[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 5 20:10:32 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
341d685b by security tracker role at 2021-02-05T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2021-26733
+ RESERVED
+CVE-2021-26732
+ RESERVED
+CVE-2021-26731
+ RESERVED
+CVE-2021-26730
+ RESERVED
+CVE-2021-26729
+ RESERVED
+CVE-2021-26728
+ RESERVED
+CVE-2021-26727
+ RESERVED
+CVE-2021-26726
+ RESERVED
+CVE-2021-26725
+ RESERVED
+CVE-2021-26724
+ RESERVED
+CVE-2021-26723
+ RESERVED
+CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because ...)
+ TODO: check
+CVE-2021-26721
+ RESERVED
+CVE-2021-26720
+ RESERVED
+CVE-2021-26719
+ RESERVED
+CVE-2021-26718
+ RESERVED
+CVE-2021-26717
+ RESERVED
+CVE-2021-26716
+ RESERVED
+CVE-2021-26715
+ RESERVED
+CVE-2021-26714
+ RESERVED
+CVE-2021-26713
+ RESERVED
+CVE-2021-26712
+ RESERVED
+CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web 4.3.4 ...)
+ TODO: check
+CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...)
+ TODO: check
+CVE-2021-26709
+ RESERVED
+CVE-2021-26707
+ RESERVED
+CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNO ...)
+ TODO: check
CVE-2021-XXXX [wpa_supplicant P2P group information processing vulnerability]
- wpa <unfixed> (bug #981971)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/4
@@ -21,7 +75,7 @@ CVE-2021-26699
RESERVED
CVE-2021-26698
RESERVED
-CVE-2021-26708 [vsock: fix the race conditions in multi-transport support]
+CVE-2021-26708 (A local privilege escalation was discovered in the Linux kernel before ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -378,8 +432,8 @@ CVE-2021-3384
RESERVED
CVE-2021-3383
RESERVED
-CVE-2021-3382
- RESERVED
+CVE-2021-3382 (Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allo ...)
+ TODO: check
CVE-2021-3381
RESERVED
CVE-2021-3380
@@ -1004,8 +1058,8 @@ CVE-2021-26296
RESERVED
CVE-2021-26295
RESERVED
-CVE-2021-3333
- RESERVED
+CVE-2021-3333 (Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). W ...)
+ TODO: check
CVE-2021-3332
RESERVED
CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...)
@@ -2088,8 +2142,8 @@ CVE-2021-3260
RESERVED
CVE-2021-3259
RESERVED
-CVE-2021-3258
- RESERVED
+CVE-2021-3258 (Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site ...)
+ TODO: check
CVE-2021-3257
RESERVED
CVE-2021-3256
@@ -12548,8 +12602,8 @@ CVE-2020-35767
CVE-2020-35766 (The test suite in libopendkim in OpenDKIM through 2.10.3 allows local ...)
- opendkim <unfixed> (unimportant)
NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/113
-CVE-2020-35765
- RESERVED
+CVE-2020-35765 (doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho Manag ...)
+ TODO: check
CVE-2020-35764
RESERVED
CVE-2020-35763
@@ -14741,8 +14795,8 @@ CVE-2021-20654
RESERVED
CVE-2021-20653
RESERVED
-CVE-2021-20652
- RESERVED
+CVE-2021-20652 (Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17 ...)
+ TODO: check
CVE-2021-20651
RESERVED
CVE-2021-20650
@@ -14799,8 +14853,8 @@ CVE-2021-20625
RESERVED
CVE-2021-20624
RESERVED
-CVE-2021-20623
- RESERVED
+CVE-2021-20623 (Video Insight VMS versions prior to 7.8 allows a remote attacker to ex ...)
+ TODO: check
CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 ...)
NOT-FOR-US: Aterm WG2600HP firmware
CVE-2021-20621 (Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firm ...)
@@ -45989,8 +46043,8 @@ CVE-2020-18752
RESERVED
CVE-2020-18751
RESERVED
-CVE-2020-18750
- RESERVED
+CVE-2020-18750 (Buffer overflow in pdf2json 0.69 allows local users to execute arbitra ...)
+ TODO: check
CVE-2020-18749
RESERVED
CVE-2020-18748
@@ -46015,8 +46069,8 @@ CVE-2020-18739
RESERVED
CVE-2020-18738
RESERVED
-CVE-2020-18737
- RESERVED
+CVE-2020-18737 (An issue was discovered in Typora 0.9.67. There is an XSS vulnerabilit ...)
+ TODO: check
CVE-2020-18736
RESERVED
CVE-2020-18735
@@ -49257,7 +49311,8 @@ CVE-2020-17162
RESERVED
CVE-2020-17161
RESERVED
-CVE-2020-17160 (, aka 'RETRACTED'. ...)
+CVE-2020-17160
+ REJECTED
NOT-FOR-US: Microsoft
CVE-2020-17159 (Visual Studio Code Java Extension Pack Remote Code Execution Vulnerabi ...)
NOT-FOR-US: Microsoft
@@ -62405,8 +62460,8 @@ CVE-2020-12124 (A remote command-line injection vulnerability in the /cgi-bin/li
NOT-FOR-US: WAVLINK
CVE-2020-12123 (CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 ...)
NOT-FOR-US: WAVLINK
-CVE-2020-12122
- RESERVED
+CVE-2020-12122 (In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc ...)
+ TODO: check
CVE-2020-12121
RESERVED
CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...)
@@ -68220,12 +68275,12 @@ CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code e
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...)
NOT-FOR-US: Untis WebUntis
-CVE-2020-10539
- RESERVED
-CVE-2020-10538
- RESERVED
-CVE-2020-10537
- RESERVED
+CVE-2020-10539 (An issue was discovered in Epikur before 20.1.1. The Epikur server con ...)
+ TODO: check
+CVE-2020-10538 (An issue was discovered in Epikur before 20.1.1. It stores the secret ...)
+ TODO: check
+CVE-2020-10537 (An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 serve ...)
+ TODO: check
CVE-2020-10536
RESERVED
CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...)
@@ -68875,8 +68930,8 @@ CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created fi
NOT-FOR-US: Froxlor
CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...)
NOT-FOR-US: Froxlor
-CVE-2020-10234
- RESERVED
+CVE-2020-10234 (The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 1 ...)
+ TODO: check
CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...)
- sleuthkit <unfixed> (unimportant)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829
@@ -70749,8 +70804,8 @@ CVE-2020-9455 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows
NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 f ...)
NOT-FOR-US: RegistrationMagic plugin for WordPress
-CVE-2020-9453
- RESERVED
+CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local ...)
+ TODO: check
CVE-2020-9452
RESERVED
CVE-2020-9451
@@ -71799,8 +71854,8 @@ CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parame
- dolibarr <removed>
CVE-2020-9015 (** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20 ...)
NOT-FOR-US: Arista devices
-CVE-2020-9014
- RESERVED
+CVE-2020-9014 (In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows loca ...)
+ TODO: check
CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...)
NOT-FOR-US: Arvato Skillpipe
CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People functi ...)
@@ -72356,10 +72411,10 @@ CVE-2020-8809 (Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to
NOT-FOR-US: Gurux
CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...)
NOT-FOR-US: CORSAIR iCUE
-CVE-2020-8807
- RESERVED
-CVE-2020-8806
- RESERVED
+CVE-2020-8807 (In Electric Coin Company Zcashd before 2.1.1-1, the time offset betwee ...)
+ TODO: check
+CVE-2020-8806 (Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigge ...)
+ TODO: check
CVE-2020-8805
RESERVED
CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...)
@@ -72592,16 +72647,19 @@ CVE-2020-8700
CVE-2020-8699
RESERVED
CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...)
+ {DLA-2546-1}
- intel-microcode 3.20201110.1
[buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
CVE-2020-8697
RESERVED
CVE-2020-8696 (Improper removal of sensitive information before storage or transfer i ...)
+ {DLA-2546-1}
- intel-microcode 3.20201110.1
[buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Process ...)
+ {DLA-2546-1}
- intel-microcode 3.20201110.1
[buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
@@ -82739,8 +82797,8 @@ CVE-2020-4834
RESERVED
CVE-2020-4833
RESERVED
-CVE-2020-4832
- RESERVED
+CVE-2020-4832 (IBM PowerHA 7.2 could allow a local attacker to obtain sensitive infor ...)
+ TODO: check
CVE-2020-4831
RESERVED
CVE-2020-4830
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341d685b2c97935ec10fe0d1c4017e7b6c349442
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341d685b2c97935ec10fe0d1c4017e7b6c349442
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210205/f92044e7/attachment.html>
More information about the debian-security-tracker-commits
mailing list