[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 11 08:10:24 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ba99701e by security tracker role at 2021-02-11T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,175 @@
+CVE-2021-3408
+ RESERVED
+CVE-2021-27190
+ RESERVED
+CVE-2021-27189
+ RESERVED
+CVE-2021-27188
+ RESERVED
+CVE-2021-27187
+ RESERVED
+CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...)
+ TODO: check
+CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...)
+ TODO: check
+CVE-2021-27184 (Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity v ...)
+ TODO: check
+CVE-2021-27183
+ RESERVED
+CVE-2021-27182
+ RESERVED
+CVE-2021-27181
+ RESERVED
+CVE-2021-27180
+ RESERVED
+CVE-2021-27179 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ TODO: check
+CVE-2021-27178 (An issue was discovered on FiberHome HG6245D devices through RP2613. S ...)
+ TODO: check
+CVE-2021-27177 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ TODO: check
+CVE-2021-27176 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...)
+ TODO: check
+CVE-2021-27175 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...)
+ TODO: check
+CVE-2021-27174 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...)
+ TODO: check
+CVE-2021-27173 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27172 (An issue was discovered on FiberHome HG6245D devices through RP2613. A ...)
+ TODO: check
+CVE-2021-27171 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ TODO: check
+CVE-2021-27170 (An issue was discovered on FiberHome HG6245D devices through RP2613. B ...)
+ TODO: check
+CVE-2021-27169 (An issue was discovered on FiberHome AN5506-04-FA devices with firmwar ...)
+ TODO: check
+CVE-2021-27168 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27167 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27166 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27165 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27164 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27163 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27162 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27161 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27160 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27159 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27158 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27157 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27156 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27155 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27154 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27153 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27152 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27151 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27150 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27149 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27148 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27147 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27146 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27145 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27144 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27143 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27142 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ TODO: check
+CVE-2021-27141 (An issue was discovered on FiberHome HG6245D devices through RP2613. C ...)
+ TODO: check
+CVE-2021-27140 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ TODO: check
+CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ TODO: check
+CVE-2021-27138
+ RESERVED
+CVE-2021-27137
+ RESERVED
+CVE-2021-27136
+ RESERVED
+CVE-2021-27134
+ RESERVED
+CVE-2021-27133
+ RESERVED
+CVE-2021-27132
+ RESERVED
+CVE-2021-27131
+ RESERVED
+CVE-2021-27130
+ RESERVED
+CVE-2021-27129
+ RESERVED
+CVE-2021-27128
+ RESERVED
+CVE-2021-27127
+ RESERVED
+CVE-2021-27126
+ RESERVED
+CVE-2021-27125
+ RESERVED
+CVE-2021-27124
+ RESERVED
+CVE-2021-27123
+ RESERVED
+CVE-2021-27122
+ RESERVED
+CVE-2021-27121
+ RESERVED
+CVE-2021-27120
+ RESERVED
+CVE-2021-27119
+ RESERVED
+CVE-2021-27118
+ RESERVED
+CVE-2021-27117
+ RESERVED
+CVE-2021-27116
+ RESERVED
+CVE-2021-27115
+ RESERVED
+CVE-2021-27114
+ RESERVED
+CVE-2021-27113
+ RESERVED
+CVE-2021-27112
+ RESERVED
+CVE-2021-27111
+ RESERVED
+CVE-2021-27110
+ RESERVED
+CVE-2021-27109
+ RESERVED
+CVE-2021-27108
+ RESERVED
+CVE-2021-27107
+ RESERVED
+CVE-2021-27106
+ RESERVED
+CVE-2021-27105
+ RESERVED
CVE-2021-3407
RESERVED
CVE-2021-3406
@@ -328,11 +500,11 @@ CVE-2021-26941
RESERVED
CVE-2021-26940
RESERVED
-CVE-2021-26939
- RESERVED
-CVE-2021-26938
- RESERVED
-CVE-2021-27135
+CVE-2021-26939 (An information disclosure issue exists in henriquedornas 5.2.17 becaus ...)
+ TODO: check
+CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online live cha ...)
+ TODO: check
+CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a denial of ...)
- xterm <unfixed> (bug #982439)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/7
NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366
@@ -361,8 +533,8 @@ CVE-2021-3403
RESERVED
- libytnef <unfixed>
NOTE: https://github.com/Yeraze/ytnef/issues/85
-CVE-2021-26936
- RESERVED
+CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when ...)
+ TODO: check
CVE-2021-26935
RESERVED
CVE-2021-26934
@@ -540,7 +712,7 @@ CVE-2021-26854
CVE-2021-26853
RESERVED
CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended access re ...)
- {DSA-4849-1}
+ {DSA-4849-1 DLA-2554-1}
- firejail 0.9.64.4-1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/08/5
NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
@@ -4525,8 +4697,8 @@ CVE-2021-25253
RESERVED
CVE-2021-25252
RESERVED
-CVE-2021-25251
- RESERVED
+CVE-2021-25251 (The Trend Micro Security 2020 and 2021 families of consumer products a ...)
+ TODO: check
CVE-2021-25250
RESERVED
CVE-2021-25249 (An out-of-bounds write information disclosure vulnerability in Trend M ...)
@@ -7420,28 +7592,28 @@ CVE-2021-23885
RESERVED
CVE-2021-23884
RESERVED
-CVE-2021-23883
- RESERVED
-CVE-2021-23882
- RESERVED
-CVE-2021-23881
- RESERVED
-CVE-2021-23880
- RESERVED
+CVE-2021-23883 (A Null Pointer Dereference vulnerability in McAfee Endpoint Security ( ...)
+ TODO: check
+CVE-2021-23882 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...)
+ TODO: check
+CVE-2021-23881 (A stored cross site scripting vulnerability in ePO extension of McAfee ...)
+ TODO: check
+CVE-2021-23880 (Improper Access Control in attribute in McAfee Endpoint Security (ENS) ...)
+ TODO: check
CVE-2021-23879
RESERVED
-CVE-2021-23878
- RESERVED
+CVE-2021-23878 (Clear text storage of sensitive Information in memory vulnerability in ...)
+ TODO: check
CVE-2021-23877
RESERVED
-CVE-2021-23876
- RESERVED
+CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to ...)
+ TODO: check
CVE-2021-23875
RESERVED
-CVE-2021-23874
- RESERVED
-CVE-2021-23873
- RESERVED
+CVE-2021-23874 (Arbitrary Process Execution vulnerability in McAfee Total Protection ( ...)
+ TODO: check
+CVE-2021-23873 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
+ TODO: check
CVE-2021-23872
RESERVED
CVE-2021-23871
@@ -8923,8 +9095,8 @@ CVE-2021-3035
RESERVED
CVE-2021-3034
RESERVED
-CVE-2021-3033
- RESERVED
+CVE-2021-3033 (An improper verification of cryptographic signature vulnerability exis ...)
+ TODO: check
CVE-2021-3032 (An information exposure through log file vulnerability exists in Palo ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, P ...)
@@ -11119,8 +11291,8 @@ CVE-2021-22135
RESERVED
CVE-2021-22134
RESERVED
-CVE-2021-22133
- RESERVED
+CVE-2021-22133 (The Elastic APM agent for Go versions before 1.11.0 can leak sensitive ...)
+ TODO: check
CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosu ...)
- elasticsearch <removed>
CVE-2021-22131
@@ -14057,8 +14229,8 @@ CVE-2021-21298
RESERVED
CVE-2021-21297
RESERVED
-CVE-2021-21296
- RESERVED
+CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before version 3.7.0 ...)
+ TODO: check
CVE-2021-21295
RESERVED
CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface f ...)
@@ -15625,8 +15797,8 @@ CVE-2021-20656
RESERVED
CVE-2021-20655
RESERVED
-CVE-2021-20654
- RESERVED
+CVE-2021-20654 (Wekan, open source kanban board system, between version 3.12 and 4.11, ...)
+ TODO: check
CVE-2021-20653
RESERVED
CVE-2021-20652 (Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17 ...)
@@ -16227,8 +16399,8 @@ CVE-2021-20355
RESERVED
CVE-2021-20354
RESERVED
-CVE-2021-20353
- RESERVED
+CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ TODO: check
CVE-2021-20352
RESERVED
CVE-2021-20351
@@ -21092,8 +21264,8 @@ CVE-2020-29173
RESERVED
CVE-2020-29172 (A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plug ...)
NOT-FOR-US: LiteSpeed Cache plugin for WordPress
-CVE-2020-29171
- RESERVED
+CVE-2020-29171 (Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklis ...)
+ TODO: check
CVE-2020-29170
RESERVED
CVE-2020-29169
@@ -23376,10 +23548,10 @@ CVE-2020-28598
RESERVED
CVE-2020-28597
RESERVED
-CVE-2020-28596
- RESERVED
-CVE-2020-28595
- RESERVED
+CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...)
+ TODO: check
+CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() ...)
+ TODO: check
CVE-2020-28594
RESERVED
CVE-2020-28593
@@ -25549,60 +25721,43 @@ CVE-2021-0342 (In tun_get_user of tun.c, there is possible memory corruption due
[buster] - linux 4.19.131-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f
-CVE-2021-0341
- RESERVED
+CVE-2021-0341 (In verifyHostName of OkHostnameVerifier.java, there is a possible way ...)
NOT-FOR-US: Android
-CVE-2021-0340
- RESERVED
+CVE-2021-0340 (In parseNextBox of IsoInterface.java, there is a possible leak of unre ...)
NOT-FOR-US: Android
-CVE-2021-0339
- RESERVED
+CVE-2021-0339 (In loadAnimation of WindowContainer.java, there is a possible way to k ...)
NOT-FOR-US: Android
-CVE-2021-0338
- RESERVED
+CVE-2021-0338 (In SystemSettingsValidators, there is a possible permanent denial of s ...)
NOT-FOR-US: Android
-CVE-2021-0337
- RESERVED
+CVE-2021-0337 (In moveInMediaStore of FileSystemProvider.java, there is a possible fi ...)
NOT-FOR-US: Android
-CVE-2021-0336
- RESERVED
+CVE-2021-0336 (In onReceive of BluetoothPermissionRequest.java, there is a possible p ...)
NOT-FOR-US: Android
-CVE-2021-0335
- RESERVED
+CVE-2021-0335 (In process of C2SoftHevcDec.cpp, there is a possible out of bounds wri ...)
NOT-FOR-US: Android media framework
-CVE-2021-0334
- RESERVED
+CVE-2021-0334 (In onTargetSelected of ResolverActivity.java, there is a possible sett ...)
NOT-FOR-US: Android
-CVE-2021-0333
- RESERVED
+CVE-2021-0333 (In onCreate of BluetoothPermissionActivity.java, there is a possible p ...)
NOT-FOR-US: Android
-CVE-2021-0332
- RESERVED
+CVE-2021-0332 (In bootFinished of SurfaceFlinger.cpp, there is a possible memory corr ...)
NOT-FOR-US: Android media framework
-CVE-2021-0331
- RESERVED
+CVE-2021-0331 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...)
NOT-FOR-US: Android
-CVE-2021-0330
- RESERVED
+CVE-2021-0330 (In add_user_ce and remove_user_ce of storaged.cpp, there is a possible ...)
NOT-FOR-US: Android
-CVE-2021-0329
- RESERVED
+CVE-2021-0329 (In several native functions called by AdvertiseManager.java, there is ...)
NOT-FOR-US: Android
-CVE-2021-0328
- RESERVED
+CVE-2021-0328 (In onBatchScanReports and deliverBatchScan of GattService.java, there ...)
NOT-FOR-US: Android
-CVE-2021-0327
- RESERVED
+CVE-2021-0327 (In getContentProviderImpl of ActivityManagerService.java, there is a p ...)
NOT-FOR-US: Android
-CVE-2021-0326 [wpa_supplicant P2P group information processing vulnerability]
- RESERVED
+CVE-2021-0326 (In p2p_copy_client_info of p2p.c, there is a possible out of bounds wr ...)
- wpa 2:2.9.0-17 (bug #981971)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/4
NOTE: https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt
NOTE: https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
NOTE: https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e
-CVE-2021-0325
- RESERVED
+CVE-2021-0325 (In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible o ...)
NOT-FOR-US: Android media framework
CVE-2021-0324
RESERVED
@@ -25625,8 +25780,7 @@ CVE-2021-0316 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible o
NOT-FOR-US: Android
CVE-2021-0315 (In onCreate of GrantCredentialsPermissionActivity.java, there is a pos ...)
NOT-FOR-US: Android
-CVE-2021-0314
- RESERVED
+CVE-2021-0314 (In onCreate of UninstallerActivity, there is a possible way to uninsta ...)
NOT-FOR-US: Android
CVE-2021-0313 (In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slo ...)
NOT-FOR-US: Android
@@ -25648,15 +25802,13 @@ CVE-2021-0307 (In updatePermissionSourcePackage of PermissionManagerService.java
NOT-FOR-US: Android
CVE-2021-0306 (In addAllPermissions of PermissionManagerService.java, there is a poss ...)
NOT-FOR-US: Android
-CVE-2021-0305
- RESERVED
+CVE-2021-0305 (In PackageInstaller, there is a possible tapjacking attack due to an i ...)
NOT-FOR-US: Android
CVE-2021-0304 (In several functions of GlobalScreenshot.java, there is a possible per ...)
NOT-FOR-US: Android
CVE-2021-0303 (In dispatchGraphTerminationMessage() of packages/services/Car/computep ...)
NOT-FOR-US: Android
-CVE-2021-0302
- RESERVED
+CVE-2021-0302 (In PackageInstaller, there is a possible tapjacking attack due to an i ...)
NOT-FOR-US: Android
CVE-2021-0301 (In ged, there is a possible out of bounds write due to a missing bound ...)
NOT-FOR-US: MediaTek components for Android
@@ -26868,16 +27020,16 @@ CVE-2020-27876
RESERVED
CVE-2020-27875
RESERVED
-CVE-2020-27874
- RESERVED
+CVE-2020-27874 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2020-27873 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
NOT-FOR-US: Netgear
CVE-2020-27872 (This vulnerability allows network-adjacent attackers to bypass authent ...)
NOT-FOR-US: Netgear
-CVE-2020-27871
- RESERVED
-CVE-2020-27870
- RESERVED
+CVE-2020-27871 (This vulnerability allows remote attackers to create arbitrary files o ...)
+ TODO: check
+CVE-2020-27870 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
CVE-2020-27869
RESERVED
CVE-2020-27868
@@ -28865,8 +29017,8 @@ CVE-2020-27252 (Medtronic MyCareLink Smart 25000 all versions are vulnerable to
NOT-FOR-US: Medtronic MyCareLink Smart 25000
CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
NOT-FOR-US: FactoryTalk
-CVE-2020-27250
- RESERVED
+CVE-2020-27250 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1 ...)
+ TODO: check
CVE-2020-27249 (A specially crafted document can cause the document parser to copy dat ...)
NOT-FOR-US: SoftMaker
CVE-2020-27248 (A specially crafted document can cause the document parser to copy dat ...)
@@ -31042,8 +31194,8 @@ CVE-2020-26301
RESERVED
CVE-2020-26300
RESERVED
-CVE-2020-26299
- RESERVED
+CVE-2020-26299 (ftp-srv is an open-source FTP server designed to be simple yet configu ...)
+ TODO: check
CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In Redcarpet befo ...)
{DSA-4831-1 DLA-2526-1}
- ruby-redcarpet 3.5.1-1 (bug #980057)
@@ -34581,18 +34733,18 @@ CVE-2020-24844
RESERVED
CVE-2020-24843
RESERVED
-CVE-2020-24842
- RESERVED
+CVE-2020-24842 (PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can e ...)
+ TODO: check
CVE-2020-24841
RESERVED
CVE-2020-24840
RESERVED
CVE-2020-24839
RESERVED
-CVE-2020-24838
- RESERVED
-CVE-2020-24837
- RESERVED
+CVE-2020-24838 (An integer overflow has been found in the the latest version of Issuer ...)
+ TODO: check
+CVE-2020-24837 (An integer underflow has been found in the latest version of ZCFees. T ...)
+ TODO: check
CVE-2020-24836
RESERVED
CVE-2020-24835
@@ -52456,8 +52608,7 @@ CVE-2020-16121 (PackageKit provided detailed error messages to unprivileged call
- packagekit 1.2.1-1 (bug #972229)
[buster] - packagekit <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887
-CVE-2020-16120
- RESERVED
+CVE-2020-16120 (Overlayfs did not properly perform permission checking when copying up ...)
- linux 5.8.7-1
[stretch] - linux <not-affected> (Vulnerable configuration combination not possible)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
@@ -59641,8 +59792,8 @@ CVE-2020-13587
RESERVED
CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...)
TODO: check
-CVE-2020-13585
- RESERVED
+CVE-2020-13585 (An out-of-bounds write vulnerability exists in the PSD Header processi ...)
+ TODO: check
CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
{DSA-4797-1}
- webkit2gtk 2.30.3-1
@@ -59650,32 +59801,32 @@ CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.30.3-1
NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
-CVE-2020-13583
- RESERVED
+CVE-2020-13583 (A denial-of-service vulnerability exists in the HTTP Server functional ...)
+ TODO: check
CVE-2020-13582 (A denial-of-service vulnerability exists in the HTTP Server functional ...)
TODO: check
-CVE-2020-13581
- RESERVED
+CVE-2020-13581 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1 ...)
+ TODO: check
CVE-2020-13580 (An exploitable heap-based buffer overflow vulnerability exists in the ...)
TODO: check
CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the PlanMaker ...)
TODO: check
-CVE-2020-13578
- RESERVED
-CVE-2020-13577
- RESERVED
-CVE-2020-13576
- RESERVED
-CVE-2020-13575
- RESERVED
-CVE-2020-13574
- RESERVED
+CVE-2020-13578 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
+ TODO: check
+CVE-2020-13577 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
+ TODO: check
+CVE-2020-13576 (A code execution vulnerability exists in the WS-Addressing plugin func ...)
+ TODO: check
+CVE-2020-13575 (A denial-of-service vulnerability exists in the WS-Addressing plugin f ...)
+ TODO: check
+CVE-2020-13574 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
+ TODO: check
CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...)
NOT-FOR-US: Rockwell Automation RSLinx Classic
-CVE-2020-13572
- RESERVED
-CVE-2020-13571
- RESERVED
+CVE-2020-13572 (A heap overflow vulnerability exists in the way the GIF parser decodes ...)
+ TODO: check
+CVE-2020-13571 (An out-of-bounds write vulnerability exists in the SGI RLE decompressi ...)
+ TODO: check
CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL function ...)
@@ -59686,16 +59837,16 @@ CVE-2020-13567
RESERVED
CVE-2020-13566
RESERVED
-CVE-2020-13565
- RESERVED
+CVE-2020-13565 (An open redirect vulnerability exists in the return_page redirection f ...)
+ TODO: check
CVE-2020-13564 (A cross-site scripting vulnerability exists in the template functional ...)
TODO: check
CVE-2020-13563 (A cross-site scripting vulnerability exists in the template functional ...)
TODO: check
CVE-2020-13562 (A cross-site scripting vulnerability exists in the template functional ...)
TODO: check
-CVE-2020-13561
- RESERVED
+CVE-2020-13561 (An out-of-bounds write vulnerability exists in the TIFF parser of Accu ...)
+ TODO: check
CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging functi ...)
@@ -59720,12 +59871,12 @@ CVE-2020-13550
RESERVED
CVE-2020-13549
RESERVED
-CVE-2020-13548
- RESERVED
+CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...)
+ TODO: check
CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
-CVE-2020-13546
- RESERVED
+CVE-2020-13546 (In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1 ...)
+ TODO: check
CVE-2020-13545 (An exploitable signed conversion vulnerability exists in the TextMaker ...)
NOT-FOR-US: SoftMaker
CVE-2020-13544 (An exploitable sign extension vulnerability exists in the TextMaker do ...)
@@ -74455,8 +74606,8 @@ CVE-2020-8357
RESERVED
CVE-2020-8356
RESERVED
-CVE-2020-8355
- RESERVED
+CVE-2020-8355 (An internal product security audit of Lenovo XClarity Administrator (L ...)
+ TODO: check
CVE-2020-8354 (A potential vulnerability in the SMI callback function used in the Var ...)
NOT-FOR-US: Lenovo
CVE-2020-8353 (Prior to August 10, 2020, some Lenovo Desktop and Workstation systems ...)
@@ -77842,8 +77993,8 @@ CVE-2020-7023
RESERVED
CVE-2020-7022
RESERVED
-CVE-2020-7021
- RESERVED
+CVE-2020-7021 (Elasticsearch versions before 7.10.0 and 6.8.14 have an information di ...)
+ TODO: check
CVE-2020-7020 (Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disc ...)
- elasticsearch <removed>
CVE-2020-7019 (In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was f ...)
@@ -83345,8 +83496,8 @@ CVE-2020-5025
RESERVED
CVE-2020-5024
RESERVED
-CVE-2020-5023
- RESERVED
+CVE-2020-5023 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote u ...)
+ TODO: check
CVE-2020-5022 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthentica ...)
NOT-FOR-US: IBM
CVE-2020-5021 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate se ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba99701e09faa374474a751f7b2fc2b0de86ef79
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba99701e09faa374474a751f7b2fc2b0de86ef79
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210211/8819616c/attachment.html>
More information about the debian-security-tracker-commits
mailing list