[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 13 08:10:26 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0495ed66 by security tracker role at 2021-01-13T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2021-3138
+ RESERVED
+CVE-2021-3137
+ RESERVED
+CVE-2021-3136
+ RESERVED
+CVE-2021-3135
+ RESERVED
+CVE-2021-23936 (OX App Suite through 7.10.4 allows XSS via the subject of a task. ...)
+ TODO: check
+CVE-2021-23935 (OX App Suite through 7.10.4 allows XSS via an appointment in which the ...)
+ TODO: check
+CVE-2021-23934 (OX App Suite through 7.10.4 allows XSS via a contact whose name contai ...)
+ TODO: check
+CVE-2021-23933 (OX App Suite through 7.10.4 allows XSS via JavaScript in a Note refere ...)
+ TODO: check
+CVE-2021-23932 (OX App Suite through 7.10.4 allows XSS via an inline image with a craf ...)
+ TODO: check
+CVE-2021-23931 (OX App Suite through 7.10.4 allows XSS via an inline binary file. ...)
+ TODO: check
+CVE-2021-23930 (OX App Suite through 7.10.4 allows XSS via use of the conversion API f ...)
+ TODO: check
+CVE-2021-23929 (OX App Suite through 7.10.4 allows XSS via a crafted Content-Dispositi ...)
+ TODO: check
+CVE-2021-23928 (OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests que ...)
+ TODO: check
+CVE-2021-23927 (OX App Suite through 7.10.4 allows SSRF via a URL with an @ character ...)
+ TODO: check
+CVE-2021-23926
+ RESERVED
+CVE-2021-23925
+ RESERVED
+CVE-2021-23924
+ RESERVED
+CVE-2021-23923
+ RESERVED
+CVE-2021-23922
+ RESERVED
+CVE-2021-23921
+ RESERVED
+CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lac ...)
+ TODO: check
+CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows ...)
+ TODO: check
CVE-2021-3134 (Mubu 2.2.1 allows local users to gain privileges to execute commands, ...)
TODO: check
CVE-2021-3133 (The Elementor Contact Form DB plugin before 1.6 for WordPress allows C ...)
@@ -1607,12 +1651,12 @@ CVE-2021-23127
RESERVED
CVE-2021-23126
RESERVED
-CVE-2021-23125
- RESERVED
-CVE-2021-23124
- RESERVED
-CVE-2021-23123
- RESERVED
+CVE-2021-23125 (An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of e ...)
+ TODO: check
+CVE-2021-23124 (An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of e ...)
+ TODO: check
+CVE-2021-23123 (An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of A ...)
+ TODO: check
CVE-2021-23122
RESERVED
CVE-2021-23121
@@ -6207,8 +6251,8 @@ CVE-2020-35688
RESERVED
CVE-2020-35687
RESERVED
-CVE-2020-35686
- RESERVED
+CVE-2020-35686 (The SECOMN service in Sound Research DCHU model software component mod ...)
+ TODO: check
CVE-2020-35685
RESERVED
CVE-2020-35684
@@ -12447,186 +12491,186 @@ CVE-2021-1727
RESERVED
CVE-2021-1726
RESERVED
-CVE-2021-1725
- RESERVED
+CVE-2021-1725 (Bot Framework SDK Information Disclosure Vulnerability ...)
+ TODO: check
CVE-2021-1724
RESERVED
-CVE-2021-1723
- RESERVED
+CVE-2021-1723 (ASP.NET Core and Visual Studio Denial of Service Vulnerability ...)
+ TODO: check
CVE-2021-1722
RESERVED
CVE-2021-1721
RESERVED
CVE-2021-1720
RESERVED
-CVE-2021-1719
- RESERVED
-CVE-2021-1718
- RESERVED
-CVE-2021-1717
- RESERVED
-CVE-2021-1716
- RESERVED
-CVE-2021-1715
- RESERVED
-CVE-2021-1714
- RESERVED
-CVE-2021-1713
- RESERVED
-CVE-2021-1712
- RESERVED
-CVE-2021-1711
- RESERVED
-CVE-2021-1710
- RESERVED
-CVE-2021-1709
- RESERVED
-CVE-2021-1708
- RESERVED
-CVE-2021-1707
- RESERVED
-CVE-2021-1706
- RESERVED
-CVE-2021-1705
- RESERVED
-CVE-2021-1704
- RESERVED
-CVE-2021-1703
- RESERVED
-CVE-2021-1702
- RESERVED
-CVE-2021-1701
- RESERVED
-CVE-2021-1700
- RESERVED
-CVE-2021-1699
- RESERVED
+CVE-2021-1719 (Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-1718 (Microsoft SharePoint Server Tampering Vulnerability ...)
+ TODO: check
+CVE-2021-1717 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ TODO: check
+CVE-2021-1716 (Microsoft Word Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ TODO: check
+CVE-2021-1715 (Microsoft Word Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ TODO: check
+CVE-2021-1714 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-1713 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-1712 (Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-1711 (Microsoft Office Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-1710 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-1709 (Windows Win32k Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1708 (Windows GDI+ Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-1707 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-1706 (Windows LUAFV Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1705 (Microsoft Edge (HTML-based) Memory Corruption Vulnerability ...)
+ TODO: check
+CVE-2021-1704 (Windows Hyper-V Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1703 (Windows Event Logging Service Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1702 (Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2021-1701 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ TODO: check
+CVE-2021-1700 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ TODO: check
+CVE-2021-1699 (Windows (modem.sys) Information Disclosure Vulnerability ...)
+ TODO: check
CVE-2021-1698
RESERVED
-CVE-2021-1697
- RESERVED
-CVE-2021-1696
- RESERVED
-CVE-2021-1695
- RESERVED
-CVE-2021-1694
- RESERVED
-CVE-2021-1693
- RESERVED
-CVE-2021-1692
- RESERVED
-CVE-2021-1691
- RESERVED
-CVE-2021-1690
- RESERVED
-CVE-2021-1689
- RESERVED
-CVE-2021-1688
- RESERVED
-CVE-2021-1687
- RESERVED
-CVE-2021-1686
- RESERVED
-CVE-2021-1685
- RESERVED
-CVE-2021-1684
- RESERVED
-CVE-2021-1683
- RESERVED
-CVE-2021-1682
- RESERVED
-CVE-2021-1681
- RESERVED
-CVE-2021-1680
- RESERVED
-CVE-2021-1679
- RESERVED
-CVE-2021-1678
- RESERVED
-CVE-2021-1677
- RESERVED
-CVE-2021-1676
- RESERVED
+CVE-2021-1697 (Windows InstallService Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1696 (Windows Graphics Component Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-1695 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1694 (Windows Update Stack Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1693 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ TODO: check
+CVE-2021-1692 (Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE ...)
+ TODO: check
+CVE-2021-1691 (Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE ...)
+ TODO: check
+CVE-2021-1690 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-1689 (Windows Multipoint Management Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1688 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ TODO: check
+CVE-2021-1687 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-1686 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-1685 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...)
+ TODO: check
+CVE-2021-1684 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
+ TODO: check
+CVE-2021-1683 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
+ TODO: check
+CVE-2021-1682 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1681 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-1680 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...)
+ TODO: check
+CVE-2021-1679 (Windows CryptoAPI Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-1678 (NTLM Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-1677 (Azure Active Directory Pod Identity Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-1676 (Windows NT Lan Manager Datagram Receiver Driver Information Disclosure ...)
+ TODO: check
CVE-2021-1675
RESERVED
-CVE-2021-1674
- RESERVED
-CVE-2021-1673
- RESERVED
-CVE-2021-1672
- RESERVED
-CVE-2021-1671
- RESERVED
-CVE-2021-1670
- RESERVED
-CVE-2021-1669
- RESERVED
-CVE-2021-1668
- RESERVED
-CVE-2021-1667
- RESERVED
-CVE-2021-1666
- RESERVED
-CVE-2021-1665
- RESERVED
-CVE-2021-1664
- RESERVED
-CVE-2021-1663
- RESERVED
-CVE-2021-1662
- RESERVED
-CVE-2021-1661
- RESERVED
-CVE-2021-1660
- RESERVED
-CVE-2021-1659
- RESERVED
-CVE-2021-1658
- RESERVED
-CVE-2021-1657
- RESERVED
-CVE-2021-1656
- RESERVED
-CVE-2021-1655
- RESERVED
-CVE-2021-1654
- RESERVED
-CVE-2021-1653
- RESERVED
-CVE-2021-1652
- RESERVED
-CVE-2021-1651
- RESERVED
-CVE-2021-1650
- RESERVED
-CVE-2021-1649
- RESERVED
-CVE-2021-1648
- RESERVED
-CVE-2021-1647
- RESERVED
-CVE-2021-1646
- RESERVED
-CVE-2021-1645
- RESERVED
-CVE-2021-1644
- RESERVED
-CVE-2021-1643
- RESERVED
-CVE-2021-1642
- RESERVED
-CVE-2021-1641
- RESERVED
+CVE-2021-1674 (Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerabi ...)
+ TODO: check
+CVE-2021-1673 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ TODO: check
+CVE-2021-1672 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ TODO: check
+CVE-2021-1671 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ TODO: check
+CVE-2021-1670 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ TODO: check
+CVE-2021-1669 (Windows Remote Desktop Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-1668 (Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-1667 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ TODO: check
+CVE-2021-1666 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ TODO: check
+CVE-2021-1665 (GDI+ Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-1664 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ TODO: check
+CVE-2021-1663 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ TODO: check
+CVE-2021-1662 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1661 (Windows Installer Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1660 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ TODO: check
+CVE-2021-1659 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ TODO: check
+CVE-2021-1658 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ TODO: check
+CVE-2021-1657 (Windows Fax Compose Form Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-1656 (TPM Device Driver Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-1655 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ TODO: check
+CVE-2021-1654 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ TODO: check
+CVE-2021-1653 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ TODO: check
+CVE-2021-1652 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ TODO: check
+CVE-2021-1651 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...)
+ TODO: check
+CVE-2021-1650 (Windows Runtime C++ Template Library Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2021-1649 (Active Template Library Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1648 (Microsoft splwow64 Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1647 (Microsoft Defender Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-1646 (Windows WLAN Service Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-1645 (Windows Docker Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-1644 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-1643 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-1642 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...)
+ TODO: check
+CVE-2021-1641 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ TODO: check
CVE-2021-1640
RESERVED
CVE-2021-1639
RESERVED
-CVE-2021-1638
- RESERVED
-CVE-2021-1637
- RESERVED
-CVE-2021-1636
- RESERVED
+CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
+ TODO: check
+CVE-2021-1637 (Windows DNS Query Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-1636 (Microsoft SQL Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2020-29488
RESERVED
CVE-2020-29487 (An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstor ...)
@@ -16221,36 +16265,36 @@ CVE-2020-28397
RESERVED
CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...)
NOT-FOR-US: Siemens
-CVE-2020-28395
- RESERVED
+CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
+ TODO: check
CVE-2020-28394
RESERVED
CVE-2020-28393
RESERVED
CVE-2020-28392
RESERVED
-CVE-2020-28391
- RESERVED
-CVE-2020-28390
- RESERVED
+CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+ TODO: check
+CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core (V8.2), ...)
+ TODO: check
CVE-2020-28389
RESERVED
CVE-2020-28388
RESERVED
CVE-2020-28387
RESERVED
-CVE-2020-28386
- RESERVED
+CVE-2020-28386 (A vulnerability has been identified in Solid Edge (All Versions < S ...)
+ TODO: check
CVE-2020-28385
RESERVED
-CVE-2020-28384
- RESERVED
-CVE-2020-28383
- RESERVED
-CVE-2020-28382
- RESERVED
-CVE-2020-28381
- RESERVED
+CVE-2020-28384 (A vulnerability has been identified in Solid Edge (All Versions < S ...)
+ TODO: check
+CVE-2020-28383 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-28382 (A vulnerability has been identified in Solid Edge (All Versions < S ...)
+ TODO: check
+CVE-2020-28381 (A vulnerability has been identified in Solid Edge (All Versions < S ...)
+ TODO: check
CVE-2020-28380
RESERVED
CVE-2020-28379
@@ -16263,13 +16307,12 @@ CVE-2020-28376
RESERVED
CVE-2020-28375
RESERVED
-CVE-2020-28374
- RESERVED
+CVE-2020-28374 (In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10. ...)
- linux <unfixed>
- tcmu <unfixed> (bug #980007)
NOTE: https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12
- NOTE: tcmu-runner patch: https://bugzilla.suse.com/attachment.cgi?id=844924&action=diff&context=patch&collapsed=&headers=1&format=raw
+ NOTE: tcmu-runner patch: https://bugzilla.suse.com/attachment.cgi?id=844924&action=diff&context=patch&collapsed=&headers=1&format=raw
CVE-2020-28373 (upnpd on certain NETGEAR devices allows remote (LAN) attackers to exec ...)
NOT-FOR-US: Netgear
CVE-2020-28372
@@ -21599,40 +21642,40 @@ CVE-2020-26998
RESERVED
CVE-2020-26997
RESERVED
-CVE-2020-26996
- RESERVED
-CVE-2020-26995
- RESERVED
-CVE-2020-26994
- RESERVED
-CVE-2020-26993
- RESERVED
-CVE-2020-26992
- RESERVED
-CVE-2020-26991
- RESERVED
-CVE-2020-26990
- RESERVED
-CVE-2020-26989
- RESERVED
-CVE-2020-26988
- RESERVED
-CVE-2020-26987
- RESERVED
-CVE-2020-26986
- RESERVED
-CVE-2020-26985
- RESERVED
-CVE-2020-26984
- RESERVED
-CVE-2020-26983
- RESERVED
-CVE-2020-26982
- RESERVED
-CVE-2020-26981
- RESERVED
-CVE-2020-26980
- RESERVED
+CVE-2020-26996 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26995 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26994 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26993 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26992 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26991 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26990 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26989 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26988 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26987 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26986 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26985 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26984 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26983 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26982 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26981 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
+CVE-2020-26980 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+ TODO: check
CVE-2020-26979 (When a user typed a URL in the address bar or the search bar and quick ...)
- firefox 84.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26979
@@ -24857,16 +24900,19 @@ CVE-2020-25654 (An ACL bypass flaw was found in pacemaker. An attacker having a
NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191
CVE-2020-25653 (A race condition vulnerability was found in the way the spice-vdagentd ...)
+ {DLA-2524-1}
- spice-vdagent 0.20.0-2 (bug #973769)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/51c415df82a52e9ec033225783c77df95f387891
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/5c50131797e985d0a5654c1fd7000ae945ed29a7
CVE-2020-25652 (A flaw was found in the spice-vdagentd daemon, where it did not proper ...)
+ {DLA-2524-1}
- spice-vdagent 0.20.0-2 (bug #973769)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/91caa9223857708475d29df1768208fed1675340
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/812ca777469a377c84b9861d7d326bfc72563304
CVE-2020-25651 (A flaw was found in the SPICE file transfer protocol. File data from t ...)
+ {DLA-2524-1}
- spice-vdagent 0.20.0-2 (bug #973769)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332
@@ -24874,6 +24920,7 @@ CVE-2020-25651 (A flaw was found in the SPICE file transfer protocol. File data
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/e4bfd1b632b6c14e8411dbe3565115a78cd3d256
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/b7db1c20c9f80154fb54392eb44add3486d3e427
CVE-2020-25650 (A flaw was found in the way the spice-vdagentd daemon handled file tra ...)
+ {DLA-2524-1}
- spice-vdagent 0.20.0-2 (bug #973769)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332
@@ -25850,8 +25897,8 @@ CVE-2020-25228 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS
NOT-FOR-US: Siemens
CVE-2020-25227
RESERVED
-CVE-2020-25226
- RESERVED
+CVE-2020-25226 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+ TODO: check
CVE-2019-20919 (An issue was discovered in the DBI module before 1.643 for Perl. The h ...)
{DLA-2386-1}
- libdbi-perl 1.643-1
@@ -43658,7 +43705,7 @@ CVE-2020-16528
CVE-2020-16527
RESERVED
CVE-2020-16526
- RESERVED
+ REJECTED
CVE-2020-16525
RESERVED
CVE-2020-16524
@@ -45546,10 +45593,10 @@ CVE-2020-15852 (An issue was discovered in the Linux kernel 5.5 through 5.7.9, a
[buster] - linux <not-affected> (Only affects 5.5 and later)
[stretch] - linux <not-affected> (Only affects 5.5 and later)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/16/1
-CVE-2020-15800
- RESERVED
-CVE-2020-15799
- RESERVED
+CVE-2020-15800 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+ TODO: check
+CVE-2020-15799 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+ TODO: check
CVE-2020-15798
RESERVED
CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
@@ -47249,7 +47296,7 @@ CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (
NOT-FOR-US: baserCMS
CVE-2020-15153
RESERVED
-CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Req ...)
+CVE-2020-15152 (ftp-srv is an npm package which is a modern and extensible FTP server ...)
NOT-FOR-US: Node ftp-srv
CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...)
NOT-FOR-US: OpenMage
@@ -65293,7 +65340,8 @@ CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary c
NOT-FOR-US: Foxit Reader
CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...)
NOT-FOR-US: Istio
-CVE-2020-8842 (Unquoted search path vulnerability in MSI True Color before 3.0.52.0 a ...)
+CVE-2020-8842
+ REJECTED
NOT-FOR-US: MSI True Color
CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...)
NOT-FOR-US: TestLink
@@ -70641,185 +70689,185 @@ CVE-2020-6750 (GSocketClient in GNOME GLib through 2.62.4 may occasionally conne
[jessie] - glib2.0 <not-affected> (Vulnerable code introduced later, regreession from 2.60.0)
NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1989
CVE-2020-6749
- RESERVED
+ REJECTED
CVE-2020-6748
- RESERVED
+ REJECTED
CVE-2020-6747
- RESERVED
+ REJECTED
CVE-2020-6746
- RESERVED
+ REJECTED
CVE-2020-6745
- RESERVED
+ REJECTED
CVE-2020-6744
- RESERVED
+ REJECTED
CVE-2020-6743
- RESERVED
+ REJECTED
CVE-2020-6742
- RESERVED
+ REJECTED
CVE-2020-6741
- RESERVED
+ REJECTED
CVE-2020-6740
- RESERVED
+ REJECTED
CVE-2020-6739
- RESERVED
+ REJECTED
CVE-2020-6738
- RESERVED
+ REJECTED
CVE-2020-6737
- RESERVED
+ REJECTED
CVE-2020-6736
- RESERVED
+ REJECTED
CVE-2020-6735
- RESERVED
+ REJECTED
CVE-2020-6734
- RESERVED
+ REJECTED
CVE-2020-6733
- RESERVED
+ REJECTED
CVE-2020-6732
- RESERVED
+ REJECTED
CVE-2020-6731
- RESERVED
+ REJECTED
CVE-2020-6730
- RESERVED
+ REJECTED
CVE-2020-6729
- RESERVED
+ REJECTED
CVE-2020-6728
- RESERVED
+ REJECTED
CVE-2020-6727
- RESERVED
+ REJECTED
CVE-2020-6726
- RESERVED
+ REJECTED
CVE-2020-6725
- RESERVED
+ REJECTED
CVE-2020-6724
- RESERVED
+ REJECTED
CVE-2020-6723
- RESERVED
+ REJECTED
CVE-2020-6722
- RESERVED
+ REJECTED
CVE-2020-6721
- RESERVED
+ REJECTED
CVE-2020-6720
- RESERVED
+ REJECTED
CVE-2020-6719
- RESERVED
+ REJECTED
CVE-2020-6718
- RESERVED
+ REJECTED
CVE-2020-6717
- RESERVED
+ REJECTED
CVE-2020-6716
- RESERVED
+ REJECTED
CVE-2020-6715
- RESERVED
+ REJECTED
CVE-2020-6714
- RESERVED
+ REJECTED
CVE-2020-6713
- RESERVED
+ REJECTED
CVE-2020-6712
- RESERVED
+ REJECTED
CVE-2020-6711
- RESERVED
+ REJECTED
CVE-2020-6710
- RESERVED
+ REJECTED
CVE-2020-6709
- RESERVED
+ REJECTED
CVE-2020-6708
- RESERVED
+ REJECTED
CVE-2020-6707
- RESERVED
+ REJECTED
CVE-2020-6706
- RESERVED
+ REJECTED
CVE-2020-6705
- RESERVED
+ REJECTED
CVE-2020-6704
- RESERVED
+ REJECTED
CVE-2020-6703
- RESERVED
+ REJECTED
CVE-2020-6702
- RESERVED
+ REJECTED
CVE-2020-6701
- RESERVED
+ REJECTED
CVE-2020-6700
- RESERVED
+ REJECTED
CVE-2020-6699
- RESERVED
+ REJECTED
CVE-2020-6698
- RESERVED
+ REJECTED
CVE-2020-6697
- RESERVED
+ REJECTED
CVE-2020-6696
- RESERVED
+ REJECTED
CVE-2020-6695
- RESERVED
+ REJECTED
CVE-2020-6694
- RESERVED
+ REJECTED
CVE-2020-6693
- RESERVED
+ REJECTED
CVE-2020-6692
- RESERVED
+ REJECTED
CVE-2020-6691
- RESERVED
+ REJECTED
CVE-2020-6690
- RESERVED
+ REJECTED
CVE-2020-6689
- RESERVED
+ REJECTED
CVE-2020-6688
- RESERVED
+ REJECTED
CVE-2020-6687
- RESERVED
+ REJECTED
CVE-2020-6686
- RESERVED
+ REJECTED
CVE-2020-6685
- RESERVED
+ REJECTED
CVE-2020-6684
- RESERVED
+ REJECTED
CVE-2020-6683
- RESERVED
+ REJECTED
CVE-2020-6682
- RESERVED
+ REJECTED
CVE-2020-6681
- RESERVED
+ REJECTED
CVE-2020-6680
- RESERVED
+ REJECTED
CVE-2020-6679
- RESERVED
+ REJECTED
CVE-2020-6678
- RESERVED
+ REJECTED
CVE-2020-6677
- RESERVED
+ REJECTED
CVE-2020-6676
- RESERVED
+ REJECTED
CVE-2020-6675
- RESERVED
+ REJECTED
CVE-2020-6674
- RESERVED
+ REJECTED
CVE-2020-6673
- RESERVED
+ REJECTED
CVE-2020-6672
- RESERVED
+ REJECTED
CVE-2020-6671
- RESERVED
+ REJECTED
CVE-2020-6670
- RESERVED
+ REJECTED
CVE-2020-6669
- RESERVED
+ REJECTED
CVE-2020-6668
- RESERVED
+ REJECTED
CVE-2020-6667
- RESERVED
+ REJECTED
CVE-2020-6666
- RESERVED
+ REJECTED
CVE-2020-6665
- RESERVED
+ REJECTED
CVE-2020-6664
- RESERVED
+ REJECTED
CVE-2020-6663
- RESERVED
+ REJECTED
CVE-2020-6662
- RESERVED
+ REJECTED
CVE-2020-6661
- RESERVED
+ REJECTED
CVE-2020-6660
- RESERVED
+ REJECTED
CVE-2020-6659
RESERVED
CVE-2020-6658
@@ -77307,8 +77355,8 @@ CVE-2020-4081
RESERVED
CVE-2020-4080 (HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting ...)
NOT-FOR-US: HCL
-CVE-2020-4079
- RESERVED
+CVE-2020-4079 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
+ TODO: check
CVE-2020-4078
RESERVED
CVE-2020-4077 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...)
@@ -85110,7 +85158,7 @@ CVE-2019-19303
RESERVED
CVE-2019-19302
RESERVED
-CVE-2019-19301 (A vulnerability has been identified in SCALANCE S602 (All versions), S ...)
+CVE-2019-19301 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens
CVE-2019-19300 (A vulnerability has been identified in KTK ATE530S (All versions), SID ...)
NOT-FOR-US: Siemens
@@ -104510,7 +104558,7 @@ CVE-2019-13941 (A vulnerability has been identified in OZW672 (All versions <
NOT-FOR-US: Siemens
CVE-2019-13940 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
NOT-FOR-US: Siemens
-CVE-2019-13939 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+CVE-2019-13939 (A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All ve ...)
NOT-FOR-US: Nucleus
CVE-2019-13938
RESERVED
@@ -114009,7 +114057,7 @@ CVE-2019-10936 (A vulnerability has been identified in Development/Evaluation Ki
NOT-FOR-US: Siemens
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
-CVE-2019-10934 (A vulnerability has been identified in TIA Portal V14 (All versions), ...)
+CVE-2019-10934 (A vulnerability has been identified in TIA Portal V14 (All versions &l ...)
NOT-FOR-US: Siemens
CVE-2019-10933 (A vulnerability has been identified in Spectrum Power 3 (Corporate Use ...)
NOT-FOR-US: Siemens
@@ -205910,6 +205958,7 @@ CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other st
CVE-2017-15109
RESERVED
CVE-2017-15108 (spice-vdagent up to and including 0.17.0 does not properly escape save ...)
+ {DLA-2524-1}
- spice-vdagent 0.18.0-1 (bug #883238)
[jessie] - spice-vdagent <no-dsa> (Minor issue)
[wheezy] - spice-vdagent <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0495ed6690543d013e5a68efead3fd3344d3784a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0495ed6690543d013e5a68efead3fd3344d3784a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210113/389f740a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list