Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a4998679 by security tracker role at 2020-11-12T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,10 @@
CVE-2020-25710 [assertion failure in CSN normalization with invalid input]
+ RESERVED
- openldap 2.4.56+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2
(OPENLDAP_REL_ENG_2_4_56)
CVE-2020-25709 [assertion failure in Certificate List syntax validation]
+ RESERVED
- openldap 2.4.56+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65
(OPENLDAP_REL_ENG_2_4_56)
@@ -1804,12 +1806,12 @@ CVE-2020-28273
RESERVED
CVE-2020-28272
RESERVED
-CVE-2020-28271
- RESERVED
-CVE-2020-28270
- RESERVED
-CVE-2020-28269
- RESERVED
+CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0
through ...)
+ TODO: check
+CVE-2020-28270 (Overview:Prototype pollution vulnerability in
‘object-hierarchy- ...)
+ TODO: check
+CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1
through 1. ...)
+ TODO: check
CVE-2020-28268
RESERVED
CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set'
version 1.0.0 ...)
@@ -1858,8 +1860,8 @@ CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a
LINK element in a note
NOT-FOR-US: Joplin
CVE-2020-28248
RESERVED
-CVE-2020-28247
- RESERVED
+CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows
arbitrary send ...)
+ TODO: check
CVE-2020-28246
RESERVED
CVE-2020-28245
@@ -4107,8 +4109,8 @@ CVE-2020-27483
RESERVED
CVE-2020-27482
RESERVED
-CVE-2020-27481
- RESERVED
+CVE-2020-27481 (An unauthenticated SQL Injection vulnerability in Good Layers
LMS Plug ...)
+ TODO: check
CVE-2020-27480
RESERVED
CVE-2020-27479
@@ -4297,10 +4299,10 @@ CVE-2020-27388 (Multiple Stored Cross Site Scripting
(XSS) vulnerabilities exist
NOT-FOR-US: YOURLS Admin Panel
CVE-2020-27387 (An unrestricted file upload issue in HorizontCMS through
1.0.0-beta al ...)
NOT-FOR-US: HorizontCMS
-CVE-2020-27386
- RESERVED
-CVE-2020-27385
- RESERVED
+CVE-2020-27386 (An unrestricted file upload issue in FlexDotnetCMS before
v1.5.9 allow ...)
+ TODO: check
+CVE-2020-27385 (Incorrect Access Control in the FileEditor
(/Admin/Views/FileEditor/) ...)
+ TODO: check
CVE-2020-27384
RESERVED
CVE-2020-27383
@@ -5507,12 +5509,12 @@ CVE-2020-26807 (SAP ERP Client for E-Bilanz, version -
1.0, installation sets In
NOT-FOR-US: SAP
CVE-2020-26806
RESERVED
-CVE-2020-26805
- RESERVED
-CVE-2020-26804
- RESERVED
-CVE-2020-26803
- RESERVED
+CVE-2020-26805 (In Sentrifugo 3.2, admin can edit employee's informations via
this end ...)
+ TODO: check
+CVE-2020-26804 (In Sentrifugo 3.2, users can share an announcement under
"Organization ...)
+ TODO: check
+CVE-2020-26803 (In Sentrifugo 3.2, users can upload an image under "Assets
-> Add" ...)
+ TODO: check
CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross Site Request Forgery
(CSRF) in ...)
NOT-FOR-US: forma.lms
CVE-2020-26801
@@ -7912,8 +7914,7 @@ CVE-2020-25707 [infinite loop in
e1000e_write_packet_to_guest() in hw/net/e1000e
RESERVED
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895
-CVE-2020-25706 [Improper escaping of error message leads to XSS during
template import preview]
- RESERVED
+CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in
templates_import. ...)
- cacti 1.2.14+ds1-1
[stretch] - cacti <no-dsa> (Minor issue)
NOTE: https://github.com/Cacti/cacti/issues/3723
@@ -8046,8 +8047,7 @@ CVE-2020-25659 [bleichenbacher timing oracle attack
against RSA decryption]
NOTE:
https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889988
NOTE:
https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494
(3.2)
-CVE-2020-25658 [bleichenbacher timing oracle attack against RSA decryption]
- RESERVED
+CVE-2020-25658 (It was found that python-rsa is vulnerable to Bleichenbacher
timing at ...)
- python-rsa <unfixed>
NOTE: https://github.com/sybrenstuvel/python-rsa/issues/165
CVE-2020-25657
@@ -10435,7 +10435,7 @@ CVE-2020-24611
RESERVED
CVE-2020-24610
RESERVED
-CVE-2020-24609 (TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5 has XSS
which can r ...)
+CVE-2020-24609 (TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and
earlier has X ...)
NOT-FOR-US: Savsoft Quiz 5
CVE-2020-24608
RESERVED
@@ -10519,8 +10519,8 @@ CVE-2020-24575
RESERVED
CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY through
2.0.20 ...)
NOT-FOR-US: GOG Galaxy client
-CVE-2020-24573
- RESERVED
+CVE-2020-24573 (BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow
denial of ...)
+ TODO: check
CVE-2020-24572 (An issue was discovered in includes/webconsole.php in RaspAP
2.5. With ...)
NOT-FOR-US: RaspAP
CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via
../ dir ...)
@@ -10632,8 +10632,8 @@ CVE-2020-24527
RESERVED
CVE-2020-24526
RESERVED
-CVE-2020-24525
- RESERVED
+CVE-2020-24525 (Insecure inherited permissions in firmware update tool for
some Intel( ...)
+ TODO: check
CVE-2020-24524
RESERVED
CVE-2020-24523
@@ -10768,20 +10768,20 @@ CVE-2020-24462
RESERVED
CVE-2020-24461
RESERVED
-CVE-2020-24460
- RESERVED
+CVE-2020-24460 (Incorrect default permissions in the Intel(R) DSA before
version 20.8. ...)
+ TODO: check
CVE-2020-24459
RESERVED
CVE-2020-24458
RESERVED
CVE-2020-24457 (Logic error in BIOS firmware for 8th, 9th and 10th Generation
Intel(R) ...)
NOT-FOR-US: Intel
-CVE-2020-24456
- RESERVED
+CVE-2020-24456 (Incorrect default permissions in the Intel(R) Board ID Tool
version v. ...)
+ TODO: check
CVE-2020-24455
RESERVED
-CVE-2020-24454
- RESERVED
+CVE-2020-24454 (Improper Restriction of XML External Entity Reference in
subsystem for ...)
+ TODO: check
CVE-2020-24453
RESERVED
CVE-2020-24452
@@ -10802,12 +10802,12 @@ CVE-2020-24445
RESERVED
CVE-2020-24444
RESERVED
-CVE-2020-24443
- RESERVED
-CVE-2020-24442
- RESERVED
-CVE-2020-24441
- RESERVED
+CVE-2020-24443 (Adobe Connect version 11.0 (and earlier) is affected by a
reflected Cr ...)
+ TODO: check
+CVE-2020-24442 (Adobe Connect version 11.0 (and earlier) is affected by a
reflected Cr ...)
+ TODO: check
+CVE-2020-24441 (Adobe Acrobat Reader for Android version 20.6.2 (and earlier)
does not ...)
+ TODO: check
CVE-2020-24440
RESERVED
CVE-2020-24439 (Acrobat Reader DC for macOS versions 2020.012.20048 (and
earlier), 202 ...)
@@ -27354,8 +27354,8 @@ CVE-2020-16275 (A cross-site scripting (XSS)
vulnerability in the Credential Man
NOT-FOR-US: SAINT Security Suite
CVE-2020-16274
RESERVED
-CVE-2020-16273
- RESERVED
+CVE-2020-16273 (In Arm software implementing the Armv8-M processors (all
versions), th ...)
+ TODO: check
CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before
1.12.0 is mis ...)
NOT-FOR-US: Kee Vault KeePassRPC
CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before
1.12.0 genera ...)
@@ -27782,7 +27782,7 @@ CVE-2020-16092 (In QEMU through 5.0.0, an assertion
failure can occur in the net
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
CVE-2020-16091
- RESERVED
+ REJECTED
CVE-2020-16090
RESERVED
CVE-2020-16089
@@ -33606,8 +33606,7 @@ CVE-2020-13956 [incorrect handling of malformed
authority component in request U
NOTE: Fixed by:
https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e
(4.5.13-RC1)
CVE-2020-13955 (HttpUtils#getURLConnection method disables explicitly hostname
verific ...)
NOT-FOR-US: Apache Calcite
-CVE-2020-13954
- RESERVED
+CVE-2020-13954 (By default, Apache CXF creates a /services page containing a
listing o ...)
NOT-FOR-US: Apache CXF
CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific
URLs, an att ...)
NOT-FOR-US: Apache Tapestry
@@ -34184,10 +34183,10 @@ CVE-2020-13773
RESERVED
CVE-2020-13772
RESERVED
-CVE-2020-13771
- RESERVED
-CVE-2020-13770
- RESERVED
+CVE-2020-13771 (Various components in Ivanti Endpoint Manager through 2020.1.1
rely on ...)
+ TODO: check
+CVE-2020-13770 (Several services are accessing named pipes in Ivanti Endpoint
Manager ...)
+ TODO: check
CVE-2020-13769
RESERVED
CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer
overflow via ...)
@@ -37797,14 +37796,14 @@ CVE-2020-12358
RESERVED
CVE-2020-12357
RESERVED
-CVE-2020-12356
- RESERVED
-CVE-2020-12355
- RESERVED
-CVE-2020-12354
- RESERVED
-CVE-2020-12353
- RESERVED
+CVE-2020-12356 (Out-of-bounds read in subsystem in Intel(R) AMT versions
before 11.8.8 ...)
+ TODO: check
+CVE-2020-12355 (Authentication bypass by capture-replay in RPMB protocol
message authe ...)
+ TODO: check
+CVE-2020-12354 (Incorrect default permissions in Windows(R) installer in
Intel(R) AMT ...)
+ TODO: check
+CVE-2020-12353 (Improper permissions in the Intel(R) Data Center Manager
Console befor ...)
+ TODO: check
CVE-2020-12352
RESERVED
{DSA-4774-1 DLA-2420-1 DLA-2417-1}
@@ -37819,18 +37818,18 @@ CVE-2020-12351
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
NOTE:
https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
NOTE: Fixed by:
https://git.kernel.org/linus/f19425641cb2572a33cb074d5e30283720bd4d22
-CVE-2020-12350
- RESERVED
-CVE-2020-12349
- RESERVED
+CVE-2020-12350 (Improper access control in the Intel(R) XTU before version
6.5.1.360 m ...)
+ TODO: check
+CVE-2020-12349 (Improper input validation in the Intel(R) Data Center Manager
Console ...)
+ TODO: check
CVE-2020-12348
RESERVED
-CVE-2020-12347
- RESERVED
-CVE-2020-12346
- RESERVED
-CVE-2020-12345
- RESERVED
+CVE-2020-12347 (Improper input validation in the Intel(R) Data Center Manager
Console ...)
+ TODO: check
+CVE-2020-12346 (Improper permissions in the installer for the Intel(R) Battery
Life Di ...)
+ TODO: check
+CVE-2020-12345 (Improper permissions in the installer for the Intel(R) Data
Center Man ...)
+ TODO: check
CVE-2020-12344
RESERVED
CVE-2020-12343
@@ -37845,76 +37844,76 @@ CVE-2020-12339
RESERVED
CVE-2020-12338
RESERVED
-CVE-2020-12337
- RESERVED
-CVE-2020-12336
- RESERVED
-CVE-2020-12335
- RESERVED
-CVE-2020-12334
- RESERVED
-CVE-2020-12333
- RESERVED
-CVE-2020-12332
- RESERVED
-CVE-2020-12331
- RESERVED
-CVE-2020-12330
- RESERVED
-CVE-2020-12329
- RESERVED
-CVE-2020-12328
- RESERVED
-CVE-2020-12327
- RESERVED
-CVE-2020-12326
- RESERVED
-CVE-2020-12325
- RESERVED
-CVE-2020-12324
- RESERVED
-CVE-2020-12323
- RESERVED
-CVE-2020-12322
- RESERVED
-CVE-2020-12321
- RESERVED
-CVE-2020-12320
- RESERVED
-CVE-2020-12319
- RESERVED
-CVE-2020-12318
- RESERVED
-CVE-2020-12317
- RESERVED
-CVE-2020-12316
- RESERVED
-CVE-2020-12315
- RESERVED
-CVE-2020-12314
- RESERVED
+CVE-2020-12337 (Improper buffer restrictions in firmware for some Intel(R)
NUCs may al ...)
+ TODO: check
+CVE-2020-12336 (Insecure default variable initialization in firmware for some
Intel(R) ...)
+ TODO: check
+CVE-2020-12335 (Improper permissions in the installer for the Intel(R)
Processor Ident ...)
+ TODO: check
+CVE-2020-12334 (Improper permissions in the installer for the Intel(R) Advisor
tools b ...)
+ TODO: check
+CVE-2020-12333 (Insufficiently protected credentials in the Intel(R) QAT for
Linux bef ...)
+ TODO: check
+CVE-2020-12332 (Improper permissions in the installer for the Intel(R) HID
Event Filte ...)
+ TODO: check
+CVE-2020-12331 (Improper access controls in Intel Unite(R) Cloud Service
client before ...)
+ TODO: check
+CVE-2020-12330 (Improper permissions in the installer for the Intel(R) Falcon
8+ UAS A ...)
+ TODO: check
+CVE-2020-12329 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler
before ver ...)
+ TODO: check
+CVE-2020-12328 (Protection mechanism failure in some Intel(R) Thunderbolt(TM)
DCH driv ...)
+ TODO: check
+CVE-2020-12327 (Insecure default variable initialization in some Intel(R)
Thunderbolt( ...)
+ TODO: check
+CVE-2020-12326 (Improper initialization in some Intel(R) Thunderbolt(TM) DCH
drivers f ...)
+ TODO: check
+CVE-2020-12325 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM)
DCH driv ...)
+ TODO: check
+CVE-2020-12324 (Protection mechanism failure in some Intel(R) Thunderbolt(TM)
DCH driv ...)
+ TODO: check
+CVE-2020-12323 (Improper input validation in the Intel(R) ADAS IE before
version ADAS_ ...)
+ TODO: check
+CVE-2020-12322 (Improper input validation in some Intel(R) Wireless
Bluetooth(R) produ ...)
+ TODO: check
+CVE-2020-12321 (Improper buffer restriction in some Intel(R) Wireless
Bluetooth(R) pro ...)
+ TODO: check
+CVE-2020-12320 (Uncontrolled search path in Intel(R) SCS Add-on for Microsoft*
SCCM be ...)
+ TODO: check
+CVE-2020-12319 (Insufficient control flow management in some Intel(R)
PROSet/Wireless ...)
+ TODO: check
+CVE-2020-12318 (Protection mechanism failure in some Intel(R) PROSet/Wireless
WiFi pro ...)
+ TODO: check
+CVE-2020-12317 (Improper buffer restriction in some Intel(R) PROSet/Wireless
WiFi prod ...)
+ TODO: check
+CVE-2020-12316 (Insufficiently protected credentials in the Intel(R) EMA
before versio ...)
+ TODO: check
+CVE-2020-12315 (Path traversal in the Intel(R) EMA before version 1.3.3 may
allow an u ...)
+ TODO: check
+CVE-2020-12314 (Improper input validation in some Intel(R) PROSet/Wireless
WiFi produc ...)
+ TODO: check
CVE-2020-12313
RESERVED
-CVE-2020-12312
- RESERVED
-CVE-2020-12311
- RESERVED
-CVE-2020-12310
- RESERVED
-CVE-2020-12309
- RESERVED
-CVE-2020-12308
- RESERVED
-CVE-2020-12307
- RESERVED
-CVE-2020-12306
- RESERVED
+CVE-2020-12312 (Improper buffer restrictions in the Intel(R) Stratix(R) 10
FPGA firmwa ...)
+ TODO: check
+CVE-2020-12311 (Insufficient control flow managementin firmware in some
Intel(R) Clien ...)
+ TODO: check
+CVE-2020-12310 (Insufficient control flow managementin firmware in some
Intel(R) Clien ...)
+ TODO: check
+CVE-2020-12309 (Insufficiently protected credentialsin subsystem in some
Intel(R) Clie ...)
+ TODO: check
+CVE-2020-12308 (Improper access control for the Intel(R) Computing Improvement
Program ...)
+ TODO: check
+CVE-2020-12307 (Improper permissions in some Intel(R) High Definition Audio
drivers be ...)
+ TODO: check
+CVE-2020-12306 (Incorrect default permissions in the Intel(R) RealSense(TM)
D400 Serie ...)
+ TODO: check
CVE-2020-12305
RESERVED
-CVE-2020-12304
- RESERVED
-CVE-2020-12303
- RESERVED
+CVE-2020-12304 (Improper access control in Installer for Intel(R) DAL SDK
before versi ...)
+ TODO: check
+CVE-2020-12303 (Use after free in DAL subsystem for Intel(R) CSME versions
before 11.8 ...)
+ TODO: check
CVE-2020-12302 (Improper permissions in the Intel(R) Driver & Support
Assistant be ...)
NOT-FOR-US: Intel
CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server
Board Fam ...)
@@ -37925,8 +37924,8 @@ CVE-2020-12299 (Improper input validation in BIOS
firmware for Intel(R) Server B
NOT-FOR-US: Intel
CVE-2020-12298
RESERVED
-CVE-2020-12297
- RESERVED
+CVE-2020-12297 (Improper access control in Installer for Intel(R) CSME Driver
for Wind ...)
+ TODO: check
CVE-2020-12296
RESERVED
CVE-2020-12295
@@ -41795,25 +41794,24 @@ CVE-2020-11211
RESERVED
CVE-2020-11210
RESERVED
-CVE-2020-11209
- RESERVED
-CVE-2020-11208
- RESERVED
-CVE-2020-11207
- RESERVED
-CVE-2020-11206
- RESERVED
-CVE-2020-11205
- RESERVED
+CVE-2020-11209 (u'Improper authorization in DSP process could allow
unauthorized users ...)
+ TODO: check
+CVE-2020-11208 (u'Out of Bound issue in DSP services while processing received
argumen ...)
+ TODO: check
+CVE-2020-11207 (u'Buffer overflow in LibFastCV library due to improper size
checks wit ...)
+ TODO: check
+CVE-2020-11206 (u'Possible buffer overflow in Fastrpc while handling received
paramete ...)
+ TODO: check
+CVE-2020-11205 (u'Possible integer overflow to heap overflow while processing
command ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11204
RESERVED
CVE-2020-11203
RESERVED
-CVE-2020-11202
- RESERVED
-CVE-2020-11201
- RESERVED
+CVE-2020-11202 (u'Buffer overflow/underflow occurs when typecasting the buffer
passed ...)
+ TODO: check
+CVE-2020-11201 (u'Arbitrary access to DSP memory due to improper check in
loaded libra ...)
+ TODO: check
CVE-2020-11200
RESERVED
CVE-2020-11199
@@ -41822,15 +41820,13 @@ CVE-2020-11198
RESERVED
CVE-2020-11197
RESERVED
-CVE-2020-11196
- RESERVED
+CVE-2020-11196 (u'Integer overflow to buffer overflow occurs while playback of
ASF cli ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11195
RESERVED
CVE-2020-11194
RESERVED
-CVE-2020-11193
- RESERVED
+CVE-2020-11193 (u'Buffer over read can happen while parsing mkv clip due to
improper t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11192
RESERVED
@@ -41848,8 +41844,7 @@ CVE-2020-11186
RESERVED
CVE-2020-11185
RESERVED
-CVE-2020-11184
- RESERVED
+CVE-2020-11184 (u'Possible buffer overflow will occur in video while parsing
mp4 clip ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11183
RESERVED
@@ -41867,8 +41862,7 @@ CVE-2020-11177
RESERVED
CVE-2020-11176
RESERVED
-CVE-2020-11175
- RESERVED
+CVE-2020-11175 (u'Use after free issue in Bluetooth transport driver when a
method in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11174 (u'Array index underflow issue in adsp driver due to improper
check of ...)
NOT-FOR-US: Qualcomm components for Android
@@ -41882,8 +41876,7 @@ CVE-2020-11170
RESERVED
CVE-2020-11169 (u'Buffer over-read while processing received L2CAP packet due
to lack ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11168
- RESERVED
+CVE-2020-11168 (u'Null-pointer dereference can occur while accessing data
buffer beyon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11167
RESERVED
@@ -41955,21 +41948,17 @@ CVE-2020-11134
RESERVED
CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due
to lack o ...)
NOT-FOR-US: Snapdragon
-CVE-2020-11132
- RESERVED
+CVE-2020-11132 (u'Buffer over read in boot due to size check ignored before
copying GU ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11131
- RESERVED
+CVE-2020-11131 (u'Possible buffer overflow in WMA message processing due to
integer ov ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11130
- RESERVED
+CVE-2020-11130 (u'Possible buffer overflow in WIFI hal process due to copying
data wit ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11129 (u'During the error occurrence in capture request, the buffer
is freed ...)
NOT-FOR-US: Snapdragon
CVE-2020-11128 (u'Possible out of bound access while copying the mask file
content int ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11127
- RESERVED
+CVE-2020-11127 (u'Integer overflow can cause a buffer overflow due to lack of
table le ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11126
RESERVED
@@ -41977,13 +41966,11 @@ CVE-2020-11125 (u'Out of bound access can happen in
MHI command process due to l
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11124 (u'Possible use-after-free while accessing diag client map
table since ...)
NOT-FOR-US: Snapdragon
-CVE-2020-11123
- RESERVED
+CVE-2020-11123 (u'information disclosure in gatekeeper trustzone
implementation as the ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11122 (u'Null Pointer exception while playing crafted mkv file as
data stream ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11121
- RESERVED
+CVE-2020-11121 (u'Possible buffer overflow in WIFI hal process due to usage of
memcpy ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11120 (u'Calling thread may free the data buffer pointer that was
passed to t ...)
NOT-FOR-US: Qualcomm components for Android
@@ -47456,8 +47443,8 @@ CVE-2020-9130
RESERVED
CVE-2020-9129
RESERVED
-CVE-2020-9128
- RESERVED
+CVE-2020-9128 (FusionCompute versions 8.0.0 have an insecure encryption
algorithm vul ...)
+ TODO: check
CVE-2020-9127
RESERVED
CVE-2020-9126
@@ -48347,68 +48334,68 @@ CVE-2020-8769
RESERVED
CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller
ILC 20 ...)
NOT-FOR-US: PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L)
-CVE-2020-8767
- RESERVED
-CVE-2020-8766
- RESERVED
+CVE-2020-8767 (Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R)
Quartus ...)
+ TODO: check
+CVE-2020-8766 (Improper conditions check in the Intel(R) SGX DCAP software
before ver ...)
+ TODO: check
CVE-2020-8765
RESERVED
-CVE-2020-8764
- RESERVED
+CVE-2020-8764 (Improper access control in BIOS firmware for some Intel(R)
Processors ...)
+ TODO: check
CVE-2020-8763 (Improper permissions in the installer for the Intel(R)
RealSense(TM) D ...)
NOT-FOR-US: Intel
CVE-2020-8762
RESERVED
-CVE-2020-8761
- RESERVED
-CVE-2020-8760
- RESERVED
+CVE-2020-8761 (Inadequate encryption strength in subsystem for Intel(R) CSME
versions ...)
+ TODO: check
+CVE-2020-8760 (Integer overflow in subsystem for Intel(R) AMT versions before
11.8.80 ...)
+ TODO: check
CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT
versions ...)
NOT-FOR-US: Intel
CVE-2020-8758 (Improper buffer restrictions in network subsystem in
provisioned Intel ...)
NOT-FOR-US: Intel
-CVE-2020-8757
- RESERVED
-CVE-2020-8756
- RESERVED
-CVE-2020-8755
- RESERVED
-CVE-2020-8754
- RESERVED
-CVE-2020-8753
- RESERVED
-CVE-2020-8752
- RESERVED
-CVE-2020-8751
- RESERVED
-CVE-2020-8750
- RESERVED
-CVE-2020-8749
- RESERVED
+CVE-2020-8757 (Out-of-bounds read in subsystem for Intel(R) AMT versions
before 11.8. ...)
+ TODO: check
+CVE-2020-8756 (Improper input validation in subsystem for Intel(R) CSME
versions befo ...)
+ TODO: check
+CVE-2020-8755 (Race condition in subsystem for Intel(R) CSME versions before
12.0.70 ...)
+ TODO: check
+CVE-2020-8754 (Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM
version ...)
+ TODO: check
+CVE-2020-8753 (Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R)
ISM ve ...)
+ TODO: check
+CVE-2020-8752 (Out-of-bounds write in IPv6 subsystem for Intel(R) AMT,
Intel(R) ISM v ...)
+ TODO: check
+CVE-2020-8751 (Insufficient control flow management in subsystem for Intel(R)
CSME ve ...)
+ TODO: check
+CVE-2020-8750 (Use after free in Kernel Mode Driver for Intel(R) TXE versions
before ...)
+ TODO: check
+CVE-2020-8749 (Out-of-bounds read in subsystem for Intel(R) AMT versions
before 11.8. ...)
+ TODO: check
CVE-2020-8748
RESERVED
-CVE-2020-8747
- RESERVED
-CVE-2020-8746
- RESERVED
-CVE-2020-8745
- RESERVED
-CVE-2020-8744
- RESERVED
+CVE-2020-8747 (Out-of-bounds read in subsystem for Intel(R) AMT versions
before 11.8. ...)
+ TODO: check
+CVE-2020-8746 (Integer overflow in subsystem for Intel(R) AMT versions before
11.8.80 ...)
+ TODO: check
+CVE-2020-8745 (Insufficient control flow management in subsystem for Intel(R)
CSME ve ...)
+ TODO: check
+CVE-2020-8744 (Improper initialization in subsystem for Intel(R) CSME versions
before ...)
+ TODO: check
CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox
Interfa ...)
NOT-FOR-US: Intel
CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may
allow ...)
NOT-FOR-US: Intel
CVE-2020-8741
RESERVED
-CVE-2020-8740
- RESERVED
-CVE-2020-8739
- RESERVED
-CVE-2020-8738
- RESERVED
-CVE-2020-8737
- RESERVED
+CVE-2020-8740 (Out of bounds write in Intel BIOS platform sample code for some
Intel( ...)
+ TODO: check
+CVE-2020-8739 (Use of potentially dangerous function in Intel BIOS platform
sample co ...)
+ TODO: check
+CVE-2020-8738 (Improper conditions check in Intel BIOS platform sample code
for some ...)
+ TODO: check
+CVE-2020-8737 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA
firmwa ...)
+ TODO: check
CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing
Improv ...)
NOT-FOR-US: Intel
CVE-2020-8735
@@ -48472,8 +48459,8 @@ CVE-2020-8707 (Buffer overflow in daemon for some
Intel(R) Server Boards, Server
NOT-FOR-US: Intel
CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards,
Server Sy ...)
NOT-FOR-US: Intel
-CVE-2020-8705
- RESERVED
+CVE-2020-8705 (Insecure default initialization of resource in Intel(R) Boot
Guard in ...)
+ TODO: check
CVE-2020-8704
RESERVED
CVE-2020-8703
@@ -48486,33 +48473,29 @@ CVE-2020-8700
RESERVED
CVE-2020-8699
RESERVED
-CVE-2020-8698
- RESERVED
+CVE-2020-8698 (Improper isolation of shared resources in some Intel(R)
Processors may ...)
- intel-microcode <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
CVE-2020-8697
RESERVED
-CVE-2020-8696
- RESERVED
+CVE-2020-8696 (Improper removal of sensitive information before storage or
transfer i ...)
- intel-microcode <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
-CVE-2020-8695
- RESERVED
+CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R)
Process ...)
- intel-microcode <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
-CVE-2020-8694
- RESERVED
+CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some
Intel( ...)
- linux <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
NOTE:
https://git.kernel.org/linus/949dd0104c496fa7c14991a23c03c62e44637e71
-CVE-2020-8693
- RESERVED
-CVE-2020-8692
- RESERVED
-CVE-2020-8691
- RESERVED
-CVE-2020-8690
- RESERVED
+CVE-2020-8693 (Improper buffer restrictions in the firmware of the Intel(R)
Ethernet ...)
+ TODO: check
+CVE-2020-8692 (Insufficient access control in the firmware of the Intel(R)
Ethernet 7 ...)
+ TODO: check
+CVE-2020-8691 (A logic issue in the firmware of the Intel(R) Ethernet 700
Series Cont ...)
+ TODO: check
+CVE-2020-8690 (Protection mechanism failure in Intel(R) Ethernet 700 Series
Controlle ...)
+ TODO: check
CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open
Source ...)
- iwd 1.5-1
[buster] - iwd <no-dsa> (Minor issue)
@@ -48539,10 +48522,10 @@ CVE-2020-8679 (Out-of-bounds write in Kernel Mode
Driver for some Intel(R) Graph
NOT-FOR-US: Intel
CVE-2020-8678
RESERVED
-CVE-2020-8677
- RESERVED
-CVE-2020-8676
- RESERVED
+CVE-2020-8677 (Improper access control in the Intel(R) Visual Compute
Accelerator 2, ...)
+ TODO: check
+CVE-2020-8676 (Improper access control in the Intel(R) Visual Compute
Accelerator 2, ...)
+ TODO: check
CVE-2020-8675 (Insufficient control flow management in firmware build and
signing too ...)
NOT-FOR-US: Intel
CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and
Intel(R)ISM ...)
@@ -48555,8 +48538,8 @@ CVE-2020-8671 (Insufficient control flow management in
BIOS firmware 8th, 9th Ge
NOT-FOR-US: Intel
CVE-2020-8670
RESERVED
-CVE-2020-8669
- RESERVED
+CVE-2020-8669 (Improper input validation in the Intel(R) Data Center Manager
Console ...)
+ TODO: check
CVE-2020-8668
RESERVED
CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential
session IDs, w ...)
@@ -50909,10 +50892,10 @@ CVE-2020-7772
RESERVED
CVE-2020-7771
RESERVED
-CVE-2020-7770
- RESERVED
-CVE-2020-7769
- RESERVED
+CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds
in the ...)
+ TODO: check
+CVE-2020-7769 (This affects the package nodemailer before 6.4.16. Use of
crafted reci ...)
+ TODO: check
CVE-2020-7768 (The package grpc before 1.24.4; the package @grpc/grpc-js
before 1.1.8 ...)
TODO: check
CVE-2020-7767 (All versions of package express-validators are vulnerable to
Regular E ...)
@@ -51569,8 +51552,8 @@ CVE-2020-7474 (A CWE-427: Uncontrolled Search Path
Element vulnerability exists
NOT-FOR-US: ProSoft Configurator
CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile
StorageZones ( ...)
NOT-FOR-US: Citrix
-CVE-2020-7472
- RESERVED
+CVE-2020-7472 (An authorization bypass and PHP local-file-include
vulnerability in th ...)
+ TODO: check
CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was
discovered in Su ...)
NOT-FOR-US: Subrion CMS
CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1
/panel/configurat ...)
@@ -51874,12 +51857,12 @@ CVE-2020-7335
RESERVED
CVE-2020-7334 (Improper privilege assignment vulnerability in the installer
McAfee Ap ...)
NOT-FOR-US: McAfee
-CVE-2020-7333
- RESERVED
-CVE-2020-7332
- RESERVED
-CVE-2020-7331
- RESERVED
+CVE-2020-7333 (Cross site scripting vulnerability in the firewall ePO
extension of Mc ...)
+ TODO: check
+CVE-2020-7332 (Cross Site Request Forgery vulnerability in the firewall ePO
extension ...)
+ TODO: check
+CVE-2020-7331 (Unquoted service executable path in McAfee Endpoint Security
(ENS) pri ...)
+ TODO: check
CVE-2020-7330 (Privilege Escalation vulnerability in McAfee Total Protection
(MTP) tr ...)
NOT-FOR-US: McAfee
CVE-2020-7329 (Server-side request forgery vulnerability in the ePO extension
in McAf ...)
@@ -61789,8 +61772,7 @@ CVE-2020-3641 (Integer overflow may occur if atom size
is less than atom offset
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3640 (u'Resizing the usage table header before passing all the checks
leads ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3639
- RESERVED
+CVE-2020-3639 (u'When a non standard SIP sigcomp message is received from the
network ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3638 (u'An Unaligned address or size can propagate to the database
due to im ...)
NOT-FOR-US: Qualcomm components for Android
@@ -61804,8 +61786,7 @@ CVE-2020-3634 (u'Multiple Read overflows issue due to
improper length check whil
NOT-FOR-US: Snapdragon
CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check
is the ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3632
- RESERVED
+CVE-2020-3632 (u'Incorrect validation of ring context fetched from host memory
can le ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3631
RESERVED
@@ -71961,26 +71942,26 @@ CVE-2020-0595 (Use after free in IPv6 subsystem in
Intel(R) AMT and Intel(R) ISM
NOT-FOR-US: Intel
CVE-2020-0594 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and
Intel(R) ISM ...)
NOT-FOR-US: Intel
-CVE-2020-0593
- RESERVED
-CVE-2020-0592
- RESERVED
-CVE-2020-0591
- RESERVED
-CVE-2020-0590
- RESERVED
+CVE-2020-0593 (Improper buffer restrictions in BIOS firmware for some Intel(R)
Proces ...)
+ TODO: check
+CVE-2020-0592 (Out of bounds write in BIOS firmware for some Intel(R)
Processors may ...)
+ TODO: check
+CVE-2020-0591 (Improper buffer restrictions in BIOS firmware for some Intel(R)
Proces ...)
+ TODO: check
+CVE-2020-0590 (Improper input validation in BIOS firmware for some Intel(R)
Processor ...)
+ TODO: check
CVE-2020-0589
RESERVED
-CVE-2020-0588
- RESERVED
-CVE-2020-0587
- RESERVED
+CVE-2020-0588 (Improper conditions check in BIOS firmware for some Intel(R)
Processor ...)
+ TODO: check
+CVE-2020-0587 (Improper conditions check in BIOS firmware for some Intel(R)
Processor ...)
+ TODO: check
CVE-2020-0586 (Improper initialization in subsystem for Intel(R) SPS versions
before ...)
NOT-FOR-US: Intel
CVE-2020-0585
RESERVED
-CVE-2020-0584
- RESERVED
+CVE-2020-0584 (Buffer overflow in firmware for Intel(R) SSD DC P4800X and
P4801X Seri ...)
+ TODO: check
CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart
Sound Tech ...)
NOT-FOR-US: Intel
CVE-2020-0582
@@ -71997,14 +71978,14 @@ CVE-2020-0577 (Insufficient control flow for Intel(R)
Modular Server MFS2600KISP
NOT-FOR-US: Intel
CVE-2020-0576 (Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute
Module ...)
NOT-FOR-US: Intel
-CVE-2020-0575
- RESERVED
+CVE-2020-0575 (Improper buffer restrictions in the Intel(R) Unite Client for
Windows* ...)
+ TODO: check
CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10
FPGA all ...)
NOT-FOR-US: Intel
-CVE-2020-0573
- RESERVED
-CVE-2020-0572
- RESERVED
+CVE-2020-0573 (Out of bounds read in the Intel CSI2 Host Controller driver may
allow ...)
+ TODO: check
+CVE-2020-0572 (Improper input validation in the firmware for Intel(R) Server
Board S2 ...)
+ TODO: check
CVE-2020-0571 (Improper conditions check in BIOS firmware for 8th Generation
Intel(R) ...)
NOT-FOR-US: Intel
CVE-2020-0570 (Uncontrolled search path in the QT Library before 5.14.0,
5.12.7 and 5 ...)
@@ -75567,8 +75548,7 @@ CVE-2019-17568
REJECTED
CVE-2019-17567
RESERVED
-CVE-2019-17566 [SSRF vulnerability]
- RESERVED
+CVE-2019-17566 (Apache Batik is vulnerable to server-side request forgery,
caused by i ...)
- batik 1.12-1.1 (bug #964510)
[buster] - batik 1.10-2+deb10u1
[stretch] - batik 1.8-4+deb9u2
@@ -96056,8 +96036,8 @@ CVE-2019-11123 (Insufficient session validation in
system firmware for Intel(R)
NOT-FOR-US: Intel
CVE-2019-11122
RESERVED
-CVE-2019-11121
- RESERVED
+CVE-2019-11121 (Improper file permissions in the installer for the Intel(R)
Media SDK ...)
+ TODO: check
CVE-2019-11120 (Insufficient path checking in the installer for Intel(R)
Active System ...)
NOT-FOR-US: Intel
CVE-2019-11119 (Insufficient session validation in the service API for
Intel(R) RWC3 v ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4998679a97a0875847a9d5fcaadd8a53178765f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4998679a97a0875847a9d5fcaadd8a53178765f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
