Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b4dbae46 by security tracker role at 2020-10-14T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-27150
+ RESERVED
+CVE-2020-27149
+ RESERVED
+CVE-2020-27148
+ RESERVED
+CVE-2020-27147
+ RESERVED
+CVE-2020-27146
+ RESERVED
CVE-2020-27145
RESERVED
CVE-2020-27144
@@ -262,8 +272,8 @@ CVE-2020-27015
RESERVED
CVE-2020-27014
RESERVED
-CVE-2020-27013
- RESERVED
+CVE-2020-27013 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a
vulnerability ...)
+ TODO: check
CVE-2020-27012
RESERVED
CVE-2020-27011
@@ -2785,8 +2795,8 @@ CVE-2020-25826 (PingID Integration for Windows Login
before 2.4.2 allows local u
NOT-FOR-US: PingID Integration for Windows Login
CVE-2020-25825 (In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can
reveal sensit ...)
NOT-FOR-US: Octopus Deploy
-CVE-2020-25824
- RESERVED
+CVE-2020-25824 (Telegram Desktop through 2.4.3 does not require passcode entry
upon pu ...)
+ TODO: check
CVE-2020-25823
RESERVED
CVE-2020-25822
@@ -2909,10 +2919,10 @@ CVE-2020-25780
RESERVED
CVE-2020-25779 (Trend Micro Antivirus for Mac 2020 (Consumer) has a
vulnerability in w ...)
NOT-FOR-US: Trend Micro
-CVE-2020-25778
- RESERVED
-CVE-2020-25777
- RESERVED
+CVE-2020-25778 (Trend Micro Antivirus for Mac 2020 (Consumer) has a
vulnerability in a ...)
+ TODO: check
+CVE-2020-25777 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to
a speci ...)
+ TODO: check
CVE-2020-25776 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to
a symbo ...)
NOT-FOR-US: Trend Micro
CVE-2020-25775 (The Trend Micro Security 2020 (v16) consumer family of
products is vul ...)
@@ -3187,6 +3197,7 @@ CVE-2020-25650
RESERVED
CVE-2020-25649
RESERVED
+ {DLA-2406-1}
- jackson-databind 2.11.1-1
NOTE: https://github.com/FasterXML/jackson-databind/issues/2589
NOTE:
https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59
(jackson-databind-2.11.0.rc1)
@@ -4264,8 +4275,8 @@ CVE-2020-25190
RESERVED
CVE-2020-25189
RESERVED
-CVE-2020-25188
- RESERVED
+CVE-2020-25188 (An attacker who convinces a valid user to open a specially
crafted pro ...)
+ TODO: check
CVE-2020-25187
RESERVED
CVE-2020-25186
@@ -5652,8 +5663,8 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1
allows XSS because tex
NOTE:
https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting
CVE-2020-24552 (Atop Technology industrial 3G/4G gateway contains Command
Injection vu ...)
NOT-FOR-US: Atop Technology industrial 3G/4G gateway
-CVE-2020-24551
- RESERVED
+CVE-2020-24551 (IProom MMC+ Server login page does not validate specific
parameters pr ...)
+ TODO: check
CVE-2020-24550
RESERVED
CVE-2020-24549
@@ -6440,8 +6451,8 @@ CVE-2020-24190
RESERVED
CVE-2020-24189
RESERVED
-CVE-2020-24188
- RESERVED
+CVE-2020-24188 (Cross-site scripting (XSS) vulnerability in the search
functionality i ...)
+ TODO: check
CVE-2020-24187
RESERVED
CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors
wpDiscuz ...)
@@ -25009,8 +25020,8 @@ CVE-2020-15255
RESERVED
CVE-2020-15254
RESERVED
-CVE-2020-15253
- RESERVED
+CVE-2020-15253 (Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site
Scripting v ...)
+ TODO: check
CVE-2020-15252
RESERVED
CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before
version ...)
@@ -25057,8 +25068,7 @@ CVE-2020-15231 (In mapfish-print before version 3.24, a
user can use the JSONP s
NOT-FOR-US: mapfish-print
CVE-2020-15230 (Vapor is a web framework for Swift. In Vapor before version
4.29.4, At ...)
NOT-FOR-US: Vapor
-CVE-2020-15229 [Path traversal and files overwrite with unsquashfs]
- RESERVED
+CVE-2020-15229 (Singularity (an open source container platform) from version
3.1.1 thr ...)
- singularity-container <unfixed> (bug #972212)
NOTE:
https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9
CVE-2020-15228 (In the `@actions/core` npm module before version
1.2.6,`addPath` and ` ...)
@@ -25071,8 +25081,8 @@ CVE-2020-15226 (In GLPI before version 9.5.2, there is
a SQL Injection in the AP
- glpi <removed>
CVE-2020-15225
RESERVED
-CVE-2020-15224
- RESERVED
+CVE-2020-15224 (In Open Enclave before version 0.12.0, an information
disclosure vulne ...)
+ TODO: check
CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect
framewor ...)
NOT-FOR-US: ORY Fosite
CVE-2020-15222 (In ORY Fosite (the security first OAuth2 & OpenID Connect
framewor ...)
@@ -28587,6 +28597,7 @@ CVE-2020-13945
CVE-2020-13944 (In Apache Airflow < 1.10.12, the "origin" parameter passed
to some ...)
- airflow <itp> (bug #819700)
CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to
10.0.0-M7 ...)
+ {DLA-2407-1}
- tomcat9 9.0.38-1
- tomcat8 <removed>
NOTE:
https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b
(9.0.38)
@@ -40908,8 +40919,7 @@ CVE-2020-9748
RESERVED
CVE-2020-9747
RESERVED
-CVE-2020-9746
- RESERVED
+CVE-2020-9746 (Adobe Flash Player version 32.0.0.433 (and earlier) are
affected by an ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has
an out-o ...)
NOT-FOR-US: Adobe
@@ -46770,8 +46780,8 @@ CVE-2020-7332
RESERVED
CVE-2020-7331
RESERVED
-CVE-2020-7330
- RESERVED
+CVE-2020-7330 (Privilege Escalation vulnerability in McAfee Total Protection
(MTP) tr ...)
+ TODO: check
CVE-2020-7329
RESERVED
CVE-2020-7328
@@ -46794,10 +46804,10 @@ CVE-2020-7320 (Protection Mechanism Failure
vulnerability in McAfee Endpoint Sec
NOT-FOR-US: McAfee
CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint
Security (ENS ...)
NOT-FOR-US: McAfee
-CVE-2020-7318
- RESERVED
-CVE-2020-7317
- RESERVED
+CVE-2020-7318 (Cross-Site Scripting vulnerability in McAfee ePolicy
Orchistrator (ePO ...)
+ TODO: check
+CVE-2020-7317 (Cross-Site Scripting vulnerability in McAfee ePolicy
Orchistrator (ePO ...)
+ TODO: check
CVE-2020-7316 (Unquoted service path vulnerability in McAfee File and
Removable Media ...)
NOT-FOR-US: McAfee
CVE-2020-7315 (DLL Injection Vulnerability in McAfee Agent (MA) for Windows
prior to ...)
@@ -47762,8 +47772,8 @@ CVE-2020-6935
RESERVED
CVE-2020-6934
RESERVED
-CVE-2020-6933
- RESERVED
+CVE-2020-6933 (An improper input validation vulnerability in the UEM Core of
BlackBer ...)
+ TODO: check
CVE-2020-6932 (An information disclosure and remote code execution
vulnerability in t ...)
NOT-FOR-US: BlackBerry QNX Software Development Platform
CVE-2020-6931
@@ -50095,16 +50105,16 @@ CVE-2020-6089 (An exploitable code execution
vulnerability exists in the ANI fil
NOT-FOR-US: Leadtools
CVE-2020-6088
RESERVED
-CVE-2020-6087
- RESERVED
-CVE-2020-6086
- RESERVED
+CVE-2020-6087 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
+ TODO: check
+CVE-2020-6086 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
+ TODO: check
CVE-2020-6085
RESERVED
CVE-2020-6084
RESERVED
-CVE-2020-6083
- RESERVED
+CVE-2020-6083 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
+ TODO: check
CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the
ico_rea ...)
NOT-FOR-US: Accusoft
CVE-2020-6081 (An exploitable code execution vulnerability exists in the
PLC_Task fun ...)
@@ -54250,8 +54260,8 @@ CVE-2020-4397 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1
transmits sensitive info
NOT-FOR-US: IBM
CVE-2020-4396 (IBM Jazz Foundation and IBM Engineering products are vulnerable
to cro ...)
NOT-FOR-US: IBM
-CVE-2020-4395
- RESERVED
+CVE-2020-4395 (IBM Security Access Manager Appliance 9.0.7 does not invalidate
sessio ...)
+ TODO: check
CVE-2020-4394
RESERVED
CVE-2020-4393
@@ -57279,8 +57289,8 @@ CVE-2020-3485 (A vulnerability in the role-based access
control (RBAC) functiona
NOT-FOR-US: Cisco
CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco
Vision ...)
NOT-FOR-US: Cisco
-CVE-2020-3483
- RESERVED
+CVE-2020-3483 (Duo has identified and fixed an issue with the Duo Network
Gateway (DN ...)
+ TODO: check
CVE-2020-3482
RESERVED
CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam
AntiVirus (C ...)
@@ -57394,8 +57404,8 @@ CVE-2020-3429 (A vulnerability in the WPA2 and WPA3
security implementation of C
NOT-FOR-US: Cisco
CVE-2020-3428 (A vulnerability in the WLAN Local Profiling feature of Cisco
IOS XE Wi ...)
NOT-FOR-US: Cisco
-CVE-2020-3427
- RESERVED
+CVE-2020-3427 (A privilege escalation vulnerability exists in the Duo
Authentication ...)
+ TODO: check
CVE-2020-3426 (A vulnerability in the implementation of the Low Power, Wide
Area (LPW ...)
NOT-FOR-US: Cisco
CVE-2020-3425 (Multiple vulnerabilities in the web management framework of
Cisco IOS ...)
@@ -68172,48 +68182,37 @@ CVE-2020-0425 (There is a possible way to view
notifications even when the "Lock
NOT-FOR-US: Android
CVE-2020-0424
RESERVED
-CVE-2020-0423
- RESERVED
-CVE-2020-0422
- RESERVED
+CVE-2020-0423 (In binder_release_work of binder.c, there is a possible
use-after-free ...)
+ TODO: check
+CVE-2020-0422 (In constructImportFailureNotification of
NotificationImportExportListe ...)
NOT-FOR-US: Android
-CVE-2020-0421
- RESERVED
+CVE-2020-0421 (In appendFormatV of String8.cpp, there is a possible out of
bounds wri ...)
NOT-FOR-US: Android
-CVE-2020-0420
- RESERVED
+CVE-2020-0420 (In setUpdatableDriverPath of GpuService.cpp, there is a
possible memor ...)
NOT-FOR-US: Android
-CVE-2020-0419
- RESERVED
+CVE-2020-0419 (In generateInfo of PackageInstallerSession.java, there is a
possible l ...)
NOT-FOR-US: Android
CVE-2020-0418
RESERVED
CVE-2020-0417
RESERVED
-CVE-2020-0416
- RESERVED
+CVE-2020-0416 (In multiple settings screens, there are possible tapjacking
attacks du ...)
NOT-FOR-US: Android
-CVE-2020-0415
- RESERVED
+CVE-2020-0415 (In various locations in SystemUI, there is a possible
permission bypas ...)
NOT-FOR-US: Android
-CVE-2020-0414
- RESERVED
+CVE-2020-0414 (In AudioFlinger::RecordThread::threadLoop of
audioflinger/Threads.cpp, ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0413
- RESERVED
+CVE-2020-0413 (In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a
possible ou ...)
NOT-FOR-US: Android
-CVE-2020-0412
- RESERVED
+CVE-2020-0412 (In setProcessMemoryTrimLevel of ActivityManagerService.java,
there is ...)
NOT-FOR-US: Android
-CVE-2020-0411
- RESERVED
+CVE-2020-0411 (In ~AACExtractor() of AACExtractor.cpp, there is a possible out
of bou ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0410
- RESERVED
+CVE-2020-0410 (In setNotification of SapServer.java, there is a possible
permission b ...)
+ TODO: check
CVE-2020-0409
RESERVED
-CVE-2020-0408
- RESERVED
+CVE-2020-0408 (In remove of String16.cpp, there is a possible out of bounds
write due ...)
NOT-FOR-US: Android
CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some
implem ...)
NOT-FOR-US: Android kernel
@@ -68233,13 +68232,11 @@ CVE-2020-0402
NOTE: Duplicate assignment for CVE-2019-19769 (Android security
informed)
CVE-2020-0401 (In setInstallerPackageName of PackageManagerService.java, there
is a m ...)
NOT-FOR-US: Android
-CVE-2020-0400
- RESERVED
+CVE-2020-0400 (In showDataRoamingNotification of NotificationMgr.java, there
is a pos ...)
NOT-FOR-US: Android
CVE-2020-0399 (In showLimitedSimFunctionWarningNotification of
NotificationMgr.java, ...)
NOT-FOR-US: Android
-CVE-2020-0398
- RESERVED
+CVE-2020-0398 (In updateMwi of NotificationMgr.java, there is a possible
permission b ...)
NOT-FOR-US: Android
CVE-2020-0397 (In getNotificationBuilder of CarrierServiceStateTracker.java,
there is ...)
NOT-FOR-US: Android
@@ -68279,14 +68276,11 @@ CVE-2020-0380 (In allocExcessBits of bitalloc.c,
there is a possible out of boun
NOT-FOR-US: Android
CVE-2020-0379 (In the Bluetooth service, there is a possible spoofing attack
due to a ...)
NOT-FOR-US: Android
-CVE-2020-0378
- RESERVED
+CVE-2020-0378 (In onWnmFrameReceived of PasspointManager.java, there is a
missing per ...)
NOT-FOR-US: Android
-CVE-2020-0377
- RESERVED
+CVE-2020-0377 (In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a
possible ou ...)
NOT-FOR-US: Android
-CVE-2020-0376
- RESERVED
+CVE-2020-0376 (There is a possible out of bounds read due to a missing bounds
check.P ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0375 (In Telephony, there is a possible permission bypass due to a
missing p ...)
NOT-FOR-US: Android
@@ -68296,8 +68290,7 @@ CVE-2020-0373 (In SoundTriggerHwService, there is a
possible out of bounds read
NOT-FOR-US: Android Media Framework
CVE-2020-0372 (In ActivityManager, there is a possible access to protected
data due t ...)
NOT-FOR-US: Android
-CVE-2020-0371
- RESERVED
+CVE-2020-0371 (There is a possible out of bounds read due to a missing bounds
check.P ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0370 (In libAACdec, there is a possible out of bounds read due to
missing bo ...)
NOT-FOR-US: Android Media Framework
@@ -68305,8 +68298,7 @@ CVE-2020-0369 (In libavb, there is a possible out of
bounds write due to an inte
NOT-FOR-US: Android
CVE-2020-0368
RESERVED
-CVE-2020-0367
- RESERVED
+CVE-2020-0367 (There is a possible out of bounds write due to a missing bounds
check. ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due
to a t ...)
NOT-FOR-US: Android
@@ -68362,8 +68354,7 @@ CVE-2020-0341 (In DisplayManager, there is a possible
permission bypass due to a
NOT-FOR-US: Android
CVE-2020-0340 (In libcodec2_soft_mp3dec, there is a possible information
disclosure d ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0339
- RESERVED
+CVE-2020-0339 (There is a possible out of bounds read due to a missing bounds
check.P ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0338 (In AccountManager, there is a possible bypass of a permissions
check d ...)
NOT-FOR-US: Android
@@ -68483,8 +68474,7 @@ CVE-2020-0285 (In Telephony, there is a possible
permission bypass due to a miss
NOT-FOR-US: Android
CVE-2020-0284 (In Telephony, there is a possible permission bypass due to a
missing p ...)
NOT-FOR-US: Android
-CVE-2020-0283
- RESERVED
+CVE-2020-0283 (There is a possible out of bounds write due to a missing bounds
check. ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0282 (In NFC, there is a possible out of bounds read due to a missing
bounds ...)
NOT-FOR-US: Android
@@ -68558,8 +68548,7 @@ CVE-2020-0248 (In postInstantAppNotif of
InstantAppNotifier.java, there is a pos
NOT-FOR-US: Android
CVE-2020-0247 (In Threshold::getHistogram of ImageProcessHelper.java, there is
a poss ...)
NOT-FOR-US: Android
-CVE-2020-0246
- RESERVED
+CVE-2020-0246 (In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a
missin ...)
NOT-FOR-US: Android
CVE-2020-0245 (In DecodeFrameCombinedMode of combined_decode.cpp, there is a
possible ...)
NOT-FOR-US: Android Media framework
@@ -109641,7 +109630,8 @@ CVE-2019-4371
RESERVED
CVE-2019-4370
RESERVED
-CVE-2019-4369 (IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive
informa ...)
+CVE-2019-4369
+ REJECTED
NOT-FOR-US: IBM
CVE-2019-4368
RESERVED
@@ -116697,8 +116687,7 @@ CVE-2019-2196 (In Download Provider, there is
possible SQL injection. This could
NOT-FOR-US: Android
CVE-2019-2195 (In tokenize of sqlite3_android.cpp, there is a possible
attacker contr ...)
NOT-FOR-US: Android
-CVE-2019-2194
- RESERVED
+CVE-2019-2194 (In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is
a possi ...)
NOT-FOR-US: Android
CVE-2019-2193 (In WelcomeActivity.java and related files, there is a possible
permiss ...)
NOT-FOR-US: Android
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4dbae463ee99045972e8018f4c4dc3a7b414585
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4dbae463ee99045972e8018f4c4dc3a7b414585
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
