[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 5 08:10:25 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7db2ddec by security tracker role at 2021-01-05T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,389 @@
+CVE-2021-3019 (ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.p ...)
+ TODO: check
+CVE-2021-3018 (ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an un ...)
+ TODO: check
+CVE-2021-3017
+ RESERVED
+CVE-2021-3016
+ RESERVED
+CVE-2021-3015
+ RESERVED
+CVE-2021-22159
+ RESERVED
+CVE-2021-22158
+ RESERVED
+CVE-2021-22157
+ RESERVED
+CVE-2021-22156
+ RESERVED
+CVE-2021-22155
+ RESERVED
+CVE-2021-22154
+ RESERVED
+CVE-2021-22153
+ RESERVED
+CVE-2021-22152
+ RESERVED
+CVE-2021-22151
+ RESERVED
+CVE-2021-22150
+ RESERVED
+CVE-2021-22149
+ RESERVED
+CVE-2021-22148
+ RESERVED
+CVE-2021-22147
+ RESERVED
+CVE-2021-22146
+ RESERVED
+CVE-2021-22145
+ RESERVED
+CVE-2021-22144
+ RESERVED
+CVE-2021-22143
+ RESERVED
+CVE-2021-22142
+ RESERVED
+CVE-2021-22141
+ RESERVED
+CVE-2021-22140
+ RESERVED
+CVE-2021-22139
+ RESERVED
+CVE-2021-22138
+ RESERVED
+CVE-2021-22137
+ RESERVED
+CVE-2021-22136
+ RESERVED
+CVE-2021-22135
+ RESERVED
+CVE-2021-22134
+ RESERVED
+CVE-2021-22133
+ RESERVED
+CVE-2021-22132
+ RESERVED
+CVE-2021-22131
+ RESERVED
+CVE-2021-22130
+ RESERVED
+CVE-2021-22129
+ RESERVED
+CVE-2021-22128
+ RESERVED
+CVE-2021-22127
+ RESERVED
+CVE-2021-22126
+ RESERVED
+CVE-2021-22125
+ RESERVED
+CVE-2021-22124
+ RESERVED
+CVE-2021-22123
+ RESERVED
+CVE-2021-22122
+ RESERVED
+CVE-2021-22121
+ RESERVED
+CVE-2021-22120
+ RESERVED
+CVE-2021-22119
+ RESERVED
+CVE-2021-22118
+ RESERVED
+CVE-2021-22117
+ RESERVED
+CVE-2021-22116
+ RESERVED
+CVE-2021-22115
+ RESERVED
+CVE-2021-22114
+ RESERVED
+CVE-2021-22113
+ RESERVED
+CVE-2021-22112
+ RESERVED
+CVE-2021-22111
+ RESERVED
+CVE-2021-22110
+ RESERVED
+CVE-2021-22109
+ RESERVED
+CVE-2021-22108
+ RESERVED
+CVE-2021-22107
+ RESERVED
+CVE-2021-22106
+ RESERVED
+CVE-2021-22105
+ RESERVED
+CVE-2021-22104
+ RESERVED
+CVE-2021-22103
+ RESERVED
+CVE-2021-22102
+ RESERVED
+CVE-2021-22101
+ RESERVED
+CVE-2021-22100
+ RESERVED
+CVE-2021-22099
+ RESERVED
+CVE-2021-22098
+ RESERVED
+CVE-2021-22097
+ RESERVED
+CVE-2021-22096
+ RESERVED
+CVE-2021-22095
+ RESERVED
+CVE-2021-22094
+ RESERVED
+CVE-2021-22093
+ RESERVED
+CVE-2021-22092
+ RESERVED
+CVE-2021-22091
+ RESERVED
+CVE-2021-22090
+ RESERVED
+CVE-2021-22089
+ RESERVED
+CVE-2021-22088
+ RESERVED
+CVE-2021-22087
+ RESERVED
+CVE-2021-22086
+ RESERVED
+CVE-2021-22085
+ RESERVED
+CVE-2021-22084
+ RESERVED
+CVE-2021-22083
+ RESERVED
+CVE-2021-22082
+ RESERVED
+CVE-2021-22081
+ RESERVED
+CVE-2021-22080
+ RESERVED
+CVE-2021-22079
+ RESERVED
+CVE-2021-22078
+ RESERVED
+CVE-2021-22077
+ RESERVED
+CVE-2021-22076
+ RESERVED
+CVE-2021-22075
+ RESERVED
+CVE-2021-22074
+ RESERVED
+CVE-2021-22073
+ RESERVED
+CVE-2021-22072
+ RESERVED
+CVE-2021-22071
+ RESERVED
+CVE-2021-22070
+ RESERVED
+CVE-2021-22069
+ RESERVED
+CVE-2021-22068
+ RESERVED
+CVE-2021-22067
+ RESERVED
+CVE-2021-22066
+ RESERVED
+CVE-2021-22065
+ RESERVED
+CVE-2021-22064
+ RESERVED
+CVE-2021-22063
+ RESERVED
+CVE-2021-22062
+ RESERVED
+CVE-2021-22061
+ RESERVED
+CVE-2021-22060
+ RESERVED
+CVE-2021-22059
+ RESERVED
+CVE-2021-22058
+ RESERVED
+CVE-2021-22057
+ RESERVED
+CVE-2021-22056
+ RESERVED
+CVE-2021-22055
+ RESERVED
+CVE-2021-22054
+ RESERVED
+CVE-2021-22053
+ RESERVED
+CVE-2021-22052
+ RESERVED
+CVE-2021-22051
+ RESERVED
+CVE-2021-22050
+ RESERVED
+CVE-2021-22049
+ RESERVED
+CVE-2021-22048
+ RESERVED
+CVE-2021-22047
+ RESERVED
+CVE-2021-22046
+ RESERVED
+CVE-2021-22045
+ RESERVED
+CVE-2021-22044
+ RESERVED
+CVE-2021-22043
+ RESERVED
+CVE-2021-22042
+ RESERVED
+CVE-2021-22041
+ RESERVED
+CVE-2021-22040
+ RESERVED
+CVE-2021-22039
+ RESERVED
+CVE-2021-22038
+ RESERVED
+CVE-2021-22037
+ RESERVED
+CVE-2021-22036
+ RESERVED
+CVE-2021-22035
+ RESERVED
+CVE-2021-22034
+ RESERVED
+CVE-2021-22033
+ RESERVED
+CVE-2021-22032
+ RESERVED
+CVE-2021-22031
+ RESERVED
+CVE-2021-22030
+ RESERVED
+CVE-2021-22029
+ RESERVED
+CVE-2021-22028
+ RESERVED
+CVE-2021-22027
+ RESERVED
+CVE-2021-22026
+ RESERVED
+CVE-2021-22025
+ RESERVED
+CVE-2021-22024
+ RESERVED
+CVE-2021-22023
+ RESERVED
+CVE-2021-22022
+ RESERVED
+CVE-2021-22021
+ RESERVED
+CVE-2021-22020
+ RESERVED
+CVE-2021-22019
+ RESERVED
+CVE-2021-22018
+ RESERVED
+CVE-2021-22017
+ RESERVED
+CVE-2021-22016
+ RESERVED
+CVE-2021-22015
+ RESERVED
+CVE-2021-22014
+ RESERVED
+CVE-2021-22013
+ RESERVED
+CVE-2021-22012
+ RESERVED
+CVE-2021-22011
+ RESERVED
+CVE-2021-22010
+ RESERVED
+CVE-2021-22009
+ RESERVED
+CVE-2021-22008
+ RESERVED
+CVE-2021-22007
+ RESERVED
+CVE-2021-22006
+ RESERVED
+CVE-2021-22005
+ RESERVED
+CVE-2021-22004
+ RESERVED
+CVE-2021-22003
+ RESERVED
+CVE-2021-22002
+ RESERVED
+CVE-2021-22001
+ RESERVED
+CVE-2021-22000
+ RESERVED
+CVE-2021-21999
+ RESERVED
+CVE-2021-21998
+ RESERVED
+CVE-2021-21997
+ RESERVED
+CVE-2021-21996
+ RESERVED
+CVE-2021-21995
+ RESERVED
+CVE-2021-21994
+ RESERVED
+CVE-2021-21993
+ RESERVED
+CVE-2021-21992
+ RESERVED
+CVE-2021-21991
+ RESERVED
+CVE-2021-21990
+ RESERVED
+CVE-2021-21989
+ RESERVED
+CVE-2021-21988
+ RESERVED
+CVE-2021-21987
+ RESERVED
+CVE-2021-21986
+ RESERVED
+CVE-2021-21985
+ RESERVED
+CVE-2021-21984
+ RESERVED
+CVE-2021-21983
+ RESERVED
+CVE-2021-21982
+ RESERVED
+CVE-2021-21981
+ RESERVED
+CVE-2021-21980
+ RESERVED
+CVE-2021-21979
+ RESERVED
+CVE-2021-21978
+ RESERVED
+CVE-2021-21977
+ RESERVED
+CVE-2021-21976
+ RESERVED
+CVE-2021-21975
+ RESERVED
+CVE-2021-21974
+ RESERVED
+CVE-2021-21973
+ RESERVED
+CVE-2021-21972
+ RESERVED
CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...)
NOT-FOR-US: MikroTik RouterOS
CVE-2021-3013
@@ -964,7 +1350,7 @@ CVE-2021-21497
RESERVED
CVE-2021-21496
RESERVED
-CVE-2020-36158 [mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start]
+CVE-2020-36158 (mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifie ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/5c455c5ab332773464d02ba17015acdca198f03d (5.11-rc1)
CVE-2020-36157 (An issue was discovered in the Ultimate Member plugin before 2.1.12 fo ...)
@@ -8273,22 +8659,22 @@ CVE-2020-29500
RESERVED
CVE-2020-29499
RESERVED
-CVE-2020-29498
- RESERVED
-CVE-2020-29497
- RESERVED
-CVE-2020-29496
- RESERVED
+CVE-2020-29498 (Dell Wyse Management Suite versions prior to 3.1 contain an open redir ...)
+ TODO: check
+CVE-2020-29497 (Dell Wyse Management Suite versions prior to 3.1 contain a stored cros ...)
+ TODO: check
+CVE-2020-29496 (Dell Wyse Management Suite versions prior to 3.1 contain a stored cros ...)
+ TODO: check
CVE-2020-29495
RESERVED
CVE-2020-29494
RESERVED
CVE-2020-29493
RESERVED
-CVE-2020-29492
- RESERVED
-CVE-2020-29491
- RESERVED
+CVE-2020-29492 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...)
+ TODO: check
+CVE-2020-29491 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...)
+ TODO: check
CVE-2020-29490
RESERVED
CVE-2020-29489
@@ -42521,7 +42907,7 @@ CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9
[stretch] - libvncserver <ignored> (Required change too invasive, minor issue)
NOTE: https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433
NOTE: https://www.openwall.com/lists/oss-security/2020/06/30/2
-CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/m ...)
+CVE-2020-15393 (In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/u ...)
{DLA-2420-1 DLA-2323-1}
- linux 5.7.10-1
[buster] - linux 4.19.131-1
@@ -46479,7 +46865,7 @@ CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214.
NOT-FOR-US: DD-WRT
CVE-2020-13975
RESERVED
-CVE-2020-13974 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.7 ...)
+CVE-2020-13974 (An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers ...)
{DLA-2323-1}
- linux 5.7.6-1
[buster] - linux 4.19.131-1
@@ -46658,7 +47044,7 @@ CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation startin
NOT-FOR-US: IrfanView
CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
NOT-FOR-US: IrfanView
-CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an ...)
+CVE-2020-13904 (FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duratio ...)
{DSA-4722-1 DLA-2291-1}
- ffmpeg 7:4.3.1-1
NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/
@@ -47117,7 +47503,7 @@ CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could allo
NOT-FOR-US: Mitel
CVE-2020-13766
RESERVED
-CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the rel ...)
+CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate ...)
{DSA-4728-1 DLA-2288-1 DLA-2262-1}
- qemu 1:4.2-1
NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6
@@ -50914,7 +51300,7 @@ CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, th
NOT-FOR-US: Octopus Deploy
CVE-2020-12285
RESERVED
-CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a ...)
+CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2 ...)
{DSA-4722-1}
- ffmpeg 7:4.2.3-1
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -52533,7 +52919,7 @@ CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nod
NOT-FOR-US: OpenNMS
CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...)
NOT-FOR-US: WSO2 Enterprise Integrator
-CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code execution ...)
+CVE-2020-11884 (In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code exec ...)
{DSA-4667-1}
- linux 5.6.7-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -59830,7 +60216,7 @@ CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 becaus
- zint <not-affected> (Fixed with initial upload to archive)
CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...)
NOT-FOR-US: Subex
-CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...)
+CVE-2020-9383 (An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fd ...)
{DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
@@ -69950,8 +70336,8 @@ CVE-2020-5363 (Select Dell Client Consumer and Commercial platforms include an i
NOT-FOR-US: Dell
CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an improper auth ...)
NOT-FOR-US: Dell
-CVE-2020-5361
- RESERVED
+CVE-2020-5361 (Select Dell Client Commercial and Consumer platforms support a BIOS pa ...)
+ TODO: check
CVE-2020-5360 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable ...)
NOT-FOR-US: Dell
CVE-2020-5359 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable ...)
@@ -114221,7 +114607,7 @@ CVE-2019-9723 (LogicalDOC Community Edition 8.x before 8.2.1 has a path traversa
NOT-FOR-US: LogicalDOC
CVE-2019-9722
RESERVED
-CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 4.1 allows attac ...)
+CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allo ...)
- ffmpeg 7:4.1.3-1 (bug #926666)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65
@@ -172966,7 +173352,7 @@ CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample
NOT-FOR-US: OPC UA .NET
CVE-2018-7558
RESERVED
-CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
+CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 thro ...)
{DSA-4249-1 DLA-1630-1}
- ffmpeg 7:3.4.3-1
- libav <removed>
@@ -211910,7 +212296,7 @@ CVE-2017-11720 (There is a division-by-zero vulnerability in LAME 3.99.5, caused
[wheezy] - lame 3.99.5+repack1-3+deb7u1
NOTE: https://sourceforge.net/p/lame/bugs/460/
NOTE: Duplicate/same as: https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/
-CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg th ...)
+CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3. ...)
{DSA-3957-1}
- ffmpeg 7:3.3.3-1
- libav <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7db2ddec8ee1e62e531b98ee3881b4ea883afeb9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7db2ddec8ee1e62e531b98ee3881b4ea883afeb9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210105/05fa91db/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list