[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 12 20:10:38 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4998679 by security tracker role at 2020-11-12T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,10 @@
CVE-2020-25710 [assertion failure in CSN normalization with invalid input]
+ RESERVED
- openldap 2.4.56+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384
NOTE: https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2 (OPENLDAP_REL_ENG_2_4_56)
CVE-2020-25709 [assertion failure in Certificate List syntax validation]
+ RESERVED
- openldap 2.4.56+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383
NOTE: https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65 (OPENLDAP_REL_ENG_2_4_56)
@@ -1804,12 +1806,12 @@ CVE-2020-28273
RESERVED
CVE-2020-28272
RESERVED
-CVE-2020-28271
- RESERVED
-CVE-2020-28270
- RESERVED
-CVE-2020-28269
- RESERVED
+CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0 through ...)
+ TODO: check
+CVE-2020-28270 (Overview:Prototype pollution vulnerability in ‘object-hierarchy- ...)
+ TODO: check
+CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1 through 1. ...)
+ TODO: check
CVE-2020-28268
RESERVED
CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 ...)
@@ -1858,8 +1860,8 @@ CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note
NOT-FOR-US: Joplin
CVE-2020-28248
RESERVED
-CVE-2020-28247
- RESERVED
+CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows arbitrary send ...)
+ TODO: check
CVE-2020-28246
RESERVED
CVE-2020-28245
@@ -4107,8 +4109,8 @@ CVE-2020-27483
RESERVED
CVE-2020-27482
RESERVED
-CVE-2020-27481
- RESERVED
+CVE-2020-27481 (An unauthenticated SQL Injection vulnerability in Good Layers LMS Plug ...)
+ TODO: check
CVE-2020-27480
RESERVED
CVE-2020-27479
@@ -4297,10 +4299,10 @@ CVE-2020-27388 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist
NOT-FOR-US: YOURLS Admin Panel
CVE-2020-27387 (An unrestricted file upload issue in HorizontCMS through 1.0.0-beta al ...)
NOT-FOR-US: HorizontCMS
-CVE-2020-27386
- RESERVED
-CVE-2020-27385
- RESERVED
+CVE-2020-27386 (An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allow ...)
+ TODO: check
+CVE-2020-27385 (Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) ...)
+ TODO: check
CVE-2020-27384
RESERVED
CVE-2020-27383
@@ -5507,12 +5509,12 @@ CVE-2020-26807 (SAP ERP Client for E-Bilanz, version - 1.0, installation sets In
NOT-FOR-US: SAP
CVE-2020-26806
RESERVED
-CVE-2020-26805
- RESERVED
-CVE-2020-26804
- RESERVED
-CVE-2020-26803
- RESERVED
+CVE-2020-26805 (In Sentrifugo 3.2, admin can edit employee's informations via this end ...)
+ TODO: check
+CVE-2020-26804 (In Sentrifugo 3.2, users can share an announcement under "Organization ...)
+ TODO: check
+CVE-2020-26803 (In Sentrifugo 3.2, users can upload an image under "Assets -> Add" ...)
+ TODO: check
CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in ...)
NOT-FOR-US: forma.lms
CVE-2020-26801
@@ -7912,8 +7914,7 @@ CVE-2020-25707 [infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e
RESERVED
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895
-CVE-2020-25706 [Improper escaping of error message leads to XSS during template import preview]
- RESERVED
+CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_import. ...)
- cacti 1.2.14+ds1-1
[stretch] - cacti <no-dsa> (Minor issue)
NOTE: https://github.com/Cacti/cacti/issues/3723
@@ -8046,8 +8047,7 @@ CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption]
NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889988
NOTE: https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 (3.2)
-CVE-2020-25658 [bleichenbacher timing oracle attack against RSA decryption]
- RESERVED
+CVE-2020-25658 (It was found that python-rsa is vulnerable to Bleichenbacher timing at ...)
- python-rsa <unfixed>
NOTE: https://github.com/sybrenstuvel/python-rsa/issues/165
CVE-2020-25657
@@ -10435,7 +10435,7 @@ CVE-2020-24611
RESERVED
CVE-2020-24610
RESERVED
-CVE-2020-24609 (TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5 has XSS which can r ...)
+CVE-2020-24609 (TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has X ...)
NOT-FOR-US: Savsoft Quiz 5
CVE-2020-24608
RESERVED
@@ -10519,8 +10519,8 @@ CVE-2020-24575
RESERVED
CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 ...)
NOT-FOR-US: GOG Galaxy client
-CVE-2020-24573
- RESERVED
+CVE-2020-24573 (BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of ...)
+ TODO: check
CVE-2020-24572 (An issue was discovered in includes/webconsole.php in RaspAP 2.5. With ...)
NOT-FOR-US: RaspAP
CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via ../ dir ...)
@@ -10632,8 +10632,8 @@ CVE-2020-24527
RESERVED
CVE-2020-24526
RESERVED
-CVE-2020-24525
- RESERVED
+CVE-2020-24525 (Insecure inherited permissions in firmware update tool for some Intel( ...)
+ TODO: check
CVE-2020-24524
RESERVED
CVE-2020-24523
@@ -10768,20 +10768,20 @@ CVE-2020-24462
RESERVED
CVE-2020-24461
RESERVED
-CVE-2020-24460
- RESERVED
+CVE-2020-24460 (Incorrect default permissions in the Intel(R) DSA before version 20.8. ...)
+ TODO: check
CVE-2020-24459
RESERVED
CVE-2020-24458
RESERVED
CVE-2020-24457 (Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) ...)
NOT-FOR-US: Intel
-CVE-2020-24456
- RESERVED
+CVE-2020-24456 (Incorrect default permissions in the Intel(R) Board ID Tool version v. ...)
+ TODO: check
CVE-2020-24455
RESERVED
-CVE-2020-24454
- RESERVED
+CVE-2020-24454 (Improper Restriction of XML External Entity Reference in subsystem for ...)
+ TODO: check
CVE-2020-24453
RESERVED
CVE-2020-24452
@@ -10802,12 +10802,12 @@ CVE-2020-24445
RESERVED
CVE-2020-24444
RESERVED
-CVE-2020-24443
- RESERVED
-CVE-2020-24442
- RESERVED
-CVE-2020-24441
- RESERVED
+CVE-2020-24443 (Adobe Connect version 11.0 (and earlier) is affected by a reflected Cr ...)
+ TODO: check
+CVE-2020-24442 (Adobe Connect version 11.0 (and earlier) is affected by a reflected Cr ...)
+ TODO: check
+CVE-2020-24441 (Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not ...)
+ TODO: check
CVE-2020-24440
RESERVED
CVE-2020-24439 (Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 202 ...)
@@ -27354,8 +27354,8 @@ CVE-2020-16275 (A cross-site scripting (XSS) vulnerability in the Credential Man
NOT-FOR-US: SAINT Security Suite
CVE-2020-16274
RESERVED
-CVE-2020-16273
- RESERVED
+CVE-2020-16273 (In Arm software implementing the Armv8-M processors (all versions), th ...)
+ TODO: check
CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is mis ...)
NOT-FOR-US: Kee Vault KeePassRPC
CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...)
@@ -27782,7 +27782,7 @@ CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the net
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
CVE-2020-16091
- RESERVED
+ REJECTED
CVE-2020-16090
RESERVED
CVE-2020-16089
@@ -33606,8 +33606,7 @@ CVE-2020-13956 [incorrect handling of malformed authority component in request U
NOTE: Fixed by: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e (4.5.13-RC1)
CVE-2020-13955 (HttpUtils#getURLConnection method disables explicitly hostname verific ...)
NOT-FOR-US: Apache Calcite
-CVE-2020-13954
- RESERVED
+CVE-2020-13954 (By default, Apache CXF creates a /services page containing a listing o ...)
NOT-FOR-US: Apache CXF
CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an att ...)
NOT-FOR-US: Apache Tapestry
@@ -34184,10 +34183,10 @@ CVE-2020-13773
RESERVED
CVE-2020-13772
RESERVED
-CVE-2020-13771
- RESERVED
-CVE-2020-13770
- RESERVED
+CVE-2020-13771 (Various components in Ivanti Endpoint Manager through 2020.1.1 rely on ...)
+ TODO: check
+CVE-2020-13770 (Several services are accessing named pipes in Ivanti Endpoint Manager ...)
+ TODO: check
CVE-2020-13769
RESERVED
CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via ...)
@@ -37797,14 +37796,14 @@ CVE-2020-12358
RESERVED
CVE-2020-12357
RESERVED
-CVE-2020-12356
- RESERVED
-CVE-2020-12355
- RESERVED
-CVE-2020-12354
- RESERVED
-CVE-2020-12353
- RESERVED
+CVE-2020-12356 (Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.8 ...)
+ TODO: check
+CVE-2020-12355 (Authentication bypass by capture-replay in RPMB protocol message authe ...)
+ TODO: check
+CVE-2020-12354 (Incorrect default permissions in Windows(R) installer in Intel(R) AMT ...)
+ TODO: check
+CVE-2020-12353 (Improper permissions in the Intel(R) Data Center Manager Console befor ...)
+ TODO: check
CVE-2020-12352
RESERVED
{DSA-4774-1 DLA-2420-1 DLA-2417-1}
@@ -37819,18 +37818,18 @@ CVE-2020-12351
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
NOTE: https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
NOTE: Fixed by: https://git.kernel.org/linus/f19425641cb2572a33cb074d5e30283720bd4d22
-CVE-2020-12350
- RESERVED
-CVE-2020-12349
- RESERVED
+CVE-2020-12350 (Improper access control in the Intel(R) XTU before version 6.5.1.360 m ...)
+ TODO: check
+CVE-2020-12349 (Improper input validation in the Intel(R) Data Center Manager Console ...)
+ TODO: check
CVE-2020-12348
RESERVED
-CVE-2020-12347
- RESERVED
-CVE-2020-12346
- RESERVED
-CVE-2020-12345
- RESERVED
+CVE-2020-12347 (Improper input validation in the Intel(R) Data Center Manager Console ...)
+ TODO: check
+CVE-2020-12346 (Improper permissions in the installer for the Intel(R) Battery Life Di ...)
+ TODO: check
+CVE-2020-12345 (Improper permissions in the installer for the Intel(R) Data Center Man ...)
+ TODO: check
CVE-2020-12344
RESERVED
CVE-2020-12343
@@ -37845,76 +37844,76 @@ CVE-2020-12339
RESERVED
CVE-2020-12338
RESERVED
-CVE-2020-12337
- RESERVED
-CVE-2020-12336
- RESERVED
-CVE-2020-12335
- RESERVED
-CVE-2020-12334
- RESERVED
-CVE-2020-12333
- RESERVED
-CVE-2020-12332
- RESERVED
-CVE-2020-12331
- RESERVED
-CVE-2020-12330
- RESERVED
-CVE-2020-12329
- RESERVED
-CVE-2020-12328
- RESERVED
-CVE-2020-12327
- RESERVED
-CVE-2020-12326
- RESERVED
-CVE-2020-12325
- RESERVED
-CVE-2020-12324
- RESERVED
-CVE-2020-12323
- RESERVED
-CVE-2020-12322
- RESERVED
-CVE-2020-12321
- RESERVED
-CVE-2020-12320
- RESERVED
-CVE-2020-12319
- RESERVED
-CVE-2020-12318
- RESERVED
-CVE-2020-12317
- RESERVED
-CVE-2020-12316
- RESERVED
-CVE-2020-12315
- RESERVED
-CVE-2020-12314
- RESERVED
+CVE-2020-12337 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...)
+ TODO: check
+CVE-2020-12336 (Insecure default variable initialization in firmware for some Intel(R) ...)
+ TODO: check
+CVE-2020-12335 (Improper permissions in the installer for the Intel(R) Processor Ident ...)
+ TODO: check
+CVE-2020-12334 (Improper permissions in the installer for the Intel(R) Advisor tools b ...)
+ TODO: check
+CVE-2020-12333 (Insufficiently protected credentials in the Intel(R) QAT for Linux bef ...)
+ TODO: check
+CVE-2020-12332 (Improper permissions in the installer for the Intel(R) HID Event Filte ...)
+ TODO: check
+CVE-2020-12331 (Improper access controls in Intel Unite(R) Cloud Service client before ...)
+ TODO: check
+CVE-2020-12330 (Improper permissions in the installer for the Intel(R) Falcon 8+ UAS A ...)
+ TODO: check
+CVE-2020-12329 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler before ver ...)
+ TODO: check
+CVE-2020-12328 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...)
+ TODO: check
+CVE-2020-12327 (Insecure default variable initialization in some Intel(R) Thunderbolt( ...)
+ TODO: check
+CVE-2020-12326 (Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
+ TODO: check
+CVE-2020-12325 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
+ TODO: check
+CVE-2020-12324 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...)
+ TODO: check
+CVE-2020-12323 (Improper input validation in the Intel(R) ADAS IE before version ADAS_ ...)
+ TODO: check
+CVE-2020-12322 (Improper input validation in some Intel(R) Wireless Bluetooth(R) produ ...)
+ TODO: check
+CVE-2020-12321 (Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) pro ...)
+ TODO: check
+CVE-2020-12320 (Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM be ...)
+ TODO: check
+CVE-2020-12319 (Insufficient control flow management in some Intel(R) PROSet/Wireless ...)
+ TODO: check
+CVE-2020-12318 (Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi pro ...)
+ TODO: check
+CVE-2020-12317 (Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi prod ...)
+ TODO: check
+CVE-2020-12316 (Insufficiently protected credentials in the Intel(R) EMA before versio ...)
+ TODO: check
+CVE-2020-12315 (Path traversal in the Intel(R) EMA before version 1.3.3 may allow an u ...)
+ TODO: check
+CVE-2020-12314 (Improper input validation in some Intel(R) PROSet/Wireless WiFi produc ...)
+ TODO: check
CVE-2020-12313
RESERVED
-CVE-2020-12312
- RESERVED
-CVE-2020-12311
- RESERVED
-CVE-2020-12310
- RESERVED
-CVE-2020-12309
- RESERVED
-CVE-2020-12308
- RESERVED
-CVE-2020-12307
- RESERVED
-CVE-2020-12306
- RESERVED
+CVE-2020-12312 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...)
+ TODO: check
+CVE-2020-12311 (Insufficient control flow managementin firmware in some Intel(R) Clien ...)
+ TODO: check
+CVE-2020-12310 (Insufficient control flow managementin firmware in some Intel(R) Clien ...)
+ TODO: check
+CVE-2020-12309 (Insufficiently protected credentialsin subsystem in some Intel(R) Clie ...)
+ TODO: check
+CVE-2020-12308 (Improper access control for the Intel(R) Computing Improvement Program ...)
+ TODO: check
+CVE-2020-12307 (Improper permissions in some Intel(R) High Definition Audio drivers be ...)
+ TODO: check
+CVE-2020-12306 (Incorrect default permissions in the Intel(R) RealSense(TM) D400 Serie ...)
+ TODO: check
CVE-2020-12305
RESERVED
-CVE-2020-12304
- RESERVED
-CVE-2020-12303
- RESERVED
+CVE-2020-12304 (Improper access control in Installer for Intel(R) DAL SDK before versi ...)
+ TODO: check
+CVE-2020-12303 (Use after free in DAL subsystem for Intel(R) CSME versions before 11.8 ...)
+ TODO: check
CVE-2020-12302 (Improper permissions in the Intel(R) Driver & Support Assistant be ...)
NOT-FOR-US: Intel
CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...)
@@ -37925,8 +37924,8 @@ CVE-2020-12299 (Improper input validation in BIOS firmware for Intel(R) Server B
NOT-FOR-US: Intel
CVE-2020-12298
RESERVED
-CVE-2020-12297
- RESERVED
+CVE-2020-12297 (Improper access control in Installer for Intel(R) CSME Driver for Wind ...)
+ TODO: check
CVE-2020-12296
RESERVED
CVE-2020-12295
@@ -41795,25 +41794,24 @@ CVE-2020-11211
RESERVED
CVE-2020-11210
RESERVED
-CVE-2020-11209
- RESERVED
-CVE-2020-11208
- RESERVED
-CVE-2020-11207
- RESERVED
-CVE-2020-11206
- RESERVED
-CVE-2020-11205
- RESERVED
+CVE-2020-11209 (u'Improper authorization in DSP process could allow unauthorized users ...)
+ TODO: check
+CVE-2020-11208 (u'Out of Bound issue in DSP services while processing received argumen ...)
+ TODO: check
+CVE-2020-11207 (u'Buffer overflow in LibFastCV library due to improper size checks wit ...)
+ TODO: check
+CVE-2020-11206 (u'Possible buffer overflow in Fastrpc while handling received paramete ...)
+ TODO: check
+CVE-2020-11205 (u'Possible integer overflow to heap overflow while processing command ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11204
RESERVED
CVE-2020-11203
RESERVED
-CVE-2020-11202
- RESERVED
-CVE-2020-11201
- RESERVED
+CVE-2020-11202 (u'Buffer overflow/underflow occurs when typecasting the buffer passed ...)
+ TODO: check
+CVE-2020-11201 (u'Arbitrary access to DSP memory due to improper check in loaded libra ...)
+ TODO: check
CVE-2020-11200
RESERVED
CVE-2020-11199
@@ -41822,15 +41820,13 @@ CVE-2020-11198
RESERVED
CVE-2020-11197
RESERVED
-CVE-2020-11196
- RESERVED
+CVE-2020-11196 (u'Integer overflow to buffer overflow occurs while playback of ASF cli ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11195
RESERVED
CVE-2020-11194
RESERVED
-CVE-2020-11193
- RESERVED
+CVE-2020-11193 (u'Buffer over read can happen while parsing mkv clip due to improper t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11192
RESERVED
@@ -41848,8 +41844,7 @@ CVE-2020-11186
RESERVED
CVE-2020-11185
RESERVED
-CVE-2020-11184
- RESERVED
+CVE-2020-11184 (u'Possible buffer overflow will occur in video while parsing mp4 clip ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11183
RESERVED
@@ -41867,8 +41862,7 @@ CVE-2020-11177
RESERVED
CVE-2020-11176
RESERVED
-CVE-2020-11175
- RESERVED
+CVE-2020-11175 (u'Use after free issue in Bluetooth transport driver when a method in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11174 (u'Array index underflow issue in adsp driver due to improper check of ...)
NOT-FOR-US: Qualcomm components for Android
@@ -41882,8 +41876,7 @@ CVE-2020-11170
RESERVED
CVE-2020-11169 (u'Buffer over-read while processing received L2CAP packet due to lack ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11168
- RESERVED
+CVE-2020-11168 (u'Null-pointer dereference can occur while accessing data buffer beyon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11167
RESERVED
@@ -41955,21 +41948,17 @@ CVE-2020-11134
RESERVED
CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due to lack o ...)
NOT-FOR-US: Snapdragon
-CVE-2020-11132
- RESERVED
+CVE-2020-11132 (u'Buffer over read in boot due to size check ignored before copying GU ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11131
- RESERVED
+CVE-2020-11131 (u'Possible buffer overflow in WMA message processing due to integer ov ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11130
- RESERVED
+CVE-2020-11130 (u'Possible buffer overflow in WIFI hal process due to copying data wit ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11129 (u'During the error occurrence in capture request, the buffer is freed ...)
NOT-FOR-US: Snapdragon
CVE-2020-11128 (u'Possible out of bound access while copying the mask file content int ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11127
- RESERVED
+CVE-2020-11127 (u'Integer overflow can cause a buffer overflow due to lack of table le ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11126
RESERVED
@@ -41977,13 +41966,11 @@ CVE-2020-11125 (u'Out of bound access can happen in MHI command process due to l
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11124 (u'Possible use-after-free while accessing diag client map table since ...)
NOT-FOR-US: Snapdragon
-CVE-2020-11123
- RESERVED
+CVE-2020-11123 (u'information disclosure in gatekeeper trustzone implementation as the ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11122 (u'Null Pointer exception while playing crafted mkv file as data stream ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11121
- RESERVED
+CVE-2020-11121 (u'Possible buffer overflow in WIFI hal process due to usage of memcpy ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11120 (u'Calling thread may free the data buffer pointer that was passed to t ...)
NOT-FOR-US: Qualcomm components for Android
@@ -47456,8 +47443,8 @@ CVE-2020-9130
RESERVED
CVE-2020-9129
RESERVED
-CVE-2020-9128
- RESERVED
+CVE-2020-9128 (FusionCompute versions 8.0.0 have an insecure encryption algorithm vul ...)
+ TODO: check
CVE-2020-9127
RESERVED
CVE-2020-9126
@@ -48347,68 +48334,68 @@ CVE-2020-8769
RESERVED
CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...)
NOT-FOR-US: PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L)
-CVE-2020-8767
- RESERVED
-CVE-2020-8766
- RESERVED
+CVE-2020-8767 (Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus ...)
+ TODO: check
+CVE-2020-8766 (Improper conditions check in the Intel(R) SGX DCAP software before ver ...)
+ TODO: check
CVE-2020-8765
RESERVED
-CVE-2020-8764
- RESERVED
+CVE-2020-8764 (Improper access control in BIOS firmware for some Intel(R) Processors ...)
+ TODO: check
CVE-2020-8763 (Improper permissions in the installer for the Intel(R) RealSense(TM) D ...)
NOT-FOR-US: Intel
CVE-2020-8762
RESERVED
-CVE-2020-8761
- RESERVED
-CVE-2020-8760
- RESERVED
+CVE-2020-8761 (Inadequate encryption strength in subsystem for Intel(R) CSME versions ...)
+ TODO: check
+CVE-2020-8760 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...)
+ TODO: check
CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT versions ...)
NOT-FOR-US: Intel
CVE-2020-8758 (Improper buffer restrictions in network subsystem in provisioned Intel ...)
NOT-FOR-US: Intel
-CVE-2020-8757
- RESERVED
-CVE-2020-8756
- RESERVED
-CVE-2020-8755
- RESERVED
-CVE-2020-8754
- RESERVED
-CVE-2020-8753
- RESERVED
-CVE-2020-8752
- RESERVED
-CVE-2020-8751
- RESERVED
-CVE-2020-8750
- RESERVED
-CVE-2020-8749
- RESERVED
+CVE-2020-8757 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...)
+ TODO: check
+CVE-2020-8756 (Improper input validation in subsystem for Intel(R) CSME versions befo ...)
+ TODO: check
+CVE-2020-8755 (Race condition in subsystem for Intel(R) CSME versions before 12.0.70 ...)
+ TODO: check
+CVE-2020-8754 (Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM version ...)
+ TODO: check
+CVE-2020-8753 (Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM ve ...)
+ TODO: check
+CVE-2020-8752 (Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM v ...)
+ TODO: check
+CVE-2020-8751 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...)
+ TODO: check
+CVE-2020-8750 (Use after free in Kernel Mode Driver for Intel(R) TXE versions before ...)
+ TODO: check
+CVE-2020-8749 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...)
+ TODO: check
CVE-2020-8748
RESERVED
-CVE-2020-8747
- RESERVED
-CVE-2020-8746
- RESERVED
-CVE-2020-8745
- RESERVED
-CVE-2020-8744
- RESERVED
+CVE-2020-8747 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...)
+ TODO: check
+CVE-2020-8746 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...)
+ TODO: check
+CVE-2020-8745 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...)
+ TODO: check
+CVE-2020-8744 (Improper initialization in subsystem for Intel(R) CSME versions before ...)
+ TODO: check
CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox Interfa ...)
NOT-FOR-US: Intel
CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may allow ...)
NOT-FOR-US: Intel
CVE-2020-8741
RESERVED
-CVE-2020-8740
- RESERVED
-CVE-2020-8739
- RESERVED
-CVE-2020-8738
- RESERVED
-CVE-2020-8737
- RESERVED
+CVE-2020-8740 (Out of bounds write in Intel BIOS platform sample code for some Intel( ...)
+ TODO: check
+CVE-2020-8739 (Use of potentially dangerous function in Intel BIOS platform sample co ...)
+ TODO: check
+CVE-2020-8738 (Improper conditions check in Intel BIOS platform sample code for some ...)
+ TODO: check
+CVE-2020-8737 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...)
+ TODO: check
CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing Improv ...)
NOT-FOR-US: Intel
CVE-2020-8735
@@ -48472,8 +48459,8 @@ CVE-2020-8707 (Buffer overflow in daemon for some Intel(R) Server Boards, Server
NOT-FOR-US: Intel
CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Server Sy ...)
NOT-FOR-US: Intel
-CVE-2020-8705
- RESERVED
+CVE-2020-8705 (Insecure default initialization of resource in Intel(R) Boot Guard in ...)
+ TODO: check
CVE-2020-8704
RESERVED
CVE-2020-8703
@@ -48486,33 +48473,29 @@ CVE-2020-8700
RESERVED
CVE-2020-8699
RESERVED
-CVE-2020-8698
- RESERVED
+CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
CVE-2020-8697
RESERVED
-CVE-2020-8696
- RESERVED
+CVE-2020-8696 (Improper removal of sensitive information before storage or transfer i ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
-CVE-2020-8695
- RESERVED
+CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Process ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
-CVE-2020-8694
- RESERVED
+CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some Intel( ...)
- linux <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
NOTE: https://git.kernel.org/linus/949dd0104c496fa7c14991a23c03c62e44637e71
-CVE-2020-8693
- RESERVED
-CVE-2020-8692
- RESERVED
-CVE-2020-8691
- RESERVED
-CVE-2020-8690
- RESERVED
+CVE-2020-8693 (Improper buffer restrictions in the firmware of the Intel(R) Ethernet ...)
+ TODO: check
+CVE-2020-8692 (Insufficient access control in the firmware of the Intel(R) Ethernet 7 ...)
+ TODO: check
+CVE-2020-8691 (A logic issue in the firmware of the Intel(R) Ethernet 700 Series Cont ...)
+ TODO: check
+CVE-2020-8690 (Protection mechanism failure in Intel(R) Ethernet 700 Series Controlle ...)
+ TODO: check
CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open Source ...)
- iwd 1.5-1
[buster] - iwd <no-dsa> (Minor issue)
@@ -48539,10 +48522,10 @@ CVE-2020-8679 (Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graph
NOT-FOR-US: Intel
CVE-2020-8678
RESERVED
-CVE-2020-8677
- RESERVED
-CVE-2020-8676
- RESERVED
+CVE-2020-8677 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...)
+ TODO: check
+CVE-2020-8676 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...)
+ TODO: check
CVE-2020-8675 (Insufficient control flow management in firmware build and signing too ...)
NOT-FOR-US: Intel
CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM ...)
@@ -48555,8 +48538,8 @@ CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Ge
NOT-FOR-US: Intel
CVE-2020-8670
RESERVED
-CVE-2020-8669
- RESERVED
+CVE-2020-8669 (Improper input validation in the Intel(R) Data Center Manager Console ...)
+ TODO: check
CVE-2020-8668
RESERVED
CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...)
@@ -50909,10 +50892,10 @@ CVE-2020-7772
RESERVED
CVE-2020-7771
RESERVED
-CVE-2020-7770
- RESERVED
-CVE-2020-7769
- RESERVED
+CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds in the ...)
+ TODO: check
+CVE-2020-7769 (This affects the package nodemailer before 6.4.16. Use of crafted reci ...)
+ TODO: check
CVE-2020-7768 (The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 ...)
TODO: check
CVE-2020-7767 (All versions of package express-validators are vulnerable to Regular E ...)
@@ -51569,8 +51552,8 @@ CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists
NOT-FOR-US: ProSoft Configurator
CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...)
NOT-FOR-US: Citrix
-CVE-2020-7472
- RESERVED
+CVE-2020-7472 (An authorization bypass and PHP local-file-include vulnerability in th ...)
+ TODO: check
CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Su ...)
NOT-FOR-US: Subrion CMS
CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configurat ...)
@@ -51874,12 +51857,12 @@ CVE-2020-7335
RESERVED
CVE-2020-7334 (Improper privilege assignment vulnerability in the installer McAfee Ap ...)
NOT-FOR-US: McAfee
-CVE-2020-7333
- RESERVED
-CVE-2020-7332
- RESERVED
-CVE-2020-7331
- RESERVED
+CVE-2020-7333 (Cross site scripting vulnerability in the firewall ePO extension of Mc ...)
+ TODO: check
+CVE-2020-7332 (Cross Site Request Forgery vulnerability in the firewall ePO extension ...)
+ TODO: check
+CVE-2020-7331 (Unquoted service executable path in McAfee Endpoint Security (ENS) pri ...)
+ TODO: check
CVE-2020-7330 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) tr ...)
NOT-FOR-US: McAfee
CVE-2020-7329 (Server-side request forgery vulnerability in the ePO extension in McAf ...)
@@ -61789,8 +61772,7 @@ CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3640 (u'Resizing the usage table header before passing all the checks leads ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3639
- RESERVED
+CVE-2020-3639 (u'When a non standard SIP sigcomp message is received from the network ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3638 (u'An Unaligned address or size can propagate to the database due to im ...)
NOT-FOR-US: Qualcomm components for Android
@@ -61804,8 +61786,7 @@ CVE-2020-3634 (u'Multiple Read overflows issue due to improper length check whil
NOT-FOR-US: Snapdragon
CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3632
- RESERVED
+CVE-2020-3632 (u'Incorrect validation of ring context fetched from host memory can le ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3631
RESERVED
@@ -71961,26 +71942,26 @@ CVE-2020-0595 (Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM
NOT-FOR-US: Intel
CVE-2020-0594 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM ...)
NOT-FOR-US: Intel
-CVE-2020-0593
- RESERVED
-CVE-2020-0592
- RESERVED
-CVE-2020-0591
- RESERVED
-CVE-2020-0590
- RESERVED
+CVE-2020-0593 (Improper buffer restrictions in BIOS firmware for some Intel(R) Proces ...)
+ TODO: check
+CVE-2020-0592 (Out of bounds write in BIOS firmware for some Intel(R) Processors may ...)
+ TODO: check
+CVE-2020-0591 (Improper buffer restrictions in BIOS firmware for some Intel(R) Proces ...)
+ TODO: check
+CVE-2020-0590 (Improper input validation in BIOS firmware for some Intel(R) Processor ...)
+ TODO: check
CVE-2020-0589
RESERVED
-CVE-2020-0588
- RESERVED
-CVE-2020-0587
- RESERVED
+CVE-2020-0588 (Improper conditions check in BIOS firmware for some Intel(R) Processor ...)
+ TODO: check
+CVE-2020-0587 (Improper conditions check in BIOS firmware for some Intel(R) Processor ...)
+ TODO: check
CVE-2020-0586 (Improper initialization in subsystem for Intel(R) SPS versions before ...)
NOT-FOR-US: Intel
CVE-2020-0585
RESERVED
-CVE-2020-0584
- RESERVED
+CVE-2020-0584 (Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Seri ...)
+ TODO: check
CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart Sound Tech ...)
NOT-FOR-US: Intel
CVE-2020-0582
@@ -71997,14 +71978,14 @@ CVE-2020-0577 (Insufficient control flow for Intel(R) Modular Server MFS2600KISP
NOT-FOR-US: Intel
CVE-2020-0576 (Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module ...)
NOT-FOR-US: Intel
-CVE-2020-0575
- RESERVED
+CVE-2020-0575 (Improper buffer restrictions in the Intel(R) Unite Client for Windows* ...)
+ TODO: check
CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...)
NOT-FOR-US: Intel
-CVE-2020-0573
- RESERVED
-CVE-2020-0572
- RESERVED
+CVE-2020-0573 (Out of bounds read in the Intel CSI2 Host Controller driver may allow ...)
+ TODO: check
+CVE-2020-0572 (Improper input validation in the firmware for Intel(R) Server Board S2 ...)
+ TODO: check
CVE-2020-0571 (Improper conditions check in BIOS firmware for 8th Generation Intel(R) ...)
NOT-FOR-US: Intel
CVE-2020-0570 (Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5 ...)
@@ -75567,8 +75548,7 @@ CVE-2019-17568
REJECTED
CVE-2019-17567
RESERVED
-CVE-2019-17566 [SSRF vulnerability]
- RESERVED
+CVE-2019-17566 (Apache Batik is vulnerable to server-side request forgery, caused by i ...)
- batik 1.12-1.1 (bug #964510)
[buster] - batik 1.10-2+deb10u1
[stretch] - batik 1.8-4+deb9u2
@@ -96056,8 +96036,8 @@ CVE-2019-11123 (Insufficient session validation in system firmware for Intel(R)
NOT-FOR-US: Intel
CVE-2019-11122
RESERVED
-CVE-2019-11121
- RESERVED
+CVE-2019-11121 (Improper file permissions in the installer for the Intel(R) Media SDK ...)
+ TODO: check
CVE-2019-11120 (Insufficient path checking in the installer for Intel(R) Active System ...)
NOT-FOR-US: Intel
CVE-2019-11119 (Insufficient session validation in the service API for Intel(R) RWC3 v ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4998679a97a0875847a9d5fcaadd8a53178765f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4998679a97a0875847a9d5fcaadd8a53178765f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201112/c6bed956/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list