Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf017044 by Moritz Muehlenhoff at 2020-04-20T18:37:32+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30817,9 +30817,9 @@ CVE-2020-0560 (Improper permissions in the installer
for the Intel(R) Renesas El
CVE-2020-0559
RESERVED
CVE-2020-0558 (Improper buffer restrictions in kernel mode driver for Intel(R)
PROSet ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0557 (Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi
produc ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0556 (Improper access control in subsystem for BlueZ before version
5.54 may ...)
{DSA-4647-1}
- bluez 5.50-1.1 (bug #953770)
@@ -30870,7 +30870,7 @@ CVE-2020-0548 (Cleanup errors in some Intel(R)
Processors may allow an authentic
NOTE:
https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
CVE-2020-0547 (Incorrect default permissions in the installer for Intel(R)
Data Migra ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent
Memory Modu ...)
NOT-FOR-US: Intel
CVE-2020-0545
@@ -31445,7 +31445,7 @@ CVE-2019-18378 (Symantec Messaging Gateway, prior to
10.7.3, may be susceptible
CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be
susceptible to a p ...)
NOT-FOR-US: Symantec
CVE-2019-18376 (A CSRF token disclosure vulnerability allows a remote
attacker, with a ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2019-18375 (The ASG and ProxySG management consoles are susceptible to a
session h ...)
NOT-FOR-US: ASG and ProxySG management consoles
CVE-2019-18374 (Symantec Critical System Protection (CSP), versions 8.0, 8.0
HF1 & ...)
@@ -32723,9 +32723,9 @@ CVE-2020-0081 (In finalize of AssetManager.java, there
is possible memory corrup
CVE-2020-0080 (In onOpActiveChanged and related methods of
AppOpsControllerImpl.java, ...)
NOT-FOR-US: Android
CVE-2020-0079 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0078 (In releaseSecureStops of DrmPlugin.cpp, there is a possible out
of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0077 (In authorize_enroll of the FPC IRIS TrustZone app, there is a
possible ...)
NOT-FOR-US: Android
CVE-2020-0076 (In get_auth_result of the FPC IRIS TrustZone app, there is a
possible ...)
@@ -32745,7 +32745,7 @@ CVE-2020-0070 (In rw_t2t_update_lock_attributes of
rw_t2t_ndef.cc, there is a po
CVE-2020-0069 (In the ioctl handlers of the Mediatek Command Queue driver,
there is a ...)
NOT-FOR-US: Mediatek components for Android
CVE-2020-0068 (In crus_afe_get_param of msm-cirrus-playback.c, there is a
possible ou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0067 (In f2fs_xattr_generic_list of xattr.c, there is a possible out
of boun ...)
- linux 5.5.13-1
NOTE:
https://git.kernel.org/linus/688078e7f36c293dae25b338ddc9e0a2790f6e06
@@ -45369,7 +45369,7 @@ CVE-2019-14118
CVE-2019-14117
RESERVED
CVE-2019-14116 (Privilege escalation by using an altered debug policy image
can occur ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14115
RESERVED
CVE-2019-14114 (Buffer overflow in WLAN firmware while parsing GTK IE
containing GTK k ...)
@@ -45796,7 +45796,7 @@ CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in
4.92.1) allows remote code exec
NOTE: https://www.exim.org/static/doc/security/CVE-2019-13917.txt
NOTE:
https://git.exim.org/exim.git/commit/21aa05977abff1eaa69bb97ef99080220915f7c0
CVE-2019-13916 (An issue was discovered in Cypress (formerly Broadcom) WICED
Studio 6. ...)
- TODO: check
+ NOT-FOR-US: Cypress
CVE-2019-13915 (b3log Wide before 1.6.0 allows three types of attacks to
access arbitr ...)
NOT-FOR-US: b3log Wide
CVE-2019-13914
@@ -52078,13 +52078,13 @@ CVE-2019-12004
CVE-2019-12003
RESERVED
CVE-2019-12002 (A remote session reuse vulnerability leading to access
restriction byp ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-12001 (A remote session reuse vulnerability leading to access
restriction byp ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-12000
RESERVED
CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE
OpenCal ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote
vulnerabili ...)
NOT-FOR-US: HPE Superdome Flex Server
CVE-2019-11997 (A potential security vulnerability has been identified in HPE
enhanced ...)
@@ -68846,7 +68846,7 @@ CVE-2019-6205 (A memory corruption issue was addressed
with improved lock state
CVE-2019-6204 (A logic issue was addressed with improved validation. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2019-6203 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6202 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2019-6201 (Multiple memory corruption issues were addressed with improved
memory ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf017044eee1e5229d518bb771b27093f544b210
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf017044eee1e5229d518bb771b27093f544b210
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
