Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
76a4270b by Moritz Muehlenhoff at 2020-03-25T16:45:44+01:00
new puppet, puppetdb, libunivalue issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1059,7 +1059,7 @@ CVE-2020-10572
 CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython 
implemen ...)
        NOT-FOR-US: psd-tools
 CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show 
Popup is  ...)
-       TODO: check
+       NOT-FOR-US: Telegram for Android
 CVE-2020-10569
        RESERVED
 CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 
for Word ...)
@@ -4900,7 +4900,7 @@ CVE-2020-8861 (This vulnerability allows network-adjacent 
attackers to bypass au
 CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary 
code o ...)
        NOT-FOR-US: Samsung Galaxy S10 Firmware
 CVE-2020-8859 (This vulnerability allows remote attackers to create a 
denial-of-servi ...)
-       TODO: check
+       NOT-FOR-US: elog
 CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary 
code o ...)
        NOT-FOR-US: Moxa
 CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary 
code o ...)
@@ -7003,7 +7003,12 @@ CVE-2020-7945
 CVE-2020-7944
        RESERVED
 CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and 
debugging in ...)
-       TODO: check
+       - puppet <unfixed> (low)
+       [stretch] - puppet <no-dsa> (Minor issue)
+       [buster] - puppet <no-dsa> (Minor issue)
+       - puppetdb <unfixed> (low)
+       [buster] - puppetdb <no-dsa> (Minor issue)
+       NOTE: https://puppet.com/security/cve/CVE-2020-7943/
 CVE-2020-7942 (Previously, Puppet operated on a model that a node with a valid 
certif ...)
        - puppet <unfixed> (unimportant)
        NOTE: This CVE assignment is for switching the default setting of 
strict_hostname_checking,
@@ -8049,7 +8054,7 @@ CVE-2020-7479 (A CWE-306: Missing Authentication for 
Critical Function vulnerabi
 CVE-2020-7478 (A CWE-22: Improper Limitation of a Pathname to a Restricted 
Directory  ...)
        NOT-FOR-US: IGSS
 CVE-2020-7477 (A CWE-754: Improper Check for Unusual or Exceptional Conditions 
vulner ...)
-       TODO: check
+       NOT-FOR-US: Quantum Ethernet Network module
 CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee 
Instal ...)
        NOT-FOR-US: ZigBee Installation Kit
 CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output 
Used b ...)
@@ -9167,7 +9172,7 @@ CVE-2020-7005
 CVE-2020-7004
        RESERVED
 CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and 
IOxpre ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and 
prior.  ...)
        NOT-FOR-US: McAfee
 CVE-2020-7001
@@ -9195,11 +9200,11 @@ CVE-2020-6991
 CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B 
v21.001 and p ...)
        NOT-FOR-US: Rockwell
 CVE-2020-6989 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and 
PT-7828 ser ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2020-6988 (Rockwell Automation MicroLogix 1400 Controllers Series B 
v21.001 and p ...)
        NOT-FOR-US: Rockwell
 CVE-2020-6987 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and 
PT-7828 ser ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a 
series  ...)
        NOT-FOR-US: Omron
 CVE-2020-6985
@@ -9207,7 +9212,7 @@ CVE-2020-6985
 CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B 
v21.001 and p ...)
        NOT-FOR-US: Rockwell
 CVE-2020-6983 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and 
PT-7828 ser ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2020-6982
        RESERVED
 CVE-2020-6981
@@ -9229,7 +9234,7 @@ CVE-2020-6974
 CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 
1.4.3 (820 ...)
        NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
 CVE-2020-6972 (In Notifier Web Server (NWS) Version 3.50 and earlier, the 
Honeywell F ...)
-       TODO: check
+       NOT-FOR-US: Honeywell
 CVE-2020-6971 (In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in 
the Va ...)
        NOT-FOR-US: Emerson
 CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson 
OpenEnterprise SCADA ...)
@@ -22995,7 +23000,7 @@ CVE-2020-1745 [AJP File Read/Inclusion Vulnerability]
        - undertow <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1807305
 CVE-2020-1744 (A flaw was found in keycloak before version 9.0.1. When 
configuring an ...)
-       TODO: check
+       NOT-FOR-US: Keycloak
 CVE-2020-1743
        RESERVED
 CVE-2020-1742
@@ -24355,7 +24360,9 @@ CVE-2019-18938 (eQ-3 Homematic CCU2 2.47.20 and CCU3 
3.47.18 with the E-Mail Add
 CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script 
Parser Ad ...)
        NOT-FOR-US: eQ-3 Homematic
 CVE-2019-18936 (UniValue::read() in UniValue before 1.0.5 allow attackers to 
cause a d ...)
-       TODO: check
+       - libunivalue <unfixed>
+       NOTE: https://github.com/jgarzik/univalue/compare/v1.0.4...v1.0.5
+       NOTE: https://github.com/jgarzik/univalue/pull/58
 CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 
contains a .N ...)
        NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
 CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the 
ipsec modul ...)
@@ -27677,13 +27684,13 @@ CVE-2020-0521
 CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers 
before ve ...)
        NOT-FOR-US: Intel
 CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before 
versions  ...)
-       TODO: check
+       NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2020-0518
        RESERVED
 CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 
15.36. ...)
-       TODO: check
+       NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before 
version 26 ...)
-       TODO: check
+       NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) 
Graphic ...)
        NOT-FOR-US: Intel
 CVE-2020-0514 (Improper default permissions in the installer for Intel(R) 
Graphics Dr ...)
@@ -27693,7 +27700,7 @@ CVE-2020-0513
 CVE-2020-0512
        RESERVED
 CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics 
Drivers befo ...)
-       TODO: check
+       NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2020-0510
        RESERVED
 CVE-2020-0509
@@ -27701,11 +27708,11 @@ CVE-2020-0509
 CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) 
Graphics D ...)
        NOT-FOR-US: Intel
 CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before 
versions 15. ...)
-       TODO: check
+       NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before 
versions 1 ...)
-       TODO: check
+       NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2020-0505 (Improper conditions check in Intel(R) Graphics Drivers before 
versions ...)
-       TODO: check
+       NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2020-0504 (Buffer overflow in Intel(R) Graphics Drivers before versions 
15.40.44. ...)
        TODO: check
 CVE-2020-0503 (Improper access control in Intel(R) Graphics Drivers before 
version 26 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a4270bea91850657ad44c6d4776280ca715e75

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a4270bea91850657ad44c6d4776280ca715e75
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to