[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 10 20:10:28 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fa2c1b0d by security tracker role at 2020-11-10T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2020-28400
+ RESERVED
+CVE-2020-28399
+ RESERVED
+CVE-2020-28398
+ RESERVED
+CVE-2020-28397
+ RESERVED
+CVE-2020-28396
+ RESERVED
+CVE-2020-28395
+ RESERVED
+CVE-2020-28394
+ RESERVED
+CVE-2020-28393
+ RESERVED
+CVE-2020-28392
+ RESERVED
+CVE-2020-28391
+ RESERVED
+CVE-2020-28390
+ RESERVED
+CVE-2020-28389
+ RESERVED
+CVE-2020-28388
+ RESERVED
+CVE-2020-28387
+ RESERVED
+CVE-2020-28386
+ RESERVED
+CVE-2020-28385
+ RESERVED
+CVE-2020-28384
+ RESERVED
+CVE-2020-28383
+ RESERVED
+CVE-2020-28382
+ RESERVED
+CVE-2020-28381
+ RESERVED
+CVE-2020-28380
+ RESERVED
+CVE-2020-28379
+ RESERVED
+CVE-2020-28378
+ RESERVED
+CVE-2020-28377
+ RESERVED
+CVE-2020-28376
+ RESERVED
+CVE-2020-28375
+ RESERVED
+CVE-2020-28374
+ RESERVED
CVE-2020-28373 (upnpd on certain NETGEAR devices allows remote (LAN) attackers to exec ...)
NOT-FOR-US: Netgear
CVE-2020-28372
@@ -8,8 +62,8 @@ CVE-2020-28370
RESERVED
CVE-2020-28369
RESERVED
-CVE-2020-28368
- RESERVED
+CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain sensitive ...)
+ TODO: check
CVE-2020-28367
RESERVED
CVE-2020-28366
@@ -1718,8 +1772,8 @@ CVE-2020-28269
RESERVED
CVE-2020-28268
RESERVED
-CVE-2020-28267
- RESERVED
+CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 ...)
+ TODO: check
CVE-2017-18926 (raptor_xml_writer_start_element_common in raptor_xml_writer.c in Rapto ...)
{DSA-4785-1 DLA-2438-1}
- raptor <removed>
@@ -1780,6 +1834,7 @@ CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.3
[stretch] - asterisk <not-affected> (Vulnerable code not present)
NOTE: http://downloads.asterisk.org/pub/security/AST-2020-002.html
CVE-2020-28241 (libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_en ...)
+ {DLA-2445-1}
- libmaxminddb <unfixed> (bug #973878)
NOTE: https://github.com/maxmind/libmaxminddb/issues/236
NOTE: https://github.com/maxmind/libmaxminddb/pull/237
@@ -2156,8 +2211,8 @@ CVE-2020-28057
RESERVED
CVE-2020-28056
RESERVED
-CVE-2020-28055
- RESERVED
+CVE-2020-28055 (A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 ...)
+ TODO: check
CVE-2020-28054
RESERVED
CVE-2020-28053
@@ -4167,8 +4222,8 @@ CVE-2020-27405
RESERVED
CVE-2020-27404
RESERVED
-CVE-2020-27403
- RESERVED
+CVE-2020-27403 (A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 ...)
+ TODO: check
CVE-2020-27402 (The HK1 Box S905X3 TV Box contains a vulnerability that allows a local ...)
NOT-FOR-US: HK1 Box S905X3 TV Box
CVE-2020-27401
@@ -4660,7 +4715,7 @@ CVE-2020-27167
CVE-2020-27166
RESERVED
CVE-2020-27165
- RESERVED
+ REJECTED
CVE-2020-27164
RESERVED
CVE-2020-27163 (phpRedisAdmin before 1.13.2 allows XSS via the login.php username para ...)
@@ -4706,8 +4761,8 @@ CVE-2020-27148
RESERVED
CVE-2020-27147
RESERVED
-CVE-2020-27146
- RESERVED
+CVE-2020-27146 (The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace ( ...)
+ TODO: check
CVE-2020-27145
RESERVED
CVE-2020-27144
@@ -5100,6 +5155,7 @@ CVE-2020-26951
RESERVED
CVE-2020-26950
RESERVED
+ {DSA-4788-1}
- firefox 82.0.3-1
- firefox-esr 78.4.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950
@@ -5371,42 +5427,42 @@ CVE-2020-26826
RESERVED
CVE-2020-26825
RESERVED
-CVE-2020-26824
- RESERVED
-CVE-2020-26823
- RESERVED
-CVE-2020-26822
- RESERVED
-CVE-2020-26821
- RESERVED
-CVE-2020-26820
- RESERVED
-CVE-2020-26819
- RESERVED
-CVE-2020-26818
- RESERVED
-CVE-2020-26817
- RESERVED
+CVE-2020-26824 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+ TODO: check
+CVE-2020-26823 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+ TODO: check
+CVE-2020-26822 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+ TODO: check
+CVE-2020-26821 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+ TODO: check
+CVE-2020-26820 (SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows ...)
+ TODO: check
+CVE-2020-26819 (SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752 ...)
+ TODO: check
+CVE-2020-26818 (SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752 ...)
+ TODO: check
+CVE-2020-26817 (SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open m ...)
+ TODO: check
CVE-2020-26816
RESERVED
-CVE-2020-26815
- RESERVED
-CVE-2020-26814
- RESERVED
+CVE-2020-26815 (SAP Fiori Launchpad (News tile Application), versions - 750,751,752,75 ...)
+ TODO: check
+CVE-2020-26814 (SAP Process Integration (PGP Module - Business-to-Business Add On), ve ...)
+ TODO: check
CVE-2020-26813
RESERVED
CVE-2020-26812
RESERVED
-CVE-2020-26811
- RESERVED
-CVE-2020-26810
- RESERVED
-CVE-2020-26809
- RESERVED
-CVE-2020-26808
- RESERVED
-CVE-2020-26807
- RESERVED
+CVE-2020-26811 (SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, ...)
+ TODO: check
+CVE-2020-26810 (SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, ...)
+ TODO: check
+CVE-2020-26809 (SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker ...)
+ TODO: check
+CVE-2020-26808 (SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011 ...)
+ TODO: check
+CVE-2020-26807 (SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrec ...)
+ TODO: check
CVE-2020-26806
RESERVED
CVE-2020-26805
@@ -9317,8 +9373,7 @@ CVE-2020-25076
RESERVED
CVE-2020-25075
RESERVED
-CVE-2020-25074 [remote code execution via cache action]
- RESERVED
+CVE-2020-25074 (The cache action in action/cache.py in MoinMoin through 1.9.10 allows ...)
{DSA-4787-1}
- moin <removed>
NOTE: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq
@@ -10813,8 +10868,8 @@ CVE-2020-24386
RESERVED
CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...)
NOT-FOR-US: FreeBSD and MidnightBSD
-CVE-2020-24384
- RESERVED
+CVE-2020-24384 (A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GU ...)
+ TODO: check
CVE-2020-24383
RESERVED
CVE-2020-24382
@@ -30079,7 +30134,7 @@ CVE-2020-15167 (In Miller (command line utility) using the configuration file su
[stretch] - miller <not-affected> (Introduced in 5.9.0)
NOTE: https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw
CVE-2020-15166 (In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerabi ...)
- {DSA-4761-1}
+ {DSA-4761-1 DLA-2443-1}
- zeromq3 4.3.3-1
NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/3
NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
@@ -33565,8 +33620,7 @@ CVE-2020-13929
RESERVED
CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving se ...)
NOT-FOR-US: Apache Atlas
-CVE-2020-13927
- RESERVED
+CVE-2020-13927 (The previous default setting for Airflow's Experimental API was to all ...)
- airflow <itp> (bug #819700)
CVE-2020-13926 (Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
@@ -37238,8 +37292,8 @@ CVE-2020-12487
RESERVED
CVE-2020-12486
RESERVED
-CVE-2020-12485
- RESERVED
+CVE-2020-12485 (The frame touch module does not make validity judgments on parameter l ...)
+ TODO: check
CVE-2020-12484
RESERVED
CVE-2020-12483
@@ -50040,6 +50094,7 @@ CVE-2020-8039
CVE-2020-8038
RESERVED
CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a l ...)
+ {DLA-2444-1}
- tcpdump 4.9.3-7 (unimportant; bug #973877)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...)
@@ -50793,8 +50848,8 @@ CVE-2020-7768
RESERVED
CVE-2020-7767
RESERVED
-CVE-2020-7766
- RESERVED
+CVE-2020-7766 (This affects all versions of package json-ptr. The issue occurs in the ...)
+ TODO: check
CVE-2020-7765
RESERVED
CVE-2020-7764 (This affects the package find-my-way before 2.2.5, from 3.0.0 and befo ...)
@@ -54582,8 +54637,8 @@ CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP NetWeaver
NOT-FOR-US: SAP
CVE-2020-6317
RESERVED
-CVE-2020-6316
- RESERVED
+CVE-2020-6316 (SAP ERP and SAP S/4 HANA allows an authenticated user to see cost reco ...)
+ TODO: check
CVE-2020-6315 (SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send ...)
NOT-FOR-US: SAP
CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
@@ -56651,8 +56706,8 @@ CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML
NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0)
CVE-2020-5389 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...)
NOT-FOR-US: Dell
-CVE-2020-5388
- RESERVED
+CVE-2020-5388 (Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an ...)
+ TODO: check
CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Ex ...)
NOT-FOR-US: Dell
CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource ...)
@@ -58515,8 +58570,8 @@ CVE-2020-4762
RESERVED
CVE-2020-4761
RESERVED
-CVE-2020-4760
- RESERVED
+CVE-2020-4760 (IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Thi ...)
+ TODO: check
CVE-2020-4759 (IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable ...)
NOT-FOR-US: IBM
CVE-2020-4758
@@ -58627,8 +58682,8 @@ CVE-2020-4706
RESERVED
CVE-2020-4705
RESERVED
-CVE-2020-4704
- RESERVED
+CVE-2020-4704 (IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripti ...)
+ TODO: check
CVE-2020-4703 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console ...)
NOT-FOR-US: IBM
CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...)
@@ -58899,8 +58954,8 @@ CVE-2020-4570
RESERVED
CVE-2020-4569 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mecha ...)
NOT-FOR-US: IBM
-CVE-2020-4568
- RESERVED
+CVE-2020-4568 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user crede ...)
+ TODO: check
CVE-2020-4567 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate acco ...)
NOT-FOR-US: IBM
CVE-2020-4566
@@ -73077,59 +73132,43 @@ CVE-2020-0456
RESERVED
CVE-2020-0455
RESERVED
-CVE-2020-0454
- RESERVED
+CVE-2020-0454 (In callCallbackForRequest of ConnectivityService.java, there is a poss ...)
NOT-FOR-US: Android
-CVE-2020-0453
- RESERVED
+CVE-2020-0453 (In updateNotification of BeamTransferManager.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2020-0452 [libexif overflow check could be optimized away]
- RESERVED
+CVE-2020-0452 (In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...)
{DSA-4786-1 DLA-2439-1}
- libexif 0.6.22-3
NOTE: https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06
-CVE-2020-0451
- RESERVED
+CVE-2020-0451 (In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there i ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0450
- RESERVED
+CVE-2020-0450 (In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds re ...)
NOT-FOR-US: Android
-CVE-2020-0449
- RESERVED
+CVE-2020-0449 (In btm_sec_disconnected of btm_sec.cc, there is a possible memory corr ...)
NOT-FOR-US: Android
-CVE-2020-0448
- RESERVED
+CVE-2020-0448 (In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a p ...)
NOT-FOR-US: Android
-CVE-2020-0447
- RESERVED
+CVE-2020-0447 (There is a possible out of bounds write due to a missing bounds check. ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2020-0446
- RESERVED
+CVE-2020-0446 (There is a possible out of bounds write due to a missing bounds check. ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2020-0445
- RESERVED
+CVE-2020-0445 (There is a possible out of bounds write due to a missing bounds check. ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0444
RESERVED
-CVE-2020-0443
- RESERVED
+CVE-2020-0443 (In LocaleList of LocaleList.java, there is a possible forced reboot du ...)
NOT-FOR-US: Android
-CVE-2020-0442
- RESERVED
+CVE-2020-0442 (In Message and toBundle of Notification.java, there is a possible UI s ...)
NOT-FOR-US: Android
-CVE-2020-0441
- RESERVED
+CVE-2020-0441 (In Message and toBundle of Notification.java, there is a possible reso ...)
NOT-FOR-US: Android
CVE-2020-0440
RESERVED
-CVE-2020-0439
- RESERVED
+CVE-2020-0439 (In generatePackageInfo of PackageManagerService.java, there is a possi ...)
NOT-FOR-US: Android
-CVE-2020-0438
- RESERVED
+CVE-2020-0438 (In the AIBinder_Class constructor of ibinder.cpp, there is a possible ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0437
- RESERVED
+CVE-2020-0437 (In CellBroadcastReceiver's intent handlers, there is a possible denial ...)
NOT-FOR-US: Android
CVE-2020-0436
RESERVED
@@ -73173,8 +73212,7 @@ CVE-2020-0426 (In SyncManager, there is a possible permission bypass due to an u
NOT-FOR-US: Android
CVE-2020-0425 (There is a possible way to view notifications even when the "Lockdown" ...)
NOT-FOR-US: Android
-CVE-2020-0424
- RESERVED
+CVE-2020-0424 (In send_vc of res_send.cpp, there is a possible out of bounds read due ...)
NOT-FOR-US: Android
CVE-2020-0423 (In binder_release_work of binder.c, there is a possible use-after-free ...)
- linux 5.9.6-1
@@ -73187,8 +73225,7 @@ CVE-2020-0420 (In setUpdatableDriverPath of GpuService.cpp, there is a possible
NOT-FOR-US: Android
CVE-2020-0419 (In generateInfo of PackageInstallerSession.java, there is a possible l ...)
NOT-FOR-US: Android
-CVE-2020-0418
- RESERVED
+CVE-2020-0418 (In getPermissionInfosForGroup of Utils.java, there is a logic error. T ...)
NOT-FOR-US: Android
CVE-2020-0417
RESERVED
@@ -73206,8 +73243,7 @@ CVE-2020-0411 (In ~AACExtractor() of AACExtractor.cpp, there is a possible out o
NOT-FOR-US: Android Media Framework
CVE-2020-0410 (In setNotification of SapServer.java, there is a possible permission b ...)
NOT-FOR-US: Android
-CVE-2020-0409
- RESERVED
+CVE-2020-0409 (In create of FileMap.cpp, there is a possible out of bounds write due ...)
NOT-FOR-US: Android
CVE-2020-0408 (In remove of String16.cpp, there is a possible out of bounds write due ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa2c1b0d979ac92501afc044a524d37f5369b5e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa2c1b0d979ac92501afc044a524d37f5369b5e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201110/b4a8d454/attachment.html>
More information about the debian-security-tracker-commits
mailing list