[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 15 21:10:35 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
153dd524 by security tracker role at 2020-10-15T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2739,10 +2739,10 @@ CVE-2020-25861
RESERVED
CVE-2020-25860
RESERVED
-CVE-2020-25859
- RESERVED
-CVE-2020-25858
- RESERVED
+CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to ve ...)
+ TODO: check
+CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior ...)
+ TODO: check
CVE-2020-25857
RESERVED
CVE-2020-25856
@@ -11502,8 +11502,8 @@ CVE-2020-21676
RESERVED
CVE-2020-21675
RESERVED
-CVE-2020-21674
- RESERVED
+CVE-2020-21674 (Heap-based buffer overflow in archive_string_append_from_wcs() (archiv ...)
+ TODO: check
CVE-2020-21673
RESERVED
CVE-2020-21672
@@ -23634,12 +23634,12 @@ CVE-2020-15796
RESERVED
CVE-2020-15795
RESERVED
-CVE-2020-15794
- RESERVED
-CVE-2020-15793
- RESERVED
-CVE-2020-15792
- RESERVED
+CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions). ...)
+ TODO: check
+CVE-2020-15793 (A vulnerability has been identified in Desigo Insight (All versions). ...)
+ TODO: check
+CVE-2020-15792 (A vulnerability has been identified in Desigo Insight (All versions). ...)
+ TODO: check
CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...)
NOT-FOR-US: Siemens
CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
@@ -25051,7 +25051,7 @@ CVE-2020-15252
RESERVED
CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...)
NOT-FOR-US: Channelmgnt plug-in for Sopel
-CVE-2020-15250 (In JUnit4 before version 4.13.1, the test rule TemporaryFolder contain ...)
+CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryF ...)
- junit4 <unfixed> (bug #972231)
NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
CVE-2020-15249
@@ -28644,7 +28644,7 @@ CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public
CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and v ...)
NOT-FOR-US: Apache NiFi
CVE-2020-13939
- RESERVED
+ REJECTED
CVE-2020-13938
RESERVED
CVE-2020-13937
@@ -32292,16 +32292,16 @@ CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series wit
NOT-FOR-US: WAGO
CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...)
NOT-FOR-US: WAGO
-CVE-2020-12504
- RESERVED
-CVE-2020-12503
- RESERVED
-CVE-2020-12502
- RESERVED
-CVE-2020-12501
- RESERVED
-CVE-2020-12500
- RESERVED
+CVE-2020-12504 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ TODO: check
+CVE-2020-12503 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ TODO: check
+CVE-2020-12502 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ TODO: check
+CVE-2020-12501 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ TODO: check
+CVE-2020-12500 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ TODO: check
CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...)
NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer
CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...)
@@ -35514,26 +35514,26 @@ CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x
NOTE: https://github.com/varnishcache/varnish-cache/commit/0c9c38513bdb7730ac886eba7563f2d87894d734 (test case / reproducer)
NOTE: Introduced in https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d (5.0)
NOTE: Case #3 implies labels introduced in https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454 (5.0)
-CVE-2020-11646
- RESERVED
-CVE-2020-11645
- RESERVED
-CVE-2020-11644
- RESERVED
-CVE-2020-11643
- RESERVED
-CVE-2020-11642
- RESERVED
-CVE-2020-11641
- RESERVED
+CVE-2020-11646 (A log information disclosure vulnerability in B&R GateManager 4260 ...)
+ TODO: check
+CVE-2020-11645 (A denial of service vulnerability in B&R GateManager 4260 and 9250 ...)
+ TODO: check
+CVE-2020-11644 (The information disclosure vulnerability present in B&R GateManage ...)
+ TODO: check
+CVE-2020-11643 (An information disclosure vulnerability in B&R GateManager 4260 an ...)
+ TODO: check
+CVE-2020-11642 (The local file inclusion vulnerability present in B&R SiteManager ...)
+ TODO: check
+CVE-2020-11641 (A local file inclusion vulnerability in B&R SiteManager versions & ...)
+ TODO: check
CVE-2020-11640
RESERVED
CVE-2020-11639
RESERVED
CVE-2020-11638
RESERVED
-CVE-2020-11637
- RESERVED
+CVE-2020-11637 (A memory leak in the TFTP service in B&R Automation Runtime versio ...)
+ TODO: check
CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...)
{DLA-2241-1}
- linux 5.4.13-1
@@ -45901,8 +45901,8 @@ CVE-2020-7746
RESERVED
CVE-2020-7745
RESERVED
-CVE-2020-7744
- RESERVED
+CVE-2020-7744 (This affects all versions of package com.mintegral.msdk:alphab. The An ...)
+ TODO: check
CVE-2020-7743 (The package mathjs before 7.5.1 are vulnerable to Prototype Pollution ...)
NOT-FOR-US: Node mathjs
CVE-2020-7742 (This affects the package simpl-schema before 1.10.2. ...)
@@ -46261,8 +46261,8 @@ CVE-2020-7593 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS v
NOT-FOR-US: Siemens
CVE-2020-7592 (A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Ge ...)
NOT-FOR-US: Siemens
-CVE-2020-7591
- RESERVED
+CVE-2020-7591 (A vulnerability has been identified in SIPORT MP (All versions < 3. ...)
+ TODO: check
CVE-2020-7590 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
NOT-FOR-US: DCA Vantage Analyzer
CVE-2020-7589 (A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS variant ...)
@@ -46802,8 +46802,8 @@ CVE-2020-7336
RESERVED
CVE-2020-7335
RESERVED
-CVE-2020-7334
- RESERVED
+CVE-2020-7334 (Improper privilege assignment vulnerability in the installer McAfee Ap ...)
+ TODO: check
CVE-2020-7333
RESERVED
CVE-2020-7332
@@ -46816,10 +46816,10 @@ CVE-2020-7329
RESERVED
CVE-2020-7328
RESERVED
-CVE-2020-7327
- RESERVED
-CVE-2020-7326
- RESERVED
+CVE-2020-7327 (Improperly implemented security check in McAfee MVISION Endpoint Detec ...)
+ TODO: check
+CVE-2020-7326 (Improperly implemented security check in McAfee Active Response (MAR) ...)
+ TODO: check
CVE-2020-7325 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...)
NOT-FOR-US: McAfee
CVE-2020-7324 (Improper Access Control vulnerability in McAfee MVISION Endpoint prior ...)
@@ -50078,24 +50078,19 @@ CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the
NOT-FOR-US: Zoom
CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...)
NOT-FOR-US: Zoom
-CVE-2020-6108 [F2fs-Tools F2fs.Fsck fsck_chk_orphan_node Code Execution Vulnerability]
- RESERVED
+CVE-2020-6108 (An exploitable code execution vulnerability exists in the fsck_chk_orp ...)
- f2fs-tools <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050
-CVE-2020-6107 [F2fs-Tools F2fs.Fsck dev_read Information Disclosure Vulnerability]
- RESERVED
+CVE-2020-6107 (An exploitable information disclosure vulnerability exists in the dev_ ...)
- f2fs-tools <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049
-CVE-2020-6106 [F2fs-Tools F2fs.Fsck init_node_manager Information Disclosure Vulnerability]
- RESERVED
+CVE-2020-6106 (An exploitable information disclosure vulnerability exists in the init ...)
- f2fs-tools <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048
-CVE-2020-6105 [F2fs-Tools F2fs.Fsck Multiple Devices Code Execution Vulnerability]
- RESERVED
+CVE-2020-6105 (An exploitable code execution vulnerability exists in the multiple dev ...)
- f2fs-tools <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047
-CVE-2020-6104 [F2fs-Tools F2fs.Fsck filesystem checking Information Disclosure Vulnerability]
- RESERVED
+CVE-2020-6104 (An exploitable information disclosure vulnerability exists in the get_ ...)
- f2fs-tools <unfixed>
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046
CVE-2020-6103 (An exploitable code execution vulnerability exists in the Shader funct ...)
@@ -54092,8 +54087,8 @@ CVE-2020-4501
RESERVED
CVE-2020-4500
RESERVED
-CVE-2020-4499
- RESERVED
+CVE-2020-4499 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ TODO: check
CVE-2020-4498 (IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged use ...)
NOT-FOR-US: IBM
CVE-2020-4497
@@ -62081,8 +62076,8 @@ CVE-2020-1779
RESERVED
CVE-2020-1778
RESERVED
-CVE-2020-1777
- RESERVED
+CVE-2020-1777 (Agent names that participates in a chat conversation are revealed in c ...)
+ TODO: check
CVE-2020-1776 (When an agent user is renamed or set to invalid the session belonging ...)
- otrs2 6.0.29-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -87349,7 +87344,7 @@ CVE-2019-12414 (In Apache Incubator Superset before 0.32, a user can view databa
CVE-2019-12413 (In Apache Incubator Superset before 0.31 user could query database met ...)
NOT-FOR-US: Apache Superset
CVE-2019-12411
- RESERVED
+ REJECTED
CVE-2019-12410 (While investigating UBSAN errors in https://github.com/apache/arrow/pu ...)
NOT-FOR-US: Apache Arrow
CVE-2019-12409 (The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure settin ...)
@@ -109303,8 +109298,8 @@ CVE-2019-4554
RESERVED
CVE-2019-4553 (IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expecte ...)
NOT-FOR-US: IBM
-CVE-2019-4552
- RESERVED
+CVE-2019-4552 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ TODO: check
CVE-2019-4551 (IBM Security Directory Server 6.4.0 does not perform an authentication ...)
NOT-FOR-US: IBM
CVE-2019-4550 (IBM Security Directory Server 6.4.0 is deployed with active debugging ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/153dd5249c8f423d92cd08fbd77c37fa39de3b64
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/153dd5249c8f423d92cd08fbd77c37fa39de3b64
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201015/a3e9677a/attachment.html>
More information about the debian-security-tracker-commits
mailing list