[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 22 20:10:48 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d29dd4a5 by security tracker role at 2020-12-22T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,405 @@
+CVE-2021-21433
+ RESERVED
+CVE-2021-21432
+ RESERVED
+CVE-2021-21431
+ RESERVED
+CVE-2021-21430
+ RESERVED
+CVE-2021-21429
+ RESERVED
+CVE-2021-21428
+ RESERVED
+CVE-2021-21427
+ RESERVED
+CVE-2021-21426
+ RESERVED
+CVE-2021-21425
+ RESERVED
+CVE-2021-21424
+ RESERVED
+CVE-2021-21423
+ RESERVED
+CVE-2021-21422
+ RESERVED
+CVE-2021-21421
+ RESERVED
+CVE-2021-21420
+ RESERVED
+CVE-2021-21419
+ RESERVED
+CVE-2021-21418
+ RESERVED
+CVE-2021-21417
+ RESERVED
+CVE-2021-21416
+ RESERVED
+CVE-2021-21415
+ RESERVED
+CVE-2021-21414
+ RESERVED
+CVE-2021-21413
+ RESERVED
+CVE-2021-21412
+ RESERVED
+CVE-2021-21411
+ RESERVED
+CVE-2021-21410
+ RESERVED
+CVE-2021-21409
+ RESERVED
+CVE-2021-21408
+ RESERVED
+CVE-2021-21407
+ RESERVED
+CVE-2021-21406
+ RESERVED
+CVE-2021-21405
+ RESERVED
+CVE-2021-21404
+ RESERVED
+CVE-2021-21403
+ RESERVED
+CVE-2021-21402
+ RESERVED
+CVE-2021-21401
+ RESERVED
+CVE-2021-21400
+ RESERVED
+CVE-2021-21399
+ RESERVED
+CVE-2021-21398
+ RESERVED
+CVE-2021-21397
+ RESERVED
+CVE-2021-21396
+ RESERVED
+CVE-2021-21395
+ RESERVED
+CVE-2021-21394
+ RESERVED
+CVE-2021-21393
+ RESERVED
+CVE-2021-21392
+ RESERVED
+CVE-2021-21391
+ RESERVED
+CVE-2021-21390
+ RESERVED
+CVE-2021-21389
+ RESERVED
+CVE-2021-21388
+ RESERVED
+CVE-2021-21387
+ RESERVED
+CVE-2021-21386
+ RESERVED
+CVE-2021-21385
+ RESERVED
+CVE-2021-21384
+ RESERVED
+CVE-2021-21383
+ RESERVED
+CVE-2021-21382
+ RESERVED
+CVE-2021-21381
+ RESERVED
+CVE-2021-21380
+ RESERVED
+CVE-2021-21379
+ RESERVED
+CVE-2021-21378
+ RESERVED
+CVE-2021-21377
+ RESERVED
+CVE-2021-21376
+ RESERVED
+CVE-2021-21375
+ RESERVED
+CVE-2021-21374
+ RESERVED
+CVE-2021-21373
+ RESERVED
+CVE-2021-21372
+ RESERVED
+CVE-2021-21371
+ RESERVED
+CVE-2021-21370
+ RESERVED
+CVE-2021-21369
+ RESERVED
+CVE-2021-21368
+ RESERVED
+CVE-2021-21367
+ RESERVED
+CVE-2021-21366
+ RESERVED
+CVE-2021-21365
+ RESERVED
+CVE-2021-21364
+ RESERVED
+CVE-2021-21363
+ RESERVED
+CVE-2021-21362
+ RESERVED
+CVE-2021-21361
+ RESERVED
+CVE-2021-21360
+ RESERVED
+CVE-2021-21359
+ RESERVED
+CVE-2021-21358
+ RESERVED
+CVE-2021-21357
+ RESERVED
+CVE-2021-21356
+ RESERVED
+CVE-2021-21355
+ RESERVED
+CVE-2021-21354
+ RESERVED
+CVE-2021-21353
+ RESERVED
+CVE-2021-21352
+ RESERVED
+CVE-2021-21351
+ RESERVED
+CVE-2021-21350
+ RESERVED
+CVE-2021-21349
+ RESERVED
+CVE-2021-21348
+ RESERVED
+CVE-2021-21347
+ RESERVED
+CVE-2021-21346
+ RESERVED
+CVE-2021-21345
+ RESERVED
+CVE-2021-21344
+ RESERVED
+CVE-2021-21343
+ RESERVED
+CVE-2021-21342
+ RESERVED
+CVE-2021-21341
+ RESERVED
+CVE-2021-21340
+ RESERVED
+CVE-2021-21339
+ RESERVED
+CVE-2021-21338
+ RESERVED
+CVE-2021-21337
+ RESERVED
+CVE-2021-21336
+ RESERVED
+CVE-2021-21335
+ RESERVED
+CVE-2021-21334
+ RESERVED
+CVE-2021-21333
+ RESERVED
+CVE-2021-21332
+ RESERVED
+CVE-2021-21331
+ RESERVED
+CVE-2021-21330
+ RESERVED
+CVE-2021-21329
+ RESERVED
+CVE-2021-21328
+ RESERVED
+CVE-2021-21327
+ RESERVED
+CVE-2021-21326
+ RESERVED
+CVE-2021-21325
+ RESERVED
+CVE-2021-21324
+ RESERVED
+CVE-2021-21323
+ RESERVED
+CVE-2021-21322
+ RESERVED
+CVE-2021-21321
+ RESERVED
+CVE-2021-21320
+ RESERVED
+CVE-2021-21319
+ RESERVED
+CVE-2021-21318
+ RESERVED
+CVE-2021-21317
+ RESERVED
+CVE-2021-21316
+ RESERVED
+CVE-2021-21315
+ RESERVED
+CVE-2021-21314
+ RESERVED
+CVE-2021-21313
+ RESERVED
+CVE-2021-21312
+ RESERVED
+CVE-2021-21311
+ RESERVED
+CVE-2021-21310
+ RESERVED
+CVE-2021-21309
+ RESERVED
+CVE-2021-21308
+ RESERVED
+CVE-2021-21307
+ RESERVED
+CVE-2021-21306
+ RESERVED
+CVE-2021-21305
+ RESERVED
+CVE-2021-21304
+ RESERVED
+CVE-2021-21303
+ RESERVED
+CVE-2021-21302
+ RESERVED
+CVE-2021-21301
+ RESERVED
+CVE-2021-21300
+ RESERVED
+CVE-2021-21299
+ RESERVED
+CVE-2021-21298
+ RESERVED
+CVE-2021-21297
+ RESERVED
+CVE-2021-21296
+ RESERVED
+CVE-2021-21295
+ RESERVED
+CVE-2021-21294
+ RESERVED
+CVE-2021-21293
+ RESERVED
+CVE-2021-21292
+ RESERVED
+CVE-2021-21291
+ RESERVED
+CVE-2021-21290
+ RESERVED
+CVE-2021-21289
+ RESERVED
+CVE-2021-21288
+ RESERVED
+CVE-2021-21287
+ RESERVED
+CVE-2021-21286
+ RESERVED
+CVE-2021-21285
+ RESERVED
+CVE-2021-21284
+ RESERVED
+CVE-2021-21283
+ RESERVED
+CVE-2021-21282
+ RESERVED
+CVE-2021-21281
+ RESERVED
+CVE-2021-21280
+ RESERVED
+CVE-2021-21279
+ RESERVED
+CVE-2021-21278
+ RESERVED
+CVE-2021-21277
+ RESERVED
+CVE-2021-21276
+ RESERVED
+CVE-2021-21275
+ RESERVED
+CVE-2021-21274
+ RESERVED
+CVE-2021-21273
+ RESERVED
+CVE-2021-21272
+ RESERVED
+CVE-2021-21271
+ RESERVED
+CVE-2021-21270
+ RESERVED
+CVE-2021-21269
+ RESERVED
+CVE-2021-21268
+ RESERVED
+CVE-2021-21267
+ RESERVED
+CVE-2021-21266
+ RESERVED
+CVE-2021-21265
+ RESERVED
+CVE-2021-21264
+ RESERVED
+CVE-2021-21263
+ RESERVED
+CVE-2021-21262
+ RESERVED
+CVE-2021-21261
+ RESERVED
+CVE-2021-21260
+ RESERVED
+CVE-2021-21259
+ RESERVED
+CVE-2021-21258
+ RESERVED
+CVE-2021-21257
+ RESERVED
+CVE-2021-21256
+ RESERVED
+CVE-2021-21255
+ RESERVED
+CVE-2021-21254
+ RESERVED
+CVE-2021-21253
+ RESERVED
+CVE-2021-21252
+ RESERVED
+CVE-2021-21251
+ RESERVED
+CVE-2021-21250
+ RESERVED
+CVE-2021-21249
+ RESERVED
+CVE-2021-21248
+ RESERVED
+CVE-2021-21247
+ RESERVED
+CVE-2021-21246
+ RESERVED
+CVE-2021-21245
+ RESERVED
+CVE-2021-21244
+ RESERVED
+CVE-2021-21243
+ RESERVED
+CVE-2021-21242
+ RESERVED
+CVE-2021-21241
+ RESERVED
+CVE-2021-21240
+ RESERVED
+CVE-2021-21239
+ RESERVED
+CVE-2021-21238
+ RESERVED
+CVE-2021-21237
+ RESERVED
+CVE-2021-21236
+ RESERVED
+CVE-2021-21235
+ RESERVED
+CVE-2021-21234
+ RESERVED
+CVE-2020-35627
+ RESERVED
CVE-2021-21233
RESERVED
CVE-2021-21232
@@ -5308,7 +5710,8 @@ CVE-2020-29592
RESERVED
CVE-2020-29591 (Versions of the Official registry Docker images through 2.7.0 contain ...)
NOT-FOR-US: registry Docker image
-CVE-2020-29590 (Versions of the Official teamspeak Docker images through 3.6.0 contain ...)
+CVE-2020-29590
+ REJECTED
NOT-FOR-US: teamspeak Docker image
CVE-2020-29589 (Versions of the Official kapacitor Docker images through 1.5.0-alpine ...)
NOT-FOR-US: kapacitor Docker image
@@ -5994,8 +6397,8 @@ CVE-2020-29398
RESERVED
CVE-2020-29397
RESERVED
-CVE-2020-29396
- RESERVED
+CVE-2020-29396 (A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterp ...)
+ TODO: check
CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS v ...)
NOT-FOR-US: EventON plugin for WordPress
CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in dlt_common.c in d ...)
@@ -9172,8 +9575,8 @@ CVE-2020-28462
RESERVED
CVE-2020-28461
RESERVED
-CVE-2020-28460
- RESERVED
+CVE-2020-28460 (This affects the package multi-ini before 2.1.2. It is possible to pol ...)
+ TODO: check
CVE-2020-28459
RESERVED
CVE-2020-28458 (All versions of package datatables.net are vulnerable to Prototype Pol ...)
@@ -9196,8 +9599,8 @@ CVE-2020-28450
RESERVED
CVE-2020-28449
RESERVED
-CVE-2020-28448
- RESERVED
+CVE-2020-28448 (This affects the package multi-ini before 2.1.1. It is possible to pol ...)
+ TODO: check
CVE-2020-28447
RESERVED
CVE-2020-28446
@@ -19193,8 +19596,8 @@ CVE-2020-25108 (An issue was discovered in the DNS implementation in Ethernut in
NOT-FOR-US: Nut/OS
CVE-2020-25107 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
NOT-FOR-US: Nut/OS
-CVE-2020-25106
- RESERVED
+CVE-2020-25106 (Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem ...)
+ TODO: check
CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recove ...)
NOT-FOR-US: eramba
CVE-2020-25104 (eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted f ...)
@@ -20349,14 +20752,14 @@ CVE-2020-24583 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before
NOTE: https://github.com/django/django/commit/375657a71c889c588f723469bd868bd1d40c369f (2.2.16)
CVE-2020-24582 (Zulip Desktop before 5.4.3 allows XSS because string escaping is misha ...)
NOT-FOR-US: Zulip Desktop
-CVE-2020-24581
- RESERVED
-CVE-2020-24580
- RESERVED
-CVE-2020-24579
- RESERVED
-CVE-2020-24578
- RESERVED
+CVE-2020-24581 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
+ TODO: check
+CVE-2020-24580 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
+ TODO: check
+CVE-2020-24579 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
+ TODO: check
+CVE-2020-24578 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
+ TODO: check
CVE-2020-24577
RESERVED
CVE-2020-24576
@@ -25443,7 +25846,7 @@ CVE-2020-22085
RESERVED
CVE-2020-22084
RESERVED
-CVE-2020-22083 (jsonpickle through 1.4.1 allows remote code execution during deseriali ...)
+CVE-2020-22083 (** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution d ...)
- jsonpickle <unfixed> (unimportant)
NOTE: CVE assigment seems bogus, jsonpickle clearly states "jsonpickle can execute arbitrary Python code.
NOTE: Do not load jsonpickles from untrusted unauthenticated sources", so this works as expected
@@ -44779,8 +45182,8 @@ CVE-2020-13572
RESERVED
CVE-2020-13571
RESERVED
-CVE-2020-13570
- RESERVED
+CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
CVE-2020-13569
RESERVED
CVE-2020-13568
@@ -44799,14 +45202,14 @@ CVE-2020-13562
RESERVED
CVE-2020-13561
RESERVED
-CVE-2020-13560
- RESERVED
+CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
CVE-2020-13559
RESERVED
CVE-2020-13558
RESERVED
-CVE-2020-13557
- RESERVED
+CVE-2020-13557 (A use after free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server ...)
NOT-FOR-US: EIP Stack Group OpENer
CVE-2020-13555
@@ -44825,8 +45228,8 @@ CVE-2020-13549
RESERVED
CVE-2020-13548
RESERVED
-CVE-2020-13547
- RESERVED
+CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
CVE-2020-13546
RESERVED
CVE-2020-13545
@@ -104226,18 +104629,18 @@ CVE-2019-11788
RESERVED
CVE-2019-11787
RESERVED
-CVE-2019-11786
- RESERVED
-CVE-2019-11785
- RESERVED
-CVE-2019-11784
- RESERVED
-CVE-2019-11783
- RESERVED
-CVE-2019-11782
- RESERVED
-CVE-2019-11781
- RESERVED
+CVE-2019-11786 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...)
+ TODO: check
+CVE-2019-11785 (Improper access control in mail module (followers) in Odoo Community 1 ...)
+ TODO: check
+CVE-2019-11784 (Improper access control in mail module (notifications) in Odoo Communi ...)
+ TODO: check
+CVE-2019-11783 (Improper access control in mail module (channel partners) in Odoo Comm ...)
+ TODO: check
+CVE-2019-11782 (Improper access control in Odoo Community 14.0 and earlier and Odoo En ...)
+ TODO: check
+CVE-2019-11781 (Improper input validation in portal component in Odoo Community 12.0 a ...)
+ TODO: check
CVE-2019-11780 (Improper access control in the computed fields system of the framework ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/odoo/odoo/issues/42196
@@ -148329,23 +148732,23 @@ CVE-2018-15647
RESERVED
CVE-2018-15646
RESERVED
-CVE-2018-15645
- RESERVED
+CVE-2018-15645 (Improper access control in message routing in Odoo Community 12.0 and ...)
+ TODO: check
CVE-2018-15644
RESERVED
CVE-2018-15643
RESERVED
CVE-2018-15642
RESERVED
-CVE-2018-15641
- RESERVED
+CVE-2018-15641 (Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 ...)
+ TODO: check
CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 10.0 th ...)
- odoo <not-affected> (Only in enterprise version)
NOTE: https://github.com/odoo/odoo/issues/32514
CVE-2018-15639
RESERVED
-CVE-2018-15638
- RESERVED
+CVE-2018-15638 (Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 ...)
+ TODO: check
CVE-2018-15637
RESERVED
CVE-2018-15636
@@ -148353,12 +148756,12 @@ CVE-2018-15636
CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo Communit ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/odoo/odoo/issues/32515
-CVE-2018-15634
- RESERVED
-CVE-2018-15633
- RESERVED
-CVE-2018-15632
- RESERVED
+CVE-2018-15634 (Cross-site scripting (XSS) issue in attachment management in Odoo Comm ...)
+ TODO: check
+CVE-2018-15633 (Cross-site scripting (XSS) issue in "document" module in Odoo Communit ...)
+ TODO: check
+CVE-2018-15632 (Improper input validation in database creation logic in Odoo Community ...)
+ TODO: check
CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 12.0 and ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/odoo/odoo/issues/32514
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d29dd4a56b7fb0d2c4d3108f65e8a92bd71c8a64
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d29dd4a56b7fb0d2c4d3108f65e8a92bd71c8a64
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201222/e8bc0d98/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list