERVED
+CVE-2020-0227 (In onCommand of CompanionDeviceManagerService.java, there is a possibl ...)
NOT-FOR-US: Android
-CVE-2020-0226
- RESERVED
+CVE-2020-0226 (In createWithSurfaceParent of Client.cpp, there is a possible out of b ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0225
- RESERVED
+CVE-2020-0225 (In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder. ...)
NOT-FOR-US: Android
-CVE-2020-0224
- RESERVED
+CVE-2020-0224 (In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out ...)
NOT-FOR-US: Android
CVE-2020-0223 (This is an unbounded write into kernel global memory, via a user-contr ...)
NOT-FOR-US: Pixel kernel drivers
@@ -44117,13 +44112,11 @@ CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a poss
NOT-FOR-US: Android
CVE-2020-0123
RESERVED
-CVE-2020-0122
- RESERVED
+CVE-2020-0122 (In the permission declaration for com.google.android.providers.gsf.per ...)
NOT-FOR-US: Android
CVE-2020-0121 (In updateUidProcState of AppOpsService.java, there is a possible permi ...)
NOT-FOR-US: Android
-CVE-2020-0120
- RESERVED
+CVE-2020-0120 (In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possib ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0119 (In addOrUpdateNetworkInternal and related functions of WifiConfigManag ...)
NOT-FOR-US: Android
@@ -44153,8 +44146,7 @@ CVE-2020-0109 (In simulatePackageSuspendBroadcast of NotificationManagerService.
NOT-FOR-US: Android
CVE-2020-0108
RESERVED
-CVE-2020-0107
- RESERVED
+CVE-2020-0107 (In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a possible ...)
NOT-FOR-US: Android
@@ -63692,8 +63684,8 @@ CVE-2019-12002 (A remote session reuse vulnerability leading to access restricti
NOT-FOR-US: HPE
CVE-2019-12001 (A remote session reuse vulnerability leading to access restriction byp ...)
NOT-FOR-US: HPE
-CVE-2019-12000
- RESERVED
+CVE-2019-12000 (HPE has found a potential Remote Access Restriction Bypass in HPE MSE ...)
+ TODO: check
CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE OpenCal ...)
NOT-FOR-US: HPE
CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote vulnerabili ...)
@@ -85403,8 +85395,8 @@ CVE-2019-4092 (IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attack
NOT-FOR-US: IBM
CVE-2019-4091 ("HCL Marketing Platform is vulnerable to cross-site scripting during a ...)
TODO: check
-CVE-2019-4090
- RESERVED
+CVE-2019-4090 ("HCL Campaign is vulnerable to cross-site scripting when a user provid ...)
+ TODO: check
CVE-2019-4089
RESERVED
CVE-2019-4088 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14cb8f5cbcefdcd1dba8c2361c63344f45756064
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14cb8f5cbcefdcd1dba8c2361c63344f45756064
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200718/d4c05b47/attachment.html>
More information about the debian-security-tracker-commits
mailing list