[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 30 May 2020 01:10:56 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
aeb57e72 by security tracker role at 2020-05-30T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-13700
+       RESERVED
 CVE-2020-13699
        RESERVED
 CVE-2020-13698
@@ -4878,8 +4880,8 @@ CVE-2020-11846
        RESERVED
 CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service 
Manager prod ...)
        NOT-FOR-US: Micro Focus
-CVE-2020-11844
-       RESERVED
+CVE-2020-11844 (There is an Incorrect Authorization vulnerability in Micro 
Focus Servi ...)
+       TODO: check
 CVE-2020-11843
        RESERVED
 CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream 
Host In ...)
@@ -7198,36 +7200,31 @@ CVE-2020-11091
        RESERVED
 CVE-2020-11090
        RESERVED
-CVE-2020-11089 [oob read in channel `irp` functions]
-       RESERVED
+CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp 
function ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
        - freerdp <removed>
        [stretch] - freerdp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
-CVE-2020-11088 [Out of bound read in ntlm_read_NegotiateMessage]
-       RESERVED
+CVE-2020-11088 (In FreeRDP less than or equal to 2.0.0, there is an 
out-of-bound read  ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
        - freerdp <removed>
        [stretch] - freerdp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
-CVE-2020-11087 [oob read in `ntlm_read_AuthenticateMessage`]
-       RESERVED
+CVE-2020-11087 (In FreeRDP less than or equal to 2.0.0, there is an 
out-of-bound read  ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
        - freerdp <removed>
        [stretch] - freerdp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
-CVE-2020-11086 [oob read in `ntlm_read_ntlm_v2_response`]
-       RESERVED
+CVE-2020-11086 (In FreeRDP less than or equal to 2.0.0, there is an 
out-of-bound read  ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
        - freerdp <removed>
        [stretch] - freerdp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
-CVE-2020-11085 [cliprdr_read_format_list out of bound read]
-       RESERVED
+CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in 
cliprdr_rea ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
        - freerdp <removed>
@@ -7370,8 +7367,7 @@ CVE-2020-11044 (In FreeRDP greater than 1.2 and before 
2.0.0, a double free in u
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8
        NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013
-CVE-2020-11043
-       RESERVED
+CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an 
out-of-bounds read ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
        - freerdp <removed>
@@ -7391,8 +7387,7 @@ CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, 
an outside controlled ar
        - freerdp <removed>
        [stretch] - freerdp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
-CVE-2020-11040 [out of bound access in clear_decompress_subcode_rlex]
-       RESERVED
+CVE-2020-11040 (In FreeRDP less than or equal to 2.0.0, there is an 
out-of-bound data  ...)
        - freerdp2 2.1.1+dfsg1-1
        [buster] - freerdp2 <no-dsa> (Minor issue)
        - freerdp <removed>
@@ -13807,8 +13802,8 @@ CVE-2020-8484 (Insufficient protection of the 
inter-process communication functi
        NOT-FOR-US: ABB
 CVE-2020-8483
        RESERVED
-CVE-2020-8482
-       RESERVED
+CVE-2020-8482 (Insecure storage of sensitive information in ABB Device Library 
Wizard ...)
+       TODO: check
 CVE-2020-8481 (For ABB products ABB Ability&#8482; System 800xA and related 
system ex ...)
        NOT-FOR-US: ABB
 CVE-2020-8480
@@ -15740,20 +15735,20 @@ CVE-2020-7656 (jquery prior to 1.9.0 allows 
Cross-site Scripting attacks via the
        TODO: check
 CVE-2020-7655 (netius prior to 1.17.58 is vulnerable to HTTP Request 
Smuggling. HTTP  ...)
        NOT-FOR-US: netius
-CVE-2020-7654
-       RESERVED
-CVE-2020-7653
-       RESERVED
-CVE-2020-7652
-       RESERVED
-CVE-2020-7651
-       RESERVED
-CVE-2020-7650
-       RESERVED
+CVE-2020-7654 (All versions of snyk-broker before 4.73.1 are vulnerable to 
Informatio ...)
+       TODO: check
+CVE-2020-7653 (All versions of snyk-broker before 4.80.0 are vulnerable to 
Arbitrary  ...)
+       TODO: check
+CVE-2020-7652 (All versions of snyk-broker before 4.80.0 are vulnerable to 
Arbitrary  ...)
+       TODO: check
+CVE-2020-7651 (All versions of snyk-broker before 4.79.0 are vulnerable to 
Arbitrary  ...)
+       TODO: check
+CVE-2020-7650 (All versions of snyk-broker after 4.72.0 including and before 
4.73.1 a ...)
+       TODO: check
 CVE-2020-7649
        RESERVED
-CVE-2020-7648
-       RESERVED
+CVE-2020-7648 (All versions of snyk-broker before 4.72.2 are vulnerable to 
Arbitrary  ...)
+       TODO: check
 CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 
inclusive and b ...)
        NOT-FOR-US: jooby
 CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary 
commands.It is ...)
@@ -17397,8 +17392,8 @@ CVE-2020-6939
        RESERVED
 CVE-2020-6938
        RESERVED
-CVE-2020-6937
-       RESERVED
+CVE-2020-6937 (A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 
3.9.x, ...)
+       TODO: check
 CVE-2020-6936
        RESERVED
 CVE-2020-6935
@@ -24505,12 +24500,12 @@ CVE-2020-3961
        RESERVED
 CVE-2020-3960
        RESERVED
-CVE-2020-3959
-       RESERVED
-CVE-2020-3958
-       RESERVED
-CVE-2020-3957
-       RESERVED
+CVE-2020-3959 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before 
ESXi650-20 ...)
+       TODO: check
+CVE-2020-3958 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before 
ESXi650-20 ...)
+       TODO: check
+CVE-2020-3957 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for 
Mac (11. ...)
+       TODO: check
 CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 
9.7.0.5,  ...)
        NOT-FOR-US: VMware
 CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 
without patch ...)
@@ -31003,8 +30998,8 @@ CVE-2020-1872 (Huawei smart phones P10 Plus with 
versions earlier than 9.1.0.201
        NOT-FOR-US: Huawei
 CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; 
V500R00 ...)
        NOT-FOR-US: Huawei
-CVE-2020-1870
-       RESERVED
+CVE-2020-1870 (CloudEngine 12800 products with versions of V200R019C00, 
V200R019C10SP ...)
+       TODO: check
 CVE-2020-1869
        RESERVED
 CVE-2020-1868
@@ -31077,12 +31072,12 @@ CVE-2020-1835
        RESERVED
 CVE-2020-1834
        RESERVED
-CVE-2020-1833
-       RESERVED
+CVE-2020-1833 (Honor 9X smartphones with versions earlier than 
9.1.1.172(C00E170R8P1) ...)
+       TODO: check
 CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 
10.0.3. ...)
        TODO: check
-CVE-2020-1831
-       RESERVED
+CVE-2020-1831 (HUAWEI Mate 20 smartphones with versions earlier than 
10.0.0.195(SP31C ...)
+       TODO: check
 CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and 
V500R005C0 ...)
        NOT-FOR-US: Huawei
 CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and 
Secospa ...)
@@ -31125,8 +31120,8 @@ CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a 
command injection vulner
        NOT-FOR-US: Huawei
 CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei 
products. The a ...)
        NOT-FOR-US: Huawei
-CVE-2020-1809
-       RESERVED
+CVE-2020-1809 (HUAWEI Mate 10 smartphones with versions earlier than 
10.0.0.143(C00E1 ...)
+       TODO: check
 CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor 
Magic2 wi ...)
        NOT-FOR-US: Huawei
 CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 
10.0.0.188(C00E7 ...)
@@ -31149,8 +31144,8 @@ CVE-2020-1799 (E6878-370 with versions of 
10.0.3.1(H557SP27C233), 10.0.3.1(H563S
        NOT-FOR-US: Huawei
 CVE-2020-1798 (HUAWEI P30 smartphones with versions earlier than 
10.1.0.135(C00E135R2 ...)
        TODO: check
-CVE-2020-1797
-       RESERVED
+CVE-2020-1797 (HUAWEI Mate 20 smartphones with versions earlier than 
10.0.0.185(C00E7 ...)
+       TODO: check
 CVE-2020-1796 (There is an improper authorization vulnerability in several 
smartphone ...)
        NOT-FOR-US: Huawei
 CVE-2020-1795 (There is a logic error vulnerability in several smartphones. 
The softw ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeb57e7200e755dfecff87f248cf6efb3195ab25

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeb57e7200e755dfecff87f248cf6efb3195ab25
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to