[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 21 20:10:38 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f137cc3d by security tracker role at 2021-01-21T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2021-3197
+ RESERVED
+CVE-2021-3196
+ RESERVED
+CVE-2021-3195 (bitcoind in Bitcoin Core through 0.21.0 can create a new file in an ar ...)
+ TODO: check
+CVE-2021-3194
+ RESERVED
+CVE-2021-3193
+ RESERVED
+CVE-2021-3192
+ RESERVED
+CVE-2021-3191
+ RESERVED
+CVE-2021-3190 (The async-git package before 1.13.1 for Node.js allows OS Command Inje ...)
+ TODO: check
+CVE-2021-25678
+ RESERVED
+CVE-2021-25677
+ RESERVED
+CVE-2021-25676
+ RESERVED
+CVE-2021-25675
+ RESERVED
+CVE-2021-25674
+ RESERVED
+CVE-2021-25673
+ RESERVED
+CVE-2021-25672
+ RESERVED
+CVE-2021-25671
+ RESERVED
+CVE-2021-25670
+ RESERVED
+CVE-2021-25669
+ RESERVED
+CVE-2021-25668
+ RESERVED
+CVE-2021-25667
+ RESERVED
+CVE-2021-25666
+ RESERVED
+CVE-2021-25665
+ RESERVED
+CVE-2021-25664
+ RESERVED
+CVE-2021-25663
+ RESERVED
+CVE-2021-25662
+ RESERVED
+CVE-2021-25661
+ RESERVED
+CVE-2021-25660
+ RESERVED
+CVE-2021-25659
+ RESERVED
+CVE-2021-25658
+ RESERVED
+CVE-2021-25657
+ RESERVED
+CVE-2021-25656
+ RESERVED
+CVE-2021-25655
+ RESERVED
+CVE-2021-25654
+ RESERVED
+CVE-2021-25653
+ RESERVED
+CVE-2021-25652
+ RESERVED
+CVE-2021-25651
+ RESERVED
+CVE-2021-25650
+ RESERVED
+CVE-2021-25649
+ RESERVED
+CVE-2021-25648
+ RESERVED
+CVE-2021-25647
+ RESERVED
+CVE-2021-25646
+ RESERVED
+CVE-2019-25014
+ RESERVED
CVE-2021-XXXX [Xen: IRQ vector leak on x86]
- xen <unfixed>
[buster] - xen <postponed> (Fix along in future update)
@@ -1018,8 +1102,8 @@ CVE-2021-3154
RESERVED
CVE-2021-3153
RESERVED
-CVE-2021-3152
- RESERVED
+CVE-2021-3152 (Home Assistant before 2021.1.3 allows attackers to obtain sensitive in ...)
+ TODO: check
CVE-2021-3151
RESERVED
CVE-2021-3150
@@ -8237,8 +8321,8 @@ CVE-2021-21725
RESERVED
CVE-2021-21724
RESERVED
-CVE-2021-21723
- RESERVED
+CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the improper handli ...)
+ TODO: check
CVE-2021-21722 (A ZTE Smart STB is impacted by an information leak vulnerability. The ...)
NOT-FOR-US: ZTE
CVE-2021-21721
@@ -10393,8 +10477,8 @@ CVE-2021-21255
RESERVED
CVE-2021-21254
RESERVED
-CVE-2021-21253
- RESERVED
+CVE-2021-21253 (OnlineVotingSystem is an open source project hosted on GitHub. OnlineV ...)
+ TODO: check
CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...)
- phpmyadmin <unfixed>
NOTE: https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
@@ -10429,10 +10513,10 @@ CVE-2021-21241 (The Python "Flask-Security-Too" package is used for adding secur
NOTE: https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f (3.4.5)
CVE-2021-21240
RESERVED
-CVE-2021-21239
- RESERVED
-CVE-2021-21238
- RESERVED
+CVE-2021-21239 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...)
+ TODO: check
+CVE-2021-21238 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...)
+ TODO: check
CVE-2021-21237 (Git LFS is a command line extension for managing large files with Git. ...)
- git-lfs <not-affected> (Windows-specific)
NOTE: https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5
@@ -13768,10 +13852,10 @@ CVE-2020-35312
RESERVED
CVE-2020-35311
RESERVED
-CVE-2020-35310
- RESERVED
-CVE-2020-35309
- RESERVED
+CVE-2020-35310 (Composr CMS 10.0.34 is affected by cross-site scripting (XSS) which al ...)
+ TODO: check
+CVE-2020-35309 (Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross ...)
+ TODO: check
CVE-2020-35308
RESERVED
CVE-2020-35307
@@ -17020,8 +17104,8 @@ CVE-2020-29243 (dhowden tag before 2020-11-19 allows "panic: runtime error: inde
NOT-FOR-US: dhowden tag
CVE-2020-29242 (dhowden tag before 2020-11-19 allows "panic: runtime error: index out ...)
NOT-FOR-US: dhowden tag
-CVE-2020-29241
- RESERVED
+CVE-2020-29241 (Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scri ...)
+ TODO: check
CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacke ...)
NOT-FOR-US: Lepton-CMS
CVE-2020-29239 (Online Birth Certificate System Project V 1.0 is affected by cross-sit ...)
@@ -17654,6 +17738,7 @@ CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may enc
CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...)
NOT-FOR-US: installer of Kaspersky Anti-Ransomware Tool (KART)
CVE-2020-36193 (Tar.php in Archive_Tar through 1.4.11 allows write operations with Dir ...)
+ {DLA-2530-1}
- drupal7 <removed>
- php-pear <unfixed> (bug #980428)
NOTE: https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
@@ -17870,8 +17955,8 @@ CVE-2020-28876
RESERVED
CVE-2020-28875
RESERVED
-CVE-2020-28874
- RESERVED
+CVE-2020-28874 (reset-password.php in ProjectSend before r1295 allows remote attackers ...)
+ TODO: check
CVE-2020-28873
RESERVED
CVE-2020-28872
@@ -25626,8 +25711,8 @@ CVE-2020-26943 (An issue was discovered in OpenStack blazar-dashboard before 1.3
NOT-FOR-US: blazar-dashboard
CVE-2020-26942
RESERVED
-CVE-2020-26941
- RESERVED
+CVE-2020-26941 (A local (authenticated) low-privileged user can exploit a behavior in ...)
+ TODO: check
CVE-2020-26940
RESERVED
CVE-2020-26939 (In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1. ...)
@@ -27050,8 +27135,8 @@ CVE-2020-26297 (mdBook is a utility to create modern online books from Markdown
NOT-FOR-US: mdBook
CVE-2020-26296 (Vega is a visualization grammar, a declarative format for creating, sa ...)
NOT-FOR-US: Node vega
-CVE-2020-26295
- RESERVED
+CVE-2020-26295 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...)
+ TODO: check
CVE-2020-26294 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
NOT-FOR-US: Vela
CVE-2020-26293 (HtmlSanitizer is a .NET library for cleaning HTML fragments and docume ...)
@@ -27070,8 +27155,8 @@ CVE-2020-26287 (HedgeDoc is a collaborative platform for writing and sharing mar
NOT-FOR-US: HedgeDoc
CVE-2020-26286 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...)
NOT-FOR-US: HedgeDoc
-CVE-2020-26285
- RESERVED
+CVE-2020-26285 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...)
+ TODO: check
CVE-2020-26284 (Hugo is a fast and Flexible Static Site Generator built in Go. Hugo de ...)
- hugo 0.79.1-1 (unimportant)
NOTE: https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq
@@ -35117,8 +35202,8 @@ CVE-2020-22645
RESERVED
CVE-2020-22644
RESERVED
-CVE-2020-22643
- RESERVED
+CVE-2020-22643 (Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, ...)
+ TODO: check
CVE-2020-22642
RESERVED
CVE-2020-22641
@@ -62742,8 +62827,7 @@ CVE-2020-11227
RESERVED
CVE-2020-11226
RESERVED
-CVE-2020-11225
- RESERVED
+CVE-2020-11225 (Out of bound access in WLAN driver due to lack of validation of array ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11224
RESERVED
@@ -62759,23 +62843,17 @@ CVE-2020-11219
RESERVED
CVE-2020-11218
RESERVED
-CVE-2020-11217
- RESERVED
+CVE-2020-11217 (A possible double free or invalid memory access in audio driver while ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11216
- RESERVED
+CVE-2020-11216 (Buffer over read can happen in video driver when playing clip with ato ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11215
- RESERVED
+CVE-2020-11215 (An out of bounds read can happen when processing VSA attribute due to ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11214
- RESERVED
+CVE-2020-11214 (Buffer over-read while processing NDL attribute if attribute length is ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11213
- RESERVED
+CVE-2020-11213 (Out of bound reads might occur in while processing Service descriptor ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11212
- RESERVED
+CVE-2020-11212 (Out of bounds reads while parsing NAN beacons attributes and OUIs due ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11211
RESERVED
@@ -62799,15 +62877,13 @@ CVE-2020-11202 (u'Buffer overflow/underflow occurs when typecasting the buffer p
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11201 (u'Arbitrary access to DSP memory due to improper check in loaded libra ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11200
- RESERVED
+CVE-2020-11200 (Buffer over-read while parsing RPS due to lack of check of input valid ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11199
RESERVED
CVE-2020-11198
RESERVED
-CVE-2020-11197
- RESERVED
+CVE-2020-11197 (Possible integer overflow can occur when stream info update is called ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11196 (u'Integer overflow to buffer overflow occurs while playback of ASF cli ...)
NOT-FOR-US: Qualcomm components for Android
@@ -62831,24 +62907,20 @@ CVE-2020-11187
RESERVED
CVE-2020-11186
RESERVED
-CVE-2020-11185
- RESERVED
+CVE-2020-11185 (Out of bound issue in WLAN driver while processing vdev responses from ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11184 (u'Possible buffer overflow will occur in video while parsing mp4 clip ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11183
- RESERVED
+CVE-2020-11183 (A process can potentially cause a buffer overflow in the display servi ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11182
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11181
- RESERVED
+CVE-2020-11181 (Out of bound access issue while handling cvp process control command d ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11180
- RESERVED
-CVE-2020-11179
- RESERVED
+CVE-2020-11180 (Out of bound access in computer vision control due to improper validat ...)
+ TODO: check
+CVE-2020-11179 (Arbitrary read and write to kernel addresses by temporarily overwritin ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11178
RESERVED
@@ -62872,8 +62944,7 @@ CVE-2020-11169 (u'Buffer over-read while processing received L2CAP packet due to
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11168 (u'Null-pointer dereference can occur while accessing data buffer beyon ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11167
- RESERVED
+CVE-2020-11167 (Memory corruption while calculating L2CAP packet length in reassembly ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11166
RESERVED
@@ -62906,52 +62977,39 @@ CVE-2020-11154 (u'Buffer overflow while processing a crafted PDU data packet in
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11153 (u'Out of bound memory access while processing GATT data received due t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11152
- RESERVED
+CVE-2020-11152 (Race condition in HAL layer while processing callback objects received ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11151
- RESERVED
+CVE-2020-11151 (Race condition occurs while calling user space ioctl from two differen ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11150
- RESERVED
+CVE-2020-11150 (Out of bound memory access in camera driver due to improper validation ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11149
- RESERVED
+CVE-2020-11149 (Out of bound access due to usage of an out-of-range pointer offset in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11148
- RESERVED
+CVE-2020-11148 (Use after free issue in HIDL while using callback to post event in Rx ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11147
RESERVED
-CVE-2020-11146
- RESERVED
+CVE-2020-11146 (Out of bound write while copying data using IOCTL due to lack of check ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11145
- RESERVED
+CVE-2020-11145 (Divide by zero issue can happen while updating delta extension header ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11144
- RESERVED
+CVE-2020-11144 (Buffer over-read while UE process invalid DL ROHC packet for decompres ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11143
- RESERVED
+CVE-2020-11143 (Out of bound memory access during music playback with modified content ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11142
RESERVED
CVE-2020-11141 (u'Buffer over-read issue in Bluetooth estack due to lack of check for ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11140
- RESERVED
+CVE-2020-11140 (Out of bound memory access during music playback with ALAC modified co ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11139
- RESERVED
-CVE-2020-11138
- RESERVED
+CVE-2020-11139 (Out of bound memory access while processing frames due to lack of chec ...)
+ TODO: check
+CVE-2020-11138 (Uninitialized pointers accessed during music play back with incorrect ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11137
- RESERVED
+CVE-2020-11137 (Integer multiplication overflow resulting in lower buffer size allocat ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11136
- RESERVED
+CVE-2020-11136 (Buffer Over-read in audio driver while using malloc management functio ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11135 (u'Reachable assertion when wrong data size is returned by parser for a ...)
NOT-FOR-US: Snapdragon
@@ -62987,8 +63045,7 @@ CVE-2020-11121 (u'Possible buffer overflow in WIFI hal process due to usage of m
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11120 (u'Calling thread may free the data buffer pointer that was passed to t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11119
- RESERVED
+CVE-2020-11119 (Buffer over-read can happen when the buffer length received from respo ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11118 (u'Information exposure issues while processing IE header due to improp ...)
NOT-FOR-US: Qualcomm components for Android
@@ -69863,17 +69920,15 @@ CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to
NOT-FOR-US: Element OS
CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...)
NOT-FOR-US: StorageGRID
-CVE-2020-8570
- RESERVED
+CVE-2020-8570 (Kubernetes Java client libraries in version 10.0.0 and versions prior ...)
NOT-FOR-US: Kubernetes Java client
-CVE-2020-8569
- RESERVED
+CVE-2020-8569 (Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could pa ...)
NOT-FOR-US: Kubernetes CSI Snapshotter
NOTE: https://github.com/kubernetes-csi/external-snapshotter/issues/421
-CVE-2020-8568
- RESERVED
-CVE-2020-8567
- RESERVED
+CVE-2020-8568 (Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow ...)
+ TODO: check
+CVE-2020-8567 (Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azur ...)
+ TODO: check
CVE-2020-8566 (In Kubernetes clusters using Ceph RBD as a storage provisioner, with l ...)
- kubernetes 1.19.3-1 (bug #972341)
NOTE: https://github.com/kubernetes/kubernetes/pull/95245
@@ -69916,8 +69971,7 @@ CVE-2020-8556
CVE-2020-8555 (The Kubernetes kube-controller-manager in versions v1.0-1.14, versions ...)
- kubernetes 1.18.2-1
NOTE: https://github.com/kubernetes/kubernetes/issues/91542
-CVE-2020-8554 [Man in the middle using LoadBalancer or ExternalIPs]
- RESERVED
+CVE-2020-8554 (Kubernetes API server in all versions allow an attacker who is able to ...)
- kubernetes <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/5
NOTE: https://github.com/kubernetes/kubernetes/issues/97076
@@ -79382,14 +79436,14 @@ CVE-2020-4971
RESERVED
CVE-2020-4970
RESERVED
-CVE-2020-4969
- RESERVED
-CVE-2020-4968
- RESERVED
+CVE-2020-4969 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...)
+ TODO: check
+CVE-2020-4968 (IBM Security Identity Governance and Intelligence 5.2.6 uses weaker th ...)
+ TODO: check
CVE-2020-4967
RESERVED
-CVE-2020-4966
- RESERVED
+CVE-2020-4966 (IBM Security Identity Governance and Intelligence 5.2.6 does not set t ...)
+ TODO: check
CVE-2020-4965
RESERVED
CVE-2020-4964
@@ -79404,8 +79458,8 @@ CVE-2020-4960
RESERVED
CVE-2020-4959
RESERVED
-CVE-2020-4958
- RESERVED
+CVE-2020-4958 (IBM Security Identity Governance and Intelligence 5.2.6 does not perfo ...)
+ TODO: check
CVE-2020-4957
RESERVED
CVE-2020-4956
@@ -82851,8 +82905,7 @@ CVE-2020-3693 (u'Use out of range pointer issue can occur due to incorrect buffe
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3692 (u'Possible buffer overflow while updating output buffer for IMEI and G ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3691
- RESERVED
+CVE-2020-3691 (Possible out of bound memory access in audio due to integer underflow ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3690 (u'Due to an incorrect SMMU configuration, the modem crypto engine can ...)
NOT-FOR-US: Qualcomm components for Android
@@ -82860,13 +82913,11 @@ CVE-2020-3689
RESERVED
CVE-2020-3688 (Possible buffer overflow while parsing mp4 clip with corrupted sample ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3687
- RESERVED
-CVE-2020-3686
- RESERVED
+CVE-2020-3687 (Local privilege escalation in admin services in Windows environment ca ...)
+ TODO: check
+CVE-2020-3686 (Possible memory out of bound issue during music playback when an incor ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3685
- RESERVED
+CVE-2020-3685 (Pointer variable which is freed is not cleared can result in memory co ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3684 (u'QSEE reads the access permission policy for the SMEM TOC partition f ...)
NOT-FOR-US: Qualcomm components for Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f137cc3d4d2ec850930490e6a2937f9cbc573b05
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f137cc3d4d2ec850930490e6a2937f9cbc573b05
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210121/1f729e05/attachment.html>
More information about the debian-security-tracker-commits
mailing list