[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 7 20:10:25 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
acf9289d by security tracker role at 2021-01-07T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3108
+ RESERVED
+CVE-2021-3107
+ RESERVED
+CVE-2021-3106
+ RESERVED
+CVE-2021-23238
+ RESERVED
+CVE-2021-23237
+ RESERVED
CVE-2021-3105
RESERVED
CVE-2021-3104
@@ -1098,8 +1108,8 @@ CVE-2020-36179 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36178 (oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 d ...)
NOT-FOR-US: TP-Link
-CVE-2021-3029
- RESERVED
+CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...)
+ TODO: check
CVE-2021-3028
RESERVED
CVE-2021-22696
@@ -2627,8 +2637,8 @@ CVE-2021-3013
RESERVED
CVE-2021-3012
RESERVED
-CVE-2021-3011
- RESERVED
+CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...)
+ TODO: check
CVE-2021-3010
RESERVED
CVE-2021-3009
@@ -8926,12 +8936,10 @@ CVE-2020-35116
RESERVED
CVE-2020-35115
RESERVED
-CVE-2020-35114
- RESERVED
+CVE-2020-35114 (Mozilla developers reported memory safety bugs present in Firefox 83. ...)
- firefox 84.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35114
-CVE-2020-35113
- RESERVED
+CVE-2020-35113 (Mozilla developers reported memory safety bugs present in Firefox 83 a ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -8939,16 +8947,14 @@ CVE-2020-35113
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35113
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35113
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35113
-CVE-2020-35112
- RESERVED
+CVE-2020-35112 (If a user downloaded a file lacking an extension on Windows, and then ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (only affects Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35112
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35112
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112
-CVE-2020-35111
- RESERVED
+CVE-2020-35111 (When an extension with the proxy permission registered to receive < ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -13009,8 +13015,8 @@ CVE-2020-28674
RESERVED
CVE-2020-28673
RESERVED
-CVE-2020-28672
- RESERVED
+CVE-2020-28672 (MonoCMS Blog 1.0 is affected by incorrect access control that can lead ...)
+ TODO: check
CVE-2020-28671
RESERVED
CVE-2020-28670
@@ -17714,8 +17720,7 @@ CVE-2020-27837 (A flaw was found in GDM in versions prior to 3.38.2.1. A race co
CVE-2020-27836
RESERVED
NOT-FOR-US: OpenShift
-CVE-2020-27835 [IB/hfi1: Ensure correct mm is used at all times]
- RESERVED
+CVE-2020-27835 (A use after free in the Linux kernel infiniband hfi1 driver in version ...)
- linux 5.9.15-1
NOTE: https://git.kernel.org/linus/3d2a9d642512c21a12d19b9250e7a835dcb41a79
CVE-2020-27834 [attacker can send the same request over and over again without changing the CSRF token]
@@ -20158,12 +20163,10 @@ CVE-2020-26981
RESERVED
CVE-2020-26980
RESERVED
-CVE-2020-26979
- RESERVED
+CVE-2020-26979 (When a user typed a URL in the address bar or the search bar and quick ...)
- firefox 84.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26979
-CVE-2020-26978
- RESERVED
+CVE-2020-26978 (Using techniques that built on the slipstream research, a malicious we ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -20171,20 +20174,16 @@ CVE-2020-26978
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26978
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26978
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26978
-CVE-2020-26977
- RESERVED
+CVE-2020-26977 (By attempting to connect a website using an unresponsive port, an atta ...)
- firefox <not-affected> (Android specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26977
-CVE-2020-26976
- RESERVED
+CVE-2020-26976 (When a HTTPS pages was embedded in a HTTP page, and there was a servic ...)
- firefox 84.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26976
-CVE-2020-26975
- RESERVED
+CVE-2020-26975 (When a malicious application installed on the user's device broadcast ...)
- firefox <not-affected> (Android specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26975
-CVE-2020-26974
- RESERVED
+CVE-2020-26974 (When flex-basis was used on a table wrapper, a StyleGenericFlexBasis o ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -20192,8 +20191,7 @@ CVE-2020-26974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974
-CVE-2020-26973
- RESERVED
+CVE-2020-26973 (Certain input to the CSS Sanitizer confused it, resulting in incorrect ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -20201,12 +20199,10 @@ CVE-2020-26973
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26973
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26973
-CVE-2020-26972
- RESERVED
+CVE-2020-26972 (The lifecycle of IPC Actors allows managed actors to outlive their man ...)
- firefox 84.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26972
-CVE-2020-26971
- RESERVED
+CVE-2020-26971 (Certain blit values provided by the user were not properly constrained ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -20705,8 +20701,8 @@ CVE-2020-26775
RESERVED
CVE-2020-26774
RESERVED
-CVE-2020-26773
- RESERVED
+CVE-2020-26773 (Restaurant Reservation System 1.0 suffers from an authenticated SQL in ...)
+ TODO: check
CVE-2020-26772
RESERVED
CVE-2020-26771
@@ -20715,8 +20711,8 @@ CVE-2020-26770
RESERVED
CVE-2020-26769
RESERVED
-CVE-2020-26768
- RESERVED
+CVE-2020-26768 (Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scriptin ...)
+ TODO: check
CVE-2020-26767
RESERVED
CVE-2020-26766 (A Cross Site Request Forgery (CSRF) vulnerability exists in the logins ...)
@@ -23234,8 +23230,7 @@ CVE-2020-25682
RESERVED
CVE-2020-25681
RESERVED
-CVE-2020-25680
- RESERVED
+CVE-2020-25680 (A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a ...)
NOT-FOR-US: JBCS httpd
CVE-2020-25679
RESERVED
@@ -23834,8 +23829,8 @@ CVE-2020-25478
RESERVED
CVE-2020-25477
RESERVED
-CVE-2020-25476
- RESERVED
+CVE-2020-25476 (Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cro ...)
+ TODO: check
CVE-2020-25475 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injectio ...)
NOT-FOR-US: SimplePHPscripts News Script PHP Pro
CVE-2020-25474 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site S ...)
@@ -25120,14 +25115,14 @@ CVE-2020-24905
RESERVED
CVE-2020-24904
RESERVED
-CVE-2020-24903
- RESERVED
-CVE-2020-24902
- RESERVED
-CVE-2020-24901
- RESERVED
-CVE-2020-24900
- RESERVED
+CVE-2020-24903 (Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scri ...)
+ TODO: check
+CVE-2020-24902 (Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting ...)
+ TODO: check
+CVE-2020-24901 (The default installation of Krpano Panorama Viewer version <=1.20.8 ...)
+ TODO: check
+CVE-2020-24900 (The default installation of Krpano Panorama Viewer version <=1.20.8 ...)
+ TODO: check
CVE-2020-24899
RESERVED
CVE-2020-24898 (The Table Filter and Charts for Confluence Server app before 5.3.26 (f ...)
@@ -50323,8 +50318,8 @@ CVE-2020-13575
RESERVED
CVE-2020-13574
RESERVED
-CVE-2020-13573
- RESERVED
+CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...)
+ TODO: check
CVE-2020-13572
RESERVED
CVE-2020-13571
@@ -63328,7 +63323,7 @@ CVE-2020-9050
RESERVED
CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web ...)
NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls
-CVE-2020-9048 (A vulnerability in victor Web Client versions up to and including v5.4 ...)
+CVE-2020-9048 (A vulnerability in specified versions of American Dynamics victor Web ...)
NOT-FOR-US: Johnson Controls
CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized ...)
NOT-FOR-US: exacqVision Web Service
@@ -69365,10 +69360,10 @@ CVE-2020-6658
RESERVED
CVE-2020-6657
RESERVED
-CVE-2020-6656
- RESERVED
-CVE-2020-6655
- RESERVED
+CVE-2020-6656 (Eaton's easySoft software v7.20 and prior are susceptible to file pars ...)
+ TODO: check
+CVE-2020-6655 (The Eaton's easySoft software v7.20 and prior are susceptible to Out-o ...)
+ TODO: check
CVE-2020-6654 (A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configu ...)
NOT-FOR-US: Eaton
CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 & prior stores the user l ...)
@@ -74203,20 +74198,20 @@ CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially sens
NOT-FOR-US: IBM
CVE-2020-4899 (IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensit ...)
NOT-FOR-US: IBM
-CVE-2020-4898
- RESERVED
-CVE-2020-4897
- RESERVED
-CVE-2020-4896
- RESERVED
-CVE-2020-4895
- RESERVED
+CVE-2020-4898 (IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expec ...)
+ TODO: check
+CVE-2020-4897 (IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1. ...)
+ TODO: check
+CVE-2020-4896 (IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web ...)
+ TODO: check
+CVE-2020-4895 (IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is ...)
+ TODO: check
CVE-2020-4894
RESERVED
-CVE-2020-4893
- RESERVED
-CVE-2020-4892
- RESERVED
+CVE-2020-4893 (IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 tr ...)
+ TODO: check
+CVE-2020-4892 (IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site sc ...)
+ TODO: check
CVE-2020-4891
RESERVED
CVE-2020-4890
@@ -134069,22 +134064,22 @@ CVE-2018-1000883 (Elixir Plug Plug version All contains a Header Injection vulne
NOT-FOR-US: Elixir Plug, different from src:elixir-lang
CVE-2018-20317
RESERVED
-CVE-2018-20316
- RESERVED
-CVE-2018-20315
- RESERVED
-CVE-2018-20314
- RESERVED
-CVE-2018-20313
- RESERVED
-CVE-2018-20312
- RESERVED
-CVE-2018-20311
- RESERVED
-CVE-2018-20310
- RESERVED
-CVE-2018-20309
- RESERVED
+CVE-2018-20316 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ TODO: check
+CVE-2018-20315 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ TODO: check
+CVE-2018-20314 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ TODO: check
+CVE-2018-20313 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ TODO: check
+CVE-2018-20312 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ TODO: check
+CVE-2018-20311 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ TODO: check
+CVE-2018-20310 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ TODO: check
+CVE-2018-20309 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ TODO: check
CVE-2018-20308
RESERVED
CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a Directory Travers ...)
@@ -143609,8 +143604,8 @@ CVE-2018-19420 (In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads bu
NOT-FOR-US: GetSimpleCMS
CVE-2018-19419
RESERVED
-CVE-2018-19418
- RESERVED
+CVE-2018-19418 (Foxit PDF ActiveX before 5.5.1 allows remote code execution via comman ...)
+ TODO: check
CVE-2018-19417 (An issue was discovered in the MQTT server in Contiki-NG before 4.2. T ...)
NOT-FOR-US: Contiki-NG
CVE-2018-19517 (An issue was discovered in sysstat 12.1.1. The remap_struct function i ...)
@@ -145863,10 +145858,10 @@ CVE-2018-18690 (In the Linux kernel before 4.17, a local attacker able to set at
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199119
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1105025
NOTE: https://git.kernel.org/linus/7b38460dc8e4eafba06c78f8e37099d3b34d473c
-CVE-2018-18689
- RESERVED
-CVE-2018-18688
- RESERVED
+CVE-2018-18689 (The Portable Document Format (PDF) specification does not provide any ...)
+ TODO: check
+CVE-2018-18688 (The Portable Document Format (PDF) specification does not provide any ...)
+ TODO: check
CVE-2018-18687
RESERVED
CVE-2018-18686
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acf9289d3a0d222ed46c4f205845151496e78c04
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acf9289d3a0d222ed46c4f205845151496e78c04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210107/4fd9bde8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list