[Git][security-tracker-team/security-tracker][master] new puppet, puppetdb, libunivalue issues
Moritz Muehlenhoff
jmm at debian.org
Wed Mar 25 15:46:07 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76a4270b by Moritz Muehlenhoff at 2020-03-25T16:45:44+01:00
new puppet, puppetdb, libunivalue issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1059,7 +1059,7 @@ CVE-2020-10572
CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython implemen ...)
NOT-FOR-US: psd-tools
CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is ...)
- TODO: check
+ NOT-FOR-US: Telegram for Android
CVE-2020-10569
RESERVED
CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...)
@@ -4900,7 +4900,7 @@ CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass au
CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Samsung Galaxy S10 Firmware
CVE-2020-8859 (This vulnerability allows remote attackers to create a denial-of-servi ...)
- TODO: check
+ NOT-FOR-US: elog
CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Moxa
CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -7003,7 +7003,12 @@ CVE-2020-7945
CVE-2020-7944
RESERVED
CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...)
- TODO: check
+ - puppet <unfixed> (low)
+ [stretch] - puppet <no-dsa> (Minor issue)
+ [buster] - puppet <no-dsa> (Minor issue)
+ - puppetdb <unfixed> (low)
+ [buster] - puppetdb <no-dsa> (Minor issue)
+ NOTE: https://puppet.com/security/cve/CVE-2020-7943/
CVE-2020-7942 (Previously, Puppet operated on a model that a node with a valid certif ...)
- puppet <unfixed> (unimportant)
NOTE: This CVE assignment is for switching the default setting of strict_hostname_checking,
@@ -8049,7 +8054,7 @@ CVE-2020-7479 (A CWE-306: Missing Authentication for Critical Function vulnerabi
CVE-2020-7478 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
NOT-FOR-US: IGSS
CVE-2020-7477 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
- TODO: check
+ NOT-FOR-US: Quantum Ethernet Network module
CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Instal ...)
NOT-FOR-US: ZigBee Installation Kit
CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...)
@@ -9167,7 +9172,7 @@ CVE-2020-7005
CVE-2020-7004
RESERVED
CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...)
NOT-FOR-US: McAfee
CVE-2020-7001
@@ -9195,11 +9200,11 @@ CVE-2020-6991
CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
NOT-FOR-US: Rockwell
CVE-2020-6989 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2020-6988 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
NOT-FOR-US: Rockwell
CVE-2020-6987 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a series ...)
NOT-FOR-US: Omron
CVE-2020-6985
@@ -9207,7 +9212,7 @@ CVE-2020-6985
CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
NOT-FOR-US: Rockwell
CVE-2020-6983 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2020-6982
RESERVED
CVE-2020-6981
@@ -9229,7 +9234,7 @@ CVE-2020-6974
CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
CVE-2020-6972 (In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell F ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2020-6971 (In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the Va ...)
NOT-FOR-US: Emerson
CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA ...)
@@ -22995,7 +23000,7 @@ CVE-2020-1745 [AJP File Read/Inclusion Vulnerability]
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1807305
CVE-2020-1744 (A flaw was found in keycloak before version 9.0.1. When configuring an ...)
- TODO: check
+ NOT-FOR-US: Keycloak
CVE-2020-1743
RESERVED
CVE-2020-1742
@@ -24355,7 +24360,9 @@ CVE-2019-18938 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail Add
CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser Ad ...)
NOT-FOR-US: eQ-3 Homematic
CVE-2019-18936 (UniValue::read() in UniValue before 1.0.5 allow attackers to cause a d ...)
- TODO: check
+ - libunivalue <unfixed>
+ NOTE: https://github.com/jgarzik/univalue/compare/v1.0.4...v1.0.5
+ NOTE: https://github.com/jgarzik/univalue/pull/58
CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .N ...)
NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...)
@@ -27677,13 +27684,13 @@ CVE-2020-0521
CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...)
NOT-FOR-US: Intel
CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions ...)
- TODO: check
+ NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0518
RESERVED
CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...)
- TODO: check
+ NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before version 26 ...)
- TODO: check
+ NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) Graphic ...)
NOT-FOR-US: Intel
CVE-2020-0514 (Improper default permissions in the installer for Intel(R) Graphics Dr ...)
@@ -27693,7 +27700,7 @@ CVE-2020-0513
CVE-2020-0512
RESERVED
CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics Drivers befo ...)
- TODO: check
+ NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0510
RESERVED
CVE-2020-0509
@@ -27701,11 +27708,11 @@ CVE-2020-0509
CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...)
NOT-FOR-US: Intel
CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before versions 15. ...)
- TODO: check
+ NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before versions 1 ...)
- TODO: check
+ NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0505 (Improper conditions check in Intel(R) Graphics Drivers before versions ...)
- TODO: check
+ NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0504 (Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44. ...)
TODO: check
CVE-2020-0503 (Improper access control in Intel(R) Graphics Drivers before version 26 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a4270bea91850657ad44c6d4776280ca715e75
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a4270bea91850657ad44c6d4776280ca715e75
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200325/a6e5903a/attachment.html>
More information about the debian-security-tracker-commits
mailing list