[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Nov 10 20:10:28 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa2c1b0d by security tracker role at 2020-11-10T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2020-28400
+	RESERVED
+CVE-2020-28399
+	RESERVED
+CVE-2020-28398
+	RESERVED
+CVE-2020-28397
+	RESERVED
+CVE-2020-28396
+	RESERVED
+CVE-2020-28395
+	RESERVED
+CVE-2020-28394
+	RESERVED
+CVE-2020-28393
+	RESERVED
+CVE-2020-28392
+	RESERVED
+CVE-2020-28391
+	RESERVED
+CVE-2020-28390
+	RESERVED
+CVE-2020-28389
+	RESERVED
+CVE-2020-28388
+	RESERVED
+CVE-2020-28387
+	RESERVED
+CVE-2020-28386
+	RESERVED
+CVE-2020-28385
+	RESERVED
+CVE-2020-28384
+	RESERVED
+CVE-2020-28383
+	RESERVED
+CVE-2020-28382
+	RESERVED
+CVE-2020-28381
+	RESERVED
+CVE-2020-28380
+	RESERVED
+CVE-2020-28379
+	RESERVED
+CVE-2020-28378
+	RESERVED
+CVE-2020-28377
+	RESERVED
+CVE-2020-28376
+	RESERVED
+CVE-2020-28375
+	RESERVED
+CVE-2020-28374
+	RESERVED
 CVE-2020-28373 (upnpd on certain NETGEAR devices allows remote (LAN) attackers to exec ...)
 	NOT-FOR-US: Netgear
 CVE-2020-28372
@@ -8,8 +62,8 @@ CVE-2020-28370
 	RESERVED
 CVE-2020-28369
 	RESERVED
-CVE-2020-28368
-	RESERVED
+CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain sensitive  ...)
+	TODO: check
 CVE-2020-28367
 	RESERVED
 CVE-2020-28366
@@ -1718,8 +1772,8 @@ CVE-2020-28269
 	RESERVED
 CVE-2020-28268
 	RESERVED
-CVE-2020-28267
-	RESERVED
+CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0  ...)
+	TODO: check
 CVE-2017-18926 (raptor_xml_writer_start_element_common in raptor_xml_writer.c in Rapto ...)
 	{DSA-4785-1 DLA-2438-1}
 	- raptor <removed>
@@ -1780,6 +1834,7 @@ CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.3
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2020-002.html
 CVE-2020-28241 (libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_en ...)
+	{DLA-2445-1}
 	- libmaxminddb <unfixed> (bug #973878)
 	NOTE: https://github.com/maxmind/libmaxminddb/issues/236
 	NOTE: https://github.com/maxmind/libmaxminddb/pull/237
@@ -2156,8 +2211,8 @@ CVE-2020-28057
 	RESERVED
 CVE-2020-28056
 	RESERVED
-CVE-2020-28055
-	RESERVED
+CVE-2020-28055 (A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 ...)
+	TODO: check
 CVE-2020-28054
 	RESERVED
 CVE-2020-28053
@@ -4167,8 +4222,8 @@ CVE-2020-27405
 	RESERVED
 CVE-2020-27404
 	RESERVED
-CVE-2020-27403
-	RESERVED
+CVE-2020-27403 (A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 ...)
+	TODO: check
 CVE-2020-27402 (The HK1 Box S905X3 TV Box contains a vulnerability that allows a local ...)
 	NOT-FOR-US: HK1 Box S905X3 TV Box
 CVE-2020-27401
@@ -4660,7 +4715,7 @@ CVE-2020-27167
 CVE-2020-27166
 	RESERVED
 CVE-2020-27165
-	RESERVED
+	REJECTED
 CVE-2020-27164
 	RESERVED
 CVE-2020-27163 (phpRedisAdmin before 1.13.2 allows XSS via the login.php username para ...)
@@ -4706,8 +4761,8 @@ CVE-2020-27148
 	RESERVED
 CVE-2020-27147
 	RESERVED
-CVE-2020-27146
-	RESERVED
+CVE-2020-27146 (The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace ( ...)
+	TODO: check
 CVE-2020-27145
 	RESERVED
 CVE-2020-27144
@@ -5100,6 +5155,7 @@ CVE-2020-26951
 	RESERVED
 CVE-2020-26950
 	RESERVED
+	{DSA-4788-1}
 	- firefox 82.0.3-1
 	- firefox-esr 78.4.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950
@@ -5371,42 +5427,42 @@ CVE-2020-26826
 	RESERVED
 CVE-2020-26825
 	RESERVED
-CVE-2020-26824
-	RESERVED
-CVE-2020-26823
-	RESERVED
-CVE-2020-26822
-	RESERVED
-CVE-2020-26821
-	RESERVED
-CVE-2020-26820
-	RESERVED
-CVE-2020-26819
-	RESERVED
-CVE-2020-26818
-	RESERVED
-CVE-2020-26817
-	RESERVED
+CVE-2020-26824 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+	TODO: check
+CVE-2020-26823 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+	TODO: check
+CVE-2020-26822 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+	TODO: check
+CVE-2020-26821 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+	TODO: check
+CVE-2020-26820 (SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows ...)
+	TODO: check
+CVE-2020-26819 (SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752 ...)
+	TODO: check
+CVE-2020-26818 (SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752 ...)
+	TODO: check
+CVE-2020-26817 (SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open m ...)
+	TODO: check
 CVE-2020-26816
 	RESERVED
-CVE-2020-26815
-	RESERVED
-CVE-2020-26814
-	RESERVED
+CVE-2020-26815 (SAP Fiori Launchpad (News tile Application), versions - 750,751,752,75 ...)
+	TODO: check
+CVE-2020-26814 (SAP Process Integration (PGP Module - Business-to-Business Add On), ve ...)
+	TODO: check
 CVE-2020-26813
 	RESERVED
 CVE-2020-26812
 	RESERVED
-CVE-2020-26811
-	RESERVED
-CVE-2020-26810
-	RESERVED
-CVE-2020-26809
-	RESERVED
-CVE-2020-26808
-	RESERVED
-CVE-2020-26807
-	RESERVED
+CVE-2020-26811 (SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811,  ...)
+	TODO: check
+CVE-2020-26810 (SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811,  ...)
+	TODO: check
+CVE-2020-26809 (SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker  ...)
+	TODO: check
+CVE-2020-26808 (SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011 ...)
+	TODO: check
+CVE-2020-26807 (SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrec ...)
+	TODO: check
 CVE-2020-26806
 	RESERVED
 CVE-2020-26805
@@ -9317,8 +9373,7 @@ CVE-2020-25076
 	RESERVED
 CVE-2020-25075
 	RESERVED
-CVE-2020-25074 [remote code execution via cache action]
-	RESERVED
+CVE-2020-25074 (The cache action in action/cache.py in MoinMoin through 1.9.10 allows  ...)
 	{DSA-4787-1}
 	- moin <removed>
 	NOTE: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq
@@ -10813,8 +10868,8 @@ CVE-2020-24386
 	RESERVED
 CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...)
 	NOT-FOR-US: FreeBSD and MidnightBSD
-CVE-2020-24384
-	RESERVED
+CVE-2020-24384 (A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GU ...)
+	TODO: check
 CVE-2020-24383
 	RESERVED
 CVE-2020-24382
@@ -30079,7 +30134,7 @@ CVE-2020-15167 (In Miller (command line utility) using the configuration file su
 	[stretch] - miller <not-affected> (Introduced in 5.9.0)
 	NOTE: https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw
 CVE-2020-15166 (In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerabi ...)
-	{DSA-4761-1}
+	{DSA-4761-1 DLA-2443-1}
 	- zeromq3 4.3.3-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/3
 	NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
@@ -33565,8 +33620,7 @@ CVE-2020-13929
 	RESERVED
 CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving se ...)
 	NOT-FOR-US: Apache Atlas
-CVE-2020-13927
-	RESERVED
+CVE-2020-13927 (The previous default setting for Airflow's Experimental API was to all ...)
 	- airflow <itp> (bug #819700)
 CVE-2020-13926 (Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when ...)
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
@@ -37238,8 +37292,8 @@ CVE-2020-12487
 	RESERVED
 CVE-2020-12486
 	RESERVED
-CVE-2020-12485
-	RESERVED
+CVE-2020-12485 (The frame touch module does not make validity judgments on parameter l ...)
+	TODO: check
 CVE-2020-12484
 	RESERVED
 CVE-2020-12483
@@ -50040,6 +50094,7 @@ CVE-2020-8039
 CVE-2020-8038
 	RESERVED
 CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a l ...)
+	{DLA-2444-1}
 	- tcpdump 4.9.3-7 (unimportant; bug #973877)
 	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
 CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...)
@@ -50793,8 +50848,8 @@ CVE-2020-7768
 	RESERVED
 CVE-2020-7767
 	RESERVED
-CVE-2020-7766
-	RESERVED
+CVE-2020-7766 (This affects all versions of package json-ptr. The issue occurs in the ...)
+	TODO: check
 CVE-2020-7765
 	RESERVED
 CVE-2020-7764 (This affects the package find-my-way before 2.2.5, from 3.0.0 and befo ...)
@@ -54582,8 +54637,8 @@ CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP NetWeaver
 	NOT-FOR-US: SAP
 CVE-2020-6317
 	RESERVED
-CVE-2020-6316
-	RESERVED
+CVE-2020-6316 (SAP ERP and SAP S/4 HANA allows an authenticated user to see cost reco ...)
+	TODO: check
 CVE-2020-6315 (SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send ...)
 	NOT-FOR-US: SAP
 CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
@@ -56651,8 +56706,8 @@ CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML
 	NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0)
 CVE-2020-5389 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC)  ...)
 	NOT-FOR-US: Dell
-CVE-2020-5388
-	RESERVED
+CVE-2020-5388 (Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an  ...)
+	TODO: check
 CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Ex ...)
 	NOT-FOR-US: Dell
 CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource  ...)
@@ -58515,8 +58570,8 @@ CVE-2020-4762
 	RESERVED
 CVE-2020-4761
 	RESERVED
-CVE-2020-4760
-	RESERVED
+CVE-2020-4760 (IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Thi ...)
+	TODO: check
 CVE-2020-4759 (IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable  ...)
 	NOT-FOR-US: IBM
 CVE-2020-4758
@@ -58627,8 +58682,8 @@ CVE-2020-4706
 	RESERVED
 CVE-2020-4705
 	RESERVED
-CVE-2020-4704
-	RESERVED
+CVE-2020-4704 (IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripti ...)
+	TODO: check
 CVE-2020-4703 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console ...)
 	NOT-FOR-US: IBM
 CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...)
@@ -58899,8 +58954,8 @@ CVE-2020-4570
 	RESERVED
 CVE-2020-4569 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mecha ...)
 	NOT-FOR-US: IBM
-CVE-2020-4568
-	RESERVED
+CVE-2020-4568 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user crede ...)
+	TODO: check
 CVE-2020-4567 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate acco ...)
 	NOT-FOR-US: IBM
 CVE-2020-4566
@@ -73077,59 +73132,43 @@ CVE-2020-0456
 	RESERVED
 CVE-2020-0455
 	RESERVED
-CVE-2020-0454
-	RESERVED
+CVE-2020-0454 (In callCallbackForRequest of ConnectivityService.java, there is a poss ...)
 	NOT-FOR-US: Android
-CVE-2020-0453
-	RESERVED
+CVE-2020-0453 (In updateNotification of BeamTransferManager.java, there is a possible ...)
 	NOT-FOR-US: Android
-CVE-2020-0452 [libexif overflow check could be optimized away]
-	RESERVED
+CVE-2020-0452 (In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...)
 	{DSA-4786-1 DLA-2439-1}
 	- libexif 0.6.22-3
 	NOTE: https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06
-CVE-2020-0451
-	RESERVED
+CVE-2020-0451 (In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there i ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0450
-	RESERVED
+CVE-2020-0450 (In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds re ...)
 	NOT-FOR-US: Android
-CVE-2020-0449
-	RESERVED
+CVE-2020-0449 (In btm_sec_disconnected of btm_sec.cc, there is a possible memory corr ...)
 	NOT-FOR-US: Android
-CVE-2020-0448
-	RESERVED
+CVE-2020-0448 (In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a p ...)
 	NOT-FOR-US: Android
-CVE-2020-0447
-	RESERVED
+CVE-2020-0447 (There is a possible out of bounds write due to a missing bounds check. ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2020-0446
-	RESERVED
+CVE-2020-0446 (There is a possible out of bounds write due to a missing bounds check. ...)
 	NOT-FOR-US: MediaTek components for Android
-CVE-2020-0445
-	RESERVED
+CVE-2020-0445 (There is a possible out of bounds write due to a missing bounds check. ...)
 	NOT-FOR-US: MediaTek components for Android
 CVE-2020-0444
 	RESERVED
-CVE-2020-0443
-	RESERVED
+CVE-2020-0443 (In LocaleList of LocaleList.java, there is a possible forced reboot du ...)
 	NOT-FOR-US: Android
-CVE-2020-0442
-	RESERVED
+CVE-2020-0442 (In Message and toBundle of Notification.java, there is a possible UI s ...)
 	NOT-FOR-US: Android
-CVE-2020-0441
-	RESERVED
+CVE-2020-0441 (In Message and toBundle of Notification.java, there is a possible reso ...)
 	NOT-FOR-US: Android
 CVE-2020-0440
 	RESERVED
-CVE-2020-0439
-	RESERVED
+CVE-2020-0439 (In generatePackageInfo of PackageManagerService.java, there is a possi ...)
 	NOT-FOR-US: Android
-CVE-2020-0438
-	RESERVED
+CVE-2020-0438 (In the AIBinder_Class constructor of ibinder.cpp, there is a possible  ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0437
-	RESERVED
+CVE-2020-0437 (In CellBroadcastReceiver's intent handlers, there is a possible denial ...)
 	NOT-FOR-US: Android
 CVE-2020-0436
 	RESERVED
@@ -73173,8 +73212,7 @@ CVE-2020-0426 (In SyncManager, there is a possible permission bypass due to an u
 	NOT-FOR-US: Android
 CVE-2020-0425 (There is a possible way to view notifications even when the "Lockdown" ...)
 	NOT-FOR-US: Android
-CVE-2020-0424
-	RESERVED
+CVE-2020-0424 (In send_vc of res_send.cpp, there is a possible out of bounds read due ...)
 	NOT-FOR-US: Android
 CVE-2020-0423 (In binder_release_work of binder.c, there is a possible use-after-free ...)
 	- linux 5.9.6-1
@@ -73187,8 +73225,7 @@ CVE-2020-0420 (In setUpdatableDriverPath of GpuService.cpp, there is a possible
 	NOT-FOR-US: Android
 CVE-2020-0419 (In generateInfo of PackageInstallerSession.java, there is a possible l ...)
 	NOT-FOR-US: Android
-CVE-2020-0418
-	RESERVED
+CVE-2020-0418 (In getPermissionInfosForGroup of Utils.java, there is a logic error. T ...)
 	NOT-FOR-US: Android
 CVE-2020-0417
 	RESERVED
@@ -73206,8 +73243,7 @@ CVE-2020-0411 (In ~AACExtractor() of AACExtractor.cpp, there is a possible out o
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0410 (In setNotification of SapServer.java, there is a possible permission b ...)
 	NOT-FOR-US: Android
-CVE-2020-0409
-	RESERVED
+CVE-2020-0409 (In create of FileMap.cpp, there is a possible out of bounds write due  ...)
 	NOT-FOR-US: Android
 CVE-2020-0408 (In remove of String16.cpp, there is a possible out of bounds write due ...)
 	NOT-FOR-US: Android



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa2c1b0d979ac92501afc044a524d37f5369b5e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa2c1b0d979ac92501afc044a524d37f5369b5e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201110/b4a8d454/attachment.html>


More information about the debian-security-tracker-commits mailing list