Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a4998679 by security tracker role at 2020-11-12T20:10:31+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,8 +1,10 @@ CVE-2020-25710 [assertion failure in CSN normalization with invalid input] + RESERVED - openldap 2.4.56+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384 NOTE: https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2 (OPENLDAP_REL_ENG_2_4_56) CVE-2020-25709 [assertion failure in Certificate List syntax validation] + RESERVED - openldap 2.4.56+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383 NOTE: https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65 (OPENLDAP_REL_ENG_2_4_56) @@ -1804,12 +1806,12 @@ CVE-2020-28273 RESERVED CVE-2020-28272 RESERVED -CVE-2020-28271 - RESERVED -CVE-2020-28270 - RESERVED -CVE-2020-28269 - RESERVED +CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0 through ...) + TODO: check +CVE-2020-28270 (Overview:Prototype pollution vulnerability in ‘object-hierarchy- ...) + TODO: check +CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1 through 1. ...) + TODO: check CVE-2020-28268 RESERVED CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 ...) @@ -1858,8 +1860,8 @@ CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note NOT-FOR-US: Joplin CVE-2020-28248 RESERVED -CVE-2020-28247 - RESERVED +CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows arbitrary send ...) + TODO: check CVE-2020-28246 RESERVED CVE-2020-28245 @@ -4107,8 +4109,8 @@ CVE-2020-27483 RESERVED CVE-2020-27482 RESERVED -CVE-2020-27481 - RESERVED +CVE-2020-27481 (An unauthenticated SQL Injection vulnerability in Good Layers LMS Plug ...) + TODO: check CVE-2020-27480 RESERVED CVE-2020-27479 @@ -4297,10 +4299,10 @@ CVE-2020-27388 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist NOT-FOR-US: YOURLS Admin Panel CVE-2020-27387 (An unrestricted file upload issue in HorizontCMS through 1.0.0-beta al ...) NOT-FOR-US: HorizontCMS -CVE-2020-27386 - RESERVED -CVE-2020-27385 - RESERVED +CVE-2020-27386 (An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allow ...) + TODO: check +CVE-2020-27385 (Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) ...) + TODO: check CVE-2020-27384 RESERVED CVE-2020-27383 @@ -5507,12 +5509,12 @@ CVE-2020-26807 (SAP ERP Client for E-Bilanz, version - 1.0, installation sets In NOT-FOR-US: SAP CVE-2020-26806 RESERVED -CVE-2020-26805 - RESERVED -CVE-2020-26804 - RESERVED -CVE-2020-26803 - RESERVED +CVE-2020-26805 (In Sentrifugo 3.2, admin can edit employee's informations via this end ...) + TODO: check +CVE-2020-26804 (In Sentrifugo 3.2, users can share an announcement under "Organization ...) + TODO: check +CVE-2020-26803 (In Sentrifugo 3.2, users can upload an image under "Assets -> Add" ...) + TODO: check CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in ...) NOT-FOR-US: forma.lms CVE-2020-26801 @@ -7912,8 +7914,7 @@ CVE-2020-25707 [infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e RESERVED - qemu <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895 -CVE-2020-25706 [Improper escaping of error message leads to XSS during template import preview] - RESERVED +CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_import. ...) - cacti 1.2.14+ds1-1 [stretch] - cacti <no-dsa> (Minor issue) NOTE: https://github.com/Cacti/cacti/issues/3723 @@ -8046,8 +8047,7 @@ CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption] NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889988 NOTE: https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 (3.2) -CVE-2020-25658 [bleichenbacher timing oracle attack against RSA decryption] - RESERVED +CVE-2020-25658 (It was found that python-rsa is vulnerable to Bleichenbacher timing at ...) - python-rsa <unfixed> NOTE: https://github.com/sybrenstuvel/python-rsa/issues/165 CVE-2020-25657 @@ -10435,7 +10435,7 @@ CVE-2020-24611 RESERVED CVE-2020-24610 RESERVED -CVE-2020-24609 (TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5 has XSS which can r ...) +CVE-2020-24609 (TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has X ...) NOT-FOR-US: Savsoft Quiz 5 CVE-2020-24608 RESERVED @@ -10519,8 +10519,8 @@ CVE-2020-24575 RESERVED CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 ...) NOT-FOR-US: GOG Galaxy client -CVE-2020-24573 - RESERVED +CVE-2020-24573 (BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of ...) + TODO: check CVE-2020-24572 (An issue was discovered in includes/webconsole.php in RaspAP 2.5. With ...) NOT-FOR-US: RaspAP CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via ../ dir ...) @@ -10632,8 +10632,8 @@ CVE-2020-24527 RESERVED CVE-2020-24526 RESERVED -CVE-2020-24525 - RESERVED +CVE-2020-24525 (Insecure inherited permissions in firmware update tool for some Intel( ...) + TODO: check CVE-2020-24524 RESERVED CVE-2020-24523 @@ -10768,20 +10768,20 @@ CVE-2020-24462 RESERVED CVE-2020-24461 RESERVED -CVE-2020-24460 - RESERVED +CVE-2020-24460 (Incorrect default permissions in the Intel(R) DSA before version 20.8. ...) + TODO: check CVE-2020-24459 RESERVED CVE-2020-24458 RESERVED CVE-2020-24457 (Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) ...) NOT-FOR-US: Intel -CVE-2020-24456 - RESERVED +CVE-2020-24456 (Incorrect default permissions in the Intel(R) Board ID Tool version v. ...) + TODO: check CVE-2020-24455 RESERVED -CVE-2020-24454 - RESERVED +CVE-2020-24454 (Improper Restriction of XML External Entity Reference in subsystem for ...) + TODO: check CVE-2020-24453 RESERVED CVE-2020-24452 @@ -10802,12 +10802,12 @@ CVE-2020-24445 RESERVED CVE-2020-24444 RESERVED -CVE-2020-24443 - RESERVED -CVE-2020-24442 - RESERVED -CVE-2020-24441 - RESERVED +CVE-2020-24443 (Adobe Connect version 11.0 (and earlier) is affected by a reflected Cr ...) + TODO: check +CVE-2020-24442 (Adobe Connect version 11.0 (and earlier) is affected by a reflected Cr ...) + TODO: check +CVE-2020-24441 (Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not ...) + TODO: check CVE-2020-24440 RESERVED CVE-2020-24439 (Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 202 ...) @@ -27354,8 +27354,8 @@ CVE-2020-16275 (A cross-site scripting (XSS) vulnerability in the Credential Man NOT-FOR-US: SAINT Security Suite CVE-2020-16274 RESERVED -CVE-2020-16273 - RESERVED +CVE-2020-16273 (In Arm software implementing the Armv8-M processors (all versions), th ...) + TODO: check CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is mis ...) NOT-FOR-US: Kee Vault KeePassRPC CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...) @@ -27782,7 +27782,7 @@ CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the net NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8 CVE-2020-16091 - RESERVED + REJECTED CVE-2020-16090 RESERVED CVE-2020-16089 @@ -33606,8 +33606,7 @@ CVE-2020-13956 [incorrect handling of malformed authority component in request U NOTE: Fixed by: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e (4.5.13-RC1) CVE-2020-13955 (HttpUtils#getURLConnection method disables explicitly hostname verific ...) NOT-FOR-US: Apache Calcite -CVE-2020-13954 - RESERVED +CVE-2020-13954 (By default, Apache CXF creates a /services page containing a listing o ...) NOT-FOR-US: Apache CXF CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an att ...) NOT-FOR-US: Apache Tapestry @@ -34184,10 +34183,10 @@ CVE-2020-13773 RESERVED CVE-2020-13772 RESERVED -CVE-2020-13771 - RESERVED -CVE-2020-13770 - RESERVED +CVE-2020-13771 (Various components in Ivanti Endpoint Manager through 2020.1.1 rely on ...) + TODO: check +CVE-2020-13770 (Several services are accessing named pipes in Ivanti Endpoint Manager ...) + TODO: check CVE-2020-13769 RESERVED CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via ...) @@ -37797,14 +37796,14 @@ CVE-2020-12358 RESERVED CVE-2020-12357 RESERVED -CVE-2020-12356 - RESERVED -CVE-2020-12355 - RESERVED -CVE-2020-12354 - RESERVED -CVE-2020-12353 - RESERVED +CVE-2020-12356 (Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.8 ...) + TODO: check +CVE-2020-12355 (Authentication bypass by capture-replay in RPMB protocol message authe ...) + TODO: check +CVE-2020-12354 (Incorrect default permissions in Windows(R) installer in Intel(R) AMT ...) + TODO: check +CVE-2020-12353 (Improper permissions in the Intel(R) Data Center Manager Console befor ...) + TODO: check CVE-2020-12352 RESERVED {DSA-4774-1 DLA-2420-1 DLA-2417-1} @@ -37819,18 +37818,18 @@ CVE-2020-12351 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html NOTE: https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq NOTE: Fixed by: https://git.kernel.org/linus/f19425641cb2572a33cb074d5e30283720bd4d22 -CVE-2020-12350 - RESERVED -CVE-2020-12349 - RESERVED +CVE-2020-12350 (Improper access control in the Intel(R) XTU before version 6.5.1.360 m ...) + TODO: check +CVE-2020-12349 (Improper input validation in the Intel(R) Data Center Manager Console ...) + TODO: check CVE-2020-12348 RESERVED -CVE-2020-12347 - RESERVED -CVE-2020-12346 - RESERVED -CVE-2020-12345 - RESERVED +CVE-2020-12347 (Improper input validation in the Intel(R) Data Center Manager Console ...) + TODO: check +CVE-2020-12346 (Improper permissions in the installer for the Intel(R) Battery Life Di ...) + TODO: check +CVE-2020-12345 (Improper permissions in the installer for the Intel(R) Data Center Man ...) + TODO: check CVE-2020-12344 RESERVED CVE-2020-12343 @@ -37845,76 +37844,76 @@ CVE-2020-12339 RESERVED CVE-2020-12338 RESERVED -CVE-2020-12337 - RESERVED -CVE-2020-12336 - RESERVED -CVE-2020-12335 - RESERVED -CVE-2020-12334 - RESERVED -CVE-2020-12333 - RESERVED -CVE-2020-12332 - RESERVED -CVE-2020-12331 - RESERVED -CVE-2020-12330 - RESERVED -CVE-2020-12329 - RESERVED -CVE-2020-12328 - RESERVED -CVE-2020-12327 - RESERVED -CVE-2020-12326 - RESERVED -CVE-2020-12325 - RESERVED -CVE-2020-12324 - RESERVED -CVE-2020-12323 - RESERVED -CVE-2020-12322 - RESERVED -CVE-2020-12321 - RESERVED -CVE-2020-12320 - RESERVED -CVE-2020-12319 - RESERVED -CVE-2020-12318 - RESERVED -CVE-2020-12317 - RESERVED -CVE-2020-12316 - RESERVED -CVE-2020-12315 - RESERVED -CVE-2020-12314 - RESERVED +CVE-2020-12337 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...) + TODO: check +CVE-2020-12336 (Insecure default variable initialization in firmware for some Intel(R) ...) + TODO: check +CVE-2020-12335 (Improper permissions in the installer for the Intel(R) Processor Ident ...) + TODO: check +CVE-2020-12334 (Improper permissions in the installer for the Intel(R) Advisor tools b ...) + TODO: check +CVE-2020-12333 (Insufficiently protected credentials in the Intel(R) QAT for Linux bef ...) + TODO: check +CVE-2020-12332 (Improper permissions in the installer for the Intel(R) HID Event Filte ...) + TODO: check +CVE-2020-12331 (Improper access controls in Intel Unite(R) Cloud Service client before ...) + TODO: check +CVE-2020-12330 (Improper permissions in the installer for the Intel(R) Falcon 8+ UAS A ...) + TODO: check +CVE-2020-12329 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler before ver ...) + TODO: check +CVE-2020-12328 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...) + TODO: check +CVE-2020-12327 (Insecure default variable initialization in some Intel(R) Thunderbolt( ...) + TODO: check +CVE-2020-12326 (Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers f ...) + TODO: check +CVE-2020-12325 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...) + TODO: check +CVE-2020-12324 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...) + TODO: check +CVE-2020-12323 (Improper input validation in the Intel(R) ADAS IE before version ADAS_ ...) + TODO: check +CVE-2020-12322 (Improper input validation in some Intel(R) Wireless Bluetooth(R) produ ...) + TODO: check +CVE-2020-12321 (Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) pro ...) + TODO: check +CVE-2020-12320 (Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM be ...) + TODO: check +CVE-2020-12319 (Insufficient control flow management in some Intel(R) PROSet/Wireless ...) + TODO: check +CVE-2020-12318 (Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi pro ...) + TODO: check +CVE-2020-12317 (Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi prod ...) + TODO: check +CVE-2020-12316 (Insufficiently protected credentials in the Intel(R) EMA before versio ...) + TODO: check +CVE-2020-12315 (Path traversal in the Intel(R) EMA before version 1.3.3 may allow an u ...) + TODO: check +CVE-2020-12314 (Improper input validation in some Intel(R) PROSet/Wireless WiFi produc ...) + TODO: check CVE-2020-12313 RESERVED -CVE-2020-12312 - RESERVED -CVE-2020-12311 - RESERVED -CVE-2020-12310 - RESERVED -CVE-2020-12309 - RESERVED -CVE-2020-12308 - RESERVED -CVE-2020-12307 - RESERVED -CVE-2020-12306 - RESERVED +CVE-2020-12312 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...) + TODO: check +CVE-2020-12311 (Insufficient control flow managementin firmware in some Intel(R) Clien ...) + TODO: check +CVE-2020-12310 (Insufficient control flow managementin firmware in some Intel(R) Clien ...) + TODO: check +CVE-2020-12309 (Insufficiently protected credentialsin subsystem in some Intel(R) Clie ...) + TODO: check +CVE-2020-12308 (Improper access control for the Intel(R) Computing Improvement Program ...) + TODO: check +CVE-2020-12307 (Improper permissions in some Intel(R) High Definition Audio drivers be ...) + TODO: check +CVE-2020-12306 (Incorrect default permissions in the Intel(R) RealSense(TM) D400 Serie ...) + TODO: check CVE-2020-12305 RESERVED -CVE-2020-12304 - RESERVED -CVE-2020-12303 - RESERVED +CVE-2020-12304 (Improper access control in Installer for Intel(R) DAL SDK before versi ...) + TODO: check +CVE-2020-12303 (Use after free in DAL subsystem for Intel(R) CSME versions before 11.8 ...) + TODO: check CVE-2020-12302 (Improper permissions in the Intel(R) Driver & Support Assistant be ...) NOT-FOR-US: Intel CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...) @@ -37925,8 +37924,8 @@ CVE-2020-12299 (Improper input validation in BIOS firmware for Intel(R) Server B NOT-FOR-US: Intel CVE-2020-12298 RESERVED -CVE-2020-12297 - RESERVED +CVE-2020-12297 (Improper access control in Installer for Intel(R) CSME Driver for Wind ...) + TODO: check CVE-2020-12296 RESERVED CVE-2020-12295 @@ -41795,25 +41794,24 @@ CVE-2020-11211 RESERVED CVE-2020-11210 RESERVED -CVE-2020-11209 - RESERVED -CVE-2020-11208 - RESERVED -CVE-2020-11207 - RESERVED -CVE-2020-11206 - RESERVED -CVE-2020-11205 - RESERVED +CVE-2020-11209 (u'Improper authorization in DSP process could allow unauthorized users ...) + TODO: check +CVE-2020-11208 (u'Out of Bound issue in DSP services while processing received argumen ...) + TODO: check +CVE-2020-11207 (u'Buffer overflow in LibFastCV library due to improper size checks wit ...) + TODO: check +CVE-2020-11206 (u'Possible buffer overflow in Fastrpc while handling received paramete ...) + TODO: check +CVE-2020-11205 (u'Possible integer overflow to heap overflow while processing command ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11204 RESERVED CVE-2020-11203 RESERVED -CVE-2020-11202 - RESERVED -CVE-2020-11201 - RESERVED +CVE-2020-11202 (u'Buffer overflow/underflow occurs when typecasting the buffer passed ...) + TODO: check +CVE-2020-11201 (u'Arbitrary access to DSP memory due to improper check in loaded libra ...) + TODO: check CVE-2020-11200 RESERVED CVE-2020-11199 @@ -41822,15 +41820,13 @@ CVE-2020-11198 RESERVED CVE-2020-11197 RESERVED -CVE-2020-11196 - RESERVED +CVE-2020-11196 (u'Integer overflow to buffer overflow occurs while playback of ASF cli ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11195 RESERVED CVE-2020-11194 RESERVED -CVE-2020-11193 - RESERVED +CVE-2020-11193 (u'Buffer over read can happen while parsing mkv clip due to improper t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11192 RESERVED @@ -41848,8 +41844,7 @@ CVE-2020-11186 RESERVED CVE-2020-11185 RESERVED -CVE-2020-11184 - RESERVED +CVE-2020-11184 (u'Possible buffer overflow will occur in video while parsing mp4 clip ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11183 RESERVED @@ -41867,8 +41862,7 @@ CVE-2020-11177 RESERVED CVE-2020-11176 RESERVED -CVE-2020-11175 - RESERVED +CVE-2020-11175 (u'Use after free issue in Bluetooth transport driver when a method in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11174 (u'Array index underflow issue in adsp driver due to improper check of ...) NOT-FOR-US: Qualcomm components for Android @@ -41882,8 +41876,7 @@ CVE-2020-11170 RESERVED CVE-2020-11169 (u'Buffer over-read while processing received L2CAP packet due to lack ...) NOT-FOR-US: Qualcomm components for Android -CVE-2020-11168 - RESERVED +CVE-2020-11168 (u'Null-pointer dereference can occur while accessing data buffer beyon ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11167 RESERVED @@ -41955,21 +41948,17 @@ CVE-2020-11134 RESERVED CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due to lack o ...) NOT-FOR-US: Snapdragon -CVE-2020-11132 - RESERVED +CVE-2020-11132 (u'Buffer over read in boot due to size check ignored before copying GU ...) NOT-FOR-US: Qualcomm components for Android -CVE-2020-11131 - RESERVED +CVE-2020-11131 (u'Possible buffer overflow in WMA message processing due to integer ov ...) NOT-FOR-US: Qualcomm components for Android -CVE-2020-11130 - RESERVED +CVE-2020-11130 (u'Possible buffer overflow in WIFI hal process due to copying data wit ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11129 (u'During the error occurrence in capture request, the buffer is freed ...) NOT-FOR-US: Snapdragon CVE-2020-11128 (u'Possible out of bound access while copying the mask file content int ...) NOT-FOR-US: Qualcomm components for Android -CVE-2020-11127 - RESERVED +CVE-2020-11127 (u'Integer overflow can cause a buffer overflow due to lack of table le ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11126 RESERVED @@ -41977,13 +41966,11 @@ CVE-2020-11125 (u'Out of bound access can happen in MHI command process due to l NOT-FOR-US: Qualcomm components for Android CVE-2020-11124 (u'Possible use-after-free while accessing diag client map table since ...) NOT-FOR-US: Snapdragon -CVE-2020-11123 - RESERVED +CVE-2020-11123 (u'information disclosure in gatekeeper trustzone implementation as the ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11122 (u'Null Pointer exception while playing crafted mkv file as data stream ...) NOT-FOR-US: Qualcomm components for Android -CVE-2020-11121 - RESERVED +CVE-2020-11121 (u'Possible buffer overflow in WIFI hal process due to usage of memcpy ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11120 (u'Calling thread may free the data buffer pointer that was passed to t ...) NOT-FOR-US: Qualcomm components for Android @@ -47456,8 +47443,8 @@ CVE-2020-9130 RESERVED CVE-2020-9129 RESERVED -CVE-2020-9128 - RESERVED +CVE-2020-9128 (FusionCompute versions 8.0.0 have an insecure encryption algorithm vul ...) + TODO: check CVE-2020-9127 RESERVED CVE-2020-9126 @@ -48347,68 +48334,68 @@ CVE-2020-8769 RESERVED CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...) NOT-FOR-US: PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L) -CVE-2020-8767 - RESERVED -CVE-2020-8766 - RESERVED +CVE-2020-8767 (Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus ...) + TODO: check +CVE-2020-8766 (Improper conditions check in the Intel(R) SGX DCAP software before ver ...) + TODO: check CVE-2020-8765 RESERVED -CVE-2020-8764 - RESERVED +CVE-2020-8764 (Improper access control in BIOS firmware for some Intel(R) Processors ...) + TODO: check CVE-2020-8763 (Improper permissions in the installer for the Intel(R) RealSense(TM) D ...) NOT-FOR-US: Intel CVE-2020-8762 RESERVED -CVE-2020-8761 - RESERVED -CVE-2020-8760 - RESERVED +CVE-2020-8761 (Inadequate encryption strength in subsystem for Intel(R) CSME versions ...) + TODO: check +CVE-2020-8760 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...) + TODO: check CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT versions ...) NOT-FOR-US: Intel CVE-2020-8758 (Improper buffer restrictions in network subsystem in provisioned Intel ...) NOT-FOR-US: Intel -CVE-2020-8757 - RESERVED -CVE-2020-8756 - RESERVED -CVE-2020-8755 - RESERVED -CVE-2020-8754 - RESERVED -CVE-2020-8753 - RESERVED -CVE-2020-8752 - RESERVED -CVE-2020-8751 - RESERVED -CVE-2020-8750 - RESERVED -CVE-2020-8749 - RESERVED +CVE-2020-8757 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) + TODO: check +CVE-2020-8756 (Improper input validation in subsystem for Intel(R) CSME versions befo ...) + TODO: check +CVE-2020-8755 (Race condition in subsystem for Intel(R) CSME versions before 12.0.70 ...) + TODO: check +CVE-2020-8754 (Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM version ...) + TODO: check +CVE-2020-8753 (Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM ve ...) + TODO: check +CVE-2020-8752 (Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM v ...) + TODO: check +CVE-2020-8751 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...) + TODO: check +CVE-2020-8750 (Use after free in Kernel Mode Driver for Intel(R) TXE versions before ...) + TODO: check +CVE-2020-8749 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) + TODO: check CVE-2020-8748 RESERVED -CVE-2020-8747 - RESERVED -CVE-2020-8746 - RESERVED -CVE-2020-8745 - RESERVED -CVE-2020-8744 - RESERVED +CVE-2020-8747 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) + TODO: check +CVE-2020-8746 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...) + TODO: check +CVE-2020-8745 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...) + TODO: check +CVE-2020-8744 (Improper initialization in subsystem for Intel(R) CSME versions before ...) + TODO: check CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox Interfa ...) NOT-FOR-US: Intel CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may allow ...) NOT-FOR-US: Intel CVE-2020-8741 RESERVED -CVE-2020-8740 - RESERVED -CVE-2020-8739 - RESERVED -CVE-2020-8738 - RESERVED -CVE-2020-8737 - RESERVED +CVE-2020-8740 (Out of bounds write in Intel BIOS platform sample code for some Intel( ...) + TODO: check +CVE-2020-8739 (Use of potentially dangerous function in Intel BIOS platform sample co ...) + TODO: check +CVE-2020-8738 (Improper conditions check in Intel BIOS platform sample code for some ...) + TODO: check +CVE-2020-8737 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...) + TODO: check CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing Improv ...) NOT-FOR-US: Intel CVE-2020-8735 @@ -48472,8 +48459,8 @@ CVE-2020-8707 (Buffer overflow in daemon for some Intel(R) Server Boards, Server NOT-FOR-US: Intel CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Server Sy ...) NOT-FOR-US: Intel -CVE-2020-8705 - RESERVED +CVE-2020-8705 (Insecure default initialization of resource in Intel(R) Boot Guard in ...) + TODO: check CVE-2020-8704 RESERVED CVE-2020-8703 @@ -48486,33 +48473,29 @@ CVE-2020-8700 RESERVED CVE-2020-8699 RESERVED -CVE-2020-8698 - RESERVED +CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...) - intel-microcode <unfixed> NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html CVE-2020-8697 RESERVED -CVE-2020-8696 - RESERVED +CVE-2020-8696 (Improper removal of sensitive information before storage or transfer i ...) - intel-microcode <unfixed> NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html -CVE-2020-8695 - RESERVED +CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Process ...) - intel-microcode <unfixed> NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html -CVE-2020-8694 - RESERVED +CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some Intel( ...) - linux <unfixed> NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html NOTE: https://git.kernel.org/linus/949dd0104c496fa7c14991a23c03c62e44637e71 -CVE-2020-8693 - RESERVED -CVE-2020-8692 - RESERVED -CVE-2020-8691 - RESERVED -CVE-2020-8690 - RESERVED +CVE-2020-8693 (Improper buffer restrictions in the firmware of the Intel(R) Ethernet ...) + TODO: check +CVE-2020-8692 (Insufficient access control in the firmware of the Intel(R) Ethernet 7 ...) + TODO: check +CVE-2020-8691 (A logic issue in the firmware of the Intel(R) Ethernet 700 Series Cont ...) + TODO: check +CVE-2020-8690 (Protection mechanism failure in Intel(R) Ethernet 700 Series Controlle ...) + TODO: check CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open Source ...) - iwd 1.5-1 [buster] - iwd <no-dsa> (Minor issue) @@ -48539,10 +48522,10 @@ CVE-2020-8679 (Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graph NOT-FOR-US: Intel CVE-2020-8678 RESERVED -CVE-2020-8677 - RESERVED -CVE-2020-8676 - RESERVED +CVE-2020-8677 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...) + TODO: check +CVE-2020-8676 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...) + TODO: check CVE-2020-8675 (Insufficient control flow management in firmware build and signing too ...) NOT-FOR-US: Intel CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM ...) @@ -48555,8 +48538,8 @@ CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Ge NOT-FOR-US: Intel CVE-2020-8670 RESERVED -CVE-2020-8669 - RESERVED +CVE-2020-8669 (Improper input validation in the Intel(R) Data Center Manager Console ...) + TODO: check CVE-2020-8668 RESERVED CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...) @@ -50909,10 +50892,10 @@ CVE-2020-7772 RESERVED CVE-2020-7771 RESERVED -CVE-2020-7770 - RESERVED -CVE-2020-7769 - RESERVED +CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds in the ...) + TODO: check +CVE-2020-7769 (This affects the package nodemailer before 6.4.16. Use of crafted reci ...) + TODO: check CVE-2020-7768 (The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 ...) TODO: check CVE-2020-7767 (All versions of package express-validators are vulnerable to Regular E ...) @@ -51569,8 +51552,8 @@ CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists NOT-FOR-US: ProSoft Configurator CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...) NOT-FOR-US: Citrix -CVE-2020-7472 - RESERVED +CVE-2020-7472 (An authorization bypass and PHP local-file-include vulnerability in th ...) + TODO: check CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Su ...) NOT-FOR-US: Subrion CMS CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configurat ...) @@ -51874,12 +51857,12 @@ CVE-2020-7335 RESERVED CVE-2020-7334 (Improper privilege assignment vulnerability in the installer McAfee Ap ...) NOT-FOR-US: McAfee -CVE-2020-7333 - RESERVED -CVE-2020-7332 - RESERVED -CVE-2020-7331 - RESERVED +CVE-2020-7333 (Cross site scripting vulnerability in the firewall ePO extension of Mc ...) + TODO: check +CVE-2020-7332 (Cross Site Request Forgery vulnerability in the firewall ePO extension ...) + TODO: check +CVE-2020-7331 (Unquoted service executable path in McAfee Endpoint Security (ENS) pri ...) + TODO: check CVE-2020-7330 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) tr ...) NOT-FOR-US: McAfee CVE-2020-7329 (Server-side request forgery vulnerability in the ePO extension in McAf ...) @@ -61789,8 +61772,7 @@ CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset NOT-FOR-US: Qualcomm components for Android CVE-2020-3640 (u'Resizing the usage table header before passing all the checks leads ...) NOT-FOR-US: Qualcomm components for Android -CVE-2020-3639 - RESERVED +CVE-2020-3639 (u'When a non standard SIP sigcomp message is received from the network ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3638 (u'An Unaligned address or size can propagate to the database due to im ...) NOT-FOR-US: Qualcomm components for Android @@ -61804,8 +61786,7 @@ CVE-2020-3634 (u'Multiple Read overflows issue due to improper length check whil NOT-FOR-US: Snapdragon CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...) NOT-FOR-US: Qualcomm components for Android -CVE-2020-3632 - RESERVED +CVE-2020-3632 (u'Incorrect validation of ring context fetched from host memory can le ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3631 RESERVED @@ -71961,26 +71942,26 @@ CVE-2020-0595 (Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM NOT-FOR-US: Intel CVE-2020-0594 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM ...) NOT-FOR-US: Intel -CVE-2020-0593 - RESERVED -CVE-2020-0592 - RESERVED -CVE-2020-0591 - RESERVED -CVE-2020-0590 - RESERVED +CVE-2020-0593 (Improper buffer restrictions in BIOS firmware for some Intel(R) Proces ...) + TODO: check +CVE-2020-0592 (Out of bounds write in BIOS firmware for some Intel(R) Processors may ...) + TODO: check +CVE-2020-0591 (Improper buffer restrictions in BIOS firmware for some Intel(R) Proces ...) + TODO: check +CVE-2020-0590 (Improper input validation in BIOS firmware for some Intel(R) Processor ...) + TODO: check CVE-2020-0589 RESERVED -CVE-2020-0588 - RESERVED -CVE-2020-0587 - RESERVED +CVE-2020-0588 (Improper conditions check in BIOS firmware for some Intel(R) Processor ...) + TODO: check +CVE-2020-0587 (Improper conditions check in BIOS firmware for some Intel(R) Processor ...) + TODO: check CVE-2020-0586 (Improper initialization in subsystem for Intel(R) SPS versions before ...) NOT-FOR-US: Intel CVE-2020-0585 RESERVED -CVE-2020-0584 - RESERVED +CVE-2020-0584 (Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Seri ...) + TODO: check CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart Sound Tech ...) NOT-FOR-US: Intel CVE-2020-0582 @@ -71997,14 +71978,14 @@ CVE-2020-0577 (Insufficient control flow for Intel(R) Modular Server MFS2600KISP NOT-FOR-US: Intel CVE-2020-0576 (Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module ...) NOT-FOR-US: Intel -CVE-2020-0575 - RESERVED +CVE-2020-0575 (Improper buffer restrictions in the Intel(R) Unite Client for Windows* ...) + TODO: check CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...) NOT-FOR-US: Intel -CVE-2020-0573 - RESERVED -CVE-2020-0572 - RESERVED +CVE-2020-0573 (Out of bounds read in the Intel CSI2 Host Controller driver may allow ...) + TODO: check +CVE-2020-0572 (Improper input validation in the firmware for Intel(R) Server Board S2 ...) + TODO: check CVE-2020-0571 (Improper conditions check in BIOS firmware for 8th Generation Intel(R) ...) NOT-FOR-US: Intel CVE-2020-0570 (Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5 ...) @@ -75567,8 +75548,7 @@ CVE-2019-17568 REJECTED CVE-2019-17567 RESERVED -CVE-2019-17566 [SSRF vulnerability] - RESERVED +CVE-2019-17566 (Apache Batik is vulnerable to server-side request forgery, caused by i ...) - batik 1.12-1.1 (bug #964510) [buster] - batik 1.10-2+deb10u1 [stretch] - batik 1.8-4+deb9u2 @@ -96056,8 +96036,8 @@ CVE-2019-11123 (Insufficient session validation in system firmware for Intel(R) NOT-FOR-US: Intel CVE-2019-11122 RESERVED -CVE-2019-11121 - RESERVED +CVE-2019-11121 (Improper file permissions in the installer for the Intel(R) Media SDK ...) + TODO: check CVE-2019-11120 (Insufficient path checking in the installer for Intel(R) Active System ...) NOT-FOR-US: Intel CVE-2019-11119 (Insufficient session validation in the service API for Intel(R) RWC3 v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4998679a97a0875847a9d5fcaadd8a53178765f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4998679a97a0875847a9d5fcaadd8a53178765f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits