[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 6 08:10:24 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f52330d4 by security tracker role at 2021-02-06T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,221 @@
+CVE-2021-26842
+ RESERVED
+CVE-2021-26841
+ RESERVED
+CVE-2021-26840
+ RESERVED
+CVE-2021-26839
+ RESERVED
+CVE-2021-26838
+ RESERVED
+CVE-2021-26837
+ RESERVED
+CVE-2021-26836
+ RESERVED
+CVE-2021-26835
+ RESERVED
+CVE-2021-26834
+ RESERVED
+CVE-2021-26833
+ RESERVED
+CVE-2021-26832
+ RESERVED
+CVE-2021-26831
+ RESERVED
+CVE-2021-26830
+ RESERVED
+CVE-2021-26829
+ RESERVED
+CVE-2021-26828
+ RESERVED
+CVE-2021-26827
+ RESERVED
+CVE-2021-26826
+ RESERVED
+CVE-2021-26825
+ RESERVED
+CVE-2021-26824
+ RESERVED
+CVE-2021-26823
+ RESERVED
+CVE-2021-26822
+ RESERVED
+CVE-2021-26821
+ RESERVED
+CVE-2021-26820
+ RESERVED
+CVE-2021-26819
+ RESERVED
+CVE-2021-26818
+ RESERVED
+CVE-2021-26817
+ RESERVED
+CVE-2021-26816
+ RESERVED
+CVE-2021-26815
+ RESERVED
+CVE-2021-26814
+ RESERVED
+CVE-2021-26813
+ RESERVED
+CVE-2021-26812
+ RESERVED
+CVE-2021-26811
+ RESERVED
+CVE-2021-26810
+ RESERVED
+CVE-2021-26809
+ RESERVED
+CVE-2021-26808
+ RESERVED
+CVE-2021-26807
+ RESERVED
+CVE-2021-26806
+ RESERVED
+CVE-2021-26805
+ RESERVED
+CVE-2021-26804
+ RESERVED
+CVE-2021-26803
+ RESERVED
+CVE-2021-26802
+ RESERVED
+CVE-2021-26801
+ RESERVED
+CVE-2021-26800
+ RESERVED
+CVE-2021-26799
+ RESERVED
+CVE-2021-26798
+ RESERVED
+CVE-2021-26797
+ RESERVED
+CVE-2021-26796
+ RESERVED
+CVE-2021-26795
+ RESERVED
+CVE-2021-26794
+ RESERVED
+CVE-2021-26793
+ RESERVED
+CVE-2021-26792
+ RESERVED
+CVE-2021-26791
+ RESERVED
+CVE-2021-26790
+ RESERVED
+CVE-2021-26789
+ RESERVED
+CVE-2021-26788
+ RESERVED
+CVE-2021-26787
+ RESERVED
+CVE-2021-26786
+ RESERVED
+CVE-2021-26785
+ RESERVED
+CVE-2021-26784
+ RESERVED
+CVE-2021-26783
+ RESERVED
+CVE-2021-26782
+ RESERVED
+CVE-2021-26781
+ RESERVED
+CVE-2021-26780
+ RESERVED
+CVE-2021-26779
+ RESERVED
+CVE-2021-26778
+ RESERVED
+CVE-2021-26777
+ RESERVED
+CVE-2021-26776
+ RESERVED
+CVE-2021-26775
+ RESERVED
+CVE-2021-26774
+ RESERVED
+CVE-2021-26773
+ RESERVED
+CVE-2021-26772
+ RESERVED
+CVE-2021-26771
+ RESERVED
+CVE-2021-26770
+ RESERVED
+CVE-2021-26769
+ RESERVED
+CVE-2021-26768
+ RESERVED
+CVE-2021-26767
+ RESERVED
+CVE-2021-26766
+ RESERVED
+CVE-2021-26765
+ RESERVED
+CVE-2021-26764
+ RESERVED
+CVE-2021-26763
+ RESERVED
+CVE-2021-26762
+ RESERVED
+CVE-2021-26761
+ RESERVED
+CVE-2021-26760
+ RESERVED
+CVE-2021-26759
+ RESERVED
+CVE-2021-26758
+ RESERVED
+CVE-2021-26757
+ RESERVED
+CVE-2021-26756
+ RESERVED
+CVE-2021-26755
+ RESERVED
+CVE-2021-26754
+ RESERVED
+CVE-2021-26753
+ RESERVED
+CVE-2021-26752
+ RESERVED
+CVE-2021-26751
+ RESERVED
+CVE-2021-26750
+ RESERVED
+CVE-2021-26749
+ RESERVED
+CVE-2021-26748
+ RESERVED
+CVE-2021-26747
+ RESERVED
+CVE-2021-26746
+ RESERVED
+CVE-2021-26745
+ RESERVED
+CVE-2021-26744
+ RESERVED
+CVE-2021-26743
+ RESERVED
+CVE-2021-26742
+ RESERVED
+CVE-2021-26741
+ RESERVED
+CVE-2021-26740
+ RESERVED
+CVE-2021-26739
+ RESERVED
+CVE-2021-26738
+ RESERVED
+CVE-2021-26737
+ RESERVED
+CVE-2021-26736
+ RESERVED
+CVE-2021-26735
+ RESERVED
+CVE-2021-26734
+ RESERVED
CVE-2021-26733
RESERVED
CVE-2021-26732
@@ -18,8 +236,8 @@ CVE-2021-26725
RESERVED
CVE-2021-26724
RESERVED
-CVE-2021-26723
- RESERVED
+CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. ...)
+ TODO: check
CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because ...)
NOT-FOR-US: LinkedIn Oncall
CVE-2021-26721
@@ -2200,8 +2418,8 @@ CVE-2021-3231
RESERVED
CVE-2021-3230
RESERVED
-CVE-2021-3229
- RESERVED
+CVE-2021-3229 (Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4. ...)
+ TODO: check
CVE-2021-3228
RESERVED
CVE-2021-3227
@@ -9543,10 +9761,10 @@ CVE-2021-22502
RESERVED
CVE-2021-22501
RESERVED
-CVE-2021-22500
- RESERVED
-CVE-2021-22499
- RESERVED
+CVE-2021-22500 (Cross Site Request Forgery vulnerability in Micro Focus Application Pe ...)
+ TODO: check
+CVE-2021-22499 (Persistent Cross-Site scripting vulnerability in Micro Focus Applicati ...)
+ TODO: check
CVE-2021-22498 (XML External Entity Injection vulnerability in Micro Focus Application ...)
NOT-FOR-US: Micro Focus
CVE-2021-22497
@@ -9929,26 +10147,26 @@ CVE-2021-22309
RESERVED
CVE-2021-22308
RESERVED
-CVE-2021-22307
- RESERVED
-CVE-2021-22306
- RESERVED
-CVE-2021-22305
- RESERVED
-CVE-2021-22304
- RESERVED
-CVE-2021-22303
- RESERVED
-CVE-2021-22302
- RESERVED
-CVE-2021-22301
- RESERVED
-CVE-2021-22300
- RESERVED
-CVE-2021-22299
- RESERVED
-CVE-2021-22298
- RESERVED
+CVE-2021-22307 (There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7 ...)
+ TODO: check
+CVE-2021-22306 (There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E ...)
+ TODO: check
+CVE-2021-22305 (There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125 ...)
+ TODO: check
+CVE-2021-22304 (There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1 ...)
+ TODO: check
+CVE-2021-22303 (There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1( ...)
+ TODO: check
+CVE-2021-22302 (There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C ...)
+ TODO: check
+CVE-2021-22301 (Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. ...)
+ TODO: check
+CVE-2021-22300 (There is an information leak vulnerability in eCNS280_TD versions V100 ...)
+ TODO: check
+CVE-2021-22299 (There is a local privilege escalation vulnerability in some Huawei pro ...)
+ TODO: check
+CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product. An att ...)
+ TODO: check
CVE-2021-22297
RESERVED
CVE-2021-22296
@@ -9957,10 +10175,10 @@ CVE-2021-22295
RESERVED
CVE-2021-22294
RESERVED
-CVE-2021-22293
- RESERVED
-CVE-2021-22292
- RESERVED
+CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of HTTP reque ...)
+ TODO: check
+CVE-2021-22292 (There is a denial of service (DoS) vulnerability in eCNS280 versions V ...)
+ TODO: check
CVE-2021-22291
RESERVED
CVE-2021-22290
@@ -13215,8 +13433,8 @@ CVE-2021-21305
RESERVED
CVE-2021-21304
RESERVED
-CVE-2021-21303
- RESERVED
+CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernetes Pack ...)
+ TODO: check
CVE-2021-21302
RESERVED
CVE-2021-21301
@@ -15856,8 +16074,7 @@ CVE-2021-20177
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823
NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/1
-CVE-2021-20176 [processing crafted file leads to division by zero]
- RESERVED
+CVE-2021-20176 (A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who s ...)
- imagemagick 8:6.9.11.57+dfsg-1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774
@@ -19004,7 +19221,8 @@ CVE-2020-29599 (ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles
NOTE: broken between 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2) and 8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1)
NOTE: '-authenticate' replaced by '-define authenticate=' between 8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1) and 83ec5b above
NOTE: - bimodal ('-define delegate:bimodal=true' + pdf->(e)ps delegates, %a expansion) after 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2)
-CVE-2020-29598 (The My AIA SG application 1.2.6 for Android allows attackers to obtain ...)
+CVE-2020-29598
+ REJECTED
NOT-FOR-US: My AIA SG application for Android
CVE-2020-29597 (IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file ...)
NOT-FOR-US: IncomCMS
@@ -22660,8 +22878,8 @@ CVE-2021-1074
RESERVED
CVE-2021-1073
RESERVED
-CVE-2021-1072
- RESERVED
+CVE-2021-1072 (NVIDIA GeForce Experience, all versions prior to 3.21, contains a vuln ...)
+ TODO: check
CVE-2021-1071 (NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1 ...)
NOT-FOR-US: NVIDIA
CVE-2021-1070 (NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and ...)
@@ -56704,8 +56922,7 @@ CVE-2020-14314 (A memory out-of-bounds read flaw was found in the Linux kernel b
NOTE: https://git.kernel.org/linus/5872331b3d91820e14716632ebb56b1399b34fe1
CVE-2020-14313 (An information disclosure vulnerability was found in Red Hat Quay in v ...)
NOT-FOR-US: Quay
-CVE-2020-14312
- RESERVED
+CVE-2020-14312 (A flaw was found in the default configuration of dnsmasq, as shipped w ...)
- dnsmasq 2.69-1 (bug #732610)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342
CVE-2020-14311 (There is an issue with grub2 before version 2.06 while handling symlin ...)
@@ -63848,8 +64065,8 @@ CVE-2020-11838 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight
NOT-FOR-US: Micro Focus
CVE-2020-11837
RESERVED
-CVE-2020-11836
- RESERVED
+CVE-2020-11836 (OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions h ...)
+ TODO: check
CVE-2020-11835 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_d ...)
NOT-FOR-US: oppo
CVE-2020-11834 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the ...)
@@ -67078,10 +67295,10 @@ CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An Arbitra
NOT-FOR-US: Avast Antivirus
CVE-2020-10859 (Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated ...)
NOT-FOR-US: Zoho
-CVE-2020-10858
- RESERVED
-CVE-2020-10857
- RESERVED
+CVE-2020-10858 (Zulip Desktop before 5.0.0 allows attackers to perform recording via t ...)
+ TODO: check
+CVE-2020-10857 (Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shel ...)
+ TODO: check
CVE-2020-10856
RESERVED
CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. ...)
@@ -68245,12 +68462,12 @@ CVE-2020-10556
RESERVED
CVE-2020-10555
RESERVED
-CVE-2020-10554
- RESERVED
-CVE-2020-10553
- RESERVED
-CVE-2020-10552
- RESERVED
+CVE-2020-10554 (An issue was discovered in Psyprax beforee 3.2.2. Passwords used to en ...)
+ TODO: check
+CVE-2020-10553 (An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA ...)
+ TODO: check
+CVE-2020-10552 (An issue was discovered in Psyprax before 3.2.2. The Firebird database ...)
+ TODO: check
CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...)
NOT-FOR-US: QQBrowser
CVE-2020-10550
@@ -68634,8 +68851,8 @@ CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client
NOT-FOR-US: Mitel
CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...)
NOT-FOR-US: Technicolor
-CVE-2020-10375
- RESERVED
+CVE-2020-10375 (An issue was discovered in New Media Smarty before 9.10. Passwords are ...)
+ TODO: check
CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2020-10373
@@ -71467,8 +71684,8 @@ CVE-2020-9207 (There is an improper authentication vulnerability in some verison
NOT-FOR-US: Huawei
CVE-2020-9206
RESERVED
-CVE-2020-9205
- RESERVED
+CVE-2020-9205 (There has a CSV injection vulnerability in ManageOne 8.0.1. An attacke ...)
+ TODO: check
CVE-2020-9204
RESERVED
CVE-2020-9203 (There is a resource management errors vulnerability in Huawei P30. Loc ...)
@@ -71641,8 +71858,8 @@ CVE-2020-9120 (CloudEngine 1800V versions V100R019C10SPC500 has a resource manag
NOT-FOR-US: Huawei
CVE-2020-9119 (There is a privilege escalation vulnerability on some Huawei smart pho ...)
NOT-FOR-US: Huawei
-CVE-2020-9118
- RESERVED
+CVE-2020-9118 (There is an insufficient integrity check vulnerability in Huawei Sound ...)
+ TODO: check
CVE-2020-9117 (HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM ...)
NOT-FOR-US: Huawei
CVE-2020-9116 (Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection ...)
@@ -80144,8 +80361,8 @@ CVE-2020-5814
RESERVED
CVE-2020-5813
RESERVED
-CVE-2020-5812
- RESERVED
+CVE-2020-5812 (Nessus AMI versions 8.12.0 and earlier were found to either not valida ...)
+ TODO: check
CVE-2020-5811 (An authenticated path traversal vulnerability exists during package in ...)
NOT-FOR-US: Umbraco CMS
CVE-2020-5810 (A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or curren ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f52330d4ce51b249ddada7639adf5bcb37ac3b2e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f52330d4ce51b249ddada7639adf5bcb37ac3b2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210206/2b1015fc/attachment.html>
More information about the debian-security-tracker-commits
mailing list