[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 8 20:11:18 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f344be17 by security tracker role at 2021-01-08T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,65 @@
-CVE-2021-3112
+CVE-2021-3113
+ RESERVED
+CVE-2021-23270
+ RESERVED
+CVE-2021-23269
+ RESERVED
+CVE-2021-23268
+ RESERVED
+CVE-2021-23267
+ RESERVED
+CVE-2021-23266
+ RESERVED
+CVE-2021-23265
+ RESERVED
+CVE-2021-23264
+ RESERVED
+CVE-2021-23263
+ RESERVED
+CVE-2021-23262
+ RESERVED
+CVE-2021-23261
+ RESERVED
+CVE-2021-23260
+ RESERVED
+CVE-2021-23259
+ RESERVED
+CVE-2021-23258
+ RESERVED
+CVE-2021-23257
+ RESERVED
+CVE-2021-23256
+ RESERVED
+CVE-2021-23255
RESERVED
-CVE-2021-3111
+CVE-2021-23254
RESERVED
+CVE-2021-23253
+ RESERVED
+CVE-2021-23252
+ RESERVED
+CVE-2021-23251
+ RESERVED
+CVE-2021-23250
+ RESERVED
+CVE-2021-23249
+ RESERVED
+CVE-2021-23248
+ RESERVED
+CVE-2021-23247
+ RESERVED
+CVE-2021-23246
+ RESERVED
+CVE-2021-23245
+ RESERVED
+CVE-2021-23244
+ RESERVED
+CVE-2021-23243
+ RESERVED
+CVE-2021-3112
+ RESERVED
+CVE-2021-3111 (The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via ...)
+ TODO: check
CVE-2021-3110
RESERVED
CVE-2021-3109
@@ -5566,48 +5624,37 @@ CVE-2021-21118
RESERVED
CVE-2021-21117
RESERVED
-CVE-2021-21116
- RESERVED
+CVE-2021-21116 (Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21115
- RESERVED
+CVE-2021-21115 (User after free in safe browsing in Google Chrome prior to 87.0.4280.1 ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21114
- RESERVED
+CVE-2021-21114 (Use after free in audio in Google Chrome prior to 87.0.4280.141 allowe ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21113
- RESERVED
+CVE-2021-21113 (Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 a ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21112
- RESERVED
+CVE-2021-21112 (Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowe ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21111
- RESERVED
+CVE-2021-21111 (Insufficient policy enforcement in WebUI in Google Chrome prior to 87. ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21110
- RESERVED
+CVE-2021-21110 (Use after free in safe browsing in Google Chrome prior to 87.0.4280.14 ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21109
- RESERVED
+CVE-2021-21109 (Use after free in payments in Google Chrome prior to 87.0.4280.141 all ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21108
- RESERVED
+CVE-2021-21108 (Use after free in media in Google Chrome prior to 87.0.4280.141 allowe ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21107
- RESERVED
+CVE-2021-21107 (Use after free in drag and drop in Google Chrome on Linux prior to 87. ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21106
- RESERVED
+CVE-2021-21106 (Use after free in autofill in Google Chrome prior to 87.0.4280.141 all ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-35626 (An issue was discovered in the PushToWatch extension for MediaWiki thr ...)
@@ -8834,7 +8881,7 @@ CVE-2020-35179
RESERVED
CVE-2020-35178
RESERVED
-CVE-2020-35177 (HashiCorp Vault and Vault Enterprise allowed the enumeration of users ...)
+CVE-2020-35177 (HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enume ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-35176 (In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial a ...)
{DLA-2506-1}
@@ -8932,8 +8979,8 @@ CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2
NOTE: https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2
NOTE: https://github.com/leenooks/phpLDAPadmin/issues/130
TODO: check, unclear that the issue is completely fixed, cf. https://github.com/leenooks/phpLDAPadmin/issues/130#issuecomment-745152260
-CVE-2020-35131
- RESERVED
+CVE-2020-35131 (Cockpit before 0.6.1 allows an attacker to inject custom PHP code and ...)
+ TODO: check
CVE-2020-35130
RESERVED
CVE-2020-35129
@@ -14372,26 +14419,26 @@ CVE-2021-1068
RESERVED
CVE-2021-1067
RESERVED
-CVE-2021-1066
- RESERVED
-CVE-2021-1065
- RESERVED
-CVE-2021-1064
- RESERVED
-CVE-2021-1063
- RESERVED
-CVE-2021-1062
- RESERVED
-CVE-2021-1061
- RESERVED
-CVE-2021-1060
- RESERVED
-CVE-2021-1059
- RESERVED
-CVE-2021-1058
- RESERVED
-CVE-2021-1057
- RESERVED
+CVE-2021-1066 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ TODO: check
+CVE-2021-1065 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ TODO: check
+CVE-2021-1064 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ TODO: check
+CVE-2021-1063 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ TODO: check
+CVE-2021-1062 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ TODO: check
+CVE-2021-1061 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ TODO: check
+CVE-2021-1060 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ TODO: check
+CVE-2021-1059 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ TODO: check
+CVE-2021-1058 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ TODO: check
+CVE-2021-1057 (NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerabilit ...)
+ TODO: check
CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...)
TODO: check
CVE-2021-1055 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
@@ -14620,8 +14667,8 @@ CVE-2020-28470
RESERVED
CVE-2020-28469
RESERVED
-CVE-2020-28468
- RESERVED
+CVE-2020-28468 (This affects the package pwntools before 4.3.1. The shellcraft generat ...)
+ TODO: check
CVE-2020-28467
RESERVED
CVE-2020-28466
@@ -16724,8 +16771,7 @@ CVE-2020-28210 (A CWE-79 Improper Neutralization of Input During Web Page Genera
NOT-FOR-US: EcoStruxure Building Operation WebStation
CVE-2020-28209 (A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStru ...)
NOT-FOR-US: EcoStruxure Building Operation Enterprise Server installer
-CVE-2020-28208
- RESERVED
+CVE-2020-28208 (An email address enumeration vulnerability exists in the password rese ...)
NOT-FOR-US: Rocket.Chat
CVE-2020-28207
RESERVED
@@ -19598,12 +19644,12 @@ CVE-2020-27264
RESERVED
CVE-2020-27263
RESERVED
-CVE-2020-27262
- RESERVED
+CVE-2020-27262 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7. ...)
+ TODO: check
CVE-2020-27261
RESERVED
-CVE-2020-27260
- RESERVED
+CVE-2020-27260 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7. ...)
+ TODO: check
CVE-2020-27259
RESERVED
CVE-2020-27258
@@ -20960,8 +21006,8 @@ CVE-2020-26666
RESERVED
CVE-2020-26665
RESERVED
-CVE-2020-26664
- RESERVED
+CVE-2020-26664 (A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media play ...)
+ TODO: check
CVE-2020-26663
RESERVED
CVE-2020-26662
@@ -22051,8 +22097,8 @@ CVE-2020-26188
RESERVED
CVE-2020-26187
RESERVED
-CVE-2020-26186
- RESERVED
+CVE-2020-26186 (Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS Ru ...)
+ TODO: check
CVE-2020-26185
RESERVED
CVE-2020-26184
@@ -23274,8 +23320,7 @@ CVE-2020-25680 (A flaw was found in JBCS httpd in version 2.4.37 SP3, where it u
NOT-FOR-US: JBCS httpd
CVE-2020-25679
RESERVED
-CVE-2020-25678
- RESERVED
+CVE-2020-25678 (A flaw was found in ceph in versions prior to 16.y.z where ceph stores ...)
- ceph <unfixed>
NOTE: https://tracker.ceph.com/issues/37503
CVE-2020-25677 (Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecu ...)
@@ -40166,12 +40211,12 @@ CVE-2020-17506 (Artica Web Proxy 4.30.00000000 allows remote attacker to bypass
NOT-FOR-US: Artica Web Proxy
CVE-2020-17505 (Artica Web Proxy 4.30.000000 allows an authenticated remote attacker t ...)
NOT-FOR-US: Artica Web Proxy
-CVE-2020-17504
- RESERVED
-CVE-2020-17503
- RESERVED
-CVE-2020-17502
- RESERVED
+CVE-2020-17504 (The NDN-210 has a web administration panel which is made available ove ...)
+ TODO: check
+CVE-2020-17503 (The NDN-210 has a web administration panel which is made available ove ...)
+ TODO: check
+CVE-2020-17502 (Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). ...)
+ TODO: check
CVE-2020-17501
RESERVED
CVE-2020-17500 (Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 P ...)
@@ -43320,16 +43365,14 @@ CVE-2020-16045
RESERVED
CVE-2020-16044
RESERVED
- {DSA-4827-1}
+ {DSA-4827-1 DLA-2521-1}
- firefox 84.0.2-1
- firefox-esr 78.6.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044
-CVE-2020-16043
- RESERVED
+CVE-2020-16043 (Insufficient data validation in networking in Google Chrome prior to 8 ...)
- chromium <unfixed> (bug #979533)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16042
- RESERVED
+CVE-2020-16042 (Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed ...)
{DSA-4824-1 DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -43339,153 +43382,123 @@ CVE-2020-16042
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-16042
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-16042
-CVE-2020-16041
- RESERVED
+CVE-2020-16041 (Out of bounds read in networking in Google Chrome prior to 87.0.4280.8 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16040
- RESERVED
+CVE-2020-16040 (Insufficient data validation in V8 in Google Chrome prior to 87.0.4280 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16039
- RESERVED
+CVE-2020-16039 (Use after free in extensions in Google Chrome prior to 87.0.4280.88 al ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16038
- RESERVED
+CVE-2020-16038 (Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16037
- RESERVED
+CVE-2020-16037 (Use after free in clipboard in Google Chrome prior to 87.0.4280.88 all ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16036
- RESERVED
+CVE-2020-16036 (Inappropriate implementation in cookies in Google Chrome prior to 87.0 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16035
- RESERVED
+CVE-2020-16035 (Insufficient data validation in cros-disks in Google Chrome on ChromeO ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16034
- RESERVED
+CVE-2020-16034 (Inappropriate implementation in WebRTC in Google Chrome prior to 87.0. ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16033
- RESERVED
+CVE-2020-16033 (Inappropriate implementation in WebUSB in Google Chrome prior to 87.0. ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16032
- RESERVED
+CVE-2020-16032 (Insufficient data validation in sharing in Google Chrome prior to 87.0 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16031
- RESERVED
+CVE-2020-16031 (Insufficient data validation in UI in Google Chrome prior to 87.0.4280 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16030
- RESERVED
+CVE-2020-16030 (Insufficient data validation in Blink in Google Chrome prior to 87.0.4 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16029
- RESERVED
+CVE-2020-16029 (Inappropriate implementation in PDFium in Google Chrome prior to 87.0. ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16028
- RESERVED
+CVE-2020-16028 (Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16027
- RESERVED
+CVE-2020-16027 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16026
- RESERVED
+CVE-2020-16026 (Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowe ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16025
- RESERVED
+CVE-2020-16025 (Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280. ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16024
- RESERVED
+CVE-2020-16024 (Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allo ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16023
- RESERVED
+CVE-2020-16023 (Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 all ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16022
- RESERVED
+CVE-2020-16022 (Insufficient policy enforcement in networking in Google Chrome prior t ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16021
- RESERVED
+CVE-2020-16021 (Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.6 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16020
- RESERVED
+CVE-2020-16020 (Inappropriate implementation in cryptohome in Google Chrome on ChromeO ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16019
- RESERVED
+CVE-2020-16019 (Inappropriate implementation in filesystem in Google Chrome on ChromeO ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16018
- RESERVED
+CVE-2020-16018 (Use after free in payments in Google Chrome prior to 87.0.4280.66 allo ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16017
- RESERVED
+CVE-2020-16017 (Use after free in site isolation in Google Chrome prior to 86.0.4240.1 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16016
- RESERVED
+CVE-2020-16016 (Inappropriate implementation in base in Google Chrome prior to 86.0.42 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16015
- RESERVED
+CVE-2020-16015 (Insufficient data validation in WASM in Google Chrome prior to 87.0.42 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16014
- RESERVED
+CVE-2020-16014 (Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16013
- RESERVED
+CVE-2020-16013 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16012
- RESERVED
+CVE-2020-16012 (Side-channel information leakage in graphics in Google Chrome prior to ...)
{DSA-4824-1 DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
@@ -64561,8 +64574,8 @@ CVE-2020-8586
RESERVED
CVE-2020-8585
RESERVED
-CVE-2020-8584
- RESERVED
+CVE-2020-8584 (Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulne ...)
+ TODO: check
CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
NOT-FOR-US: HCI
CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
@@ -66643,8 +66656,8 @@ CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSR
NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
CVE-2020-7795
RESERVED
-CVE-2020-7794
- RESERVED
+CVE-2020-7794 (This affects all versions of package buns. The injection point is loca ...)
+ TODO: check
CVE-2020-7793 (The package ua-parser-js before 0.7.23 are vulnerable to Regular Expre ...)
- node-ua-parser-js 0.7.23+ds-1
NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599
@@ -66669,8 +66682,8 @@ CVE-2020-7786
RESERVED
CVE-2020-7785
RESERVED
-CVE-2020-7784
- RESERVED
+CVE-2020-7784 (This affects all versions of package ts-process-promises. The injectio ...)
+ TODO: check
CVE-2020-7783
RESERVED
CVE-2020-7782
@@ -71733,10 +71746,10 @@ CVE-2020-5807 (An unauthenticated remote attacker can send data to RsvcHost.exe
NOT-FOR-US: FactoryTalk Diagnostics
CVE-2020-5806 (An attacker-controlled memory allocation size can be passed to the C++ ...)
NOT-FOR-US: FactoryTalk
-CVE-2020-5805
- RESERVED
-CVE-2020-5804
- RESERVED
+CVE-2020-5805 (In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored ...)
+ TODO: check
+CVE-2020-5804 (Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path trav ...)
+ TODO: check
CVE-2020-5803 (Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allow ...)
NOT-FOR-US: Marvell QConvergeConsole GUI
CVE-2020-5802 (An attacker-controlled memory allocation size can be passed to the C++ ...)
@@ -74710,16 +74723,16 @@ CVE-2020-4669
RESERVED
CVE-2020-4668
RESERVED
-CVE-2020-4667
- RESERVED
-CVE-2020-4666
- RESERVED
+CVE-2020-4667 (IBM Engineering Requirements Quality Assistant On-Premises could allow ...)
+ TODO: check
+CVE-2020-4666 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...)
+ TODO: check
CVE-2020-4665 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through ...)
NOT-FOR-US: IBM
-CVE-2020-4664
- RESERVED
-CVE-2020-4663
- RESERVED
+CVE-2020-4664 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...)
+ TODO: check
+CVE-2020-4663 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...)
+ TODO: check
CVE-2020-4662 (IBM Event Streams 10.0.0 could allow an authenticated user to perform ...)
NOT-FOR-US: IBM
CVE-2020-4661 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
@@ -74832,8 +74845,8 @@ CVE-2020-4608
RESERVED
CVE-2020-4607 (IBM Security Secret Server (IBM Security Verify Privilege Vault Remote ...)
NOT-FOR-US: IBM
-CVE-2020-4606
- RESERVED
+CVE-2020-4606 (IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML Ext ...)
+ TODO: check
CVE-2020-4605
RESERVED
CVE-2020-4604
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f344be17f8b1eecb4622d048dcb5a182a42f9f75
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f344be17f8b1eecb4622d048dcb5a182a42f9f75
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210108/223353dd/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list