[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Feb 3 08:10:27 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45c062c6 by security tracker role at 2021-02-03T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
-CVE-2021-3395
-	RESERVED
+CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...)
+	TODO: check
 CVE-2021-3394
 	RESERVED
 CVE-2021-3393
@@ -689,7 +689,7 @@ CVE-2018-25005
 	RESERVED
 CVE-2018-25004
 	RESERVED
-CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 ...)
+CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9. ...)
 	[experimental] - libgcrypt20 1.9.1-1 (bug #981370)
 	- libgcrypt20 <not-affected> (Only affected 1.9)
 	NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
@@ -12904,12 +12904,12 @@ CVE-2021-21296
 	RESERVED
 CVE-2021-21295
 	RESERVED
-CVE-2021-21294
-	RESERVED
-CVE-2021-21293
-	RESERVED
-CVE-2021-21292
-	RESERVED
+CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface f ...)
+	TODO: check
+CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines, with a f ...)
+	TODO: check
+CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar before versi ...)
+	TODO: check
 CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...)
 	TODO: check
 CVE-2021-21290
@@ -13621,8 +13621,8 @@ CVE-2021-21045
 	RESERVED
 CVE-2021-21044
 	RESERVED
-CVE-2021-21043
-	RESERVED
+CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...)
+	TODO: check
 CVE-2021-21042
 	RESERVED
 CVE-2021-21041
@@ -16748,8 +16748,8 @@ CVE-2020-35154
 	RESERVED
 CVE-2020-35153
 	RESERVED
-CVE-2020-35152
-	RESERVED
+CVE-2020-35152 (Cloudflare WARP for Windows allows privilege escalation due to an unqu ...)
+	TODO: check
 CVE-2020-35151 (The Online Marriage Registration System 1.0 post parameter "searchdata ...)
 	NOT-FOR-US: Online Marriage Registration System
 CVE-2020-35150
@@ -17911,8 +17911,8 @@ CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where r
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-pcmr-2p2f-r7j6
 	NOTE: https://github.com/Icinga/icinga2/commit/abbd7d5494369af8bbf8fc12f5dc1a0f05a1f817
 	NOTE: https://github.com/Icinga/icinga2/commit/cae22a89da9e6a381904c3b207e5a3f93f6ed838
-CVE-2020-29662
-	RESERVED
+CVE-2020-29662 (In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s  ...)
+	TODO: check
 CVE-2020-29661 (A locking issue was discovered in the tty subsystem of the Linux kerne ...)
 	{DSA-4843-1}
 	- linux 5.9.15-1
@@ -24224,34 +24224,34 @@ CVE-2021-0367
 	RESERVED
 CVE-2021-0366
 	RESERVED
-CVE-2021-0365
-	RESERVED
-CVE-2021-0364
-	RESERVED
-CVE-2021-0363
-	RESERVED
-CVE-2021-0362
-	RESERVED
-CVE-2021-0361
-	RESERVED
-CVE-2021-0360
-	RESERVED
-CVE-2021-0359
-	RESERVED
-CVE-2021-0358
-	RESERVED
-CVE-2021-0357
-	RESERVED
-CVE-2021-0356
-	RESERVED
-CVE-2021-0355
-	RESERVED
-CVE-2021-0354
-	RESERVED
-CVE-2021-0353
-	RESERVED
-CVE-2021-0352
-	RESERVED
+CVE-2021-0365 (In display driver, there is a possible memory corruption due to a use  ...)
+	TODO: check
+CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to improper ...)
+	TODO: check
+CVE-2021-0363 (In mobile_log_d, there is a possible command injection due to a missin ...)
+	TODO: check
+CVE-2021-0362 (In aee, there is a possible memory corruption due to a stack buffer ov ...)
+	TODO: check
+CVE-2021-0361 (In kisd, there is a possible out of bounds read due to improper input  ...)
+	TODO: check
+CVE-2021-0360 (In netdiag, there is a possible out of bounds write due to an incorrec ...)
+	TODO: check
+CVE-2021-0359 (In netdiag, there is a possible out of bounds write due to a missing b ...)
+	TODO: check
+CVE-2021-0358 (In netdiag, there is a possible command injection due to improper inpu ...)
+	TODO: check
+CVE-2021-0357 (In netdiag, there is a possible out of bounds write due to a missing b ...)
+	TODO: check
+CVE-2021-0356 (In netdiag, there is a possible command injection due to improper inpu ...)
+	TODO: check
+CVE-2021-0355 (In kisd, there is a possible out of bounds write due to an integer ove ...)
+	TODO: check
+CVE-2021-0354 (In ged, there is a possible out of bounds write due to an integer over ...)
+	TODO: check
+CVE-2021-0353 (In kisd, there is a possible memory corruption due to a heap buffer ov ...)
+	TODO: check
+CVE-2021-0352 (In RT regmap driver, there is a possible memory corruption due to type ...)
+	TODO: check
 CVE-2021-0351
 	RESERVED
 CVE-2021-0350
@@ -30079,7 +30079,8 @@ CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended
 	NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
 	NOTE: https://github.com/dgrijalva/jwt-go/issues/422
 	NOTE: https://github.com/dgrijalva/jwt-go/pull/286
-CVE-2020-26159 (In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expressi ...)
+CVE-2020-26159
+	REJECTED
 	NOTE: This was a false positive, see #972113
 	NOTE: original report: https://github.com/kkos/oniguruma/issues/207
 	NOTE: original patch: https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0
@@ -34039,8 +34040,7 @@ CVE-2020-24492
 	RESERVED
 CVE-2020-24491
 	RESERVED
-CVE-2020-24490
-	RESERVED
+CVE-2020-24490 (Improper buffer restrictions in BlueZ may allow an unauthenticated use ...)
 	{DLA-2420-1}
 	- linux 5.7.17-1
 	[buster] - linux 4.19.146-1
@@ -56424,8 +56424,8 @@ CVE-2020-14257
 	RESERVED
 CVE-2020-14256
 	RESERVED
-CVE-2020-14255
-	RESERVED
+CVE-2020-14255 (HCL Digital Experience 9.5 containers include vulnerabilities that cou ...)
+	TODO: check
 CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v ...)
 	NOT-FOR-US: HCL BigFix Inventory
 CVE-2020-14253
@@ -56492,8 +56492,8 @@ CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-sit
 	NOT-FOR-US: HCL Digital Experience
 CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scri ...)
 	NOT-FOR-US: HCL Digital Experience
-CVE-2020-14221
-	RESERVED
+CVE-2020-14221 (HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the ...)
+	TODO: check
 CVE-2020-14220
 	RESERVED
 CVE-2020-14219
@@ -72130,8 +72130,7 @@ CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing I
 	NOT-FOR-US: Intel
 CVE-2020-8735
 	RESERVED
-CVE-2020-8734
-	RESERVED
+CVE-2020-8734 (Improper input validation in the firmware for Intel(R) Server Board M1 ...)
 	NOT-FOR-US: Intel
 CVE-2020-8733 (Improper buffer restrictions in the firmware for Intel(R) Server Board ...)
 	NOT-FOR-US: Intel
@@ -72267,8 +72266,8 @@ CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(
 	NOT-FOR-US: Intel
 CVE-2020-8673
 	RESERVED
-CVE-2020-8672
-	RESERVED
+CVE-2020-8672 (Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Co ...)
+	TODO: check
 CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...)
 	NOT-FOR-US: Intel
 CVE-2020-8670
@@ -83854,8 +83853,8 @@ CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage
 	NOT-FOR-US: HCL Connections
 CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...)
 	NOT-FOR-US: HCL Connections
-CVE-2020-4081
-	RESERVED
+CVE-2020-4081 (In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable t ...)
+	TODO: check
 CVE-2020-4080 (HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting  ...)
 	NOT-FOR-US: HCL
 CVE-2020-4079 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
@@ -90467,8 +90466,8 @@ CVE-2020-1912 (An out-of-bounds read/write vulnerability when executing lazily c
 	NOT-FOR-US: Facebook Hermes
 CVE-2020-1911 (A type confusion vulnerability when resolving properties of JavaScript ...)
 	NOT-FOR-US: Facebook Hermes
-CVE-2020-1910
-	RESERVED
+CVE-2020-1910 (A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and ...)
+	TODO: check
 CVE-2020-1909 (A use-after-free in a logging library in WhatsApp for iOS prior to v2. ...)
 	NOT-FOR-US: WhatsApp
 CVE-2020-1908 (Improper authorization of the Screen Lock feature in WhatsApp and What ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45c062c6cd64c4ad9fb088a0d2961a140b85c2b1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45c062c6cd64c4ad9fb088a0d2961a140b85c2b1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210203/a5aa0b94/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list