[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jan 8 20:11:18 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f344be17 by security tracker role at 2021-01-08T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,65 @@
-CVE-2021-3112
+CVE-2021-3113
+	RESERVED
+CVE-2021-23270
+	RESERVED
+CVE-2021-23269
+	RESERVED
+CVE-2021-23268
+	RESERVED
+CVE-2021-23267
+	RESERVED
+CVE-2021-23266
+	RESERVED
+CVE-2021-23265
+	RESERVED
+CVE-2021-23264
+	RESERVED
+CVE-2021-23263
+	RESERVED
+CVE-2021-23262
+	RESERVED
+CVE-2021-23261
+	RESERVED
+CVE-2021-23260
+	RESERVED
+CVE-2021-23259
+	RESERVED
+CVE-2021-23258
+	RESERVED
+CVE-2021-23257
+	RESERVED
+CVE-2021-23256
+	RESERVED
+CVE-2021-23255
 	RESERVED
-CVE-2021-3111
+CVE-2021-23254
 	RESERVED
+CVE-2021-23253
+	RESERVED
+CVE-2021-23252
+	RESERVED
+CVE-2021-23251
+	RESERVED
+CVE-2021-23250
+	RESERVED
+CVE-2021-23249
+	RESERVED
+CVE-2021-23248
+	RESERVED
+CVE-2021-23247
+	RESERVED
+CVE-2021-23246
+	RESERVED
+CVE-2021-23245
+	RESERVED
+CVE-2021-23244
+	RESERVED
+CVE-2021-23243
+	RESERVED
+CVE-2021-3112
+	RESERVED
+CVE-2021-3111 (The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via ...)
+	TODO: check
 CVE-2021-3110
 	RESERVED
 CVE-2021-3109
@@ -5566,48 +5624,37 @@ CVE-2021-21118
 	RESERVED
 CVE-2021-21117
 	RESERVED
-CVE-2021-21116
-	RESERVED
+CVE-2021-21116 (Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141  ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21115
-	RESERVED
+CVE-2021-21115 (User after free in safe browsing in Google Chrome prior to 87.0.4280.1 ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21114
-	RESERVED
+CVE-2021-21114 (Use after free in audio in Google Chrome prior to 87.0.4280.141 allowe ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21113
-	RESERVED
+CVE-2021-21113 (Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 a ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21112
-	RESERVED
+CVE-2021-21112 (Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowe ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21111
-	RESERVED
+CVE-2021-21111 (Insufficient policy enforcement in WebUI in Google Chrome prior to 87. ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21110
-	RESERVED
+CVE-2021-21110 (Use after free in safe browsing in Google Chrome prior to 87.0.4280.14 ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21109
-	RESERVED
+CVE-2021-21109 (Use after free in payments in Google Chrome prior to 87.0.4280.141 all ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21108
-	RESERVED
+CVE-2021-21108 (Use after free in media in Google Chrome prior to 87.0.4280.141 allowe ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21107
-	RESERVED
+CVE-2021-21107 (Use after free in drag and drop in Google Chrome on Linux prior to 87. ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21106
-	RESERVED
+CVE-2021-21106 (Use after free in autofill in Google Chrome prior to 87.0.4280.141 all ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-35626 (An issue was discovered in the PushToWatch extension for MediaWiki thr ...)
@@ -8834,7 +8881,7 @@ CVE-2020-35179
 	RESERVED
 CVE-2020-35178
 	RESERVED
-CVE-2020-35177 (HashiCorp Vault and Vault Enterprise allowed the enumeration of users  ...)
+CVE-2020-35177 (HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enume ...)
 	NOT-FOR-US: HashiCorp Vault
 CVE-2020-35176 (In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial a ...)
 	{DLA-2506-1}
@@ -8932,8 +8979,8 @@ CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2
 	NOTE: https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2
 	NOTE: https://github.com/leenooks/phpLDAPadmin/issues/130
 	TODO: check, unclear that the issue is completely fixed, cf. https://github.com/leenooks/phpLDAPadmin/issues/130#issuecomment-745152260
-CVE-2020-35131
-	RESERVED
+CVE-2020-35131 (Cockpit before 0.6.1 allows an attacker to inject custom PHP code and  ...)
+	TODO: check
 CVE-2020-35130
 	RESERVED
 CVE-2020-35129
@@ -14372,26 +14419,26 @@ CVE-2021-1068
 	RESERVED
 CVE-2021-1067
 	RESERVED
-CVE-2021-1066
-	RESERVED
-CVE-2021-1065
-	RESERVED
-CVE-2021-1064
-	RESERVED
-CVE-2021-1063
-	RESERVED
-CVE-2021-1062
-	RESERVED
-CVE-2021-1061
-	RESERVED
-CVE-2021-1060
-	RESERVED
-CVE-2021-1059
-	RESERVED
-CVE-2021-1058
-	RESERVED
-CVE-2021-1057
-	RESERVED
+CVE-2021-1066 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+	TODO: check
+CVE-2021-1065 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+	TODO: check
+CVE-2021-1064 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+	TODO: check
+CVE-2021-1063 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+	TODO: check
+CVE-2021-1062 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+	TODO: check
+CVE-2021-1061 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+	TODO: check
+CVE-2021-1060 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+	TODO: check
+CVE-2021-1059 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+	TODO: check
+CVE-2021-1058 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+	TODO: check
+CVE-2021-1057 (NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerabilit ...)
+	TODO: check
 CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...)
 	TODO: check
 CVE-2021-1055 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
@@ -14620,8 +14667,8 @@ CVE-2020-28470
 	RESERVED
 CVE-2020-28469
 	RESERVED
-CVE-2020-28468
-	RESERVED
+CVE-2020-28468 (This affects the package pwntools before 4.3.1. The shellcraft generat ...)
+	TODO: check
 CVE-2020-28467
 	RESERVED
 CVE-2020-28466
@@ -16724,8 +16771,7 @@ CVE-2020-28210 (A CWE-79 Improper Neutralization of Input During Web Page Genera
 	NOT-FOR-US: EcoStruxure Building Operation WebStation
 CVE-2020-28209 (A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStru ...)
 	NOT-FOR-US: EcoStruxure Building Operation Enterprise Server installer
-CVE-2020-28208
-	RESERVED
+CVE-2020-28208 (An email address enumeration vulnerability exists in the password rese ...)
 	NOT-FOR-US: Rocket.Chat
 CVE-2020-28207
 	RESERVED
@@ -19598,12 +19644,12 @@ CVE-2020-27264
 	RESERVED
 CVE-2020-27263
 	RESERVED
-CVE-2020-27262
-	RESERVED
+CVE-2020-27262 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7. ...)
+	TODO: check
 CVE-2020-27261
 	RESERVED
-CVE-2020-27260
-	RESERVED
+CVE-2020-27260 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7. ...)
+	TODO: check
 CVE-2020-27259
 	RESERVED
 CVE-2020-27258
@@ -20960,8 +21006,8 @@ CVE-2020-26666
 	RESERVED
 CVE-2020-26665
 	RESERVED
-CVE-2020-26664
-	RESERVED
+CVE-2020-26664 (A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media play ...)
+	TODO: check
 CVE-2020-26663
 	RESERVED
 CVE-2020-26662
@@ -22051,8 +22097,8 @@ CVE-2020-26188
 	RESERVED
 CVE-2020-26187
 	RESERVED
-CVE-2020-26186
-	RESERVED
+CVE-2020-26186 (Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS Ru ...)
+	TODO: check
 CVE-2020-26185
 	RESERVED
 CVE-2020-26184
@@ -23274,8 +23320,7 @@ CVE-2020-25680 (A flaw was found in JBCS httpd in version 2.4.37 SP3, where it u
 	NOT-FOR-US: JBCS httpd
 CVE-2020-25679
 	RESERVED
-CVE-2020-25678
-	RESERVED
+CVE-2020-25678 (A flaw was found in ceph in versions prior to 16.y.z where ceph stores ...)
 	- ceph <unfixed>
 	NOTE: https://tracker.ceph.com/issues/37503
 CVE-2020-25677 (Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecu ...)
@@ -40166,12 +40211,12 @@ CVE-2020-17506 (Artica Web Proxy 4.30.00000000 allows remote attacker to bypass
 	NOT-FOR-US: Artica Web Proxy
 CVE-2020-17505 (Artica Web Proxy 4.30.000000 allows an authenticated remote attacker t ...)
 	NOT-FOR-US: Artica Web Proxy
-CVE-2020-17504
-	RESERVED
-CVE-2020-17503
-	RESERVED
-CVE-2020-17502
-	RESERVED
+CVE-2020-17504 (The NDN-210 has a web administration panel which is made available ove ...)
+	TODO: check
+CVE-2020-17503 (The NDN-210 has a web administration panel which is made available ove ...)
+	TODO: check
+CVE-2020-17502 (Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4).  ...)
+	TODO: check
 CVE-2020-17501
 	RESERVED
 CVE-2020-17500 (Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 P ...)
@@ -43320,16 +43365,14 @@ CVE-2020-16045
 	RESERVED
 CVE-2020-16044
 	RESERVED
-	{DSA-4827-1}
+	{DSA-4827-1 DLA-2521-1}
 	- firefox 84.0.2-1
 	- firefox-esr 78.6.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044
-CVE-2020-16043
-	RESERVED
+CVE-2020-16043 (Insufficient data validation in networking in Google Chrome prior to 8 ...)
 	- chromium <unfixed> (bug #979533)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16042
-	RESERVED
+CVE-2020-16042 (Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed ...)
 	{DSA-4824-1 DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -43339,153 +43382,123 @@ CVE-2020-16042
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-16042
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-16042
-CVE-2020-16041
-	RESERVED
+CVE-2020-16041 (Out of bounds read in networking in Google Chrome prior to 87.0.4280.8 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16040
-	RESERVED
+CVE-2020-16040 (Insufficient data validation in V8 in Google Chrome prior to 87.0.4280 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16039
-	RESERVED
+CVE-2020-16039 (Use after free in extensions in Google Chrome prior to 87.0.4280.88 al ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16038
-	RESERVED
+CVE-2020-16038 (Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16037
-	RESERVED
+CVE-2020-16037 (Use after free in clipboard in Google Chrome prior to 87.0.4280.88 all ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16036
-	RESERVED
+CVE-2020-16036 (Inappropriate implementation in cookies in Google Chrome prior to 87.0 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16035
-	RESERVED
+CVE-2020-16035 (Insufficient data validation in cros-disks in Google Chrome on ChromeO ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16034
-	RESERVED
+CVE-2020-16034 (Inappropriate implementation in WebRTC in Google Chrome prior to 87.0. ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16033
-	RESERVED
+CVE-2020-16033 (Inappropriate implementation in WebUSB in Google Chrome prior to 87.0. ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16032
-	RESERVED
+CVE-2020-16032 (Insufficient data validation in sharing in Google Chrome prior to 87.0 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16031
-	RESERVED
+CVE-2020-16031 (Insufficient data validation in UI in Google Chrome prior to 87.0.4280 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16030
-	RESERVED
+CVE-2020-16030 (Insufficient data validation in Blink in Google Chrome prior to 87.0.4 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16029
-	RESERVED
+CVE-2020-16029 (Inappropriate implementation in PDFium in Google Chrome prior to 87.0. ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16028
-	RESERVED
+CVE-2020-16028 (Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66  ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16027
-	RESERVED
+CVE-2020-16027 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16026
-	RESERVED
+CVE-2020-16026 (Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowe ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16025
-	RESERVED
+CVE-2020-16025 (Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280. ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16024
-	RESERVED
+CVE-2020-16024 (Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allo ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16023
-	RESERVED
+CVE-2020-16023 (Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 all ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16022
-	RESERVED
+CVE-2020-16022 (Insufficient policy enforcement in networking in Google Chrome prior t ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16021
-	RESERVED
+CVE-2020-16021 (Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.6 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16020
-	RESERVED
+CVE-2020-16020 (Inappropriate implementation in cryptohome in Google Chrome on ChromeO ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16019
-	RESERVED
+CVE-2020-16019 (Inappropriate implementation in filesystem in Google Chrome on ChromeO ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16018
-	RESERVED
+CVE-2020-16018 (Use after free in payments in Google Chrome prior to 87.0.4280.66 allo ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16017
-	RESERVED
+CVE-2020-16017 (Use after free in site isolation in Google Chrome prior to 86.0.4240.1 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16016
-	RESERVED
+CVE-2020-16016 (Inappropriate implementation in base in Google Chrome prior to 86.0.42 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16015
-	RESERVED
+CVE-2020-16015 (Insufficient data validation in WASM in Google Chrome prior to 87.0.42 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16014
-	RESERVED
+CVE-2020-16014 (Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16013
-	RESERVED
+CVE-2020-16013 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16012
-	RESERVED
+CVE-2020-16012 (Side-channel information leakage in graphics in Google Chrome prior to ...)
 	{DSA-4824-1 DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
 	- firefox 83.0-1
 	- firefox-esr 78.5.0esr-1
@@ -64561,8 +64574,8 @@ CVE-2020-8586
 	RESERVED
 CVE-2020-8585
 	RESERVED
-CVE-2020-8584
-	RESERVED
+CVE-2020-8584 (Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulne ...)
+	TODO: check
 CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
 	NOT-FOR-US: HCI
 CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
@@ -66643,8 +66656,8 @@ CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSR
 	NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
 CVE-2020-7795
 	RESERVED
-CVE-2020-7794
-	RESERVED
+CVE-2020-7794 (This affects all versions of package buns. The injection point is loca ...)
+	TODO: check
 CVE-2020-7793 (The package ua-parser-js before 0.7.23 are vulnerable to Regular Expre ...)
 	- node-ua-parser-js 0.7.23+ds-1
 	NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599
@@ -66669,8 +66682,8 @@ CVE-2020-7786
 	RESERVED
 CVE-2020-7785
 	RESERVED
-CVE-2020-7784
-	RESERVED
+CVE-2020-7784 (This affects all versions of package ts-process-promises. The injectio ...)
+	TODO: check
 CVE-2020-7783
 	RESERVED
 CVE-2020-7782
@@ -71733,10 +71746,10 @@ CVE-2020-5807 (An unauthenticated remote attacker can send data to RsvcHost.exe
 	NOT-FOR-US: FactoryTalk Diagnostics
 CVE-2020-5806 (An attacker-controlled memory allocation size can be passed to the C++ ...)
 	NOT-FOR-US: FactoryTalk
-CVE-2020-5805
-	RESERVED
-CVE-2020-5804
-	RESERVED
+CVE-2020-5805 (In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored ...)
+	TODO: check
+CVE-2020-5804 (Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path trav ...)
+	TODO: check
 CVE-2020-5803 (Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allow ...)
 	NOT-FOR-US: Marvell QConvergeConsole GUI
 CVE-2020-5802 (An attacker-controlled memory allocation size can be passed to the C++ ...)
@@ -74710,16 +74723,16 @@ CVE-2020-4669
 	RESERVED
 CVE-2020-4668
 	RESERVED
-CVE-2020-4667
-	RESERVED
-CVE-2020-4666
-	RESERVED
+CVE-2020-4667 (IBM Engineering Requirements Quality Assistant On-Premises could allow ...)
+	TODO: check
+CVE-2020-4666 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...)
+	TODO: check
 CVE-2020-4665 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through  ...)
 	NOT-FOR-US: IBM
-CVE-2020-4664
-	RESERVED
-CVE-2020-4663
-	RESERVED
+CVE-2020-4664 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...)
+	TODO: check
+CVE-2020-4663 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...)
+	TODO: check
 CVE-2020-4662 (IBM Event Streams 10.0.0 could allow an authenticated user to perform  ...)
 	NOT-FOR-US: IBM
 CVE-2020-4661 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
@@ -74832,8 +74845,8 @@ CVE-2020-4608
 	RESERVED
 CVE-2020-4607 (IBM Security Secret Server (IBM Security Verify Privilege Vault Remote ...)
 	NOT-FOR-US: IBM
-CVE-2020-4606
-	RESERVED
+CVE-2020-4606 (IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML Ext ...)
+	TODO: check
 CVE-2020-4605
 	RESERVED
 CVE-2020-4604



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f344be17f8b1eecb4622d048dcb5a182a42f9f75

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f344be17f8b1eecb4622d048dcb5a182a42f9f75
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210108/223353dd/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list