[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 15 Oct 2020 13:11:11 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
153dd524 by security tracker role at 2020-10-15T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2739,10 +2739,10 @@ CVE-2020-25861
        RESERVED
 CVE-2020-25860
        RESERVED
-CVE-2020-25859
-       RESERVED
-CVE-2020-25858
-       RESERVED
+CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite 
prior to ve ...)
+       TODO: check
+CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software 
suite prior ...)
+       TODO: check
 CVE-2020-25857
        RESERVED
 CVE-2020-25856
@@ -11502,8 +11502,8 @@ CVE-2020-21676
        RESERVED
 CVE-2020-21675
        RESERVED
-CVE-2020-21674
-       RESERVED
+CVE-2020-21674 (Heap-based buffer overflow in archive_string_append_from_wcs() 
(archiv ...)
+       TODO: check
 CVE-2020-21673
        RESERVED
 CVE-2020-21672
@@ -23634,12 +23634,12 @@ CVE-2020-15796
        RESERVED
 CVE-2020-15795
        RESERVED
-CVE-2020-15794
-       RESERVED
-CVE-2020-15793
-       RESERVED
-CVE-2020-15792
-       RESERVED
+CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All 
versions).  ...)
+       TODO: check
+CVE-2020-15793 (A vulnerability has been identified in Desigo Insight (All 
versions).  ...)
+       TODO: check
+CVE-2020-15792 (A vulnerability has been identified in Desigo Insight (All 
versions).  ...)
+       TODO: check
 CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU 
family (incl ...)
        NOT-FOR-US: Siemens
 CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All 
versions  ...)
@@ -25051,7 +25051,7 @@ CVE-2020-15252
        RESERVED
 CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before 
version ...)
        NOT-FOR-US: Channelmgnt plug-in for Sopel
-CVE-2020-15250 (In JUnit4 before version 4.13.1, the test rule TemporaryFolder 
contain ...)
+CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule 
TemporaryF ...)
        - junit4 <unfixed> (bug #972231)
        NOTE: 
https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
 CVE-2020-15249
@@ -28644,7 +28644,7 @@ CVE-2020-13941 (Reported in SOLR-14515 (private) and 
fixed in SOLR-14561 (public
 CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service 
manager and v ...)
        NOT-FOR-US: Apache NiFi
 CVE-2020-13939
-       RESERVED
+       REJECTED
 CVE-2020-13938
        RESERVED
 CVE-2020-13937
@@ -32292,16 +32292,16 @@ CVE-2020-12506 (Improper Authentication vulnerability 
in WAGO 750-8XX series wit
        NOT-FOR-US: WAGO
 CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series 
with FW v ...)
        NOT-FOR-US: WAGO
-CVE-2020-12504
-       RESERVED
-CVE-2020-12503
-       RESERVED
-CVE-2020-12502
-       RESERVED
-CVE-2020-12501
-       RESERVED
-CVE-2020-12500
-       RESERVED
+CVE-2020-12504 (Improper Authorization vulnerability of Pepperl+Fuchs P+F 
Comtrol Rock ...)
+       TODO: check
+CVE-2020-12503 (Improper Authorization vulnerability of Pepperl+Fuchs P+F 
Comtrol Rock ...)
+       TODO: check
+CVE-2020-12502 (Improper Authorization vulnerability of Pepperl+Fuchs P+F 
Comtrol Rock ...)
+       TODO: check
+CVE-2020-12501 (Improper Authorization vulnerability of Pepperl+Fuchs P+F 
Comtrol Rock ...)
+       TODO: check
+CVE-2020-12500 (Improper Authorization vulnerability of Pepperl+Fuchs P+F 
Comtrol Rock ...)
+       TODO: check
 CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and 
earlier an im ...)
        NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer
 CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx 
Express versio ...)
@@ -35514,26 +35514,26 @@ CVE-2019-20637 (An issue was discovered in Varnish 
Cache before 6.0.5 LTS, 6.1.x
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/0c9c38513bdb7730ac886eba7563f2d87894d734
 (test case / reproducer)
        NOTE: Introduced in 
https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d
 (5.0)
        NOTE: Case #3 implies labels introduced in 
https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454
 (5.0)
-CVE-2020-11646
-       RESERVED
-CVE-2020-11645
-       RESERVED
-CVE-2020-11644
-       RESERVED
-CVE-2020-11643
-       RESERVED
-CVE-2020-11642
-       RESERVED
-CVE-2020-11641
-       RESERVED
+CVE-2020-11646 (A log information disclosure vulnerability in B&amp;R 
GateManager 4260 ...)
+       TODO: check
+CVE-2020-11645 (A denial of service vulnerability in B&amp;R GateManager 4260 
and 9250 ...)
+       TODO: check
+CVE-2020-11644 (The information disclosure vulnerability present in B&amp;R 
GateManage ...)
+       TODO: check
+CVE-2020-11643 (An information disclosure vulnerability in B&amp;R GateManager 
4260 an ...)
+       TODO: check
+CVE-2020-11642 (The local file inclusion vulnerability present in B&amp;R 
SiteManager  ...)
+       TODO: check
+CVE-2020-11641 (A local file inclusion vulnerability in B&amp;R SiteManager 
versions & ...)
+       TODO: check
 CVE-2020-11640
        RESERVED
 CVE-2020-11639
        RESERVED
 CVE-2020-11638
        RESERVED
-CVE-2020-11637
-       RESERVED
+CVE-2020-11637 (A memory leak in the TFTP service in B&amp;R Automation 
Runtime versio ...)
+       TODO: check
 CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has 
out-of-bo ...)
        {DLA-2241-1}
        - linux 5.4.13-1
@@ -45901,8 +45901,8 @@ CVE-2020-7746
        RESERVED
 CVE-2020-7745
        RESERVED
-CVE-2020-7744
-       RESERVED
+CVE-2020-7744 (This affects all versions of package com.mintegral.msdk:alphab. 
The An ...)
+       TODO: check
 CVE-2020-7743 (The package mathjs before 7.5.1 are vulnerable to Prototype 
Pollution  ...)
        NOT-FOR-US: Node mathjs
 CVE-2020-7742 (This affects the package simpl-schema before 1.10.2. ...)
@@ -46261,8 +46261,8 @@ CVE-2020-7593 (A vulnerability has been identified in 
LOGO! 8 BM (incl. SIPLUS v
        NOT-FOR-US: Siemens
 CVE-2020-7592 (A vulnerability has been identified in SIMATIC HMI Basic Panels 
1st Ge ...)
        NOT-FOR-US: Siemens
-CVE-2020-7591
-       RESERVED
+CVE-2020-7591 (A vulnerability has been identified in SIPORT MP (All versions 
&lt; 3. ...)
+       TODO: check
 CVE-2020-7590 (A vulnerability has been identified in DCA Vantage Analyzer 
(All versi ...)
        NOT-FOR-US: DCA Vantage Analyzer
 CVE-2020-7589 (A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS 
variant ...)
@@ -46802,8 +46802,8 @@ CVE-2020-7336
        RESERVED
 CVE-2020-7335
        RESERVED
-CVE-2020-7334
-       RESERVED
+CVE-2020-7334 (Improper privilege assignment vulnerability in the installer 
McAfee Ap ...)
+       TODO: check
 CVE-2020-7333
        RESERVED
 CVE-2020-7332
@@ -46816,10 +46816,10 @@ CVE-2020-7329
        RESERVED
 CVE-2020-7328
        RESERVED
-CVE-2020-7327
-       RESERVED
-CVE-2020-7326
-       RESERVED
+CVE-2020-7327 (Improperly implemented security check in McAfee MVISION 
Endpoint Detec ...)
+       TODO: check
+CVE-2020-7326 (Improperly implemented security check in McAfee Active Response 
(MAR)  ...)
+       TODO: check
 CVE-2020-7325 (Privilege Escalation vulnerability in McAfee MVISION Endpoint 
prior to ...)
        NOT-FOR-US: McAfee
 CVE-2020-7324 (Improper Access Control vulnerability in McAfee MVISION 
Endpoint prior ...)
@@ -50078,24 +50078,19 @@ CVE-2020-6110 (An exploitable partial path traversal 
vulnerability exists in the
        NOT-FOR-US: Zoom
 CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom 
client, ...)
        NOT-FOR-US: Zoom
-CVE-2020-6108 [F2fs-Tools F2fs.Fsck fsck_chk_orphan_node Code Execution 
Vulnerability]
-       RESERVED
+CVE-2020-6108 (An exploitable code execution vulnerability exists in the 
fsck_chk_orp ...)
        - f2fs-tools <unfixed>
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050
-CVE-2020-6107 [F2fs-Tools F2fs.Fsck dev_read Information Disclosure 
Vulnerability]
-       RESERVED
+CVE-2020-6107 (An exploitable information disclosure vulnerability exists in 
the dev_ ...)
        - f2fs-tools <unfixed>
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049
-CVE-2020-6106 [F2fs-Tools F2fs.Fsck init_node_manager Information Disclosure 
Vulnerability]
-       RESERVED
+CVE-2020-6106 (An exploitable information disclosure vulnerability exists in 
the init ...)
        - f2fs-tools <unfixed>
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048
-CVE-2020-6105 [F2fs-Tools F2fs.Fsck Multiple Devices Code Execution 
Vulnerability]
-       RESERVED
+CVE-2020-6105 (An exploitable code execution vulnerability exists in the 
multiple dev ...)
        - f2fs-tools <unfixed>
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047
-CVE-2020-6104 [F2fs-Tools F2fs.Fsck filesystem checking Information Disclosure 
Vulnerability]
-       RESERVED
+CVE-2020-6104 (An exploitable information disclosure vulnerability exists in 
the get_ ...)
        - f2fs-tools <unfixed>
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046
 CVE-2020-6103 (An exploitable code execution vulnerability exists in the 
Shader funct ...)
@@ -54092,8 +54087,8 @@ CVE-2020-4501
        RESERVED
 CVE-2020-4500
        RESERVED
-CVE-2020-4499
-       RESERVED
+CVE-2020-4499 (IBM Security Access Manager 9.0.7 and IBM Security Verify 
Access 10.0. ...)
+       TODO: check
 CVE-2020-4498 (IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local 
privileged use ...)
        NOT-FOR-US: IBM
 CVE-2020-4497
@@ -62081,8 +62076,8 @@ CVE-2020-1779
        RESERVED
 CVE-2020-1778
        RESERVED
-CVE-2020-1777
-       RESERVED
+CVE-2020-1777 (Agent names that participates in a chat conversation are 
revealed in c ...)
+       TODO: check
 CVE-2020-1776 (When an agent user is renamed or set to invalid the session 
belonging  ...)
        - otrs2 6.0.29-1
        [buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -87349,7 +87344,7 @@ CVE-2019-12414 (In Apache Incubator Superset before 
0.32, a user can view databa
 CVE-2019-12413 (In Apache Incubator Superset before 0.31 user could query 
database met ...)
        NOT-FOR-US: Apache Superset
 CVE-2019-12411
-       RESERVED
+       REJECTED
 CVE-2019-12410 (While investigating UBSAN errors in 
https://github.com/apache/arrow/pu ...)
        NOT-FOR-US: Apache Arrow
 CVE-2019-12409 (The 8.1.1 and 8.2.0 releases of Apache Solr contain an 
insecure settin ...)
@@ -109303,8 +109298,8 @@ CVE-2019-4554
        RESERVED
 CVE-2019-4553 (IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than 
expecte ...)
        NOT-FOR-US: IBM
-CVE-2019-4552
-       RESERVED
+CVE-2019-4552 (IBM Security Access Manager 9.0.7 and IBM Security Verify 
Access 10.0. ...)
+       TODO: check
 CVE-2019-4551 (IBM Security Directory Server 6.4.0 does not perform an 
authentication ...)
        NOT-FOR-US: IBM
 CVE-2019-4550 (IBM Security Directory Server 6.4.0 is deployed with active 
debugging  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/153dd5249c8f423d92cd08fbd77c37fa39de3b64

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/153dd5249c8f423d92cd08fbd77c37fa39de3b64
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to