[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 18 Jul 2020 01:11:01 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
14cb8f5c by security tracker role at 2020-07-18T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious 
applicat ...)
+       TODO: check
 CVE-2020-15815
        RESERVED
 CVE-2020-15814
@@ -1587,12 +1589,12 @@ CVE-2020-15112
        RESERVED
 CVE-2020-15111
        RESERVED
-CVE-2020-15110
-       RESERVED
+CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will 
be able  ...)
+       TODO: check
 CVE-2020-15109
        RESERVED
-CVE-2020-15108
-       RESERVED
+CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages 
of "Clon ...)
+       TODO: check
 CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU 
operations are ...)
        TODO: check
 CVE-2020-15106
@@ -14584,8 +14586,8 @@ CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 
and prior. A stack-based
        NOT-FOR-US: Advantech WebAccess
 CVE-2020-10606
        RESERVED
-CVE-2020-10605
-       RESERVED
+CVE-2020-10605 (Grundfos CIM 500 before v06.16.00 responds to unauthenticated 
requests ...)
+       TODO: check
 CVE-2020-10604
        RESERVED
 CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly 
sanitize use ...)
@@ -17747,22 +17749,22 @@ CVE-2020-9261 (HUAWEI Mate 30 with versions earlier 
than 10.1.0.150(C00E136R5P3)
        NOT-FOR-US: HUAWEI
 CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier 
than 1 ...)
        NOT-FOR-US: HUAWEI
-CVE-2020-9259
-       RESERVED
+CVE-2020-9259 (Huawei Honor V30 smartphones with versions earlier than 
10.1.0.212(C00 ...)
+       TODO: check
 CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 
10.1.0.135(C00E135R2P ...)
        NOT-FOR-US: HUAWEI
-CVE-2020-9257
-       RESERVED
-CVE-2020-9256
-       RESERVED
-CVE-2020-9255
-       RESERVED
-CVE-2020-9254
-       RESERVED
+CVE-2020-9257 (HUAWEI P30 Pro smartphones with versions earlier than 
10.1.0.123(C432E ...)
+       TODO: check
+CVE-2020-9256 (Huawei Mate 30 Pro smartphones with versions earlier than 
10.1.0.150(C ...)
+       TODO: check
+CVE-2020-9255 (Huawei Honor 10 smartphones with versions earlier than 
10.0.0.178(C00E ...)
+       TODO: check
+CVE-2020-9254 (HUAWEI P30 Pro smartphones with versions earlier than 
10.1.0.123(C432E ...)
+       TODO: check
 CVE-2020-9253
        RESERVED
-CVE-2020-9252
-       RESERVED
+CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), 
HUAWEI M ...)
+       TODO: check
 CVE-2020-9251
        RESERVED
 CVE-2020-9250
@@ -17811,8 +17813,8 @@ CVE-2020-9229
        RESERVED
 CVE-2020-9228
        RESERVED
-CVE-2020-9227
-       RESERVED
+CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 
10.1.0.166  ...)
+       TODO: check
 CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) 
have an ...)
        NOT-FOR-US: HUAWEI
 CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions 
management v ...)
@@ -18061,10 +18063,10 @@ CVE-2020-9104
        RESERVED
 CVE-2020-9103
        RESERVED
-CVE-2020-9102
-       RESERVED
-CVE-2020-9101
-       RESERVED
+CVE-2020-9102 (There is a information leak vulnerability in some Huawei 
products, and ...)
+       TODO: check
+CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. 
An una ...)
+       TODO: check
 CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking 
vulnerability. Th ...)
        NOT-FOR-US: Huawei
 CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; 
NIP6800; Se ...)
@@ -19346,7 +19348,7 @@ CVE-2020-8575
        RESERVED
 CVE-2020-8574
        RESERVED
-CVE-2020-8573 (The NetApp HCI H610S Baseboard Management Controller (BMC) is 
shipped  ...)
+CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management 
Controllers ...)
        NOT-FOR-US: NetApp
 CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior 
to vers ...)
        NOT-FOR-US: Element OS
@@ -21251,8 +21253,8 @@ CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library 
under 2019.9.6 version conta
        NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library
 CVE-2020-7819
        RESERVED
-CVE-2020-7818
-       RESERVED
+CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow 
vulnerability, ...)
+       TODO: check
 CVE-2020-7817
        RESERVED
 CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView 
Indy, DaVa+ ...)
@@ -22595,8 +22597,8 @@ CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable 
to an XSS which is resol
        NOT-FOR-US: LinuxKI
 CVE-2020-7207
        RESERVED
-CVE-2020-7206
-       RESERVED
+CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and 
earlier) has  ...)
+       TODO: check
 CVE-2020-7205
        RESERVED
 CVE-2020-7204
@@ -26239,12 +26241,12 @@ CVE-2020-5771
        RESERVED
 CVE-2020-5770
        RESERVED
-CVE-2020-5769
-       RESERVED
-CVE-2020-5768
-       RESERVED
-CVE-2020-5767
-       RESERVED
+CVE-2020-5769 (Insufficient output sanitization in Teltonika firmware 
TRB2_R_00.02.02 ...)
+       TODO: check
+CVE-2020-5768 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2020-5767 (Cross-site request forgery in Icegram Email Subscribers &amp; 
Newslett ...)
+       TODO: check
 CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS 
vulnerabi ...)
@@ -26259,14 +26261,14 @@ CVE-2020-5761
        RESERVED
 CVE-2020-5760
        RESERVED
-CVE-2020-5759
-       RESERVED
-CVE-2020-5758
-       RESERVED
-CVE-2020-5757
-       RESERVED
-CVE-2020-5756
-       RESERVED
+CVE-2020-5759 (Grandstream UCM6200 series firmware version 1.0.20.23 and below 
is vul ...)
+       TODO: check
+CVE-2020-5758 (Grandstream UCM6200 series firmware version 1.0.20.23 and below 
is vul ...)
+       TODO: check
+CVE-2020-5757 (Grandstream UCM6200 series firmware version 1.0.20.23 and below 
is vul ...)
+       TODO: check
+CVE-2020-5756 (Grandstream GWN7000 firmware version 1.0.9.4 and below allows 
authenti ...)
+       TODO: check
 CVE-2020-5755 (Webroot endpoint agents prior to version v9.0.28.48 did not 
protect th ...)
        NOT-FOR-US: Webroot
 CVE-2020-5754 (Webroot endpoint agents prior to version v9.0.28.48 allows 
remote atta ...)
@@ -30250,8 +30252,8 @@ CVE-2020-4106
        RESERVED
 CVE-2020-4105
        RESERVED
-CVE-2020-4104
-       RESERVED
+CVE-2020-4104 (HCL BigFix WebUI is vulnerable to stored cross-site scripting 
(XSS) wi ...)
+       TODO: check
 CVE-2020-4103
        RESERVED
 CVE-2020-4102
@@ -43731,8 +43733,8 @@ CVE-2020-0307
        RESERVED
 CVE-2020-0306
        RESERVED
-CVE-2020-0305
-       RESERVED
+CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free 
due to a ...)
+       TODO: check
 CVE-2020-0304
        RESERVED
 CVE-2020-0303
@@ -43879,28 +43881,21 @@ CVE-2020-0233 (In main of main.cpp, there is possible 
memory corruption due to a
        NOT-FOR-US: Android
 CVE-2020-0232 (Function abc_pcie_issue_dma_xfer_sync creates a transfer 
object, adds  ...)
        NOT-FOR-US: Pixel kernel drivers
-CVE-2020-0231
-       RESERVED
+CVE-2020-0231 (There is a possible out of bounds write due to an incorrect 
bounds che ...)
        NOT-FOR-US: MediaTek components for Android
-CVE-2020-0230
-       RESERVED
+CVE-2020-0230 (There is a possible out of bounds write due to an incorrect 
bounds che ...)
        NOT-FOR-US: MediaTek components for Android
 CVE-2020-0229
        RESERVED
-CVE-2020-0228
-       RESERVED
+CVE-2020-0228 (There is an improper configuration of recorder related service. 
Produc ...)
        NOT-FOR-US: MediaTek components for Android
-CVE-2020-0227
-       RESERVED
+CVE-2020-0227 (In onCommand of CompanionDeviceManagerService.java, there is a 
possibl ...)
        NOT-FOR-US: Android
-CVE-2020-0226
-       RESERVED
+CVE-2020-0226 (In createWithSurfaceParent of Client.cpp, there is a possible 
out of b ...)
        NOT-FOR-US: Android Media Framework
-CVE-2020-0225
-       RESERVED
+CVE-2020-0225 (In a2dp_vendor_ldac_decoder_decode_packet of 
a2dp_vendor_ldac_decoder. ...)
        NOT-FOR-US: Android
-CVE-2020-0224
-       RESERVED
+CVE-2020-0224 (In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a 
possible out ...)
        NOT-FOR-US: Android
 CVE-2020-0223 (This is an unbounded write into kernel global memory, via a 
user-contr ...)
        NOT-FOR-US: Pixel kernel drivers
@@ -44117,13 +44112,11 @@ CVE-2020-0124 (In markBootComplete of 
InstalldNativeService.cpp, there is a poss
        NOT-FOR-US: Android
 CVE-2020-0123
        RESERVED
-CVE-2020-0122
-       RESERVED
+CVE-2020-0122 (In the permission declaration for 
com.google.android.providers.gsf.per ...)
        NOT-FOR-US: Android
 CVE-2020-0121 (In updateUidProcState of AppOpsService.java, there is a 
possible permi ...)
        NOT-FOR-US: Android
-CVE-2020-0120
-       RESERVED
+CVE-2020-0120 (In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a 
possib ...)
        NOT-FOR-US: Android Media Framework
 CVE-2020-0119 (In addOrUpdateNetworkInternal and related functions of 
WifiConfigManag ...)
        NOT-FOR-US: Android
@@ -44153,8 +44146,7 @@ CVE-2020-0109 (In simulatePackageSuspendBroadcast of 
NotificationManagerService.
        NOT-FOR-US: Android
 CVE-2020-0108
        RESERVED
-CVE-2020-0107
-       RESERVED
+CVE-2020-0107 (In getUiccCardsInfo of PhoneInterfaceManager.java, there is a 
possible ...)
        NOT-FOR-US: Android
 CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a 
possible  ...)
        NOT-FOR-US: Android
@@ -63692,8 +63684,8 @@ CVE-2019-12002 (A remote session reuse vulnerability 
leading to access restricti
        NOT-FOR-US: HPE
 CVE-2019-12001 (A remote session reuse vulnerability leading to access 
restriction byp ...)
        NOT-FOR-US: HPE
-CVE-2019-12000
-       RESERVED
+CVE-2019-12000 (HPE has found a potential Remote Access Restriction Bypass in 
HPE MSE  ...)
+       TODO: check
 CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE 
OpenCal ...)
        NOT-FOR-US: HPE
 CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote 
vulnerabili ...)
@@ -85403,8 +85395,8 @@ CVE-2019-4092 (IBM Content Navigator 2.0.3 and 3.0CD 
could allow a remote attack
        NOT-FOR-US: IBM
 CVE-2019-4091 ("HCL Marketing Platform is vulnerable to cross-site scripting 
during a ...)
        TODO: check
-CVE-2019-4090
-       RESERVED
+CVE-2019-4090 ("HCL Campaign is vulnerable to cross-site scripting when a user 
provid ...)
+       TODO: check
 CVE-2019-4089
        RESERVED
 CVE-2019-4088 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents 
could allo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14cb8f5cbcefdcd1dba8c2361c63344f45756064

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14cb8f5cbcefdcd1dba8c2361c63344f45756064
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to