[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 14 21:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b4dbae46 by security tracker role at 2020-10-14T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-27150
+ RESERVED
+CVE-2020-27149
+ RESERVED
+CVE-2020-27148
+ RESERVED
+CVE-2020-27147
+ RESERVED
+CVE-2020-27146
+ RESERVED
CVE-2020-27145
RESERVED
CVE-2020-27144
@@ -262,8 +272,8 @@ CVE-2020-27015
RESERVED
CVE-2020-27014
RESERVED
-CVE-2020-27013
- RESERVED
+CVE-2020-27013 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability ...)
+ TODO: check
CVE-2020-27012
RESERVED
CVE-2020-27011
@@ -2785,8 +2795,8 @@ CVE-2020-25826 (PingID Integration for Windows Login before 2.4.2 allows local u
NOT-FOR-US: PingID Integration for Windows Login
CVE-2020-25825 (In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensit ...)
NOT-FOR-US: Octopus Deploy
-CVE-2020-25824
- RESERVED
+CVE-2020-25824 (Telegram Desktop through 2.4.3 does not require passcode entry upon pu ...)
+ TODO: check
CVE-2020-25823
RESERVED
CVE-2020-25822
@@ -2909,10 +2919,10 @@ CVE-2020-25780
RESERVED
CVE-2020-25779 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in w ...)
NOT-FOR-US: Trend Micro
-CVE-2020-25778
- RESERVED
-CVE-2020-25777
- RESERVED
+CVE-2020-25778 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a ...)
+ TODO: check
+CVE-2020-25777 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a speci ...)
+ TODO: check
CVE-2020-25776 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbo ...)
NOT-FOR-US: Trend Micro
CVE-2020-25775 (The Trend Micro Security 2020 (v16) consumer family of products is vul ...)
@@ -3187,6 +3197,7 @@ CVE-2020-25650
RESERVED
CVE-2020-25649
RESERVED
+ {DLA-2406-1}
- jackson-databind 2.11.1-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/2589
NOTE: https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1)
@@ -4264,8 +4275,8 @@ CVE-2020-25190
RESERVED
CVE-2020-25189
RESERVED
-CVE-2020-25188
- RESERVED
+CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
+ TODO: check
CVE-2020-25187
RESERVED
CVE-2020-25186
@@ -5652,8 +5663,8 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because tex
NOTE: https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting
CVE-2020-24552 (Atop Technology industrial 3G/4G gateway contains Command Injection vu ...)
NOT-FOR-US: Atop Technology industrial 3G/4G gateway
-CVE-2020-24551
- RESERVED
+CVE-2020-24551 (IProom MMC+ Server login page does not validate specific parameters pr ...)
+ TODO: check
CVE-2020-24550
RESERVED
CVE-2020-24549
@@ -6440,8 +6451,8 @@ CVE-2020-24190
RESERVED
CVE-2020-24189
RESERVED
-CVE-2020-24188
- RESERVED
+CVE-2020-24188 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
+ TODO: check
CVE-2020-24187
RESERVED
CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors wpDiscuz ...)
@@ -25009,8 +25020,8 @@ CVE-2020-15255
RESERVED
CVE-2020-15254
RESERVED
-CVE-2020-15253
- RESERVED
+CVE-2020-15253 (Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting v ...)
+ TODO: check
CVE-2020-15252
RESERVED
CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...)
@@ -25057,8 +25068,7 @@ CVE-2020-15231 (In mapfish-print before version 3.24, a user can use the JSONP s
NOT-FOR-US: mapfish-print
CVE-2020-15230 (Vapor is a web framework for Swift. In Vapor before version 4.29.4, At ...)
NOT-FOR-US: Vapor
-CVE-2020-15229 [Path traversal and files overwrite with unsquashfs]
- RESERVED
+CVE-2020-15229 (Singularity (an open source container platform) from version 3.1.1 thr ...)
- singularity-container <unfixed> (bug #972212)
NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9
CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` and ` ...)
@@ -25071,8 +25081,8 @@ CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the AP
- glpi <removed>
CVE-2020-15225
RESERVED
-CVE-2020-15224
- RESERVED
+CVE-2020-15224 (In Open Enclave before version 0.12.0, an information disclosure vulne ...)
+ TODO: check
CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...)
NOT-FOR-US: ORY Fosite
CVE-2020-15222 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...)
@@ -28587,6 +28597,7 @@ CVE-2020-13945
CVE-2020-13944 (In Apache Airflow < 1.10.12, the "origin" parameter passed to some ...)
- airflow <itp> (bug #819700)
CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7 ...)
+ {DLA-2407-1}
- tomcat9 9.0.38-1
- tomcat8 <removed>
NOTE: https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b (9.0.38)
@@ -40908,8 +40919,7 @@ CVE-2020-9748
RESERVED
CVE-2020-9747
RESERVED
-CVE-2020-9746
- RESERVED
+CVE-2020-9746 (Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
NOT-FOR-US: Adobe
@@ -46770,8 +46780,8 @@ CVE-2020-7332
RESERVED
CVE-2020-7331
RESERVED
-CVE-2020-7330
- RESERVED
+CVE-2020-7330 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) tr ...)
+ TODO: check
CVE-2020-7329
RESERVED
CVE-2020-7328
@@ -46794,10 +46804,10 @@ CVE-2020-7320 (Protection Mechanism Failure vulnerability in McAfee Endpoint Sec
NOT-FOR-US: McAfee
CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...)
NOT-FOR-US: McAfee
-CVE-2020-7318
- RESERVED
-CVE-2020-7317
- RESERVED
+CVE-2020-7318 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO ...)
+ TODO: check
+CVE-2020-7317 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO ...)
+ TODO: check
CVE-2020-7316 (Unquoted service path vulnerability in McAfee File and Removable Media ...)
NOT-FOR-US: McAfee
CVE-2020-7315 (DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to ...)
@@ -47762,8 +47772,8 @@ CVE-2020-6935
RESERVED
CVE-2020-6934
RESERVED
-CVE-2020-6933
- RESERVED
+CVE-2020-6933 (An improper input validation vulnerability in the UEM Core of BlackBer ...)
+ TODO: check
CVE-2020-6932 (An information disclosure and remote code execution vulnerability in t ...)
NOT-FOR-US: BlackBerry QNX Software Development Platform
CVE-2020-6931
@@ -50095,16 +50105,16 @@ CVE-2020-6089 (An exploitable code execution vulnerability exists in the ANI fil
NOT-FOR-US: Leadtools
CVE-2020-6088
RESERVED
-CVE-2020-6087
- RESERVED
-CVE-2020-6086
- RESERVED
+CVE-2020-6087 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ TODO: check
+CVE-2020-6086 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ TODO: check
CVE-2020-6085
RESERVED
CVE-2020-6084
RESERVED
-CVE-2020-6083
- RESERVED
+CVE-2020-6083 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ TODO: check
CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...)
NOT-FOR-US: Accusoft
CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...)
@@ -54250,8 +54260,8 @@ CVE-2020-4397 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive info
NOT-FOR-US: IBM
CVE-2020-4396 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
NOT-FOR-US: IBM
-CVE-2020-4395
- RESERVED
+CVE-2020-4395 (IBM Security Access Manager Appliance 9.0.7 does not invalidate sessio ...)
+ TODO: check
CVE-2020-4394
RESERVED
CVE-2020-4393
@@ -57279,8 +57289,8 @@ CVE-2020-3485 (A vulnerability in the role-based access control (RBAC) functiona
NOT-FOR-US: Cisco
CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco Vision ...)
NOT-FOR-US: Cisco
-CVE-2020-3483
- RESERVED
+CVE-2020-3483 (Duo has identified and fixed an issue with the Duo Network Gateway (DN ...)
+ TODO: check
CVE-2020-3482
RESERVED
CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam AntiVirus (C ...)
@@ -57394,8 +57404,8 @@ CVE-2020-3429 (A vulnerability in the WPA2 and WPA3 security implementation of C
NOT-FOR-US: Cisco
CVE-2020-3428 (A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wi ...)
NOT-FOR-US: Cisco
-CVE-2020-3427
- RESERVED
+CVE-2020-3427 (A privilege escalation vulnerability exists in the Duo Authentication ...)
+ TODO: check
CVE-2020-3426 (A vulnerability in the implementation of the Low Power, Wide Area (LPW ...)
NOT-FOR-US: Cisco
CVE-2020-3425 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
@@ -68172,48 +68182,37 @@ CVE-2020-0425 (There is a possible way to view notifications even when the "Lock
NOT-FOR-US: Android
CVE-2020-0424
RESERVED
-CVE-2020-0423
- RESERVED
-CVE-2020-0422
- RESERVED
+CVE-2020-0423 (In binder_release_work of binder.c, there is a possible use-after-free ...)
+ TODO: check
+CVE-2020-0422 (In constructImportFailureNotification of NotificationImportExportListe ...)
NOT-FOR-US: Android
-CVE-2020-0421
- RESERVED
+CVE-2020-0421 (In appendFormatV of String8.cpp, there is a possible out of bounds wri ...)
NOT-FOR-US: Android
-CVE-2020-0420
- RESERVED
+CVE-2020-0420 (In setUpdatableDriverPath of GpuService.cpp, there is a possible memor ...)
NOT-FOR-US: Android
-CVE-2020-0419
- RESERVED
+CVE-2020-0419 (In generateInfo of PackageInstallerSession.java, there is a possible l ...)
NOT-FOR-US: Android
CVE-2020-0418
RESERVED
CVE-2020-0417
RESERVED
-CVE-2020-0416
- RESERVED
+CVE-2020-0416 (In multiple settings screens, there are possible tapjacking attacks du ...)
NOT-FOR-US: Android
-CVE-2020-0415
- RESERVED
+CVE-2020-0415 (In various locations in SystemUI, there is a possible permission bypas ...)
NOT-FOR-US: Android
-CVE-2020-0414
- RESERVED
+CVE-2020-0414 (In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0413
- RESERVED
+CVE-2020-0413 (In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible ou ...)
NOT-FOR-US: Android
-CVE-2020-0412
- RESERVED
+CVE-2020-0412 (In setProcessMemoryTrimLevel of ActivityManagerService.java, there is ...)
NOT-FOR-US: Android
-CVE-2020-0411
- RESERVED
+CVE-2020-0411 (In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bou ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0410
- RESERVED
+CVE-2020-0410 (In setNotification of SapServer.java, there is a possible permission b ...)
+ TODO: check
CVE-2020-0409
RESERVED
-CVE-2020-0408
- RESERVED
+CVE-2020-0408 (In remove of String16.cpp, there is a possible out of bounds write due ...)
NOT-FOR-US: Android
CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some implem ...)
NOT-FOR-US: Android kernel
@@ -68233,13 +68232,11 @@ CVE-2020-0402
NOTE: Duplicate assignment for CVE-2019-19769 (Android security informed)
CVE-2020-0401 (In setInstallerPackageName of PackageManagerService.java, there is a m ...)
NOT-FOR-US: Android
-CVE-2020-0400
- RESERVED
+CVE-2020-0400 (In showDataRoamingNotification of NotificationMgr.java, there is a pos ...)
NOT-FOR-US: Android
CVE-2020-0399 (In showLimitedSimFunctionWarningNotification of NotificationMgr.java, ...)
NOT-FOR-US: Android
-CVE-2020-0398
- RESERVED
+CVE-2020-0398 (In updateMwi of NotificationMgr.java, there is a possible permission b ...)
NOT-FOR-US: Android
CVE-2020-0397 (In getNotificationBuilder of CarrierServiceStateTracker.java, there is ...)
NOT-FOR-US: Android
@@ -68279,14 +68276,11 @@ CVE-2020-0380 (In allocExcessBits of bitalloc.c, there is a possible out of boun
NOT-FOR-US: Android
CVE-2020-0379 (In the Bluetooth service, there is a possible spoofing attack due to a ...)
NOT-FOR-US: Android
-CVE-2020-0378
- RESERVED
+CVE-2020-0378 (In onWnmFrameReceived of PasspointManager.java, there is a missing per ...)
NOT-FOR-US: Android
-CVE-2020-0377
- RESERVED
+CVE-2020-0377 (In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible ou ...)
NOT-FOR-US: Android
-CVE-2020-0376
- RESERVED
+CVE-2020-0376 (There is a possible out of bounds read due to a missing bounds check.P ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0375 (In Telephony, there is a possible permission bypass due to a missing p ...)
NOT-FOR-US: Android
@@ -68296,8 +68290,7 @@ CVE-2020-0373 (In SoundTriggerHwService, there is a possible out of bounds read
NOT-FOR-US: Android Media Framework
CVE-2020-0372 (In ActivityManager, there is a possible access to protected data due t ...)
NOT-FOR-US: Android
-CVE-2020-0371
- RESERVED
+CVE-2020-0371 (There is a possible out of bounds read due to a missing bounds check.P ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0370 (In libAACdec, there is a possible out of bounds read due to missing bo ...)
NOT-FOR-US: Android Media Framework
@@ -68305,8 +68298,7 @@ CVE-2020-0369 (In libavb, there is a possible out of bounds write due to an inte
NOT-FOR-US: Android
CVE-2020-0368
RESERVED
-CVE-2020-0367
- RESERVED
+CVE-2020-0367 (There is a possible out of bounds write due to a missing bounds check. ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...)
NOT-FOR-US: Android
@@ -68362,8 +68354,7 @@ CVE-2020-0341 (In DisplayManager, there is a possible permission bypass due to a
NOT-FOR-US: Android
CVE-2020-0340 (In libcodec2_soft_mp3dec, there is a possible information disclosure d ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0339
- RESERVED
+CVE-2020-0339 (There is a possible out of bounds read due to a missing bounds check.P ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0338 (In AccountManager, there is a possible bypass of a permissions check d ...)
NOT-FOR-US: Android
@@ -68483,8 +68474,7 @@ CVE-2020-0285 (In Telephony, there is a possible permission bypass due to a miss
NOT-FOR-US: Android
CVE-2020-0284 (In Telephony, there is a possible permission bypass due to a missing p ...)
NOT-FOR-US: Android
-CVE-2020-0283
- RESERVED
+CVE-2020-0283 (There is a possible out of bounds write due to a missing bounds check. ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0282 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
NOT-FOR-US: Android
@@ -68558,8 +68548,7 @@ CVE-2020-0248 (In postInstantAppNotif of InstantAppNotifier.java, there is a pos
NOT-FOR-US: Android
CVE-2020-0247 (In Threshold::getHistogram of ImageProcessHelper.java, there is a poss ...)
NOT-FOR-US: Android
-CVE-2020-0246
- RESERVED
+CVE-2020-0246 (In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missin ...)
NOT-FOR-US: Android
CVE-2020-0245 (In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible ...)
NOT-FOR-US: Android Media framework
@@ -109641,7 +109630,8 @@ CVE-2019-4371
RESERVED
CVE-2019-4370
RESERVED
-CVE-2019-4369 (IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive informa ...)
+CVE-2019-4369
+ REJECTED
NOT-FOR-US: IBM
CVE-2019-4368
RESERVED
@@ -116697,8 +116687,7 @@ CVE-2019-2196 (In Download Provider, there is possible SQL injection. This could
NOT-FOR-US: Android
CVE-2019-2195 (In tokenize of sqlite3_android.cpp, there is a possible attacker contr ...)
NOT-FOR-US: Android
-CVE-2019-2194
- RESERVED
+CVE-2019-2194 (In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possi ...)
NOT-FOR-US: Android
CVE-2019-2193 (In WelcomeActivity.java and related files, there is a possible permiss ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4dbae463ee99045972e8018f4c4dc3a7b414585
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4dbae463ee99045972e8018f4c4dc3a7b414585
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201014/67c852cc/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list