[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat May 30 09:10:22 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aeb57e72 by security tracker role at 2020-05-30T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-13700
+	RESERVED
 CVE-2020-13699
 	RESERVED
 CVE-2020-13698
@@ -4878,8 +4880,8 @@ CVE-2020-11846
 	RESERVED
 CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...)
 	NOT-FOR-US: Micro Focus
-CVE-2020-11844
-	RESERVED
+CVE-2020-11844 (There is an Incorrect Authorization vulnerability in Micro Focus Servi ...)
+	TODO: check
 CVE-2020-11843
 	RESERVED
 CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...)
@@ -7198,36 +7200,31 @@ CVE-2020-11091
 	RESERVED
 CVE-2020-11090
 	RESERVED
-CVE-2020-11089 [oob read in channel `irp` functions]
-	RESERVED
+CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
-CVE-2020-11088 [Out of bound read in ntlm_read_NegotiateMessage]
-	RESERVED
+CVE-2020-11088 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read  ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
-CVE-2020-11087 [oob read in `ntlm_read_AuthenticateMessage`]
-	RESERVED
+CVE-2020-11087 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read  ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
-CVE-2020-11086 [oob read in `ntlm_read_ntlm_v2_response`]
-	RESERVED
+CVE-2020-11086 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read  ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
-CVE-2020-11085 [cliprdr_read_format_list out of bound read]
-	RESERVED
+CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_rea ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -7370,8 +7367,7 @@ CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in u
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013
-CVE-2020-11043
-	RESERVED
+CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -7391,8 +7387,7 @@ CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled ar
 	- freerdp <removed>
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
-CVE-2020-11040 [out of bound access in clear_decompress_subcode_rlex]
-	RESERVED
+CVE-2020-11040 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data  ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -13807,8 +13802,8 @@ CVE-2020-8484 (Insufficient protection of the inter-process communication functi
 	NOT-FOR-US: ABB
 CVE-2020-8483
 	RESERVED
-CVE-2020-8482
-	RESERVED
+CVE-2020-8482 (Insecure storage of sensitive information in ABB Device Library Wizard ...)
+	TODO: check
 CVE-2020-8481 (For ABB products ABB Ability™ System 800xA and related system ex ...)
 	NOT-FOR-US: ABB
 CVE-2020-8480
@@ -15740,20 +15735,20 @@ CVE-2020-7656 (jquery prior to 1.9.0 allows Cross-site Scripting attacks via the
 	TODO: check
 CVE-2020-7655 (netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP  ...)
 	NOT-FOR-US: netius
-CVE-2020-7654
-	RESERVED
-CVE-2020-7653
-	RESERVED
-CVE-2020-7652
-	RESERVED
-CVE-2020-7651
-	RESERVED
-CVE-2020-7650
-	RESERVED
+CVE-2020-7654 (All versions of snyk-broker before 4.73.1 are vulnerable to Informatio ...)
+	TODO: check
+CVE-2020-7653 (All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary  ...)
+	TODO: check
+CVE-2020-7652 (All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary  ...)
+	TODO: check
+CVE-2020-7651 (All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary  ...)
+	TODO: check
+CVE-2020-7650 (All versions of snyk-broker after 4.72.0 including and before 4.73.1 a ...)
+	TODO: check
 CVE-2020-7649
 	RESERVED
-CVE-2020-7648
-	RESERVED
+CVE-2020-7648 (All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary  ...)
+	TODO: check
 CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...)
 	NOT-FOR-US: jooby
 CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary commands.It is ...)
@@ -17397,8 +17392,8 @@ CVE-2020-6939
 	RESERVED
 CVE-2020-6938
 	RESERVED
-CVE-2020-6937
-	RESERVED
+CVE-2020-6937 (A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, ...)
+	TODO: check
 CVE-2020-6936
 	RESERVED
 CVE-2020-6935
@@ -24505,12 +24500,12 @@ CVE-2020-3961
 	RESERVED
 CVE-2020-3960
 	RESERVED
-CVE-2020-3959
-	RESERVED
-CVE-2020-3958
-	RESERVED
-CVE-2020-3957
-	RESERVED
+CVE-2020-3959 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
+	TODO: check
+CVE-2020-3958 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
+	TODO: check
+CVE-2020-3957 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...)
+	TODO: check
 CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5,  ...)
 	NOT-FOR-US: VMware
 CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ...)
@@ -31003,8 +30998,8 @@ CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201
 	NOT-FOR-US: Huawei
 CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...)
 	NOT-FOR-US: Huawei
-CVE-2020-1870
-	RESERVED
+CVE-2020-1870 (CloudEngine 12800 products with versions of V200R019C00, V200R019C10SP ...)
+	TODO: check
 CVE-2020-1869
 	RESERVED
 CVE-2020-1868
@@ -31077,12 +31072,12 @@ CVE-2020-1835
 	RESERVED
 CVE-2020-1834
 	RESERVED
-CVE-2020-1833
-	RESERVED
+CVE-2020-1833 (Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) ...)
+	TODO: check
 CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3. ...)
 	TODO: check
-CVE-2020-1831
-	RESERVED
+CVE-2020-1831 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C ...)
+	TODO: check
 CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...)
@@ -31125,8 +31120,8 @@ CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulner
 	NOT-FOR-US: Huawei
 CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...)
 	NOT-FOR-US: Huawei
-CVE-2020-1809
-	RESERVED
+CVE-2020-1809 (HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E1 ...)
+	TODO: check
 CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 wi ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...)
@@ -31149,8 +31144,8 @@ CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563S
 	NOT-FOR-US: Huawei
 CVE-2020-1798 (HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2 ...)
 	TODO: check
-CVE-2020-1797
-	RESERVED
+CVE-2020-1797 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...)
+	TODO: check
 CVE-2020-1796 (There is an improper authorization vulnerability in several smartphone ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1795 (There is a logic error vulnerability in several smartphones. The softw ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeb57e7200e755dfecff87f248cf6efb3195ab25

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeb57e7200e755dfecff87f248cf6efb3195ab25
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200530/db7085a8/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list