[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 17 20:10:37 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7712dc2a by security tracker role at 2021-02-17T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-27362 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Vio ...)
+ TODO: check
+CVE-2021-27361
+ RESERVED
CVE-2021-27360
RESERVED
CVE-2021-27359
@@ -272,8 +276,8 @@ CVE-2021-27226
RESERVED
CVE-2021-27225
RESERVED
-CVE-2021-27224
- RESERVED
+CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write ...)
+ TODO: check
CVE-2021-27223
RESERVED
CVE-2021-27222
@@ -1206,8 +1210,8 @@ CVE-2021-26811
RESERVED
CVE-2021-26810
RESERVED
-CVE-2021-26809
- RESERVED
+CVE-2021-26809 (PHPGurukul Car Rental Project version 2.0 suffers from a remote shell ...)
+ TODO: check
CVE-2021-26808
RESERVED
CVE-2021-26807
@@ -1446,8 +1450,7 @@ CVE-2021-26708 (A local privilege escalation was discovered in the Linux kernel
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/5
NOTE: https://git.kernel.org/linus/c518adafa39f37858697ac9309c6cf1805581446
-CVE-2021-26697
- RESERVED
+CVE-2021-26697 (The lineage endpoint of the deprecated Experimental API was not protec ...)
- airflow <itp> (bug #819700)
CVE-2021-26696
RESERVED
@@ -1762,8 +1765,8 @@ CVE-2021-26561
RESERVED
CVE-2021-26560
RESERVED
-CVE-2021-26559
- RESERVED
+CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the Stable API ...)
+ TODO: check
CVE-2021-26558
RESERVED
CVE-2019-25018 (In the rcp client in MIT krb5-appl through 1.0.3, malicious servers co ...)
@@ -3884,10 +3887,10 @@ CVE-2021-25782
RESERVED
CVE-2021-25781
RESERVED
-CVE-2021-25780
- RESERVED
-CVE-2021-25779
- RESERVED
+CVE-2021-25780 (An arbitrary file upload vulnerability has been identified in posts.ph ...)
+ TODO: check
+CVE-2021-25779 (Baby Care System v1.0 is vulnerable to SQL injection via the 'id' para ...)
+ TODO: check
CVE-2021-25778 (In JetBrains TeamCity before 2020.2.1, permissions during user deletio ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2021-25777 (In JetBrains TeamCity before 2020.2.1, permissions during token remova ...)
@@ -7986,8 +7989,8 @@ CVE-2021-23887
RESERVED
CVE-2021-23886
RESERVED
-CVE-2021-23885
- RESERVED
+CVE-2021-23885 (Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+ TODO: check
CVE-2021-23884
RESERVED
CVE-2021-23883 (A Null Pointer Dereference vulnerability in McAfee Endpoint Security ( ...)
@@ -8074,12 +8077,14 @@ CVE-2021-23843
RESERVED
CVE-2021-23842
RESERVED
-CVE-2021-23841 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...)
+CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...)
+ {DSA-4855-1}
- openssl 1.1.1j-1
- openssl1.0 <removed>
NOTE: https://www.openssl.org/news/secadv/20210216.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf (OpenSSL_1_1_1j)
CVE-2021-23840 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...)
+ {DSA-4855-1}
- openssl 1.1.1j-1
- openssl1.0 <removed>
NOTE: https://www.openssl.org/news/secadv/20210216.txt
@@ -9129,8 +9134,8 @@ CVE-2021-23341
RESERVED
CVE-2021-23340
RESERVED
-CVE-2021-23339
- RESERVED
+CVE-2021-23339 (This affects all versions of package com.typesafe.akka:akka-http-core. ...)
+ TODO: check
CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...)
NOT-FOR-US: qlib
CVE-2021-23337 (All versions of package lodash; all versions of package org.fujion.web ...)
@@ -10086,18 +10091,18 @@ CVE-2021-22860
RESERVED
CVE-2021-22859
RESERVED
-CVE-2021-22858
- RESERVED
-CVE-2021-22857
- RESERVED
-CVE-2021-22856
- RESERVED
-CVE-2021-22855
- RESERVED
-CVE-2021-22854
- RESERVED
-CVE-2021-22853
- RESERVED
+CVE-2021-22858 (Attackers can access the CGE account management function without privi ...)
+ TODO: check
+CVE-2021-22857 (The CGE page with download function contains a Directory Traversal vul ...)
+ TODO: check
+CVE-2021-22856 (The CGE property management system contains SQL Injection vulnerabilit ...)
+ TODO: check
+CVE-2021-22855 (The specific function of HR Portal of Soar Cloud System accepts any ty ...)
+ TODO: check
+CVE-2021-22854 (The HR Portal of Soar Cloud System fails to filter specific parameters ...)
+ TODO: check
+CVE-2021-22853 (The HR Portal of Soar Cloud System fails to manage access control. Whi ...)
+ TODO: check
CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...)
NOT-FOR-US: HGiga EIP
CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...)
@@ -10850,8 +10855,8 @@ CVE-2021-22555
RESERVED
CVE-2021-22554
RESERVED
-CVE-2021-22553
- RESERVED
+CVE-2021-22553 (Any git operation is passed through Jetty and a session is created. No ...)
+ TODO: check
CVE-2021-22552
RESERVED
CVE-2021-22551
@@ -11608,15 +11613,13 @@ CVE-2021-22176
RESERVED
CVE-2021-22175
RESERVED
-CVE-2021-22174 [USB HID dissector could crash]
- RESERVED
+CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...)
- wireshark 3.4.3-1 (bug #981791)
[buster] - wireshark <not-affected> (Affected code not present)
[stretch] - wireshark <not-affected> (Affected code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-02.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17165
-CVE-2021-22173 [USB HID dissector memory leak]
- RESERVED
+CVE-2021-22173 (Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows de ...)
- wireshark 3.4.3-1 (bug #981791)
[buster] - wireshark <not-affected> (Affected code not present)
[stretch] - wireshark <not-affected> (Affected code not present)
@@ -13350,10 +13353,10 @@ CVE-2020-36005
RESERVED
CVE-2020-36004
RESERVED
-CVE-2020-36003
- RESERVED
-CVE-2020-36002
- RESERVED
+CVE-2020-36003 (The id parameter in detail.php of Online Book Store v1.0 is vulnerable ...)
+ TODO: check
+CVE-2020-36002 (Seat-Reservation-System 1.0 has a SQL injection vulnerability in index ...)
+ TODO: check
CVE-2020-36001
RESERVED
CVE-2020-36000
@@ -18344,8 +18347,8 @@ CVE-2020-35341
RESERVED
CVE-2020-35340
RESERVED
-CVE-2020-35339
- RESERVED
+CVE-2020-35339 (In 74cms version 5.0.1, there is a remote code execution vulnerability ...)
+ TODO: check
CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...)
NOT-FOR-US: Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server
CVE-2020-35337
@@ -22563,7 +22566,7 @@ CVE-2020-28854
RESERVED
CVE-2020-28853
RESERVED
-CVE-2020-28852 (In x/text in Go 1.15.4, a "slice bounds out of range" panic occurs in ...)
+CVE-2020-28852 (In x/text in Go before v0.3.5, a "slice bounds out of range" panic occ ...)
- golang-golang-x-text 0.3.5-1 (bug #980002)
- golang-x-text <removed>
NOTE: https://github.com/golang/go/issues/42536
@@ -23416,16 +23419,16 @@ CVE-2021-1418
RESERVED
CVE-2021-1417
RESERVED
-CVE-2021-1416
- RESERVED
+CVE-2021-1416 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
+ TODO: check
CVE-2021-1415
RESERVED
CVE-2021-1414
RESERVED
CVE-2021-1413
RESERVED
-CVE-2021-1412
- RESERVED
+CVE-2021-1412 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
+ TODO: check
CVE-2021-1411
RESERVED
CVE-2021-1410
@@ -23492,8 +23495,8 @@ CVE-2021-1380
RESERVED
CVE-2021-1379
RESERVED
-CVE-2021-1378
- RESERVED
+CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS operating syste ...)
+ TODO: check
CVE-2021-1377
RESERVED
CVE-2021-1376
@@ -23504,8 +23507,8 @@ CVE-2021-1374
RESERVED
CVE-2021-1373
RESERVED
-CVE-2021-1372
- RESERVED
+CVE-2021-1372 (A vulnerability in Cisco Webex Meetings Desktop App and Webex Producti ...)
+ TODO: check
CVE-2021-1371
RESERVED
CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...)
@@ -23516,8 +23519,8 @@ CVE-2021-1368
RESERVED
CVE-2021-1367
RESERVED
-CVE-2021-1366
- RESERVED
+CVE-2021-1366 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ TODO: check
CVE-2021-1365
RESERVED
CVE-2021-1364 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
@@ -23546,8 +23549,8 @@ CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS cou
NOT-FOR-US: Cisco
CVE-2021-1352
RESERVED
-CVE-2021-1351
- RESERVED
+CVE-2021-1351 (A vulnerability in the web-based interface of Cisco Webex Meetings cou ...)
+ TODO: check
CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an unauthe ...)
NOT-FOR-US: Cisco
CVE-2021-1349 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
@@ -28437,8 +28440,7 @@ CVE-2021-0111
RESERVED
CVE-2021-0110
RESERVED
-CVE-2021-0109
- RESERVED
+CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...)
NOT-FOR-US: Intel
CVE-2021-0108
RESERVED
@@ -36033,46 +36035,35 @@ CVE-2020-24507
RESERVED
CVE-2020-24506
RESERVED
-CVE-2020-24505
- RESERVED
+CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R) 700-ser ...)
NOT-FOR-US: Intel NIC firmware
-CVE-2020-24504
- RESERVED
-CVE-2020-24503
- RESERVED
-CVE-2020-24502
- RESERVED
-CVE-2020-24501
- RESERVED
+CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapt ...)
+ TODO: check
+CVE-2020-24503 (Insufficient access control in some Intel(R) Ethernet E810 Adapter dri ...)
+ TODO: check
+CVE-2020-24502 (Improper input validation in some Intel(R) Ethernet E810 Adapter drive ...)
+ TODO: check
+CVE-2020-24501 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...)
NOT-FOR-US: Intel NIC firmware
-CVE-2020-24500
- RESERVED
+CVE-2020-24500 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...)
NOT-FOR-US: Intel NIC firmware
CVE-2020-24499
RESERVED
-CVE-2020-24498
- RESERVED
+CVE-2020-24498 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...)
NOT-FOR-US: Intel NIC firmware
-CVE-2020-24497
- RESERVED
+CVE-2020-24497 (Insufficient Access Control in the firmware for Intel(R) E810 Ethernet ...)
NOT-FOR-US: Intel NIC firmware
-CVE-2020-24496
- RESERVED
+CVE-2020-24496 (Insufficient input validation in the firmware for Intel(R) 722 Etherne ...)
NOT-FOR-US: Intel NIC firmware
-CVE-2020-24495
- RESERVED
+CVE-2020-24495 (Insufficient access control in the firmware for the Intel(R) 700-serie ...)
NOT-FOR-US: Intel NIC firmware
-CVE-2020-24494
- RESERVED
+CVE-2020-24494 (Insufficient access control in the firmware for the Intel(R) 722 Ether ...)
NOT-FOR-US: Intel NIC firmware
-CVE-2020-24493
- RESERVED
+CVE-2020-24493 (Insufficient access control in the firmware for the Intel(R) 700-serie ...)
NOT-FOR-US: Intel NIC firmware
-CVE-2020-24492
- RESERVED
+CVE-2020-24492 (Insufficient access control in the firmware for the Intel(R) 722 Ether ...)
NOT-FOR-US: Intel NIC firmware
-CVE-2020-24491
- RESERVED
+CVE-2020-24491 (Debug message containing addresses of memory transactions in some Inte ...)
NOT-FOR-US: Intel
CVE-2020-24490 (Improper buffer restrictions in BlueZ may allow an unauthenticated use ...)
{DLA-2420-1}
@@ -36089,21 +36080,17 @@ CVE-2020-24487
RESERVED
CVE-2020-24486
RESERVED
-CVE-2020-24485
- RESERVED
+CVE-2020-24485 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector ...)
NOT-FOR-US: Intel
CVE-2020-24484
RESERVED
CVE-2020-24483
RESERVED
-CVE-2020-24482
- RESERVED
+CVE-2020-24482 (Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem ...)
NOT-FOR-US: Intel
-CVE-2020-24481
- RESERVED
+CVE-2020-24481 (Insecure inherited permissions for the Intel(R) Quartus Prime Pro and ...)
NOT-FOR-US: Intel
-CVE-2020-24480
- RESERVED
+CVE-2020-24480 (Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may al ...)
NOT-FOR-US: Intel
CVE-2020-24479
RESERVED
@@ -36139,8 +36126,7 @@ CVE-2020-24464
RESERVED
CVE-2020-24463
RESERVED
-CVE-2020-24462
- RESERVED
+CVE-2020-24462 (Out of bounds write in the Intel(R) Graphics Driver before version 15. ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-24461
RESERVED
@@ -36148,8 +36134,7 @@ CVE-2020-24460 (Incorrect default permissions in the Intel(R) DSA before version
NOT-FOR-US: Intel
CVE-2020-24459
RESERVED
-CVE-2020-24458
- RESERVED
+CVE-2020-24458 (Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (T ...)
NOT-FOR-US: Intel
CVE-2020-24457 (Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) ...)
NOT-FOR-US: Intel
@@ -36163,22 +36148,17 @@ CVE-2020-24455 [FAPI PolicyPCR not instatiating correctly]
NOTE: https://github.com/tpm2-software/tpm2-tss/commit/bf24b0ef0fa8de9300a323f70a097a1afd818439 (2.4.5)
CVE-2020-24454 (Improper Restriction of XML External Entity Reference in subsystem for ...)
NOT-FOR-US: Intel
-CVE-2020-24453
- RESERVED
+CVE-2020-24453 (Improper input validation in the Intel(R) EPID SDK before version 8, m ...)
NOT-FOR-US: Intel
-CVE-2020-24452
- RESERVED
+CVE-2020-24452 (Improper input validation in the Intel(R) SGX Platform Software for Wi ...)
NOT-FOR-US: Intel
-CVE-2020-24451
- RESERVED
+CVE-2020-24451 (Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memo ...)
NOT-FOR-US: Intel
-CVE-2020-24450
- RESERVED
+CVE-2020-24450 (Improper conditions check in some Intel(R) Graphics Drivers before ver ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-24449
RESERVED
-CVE-2020-24448
- RESERVED
+CVE-2020-24448 (Uncaught exception in some Intel(R) Graphics Drivers before version 15 ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-24447 (Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affe ...)
NOT-FOR-US: Adobe
@@ -60433,6 +60413,7 @@ CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging
NOT-FOR-US: FreyrSCADA IEC-60879-5-104 Server Simulator
CVE-2020-13558
RESERVED
+ {DSA-4854-1}
- webkit2gtk 2.30.5-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.5-1
@@ -60441,18 +60422,18 @@ CVE-2020-13557 (A use after free vulnerability exists in the JavaScript engine o
NOT-FOR-US: Foxit
CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server ...)
NOT-FOR-US: EIP Stack Group OpENer
-CVE-2020-13555
- RESERVED
+CVE-2020-13555 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ TODO: check
CVE-2020-13554
RESERVED
-CVE-2020-13553
- RESERVED
-CVE-2020-13552
- RESERVED
-CVE-2020-13551
- RESERVED
-CVE-2020-13550
- RESERVED
+CVE-2020-13553 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ TODO: check
+CVE-2020-13552 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ TODO: check
+CVE-2020-13551 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ TODO: check
+CVE-2020-13550 (A local file inclusion vulnerability exists in the installation functi ...)
+ TODO: check
CVE-2020-13549
RESERVED
CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...)
@@ -63457,14 +63438,11 @@ CVE-2020-12387 (A race condition when running shutdown code for Web Worker led t
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12387
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12387
-CVE-2020-12386
- RESERVED
+CVE-2020-12386 (Out-of-bounds write in some Intel(R) Graphics Drivers before version 1 ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12385
- RESERVED
+CVE-2020-12385 (Improper input validation in some Intel(R) Graphics Drivers before ver ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12384
- RESERVED
+CVE-2020-12384 (Improper access control in some Intel(R) Graphics Drivers before versi ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-12383
RESERVED
@@ -63472,65 +63450,48 @@ CVE-2020-12382
RESERVED
CVE-2020-12381
RESERVED
-CVE-2020-12380
- RESERVED
+CVE-2020-12380 (Out of bounds read in the BMC firmware for some Intel(R) Server Boards ...)
NOT-FOR-US: Intel
CVE-2020-12379
RESERVED
CVE-2020-12378
RESERVED
-CVE-2020-12377
- RESERVED
+CVE-2020-12377 (Insufficient input validation in the BMC firmware for some Intel(R) Se ...)
NOT-FOR-US: Intel
-CVE-2020-12376
- RESERVED
+CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Server Boa ...)
NOT-FOR-US: Intel
-CVE-2020-12375
- RESERVED
+CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server Boards, Ser ...)
NOT-FOR-US: Intel
CVE-2020-12374
RESERVED
-CVE-2020-12373
- RESERVED
+CVE-2020-12373 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12372
- RESERVED
+CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers before versio ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12371
- RESERVED
+CVE-2020-12371 (Divide by zero in some Intel(R) Graphics Drivers before version 26.20. ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12370
- RESERVED
+CVE-2020-12370 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12369
- RESERVED
+CVE-2020-12369 (Out of bound write in some Intel(R) Graphics Drivers before version 26 ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12368
- RESERVED
+CVE-2020-12368 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12367
- RESERVED
+CVE-2020-12367 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12366
- RESERVED
+CVE-2020-12366 (Insufficient input validation in some Intel(R) Graphics Drivers before ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12365
- RESERVED
+CVE-2020-12365 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12364
- RESERVED
+CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Windows* ...)
- linux 5.5.13-1
NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
-CVE-2020-12363
- RESERVED
+CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for Window ...)
- linux 5.5.13-1
NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
-CVE-2020-12362
- RESERVED
+CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Drivers fo ...)
- linux 5.5.13-1
NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
-CVE-2020-12361
- RESERVED
+CVE-2020-12361 (Use after free in some Intel(R) Graphics Drivers before version 15.33. ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-12360
RESERVED
@@ -63582,8 +63543,7 @@ CVE-2020-12341
RESERVED
CVE-2020-12340
RESERVED
-CVE-2020-12339
- RESERVED
+CVE-2020-12339 (Insufficient control flow management in the API for the Intel(R) Colla ...)
NOT-FOR-US: Intel
CVE-2020-12338 (Insufficient control flow management in the Open WebRTC Toolkit before ...)
NOT-FOR-US: Intel
@@ -74176,8 +74136,7 @@ CVE-2020-8767 (Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Qua
NOT-FOR-US: Intel
CVE-2020-8766 (Improper conditions check in the Intel(R) SGX DCAP software before ver ...)
NOT-FOR-US: Intel
-CVE-2020-8765
- RESERVED
+CVE-2020-8765 (Incorrect default permissions in the installer for the Intel(R) RealSe ...)
NOT-FOR-US: Intel
CVE-2020-8764 (Improper access control in BIOS firmware for some Intel(R) Processors ...)
NOT-FOR-US: Intel
@@ -74305,8 +74264,7 @@ CVE-2020-8703
RESERVED
CVE-2020-8702
RESERVED
-CVE-2020-8701
- RESERVED
+CVE-2020-8701 (Incorrect default permissions in installer for the Intel(R) SSD Toolbo ...)
NOT-FOR-US: Intel
CVE-2020-8700
RESERVED
@@ -74367,8 +74325,7 @@ CVE-2020-8680 (Race condition in some Intel(R) Graphics Drivers before version 1
NOT-FOR-US: Intel
CVE-2020-8679 (Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics D ...)
NOT-FOR-US: Intel
-CVE-2020-8678
- RESERVED
+CVE-2020-8678 (Improper access control for Intel(R) Graphics Drivers before version 1 ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-8677 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...)
NOT-FOR-US: Intel
@@ -76615,10 +76572,10 @@ CVE-2020-7851
RESERVED
CVE-2020-7850
RESERVED
-CVE-2020-7849
- RESERVED
-CVE-2020-7848
- RESERVED
+CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...)
+ TODO: check
+CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...)
+ TODO: check
CVE-2020-7847
RESERVED
CVE-2020-7846
@@ -98108,8 +98065,7 @@ CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory
NOT-FOR-US: Intel
CVE-2020-0545 (Integer overflow in subsystem for Intel(R) CSME versions before 11.8.7 ...)
NOT-FOR-US: Intel
-CVE-2020-0544
- RESERVED
+CVE-2020-0544 (Insufficient control flow management in the kernel mode driver for som ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-0543 (Incomplete cleanup from specific special register read operations in s ...)
{DSA-4701-1 DSA-4699-1 DSA-4698-1 DLA-2248-1 DLA-2242-1 DLA-2241-1}
@@ -98152,27 +98108,21 @@ CVE-2020-0527 (Insufficient control flow management in firmware for some Intel(R
NOT-FOR-US: Intel
CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...)
NOT-FOR-US: Intel
-CVE-2020-0525
- RESERVED
+CVE-2020-0525 (Improper access control in firmware for the Intel(R) Ethernet I210 Con ...)
NOT-FOR-US: Intel
-CVE-2020-0524
- RESERVED
+CVE-2020-0524 (Improper default permissions in the firmware for the Intel(R) Ethernet ...)
NOT-FOR-US: Intel
-CVE-2020-0523
- RESERVED
+CVE-2020-0523 (Improper access control in the firmware for the Intel(R) Ethernet I210 ...)
NOT-FOR-US: Intel
-CVE-2020-0522
- RESERVED
+CVE-2020-0522 (Improper initialization in the firmware for the Intel(R) Ethernet I210 ...)
NOT-FOR-US: Intel
-CVE-2020-0521
- RESERVED
+CVE-2020-0521 (Insufficient control flow management in some Intel(R) Graphics Drivers ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...)
NOT-FOR-US: Intel
CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions ...)
NOT-FOR-US: Intel Graphics drivers for Windows
-CVE-2020-0518
- RESERVED
+CVE-2020-0518 (Improper access control in the Intel(R) HD Graphics Control Panel befo ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...)
NOT-FOR-US: Intel Graphics drivers for Windows
@@ -150396,7 +150346,7 @@ CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can f
- openssl1.0 <not-affected> (Windows-specific)
NOTE: https://www.openssl.org/news/secadv/20190730.txt
CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring procedure u ...)
- {DSA-4594-1}
+ {DSA-4855-1 DSA-4594-1}
- openssl 1.1.1e-1 (low; bug #947949)
[stretch] - openssl <postponed> (Wait until next upstream security release)
[jessie] - openssl <not-affected> (Affected modules are not present in Jessie)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7712dc2a8dbb5d02c429f7d452c46c7c6b2d818f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7712dc2a8dbb5d02c429f7d452c46c7c6b2d818f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210217/1f921951/attachment.html>
More information about the debian-security-tracker-commits
mailing list