[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jan 15 08:10:24 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2753ae8 by security tracker role at 2021-01-15T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2021-3158
+	RESERVED
+CVE-2021-3157
+	RESERVED
+CVE-2021-3156
+	RESERVED
+CVE-2021-3155
+	RESERVED
+CVE-2021-3154
+	RESERVED
+CVE-2021-3153
+	RESERVED
+CVE-2021-3152
+	RESERVED
+CVE-2021-3151
+	RESERVED
+CVE-2021-3150
+	RESERVED
+CVE-2021-3149
+	RESERVED
+CVE-2021-3148
+	RESERVED
+CVE-2021-3147
+	RESERVED
+CVE-2021-25196
+	RESERVED
+CVE-2021-25195
+	RESERVED
+CVE-2021-25194
+	RESERVED
+CVE-2021-25193
+	RESERVED
+CVE-2021-25192
+	RESERVED
+CVE-2021-25191
+	RESERVED
+CVE-2021-25190
+	RESERVED
+CVE-2021-25189
+	RESERVED
+CVE-2021-25188
+	RESERVED
+CVE-2021-25187
+	RESERVED
+CVE-2021-25186
+	RESERVED
+CVE-2021-25185
+	RESERVED
+CVE-2021-25184
+	RESERVED
+CVE-2021-25183
+	RESERVED
+CVE-2021-25182
+	RESERVED
+CVE-2021-25181
+	RESERVED
+CVE-2021-25180
+	RESERVED
+CVE-2021-25179
+	RESERVED
+CVE-2021-25178
+	RESERVED
+CVE-2021-25177
+	RESERVED
+CVE-2021-25176
+	RESERVED
+CVE-2021-25175
+	RESERVED
+CVE-2021-25174
+	RESERVED
+CVE-2021-25173
+	RESERVED
 CVE-2021-25172
 	RESERVED
 CVE-2021-25171
@@ -2100,8 +2172,7 @@ CVE-2021-24123
 	RESERVED
 CVE-2021-24122 (When serving resources from a network location using the NTFS file sys ...)
 	TODO: check
-CVE-2021-21261 [Flatpak sandbox escape via spawn portal]
-	RESERVED
+CVE-2021-21261 (Flatpak is a system for building, distributing, and running sandboxed  ...)
 	{DSA-4830-1}
 	- flatpak 1.8.5-1
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
@@ -2740,14 +2811,14 @@ CVE-2021-23840
 	RESERVED
 CVE-2021-23839
 	RESERVED
-CVE-2021-23838
-	RESERVED
-CVE-2021-23837
-	RESERVED
-CVE-2021-23836
-	RESERVED
-CVE-2021-23835
-	RESERVED
+CVE-2021-23838 (An issue was discovered in flatCore before 2.0.0 build 139. A reflecte ...)
+	TODO: check
+CVE-2021-23837 (An issue was discovered in flatCore before 2.0.0 build 139. A time-bas ...)
+	TODO: check
+CVE-2021-23836 (An issue was discovered in flatCore before 2.0.0 build 139. A stored X ...)
+	TODO: check
+CVE-2021-23835 (An issue was discovered in flatCore before 2.0.0 build 139. A local fi ...)
+	TODO: check
 CVE-2021-3125
 	RESERVED
 CVE-2021-3124
@@ -6305,8 +6376,8 @@ CVE-2021-22134
 	RESERVED
 CVE-2021-22133
 	RESERVED
-CVE-2021-22132
-	RESERVED
+CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosu ...)
+	TODO: check
 CVE-2021-22131
 	RESERVED
 CVE-2021-22130
@@ -9675,10 +9746,10 @@ CVE-2020-35584 (In Solstice Pod before 3.0.3, the web services allow users to co
 	NOT-FOR-US: Solstice Pod
 CVE-2020-35583
 	RESERVED
-CVE-2020-35582
-	RESERVED
-CVE-2020-35581
-	RESERVED
+CVE-2020-35582 (A stored cross-site scripting (XSS) issue in Envira Gallery Lite befor ...)
+	TODO: check
+CVE-2020-35581 (A stored cross-site scripting (XSS) issue in Envira Gallery Lite befor ...)
+	TODO: check
 CVE-2020-35580
 	RESERVED
 CVE-2020-35579 (tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%& ...)
@@ -14981,12 +15052,12 @@ CVE-2020-29497 (Dell Wyse Management Suite versions prior to 3.1 contain a store
 	NOT-FOR-US: Dell Wyse Management Suite
 CVE-2020-29496 (Dell Wyse Management Suite versions prior to 3.1 contain a stored cros ...)
 	NOT-FOR-US: Dell Wyse Management Suite
-CVE-2020-29495
-	RESERVED
-CVE-2020-29494
-	RESERVED
-CVE-2020-29493
-	RESERVED
+CVE-2020-29495 (DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Comma ...)
+	TODO: check
+CVE-2020-29494 (Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Trav ...)
+	TODO: check
+CVE-2020-29493 (DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injec ...)
+	TODO: check
 CVE-2020-29492 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...)
 	NOT-FOR-US: Dell Wyse ThinOS
 CVE-2020-29491 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...)
@@ -23711,10 +23782,10 @@ CVE-2020-27222
 	RESERVED
 CVE-2020-27221
 	RESERVED
-CVE-2020-27220
-	RESERVED
-CVE-2020-27219
-	RESERVED
+CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check whether  ...)
+	TODO: check
+CVE-2020-27219 (In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not  ...)
+	TODO: check
 CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0  ...)
 	- jetty9 9.4.35-1 (bug #976211)
 	[stretch] - jetty9 <no-dsa> (Minor issue)
@@ -47362,10 +47433,10 @@ CVE-2020-16048
 	RESERVED
 CVE-2020-16047
 	RESERVED
-CVE-2020-16046
-	RESERVED
-CVE-2020-16045
-	RESERVED
+CVE-2020-16046 (Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147. ...)
+	TODO: check
+CVE-2020-16045 (Use after Free in Payments in Google Chrome on Android prior to 87.0.4 ...)
+	TODO: check
 CVE-2020-16044
 	RESERVED
 	{DSA-4827-1 DLA-2521-1}
@@ -73665,8 +73736,8 @@ CVE-2020-6573 (Use after free in video in Google Chrome on Android prior to 85.0
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6572
-	RESERVED
+CVE-2020-6572 (Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed ...)
+	TODO: check
 CVE-2020-6571 (Insufficient data validation in Omnibox in Google Chrome prior to 85.0 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2753ae89af676b8a592549a1bf4b84d9a27d9bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2753ae89af676b8a592549a1bf4b84d9a27d9bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210115/ab71abe4/attachment.html>


More information about the debian-security-tracker-commits mailing list