[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jan 8 08:10:20 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca6ea65d by security tracker role at 2021-01-08T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-3112
+	RESERVED
+CVE-2021-3111
+	RESERVED
+CVE-2021-3110
+	RESERVED
+CVE-2021-3109
+	RESERVED
+CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../  ...)
+	TODO: check
+CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../  ...)
+	TODO: check
+CVE-2021-23240
+	RESERVED
+CVE-2021-23239
+	RESERVED
 CVE-2021-3108
 	RESERVED
 CVE-2021-3107
@@ -1139,8 +1155,8 @@ CVE-2021-3027
 	RESERVED
 CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...)
 	NOT-FOR-US: Invision Community IPS Community Suite
-CVE-2021-3025
-	RESERVED
+CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injec ...)
+	TODO: check
 CVE-2021-22695
 	RESERVED
 CVE-2021-22694
@@ -3822,10 +3838,10 @@ CVE-2020-36051 (Directory traversal vulnerability in page_edit.php in MiniCMS V1
 	NOT-FOR-US: MiniCMS
 CVE-2020-36050
 	RESERVED
-CVE-2020-36049
-	RESERVED
-CVE-2020-36048
-	RESERVED
+CVE-2020-36049 (socket.io-parser before 3.4.1 allows attackers to cause a denial of se ...)
+	TODO: check
+CVE-2020-36048 (Engine.IO before 4.0.0 allows attackers to cause a denial of service ( ...)
+	TODO: check
 CVE-2020-36047
 	RESERVED
 CVE-2020-36046
@@ -4628,8 +4644,8 @@ CVE-2020-35747
 	RESERVED
 CVE-2020-35746
 	RESERVED
-CVE-2020-35745
-	RESERVED
+CVE-2020-35745 (PHPGURUKUL Hospital Management System V 4.0 does not properly restrict ...)
+	TODO: check
 CVE-2020-35744
 	RESERVED
 CVE-2020-35743 (HGiga MailSherlock contains a SQL injection flaw. Attackers can inject ...)
@@ -14358,18 +14374,18 @@ CVE-2021-1058
 	RESERVED
 CVE-2021-1057
 	RESERVED
-CVE-2021-1056
-	RESERVED
-CVE-2021-1055
-	RESERVED
-CVE-2021-1054
-	RESERVED
-CVE-2021-1053
-	RESERVED
-CVE-2021-1052
-	RESERVED
-CVE-2021-1051
-	RESERVED
+CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...)
+	TODO: check
+CVE-2021-1055 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
+	TODO: check
+CVE-2021-1054 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
+	TODO: check
+CVE-2021-1053 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
+	TODO: check
+CVE-2021-1052 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
+	TODO: check
+CVE-2021-1051 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
+	TODO: check
 CVE-2020-28576 (An improper access control information disclosure vulnerability in Tre ...)
 	NOT-FOR-US: Trend Micro
 CVE-2020-28575 (A heap-based buffer overflow privilege escalation vulnerability in Tre ...)
@@ -21841,12 +21857,12 @@ CVE-2020-26261 (jupyterhub-systemdspawner enables JupyterHub to spawn single-use
 CVE-2020-26260 (BookStack is a platform for storing and organising information and doc ...)
 	NOT-FOR-US: BookStack
 CVE-2020-26259 (XStream is a Java library to serialize objects to XML and back again.  ...)
-	{DLA-2507-1}
+	{DSA-4828-1 DLA-2507-1}
 	- libxstream-java 1.4.15-1 (bug #977624)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-jfvx-7wrx-43fh
 	NOTE: https://x-stream.github.io/CVE-2020-26259.html
 CVE-2020-26258 (XStream is a Java library to serialize objects to XML and back again.  ...)
-	{DLA-2507-1}
+	{DSA-4828-1 DLA-2507-1}
 	- libxstream-java 1.4.15-1 (bug #977625)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28
 	NOTE: https://x-stream.github.io/CVE-2020-26258.html
@@ -22567,8 +22583,8 @@ CVE-2020-25952 (SQL injection vulnerability in PHPGurukul User Registration &amp
 	NOT-FOR-US: PHPGurukul
 CVE-2020-25951
 	RESERVED
-CVE-2020-25950
-	RESERVED
+CVE-2020-25950 (Advanced Webhost Billing System 3.7.0 is affected by Cross Site Reques ...)
+	TODO: check
 CVE-2020-25949
 	RESERVED
 CVE-2020-25948
@@ -25824,8 +25840,8 @@ CVE-2020-24579 (An issue was discovered on D-Link DSL-2888A devices with firmwar
 	NOT-FOR-US: D-Link
 CVE-2020-24578 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
 	NOT-FOR-US: D-Link
-CVE-2020-24577
-	RESERVED
+CVE-2020-24577 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
+	TODO: check
 CVE-2020-24576
 	RESERVED
 CVE-2020-24575
@@ -40136,8 +40152,8 @@ CVE-2020-17502
 	RESERVED
 CVE-2020-17501
 	RESERVED
-CVE-2020-17500
-	RESERVED
+CVE-2020-17500 (Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 P ...)
+	TODO: check
 CVE-2020-17499
 	RESERVED
 CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...)
@@ -43282,6 +43298,7 @@ CVE-2020-16045
 	RESERVED
 CVE-2020-16044
 	RESERVED
+	{DSA-4827-1}
 	- firefox 84.0.2-1
 	- firefox-esr 78.6.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044
@@ -50566,14 +50583,14 @@ CVE-2020-13454
 	RESERVED
 CVE-2020-13453
 	RESERVED
-CVE-2020-13452
-	RESERVED
-CVE-2020-13451
-	RESERVED
-CVE-2020-13450
-	RESERVED
-CVE-2020-13449
-	RESERVED
+CVE-2020-13452 (In Gotenberg through 6.2.1, insecure permissions for tini (writable by ...)
+	TODO: check
+CVE-2020-13451 (An incomplete-cleanup vulnerability in the Office rendering engine of  ...)
+	TODO: check
+CVE-2020-13450 (A directory traversal vulnerability in file upload function of Gotenbe ...)
+	TODO: check
+CVE-2020-13449 (A directory traversal vulnerability in the Markdown engine of Gotenber ...)
+	TODO: check
 CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...)
 	NOT-FOR-US: QuickBox
 CVE-2020-13447
@@ -87645,10 +87662,10 @@ CVE-2019-18645 (The quarantine restoration function in Total Defense Anti-virus
 	NOT-FOR-US: Total Defense Anti-virus
 CVE-2019-18644 (The malware scan function in Total Defense Anti-virus 11.5.2.28 is vul ...)
 	NOT-FOR-US: Total Defense Anti-virus
-CVE-2019-18643
-	RESERVED
-CVE-2019-18642
-	RESERVED
+CVE-2019-18643 (Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to pr ...)
+	TODO: check
+CVE-2019-18642 (Rock RMS version before 8.6 is vulnerable to account takeover by tampe ...)
+	TODO: check
 CVE-2019-18641 (Rock RMS before 1.8.6 mishandles vCard access control within the Peopl ...)
 	NOT-FOR-US: Rock RMS
 CVE-2019-18640
@@ -165974,7 +165991,7 @@ CVE-2018-11213 (An issue was discovered in libjpeg 9a. The get_text_gray_row fun
 	- libjpeg9 1:9c-1 (low; bug #902176)
 	- libjpeg-turbo 1:1.4.2-1
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
-CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray function in jm ...)
+CVE-2018-11212 (An issue was discovered in libjpeg 9a and 9d. The alloc_sarray functio ...)
 	{DLA-1638-1}
 	- libjpeg9 1:9c-1 (low; bug #902176)
 	- libjpeg-turbo 1:1.4.2-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6ea65d378ea994a9a3550cd59675e83f2d3368

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6ea65d378ea994a9a3550cd59675e83f2d3368
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210108/0ce6e905/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list