[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 22 20:10:38 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a0550784 by security tracker role at 2021-01-22T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2021-25911
+ RESERVED
+CVE-2021-25910
+ RESERVED
+CVE-2021-25909
+ RESERVED
+CVE-2021-25908 (An issue was discovered in the fil-ocl crate through 2021-01-04 for Ru ...)
+ TODO: check
+CVE-2021-25907 (An issue was discovered in the containers crate before 0.9.11 for Rust ...)
+ TODO: check
+CVE-2021-25906 (An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for ...)
+ TODO: check
+CVE-2021-25905 (An issue was discovered in the bra crate before 0.1.1 for Rust. It lac ...)
+ TODO: check
+CVE-2021-25904 (An issue was discovered in the av-data crate before 0.3.0 for Rust. A ...)
+ TODO: check
+CVE-2021-25903 (An issue was discovered in the cache crate through 2021-01-01 for Rust ...)
+ TODO: check
+CVE-2021-25902 (An issue was discovered in the glsl-layout crate before 0.4.0 for Rust ...)
+ TODO: check
+CVE-2021-25901 (An issue was discovered in the lazy-init crate through 2021-01-17 for ...)
+ TODO: check
+CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 and 1.x be ...)
+ TODO: check
+CVE-2020-36220 (An issue was discovered in the va-ts crate before 0.0.4 for Rust. Beca ...)
+ TODO: check
+CVE-2020-36219 (An issue was discovered in the atomic-option crate through 2020-10-31 ...)
+ TODO: check
+CVE-2020-36218 (An issue was discovered in the buttplug crate before 1.0.4 for Rust. B ...)
+ TODO: check
+CVE-2020-36217 (An issue was discovered in the may_queue crate through 2020-11-10 for ...)
+ TODO: check
+CVE-2020-36216 (An issue was discovered in Input<R> in the eventio crate before ...)
+ TODO: check
+CVE-2020-36215 (An issue was discovered in the hashconsing crate before 1.1.0 for Rust ...)
+ TODO: check
+CVE-2020-36214 (An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust ...)
+ TODO: check
+CVE-2020-36213 (An issue was discovered in the abi_stable crate before 0.9.1 for Rust. ...)
+ TODO: check
+CVE-2020-36212 (An issue was discovered in the abi_stable crate before 0.9.1 for Rust. ...)
+ TODO: check
+CVE-2020-36211 (An issue was discovered in the gfwx crate before 0.3.0 for Rust. Becau ...)
+ TODO: check
+CVE-2020-36210 (An issue was discovered in the autorand crate before 0.2.3 for Rust. B ...)
+ TODO: check
+CVE-2020-36209 (An issue was discovered in the late-static crate before 0.4.0 for Rust ...)
+ TODO: check
+CVE-2020-36208 (An issue was discovered in the conquer-once crate before 0.3.2 for Rus ...)
+ TODO: check
+CVE-2020-36207 (An issue was discovered in the aovec crate through 2020-12-10 for Rust ...)
+ TODO: check
+CVE-2020-36206 (An issue was discovered in the rusb crate before 0.7.0 for Rust. Becau ...)
+ TODO: check
+CVE-2020-36205 (An issue was discovered in the xcb crate through 2020-12-10 for Rust. ...)
+ TODO: check
+CVE-2020-36204 (An issue was discovered in the im crate through 2020-11-09 for Rust. B ...)
+ TODO: check
+CVE-2020-36203 (An issue was discovered in the reffers crate through 2020-12-01 for Ru ...)
+ TODO: check
+CVE-2020-36202 (An issue was discovered in the async-h1 crate before 2.3.0 for Rust. R ...)
+ TODO: check
CVE-2021-3280
RESERVED
CVE-2021-3279
@@ -16,8 +78,8 @@ CVE-2021-3273
RESERVED
CVE-2021-3272
RESERVED
-CVE-2021-3271
- RESERVED
+CVE-2021-3271 (PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS ca ...)
+ TODO: check
CVE-2021-3270
RESERVED
CVE-2021-3269
@@ -6513,12 +6575,12 @@ CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attacker
NOT-FOR-US: HGiga EIP
CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pages th ...)
NOT-FOR-US: HGiga EIP
-CVE-2021-22849
- RESERVED
+CVE-2021-22849 (Hyweb HyCMS-J1 backend editing function does not filter special charac ...)
+ TODO: check
CVE-2021-22848
RESERVED
-CVE-2021-22847
- RESERVED
+CVE-2021-22847 (Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote at ...)
+ TODO: check
CVE-2021-22846
RESERVED
CVE-2021-22845
@@ -11075,8 +11137,8 @@ CVE-2021-21272
RESERVED
CVE-2021-21271
RESERVED
-CVE-2021-21270
- RESERVED
+CVE-2021-21270 (OctopusDSC is a PowerShell module with DSC resources that can be used ...)
+ TODO: check
CVE-2021-21269 (Keymaker is a Mastodon Community Finder based Matrix Community serverl ...)
NOT-FOR-US: Keymaker
CVE-2021-21268
@@ -11091,10 +11153,10 @@ CVE-2021-21264
RESERVED
CVE-2021-21262
RESERVED
-CVE-2021-21260
- RESERVED
-CVE-2021-21259
- RESERVED
+CVE-2021-21260 (Online Invoicing System (OIS) is open source software which is a lean ...)
+ TODO: check
+CVE-2021-21259 (HedgeDoc is open source software which lets you create real-time colla ...)
+ TODO: check
CVE-2021-21258
RESERVED
CVE-2021-21257
@@ -20555,10 +20617,10 @@ CVE-2020-28490
RESERVED
CVE-2020-28489
RESERVED
-CVE-2020-28488
- RESERVED
-CVE-2020-28487
- RESERVED
+CVE-2020-28488 (This affects all versions of package jquery-ui; all versions of packag ...)
+ TODO: check
+CVE-2020-28487 (This affects the package vis-timeline before 7.4.4. An attacker with t ...)
+ TODO: check
CVE-2020-28486
RESERVED
CVE-2020-28485
@@ -23754,6 +23816,7 @@ CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0.
NOTE: https://github.com/jasper-software/jasper/pull/253
CVE-2020-27827 [lldp: avoid memory leak from bad packets]
RESERVED
+ {DSA-4836-1}
- lldpd 1.0.8-1
[buster] - lldpd <no-dsa> (Minor issue)
[stretch] - lldpd <no-dsa> (Minor issue)
@@ -26937,6 +27000,7 @@ CVE-2020-26666
CVE-2020-26665
RESERVED
CVE-2020-26664 (A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media play ...)
+ {DSA-4834-1}
- vlc 3.0.12-1 (low; bug #979676)
[stretch] - vlc <postponed> (Minor issue, wait for next LTS release)
NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8c (3.0.12)
@@ -33480,8 +33544,8 @@ CVE-2020-23828 (A File Upload vulnerability in SourceCodester Online Course Regi
NOT-FOR-US: SourceCodester Online Course Registration
CVE-2020-23827
RESERVED
-CVE-2020-23826
- RESERVED
+CVE-2020-23826 (The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote co ...)
+ TODO: check
CVE-2020-23825
RESERVED
CVE-2020-23824 (ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forger ...)
@@ -34608,8 +34672,8 @@ CVE-2020-23264
RESERVED
CVE-2020-23263
RESERVED
-CVE-2020-23262
- RESERVED
+CVE-2020-23262 (An issue was discovered in ming-soft MCMS v5.0, where a malicious user ...)
+ TODO: check
CVE-2020-23261
RESERVED
CVE-2020-23260
@@ -34808,12 +34872,12 @@ CVE-2020-23164
RESERVED
CVE-2020-23163
RESERVED
-CVE-2020-23162
- RESERVED
-CVE-2020-23161
- RESERVED
-CVE-2020-23160
- RESERVED
+CVE-2020-23162 (Sensitive information disclosure and weak encryption in Pyrescom Termo ...)
+ TODO: check
+CVE-2020-23161 (Local file inclusion in Pyrescom Termod4 time management devices befor ...)
+ TODO: check
+CVE-2020-23160 (Remote code execution in Pyrescom Termod4 time management devices befo ...)
+ TODO: check
CVE-2020-23159
RESERVED
CVE-2020-23158
@@ -40607,8 +40671,8 @@ CVE-2020-20271
RESERVED
CVE-2020-20270
RESERVED
-CVE-2020-20269
- RESERVED
+CVE-2020-20269 (A specially crafted Markdown document could cause the execution of mal ...)
+ TODO: check
CVE-2020-20268
RESERVED
CVE-2020-20267
@@ -46112,7 +46176,7 @@ CVE-2020-17529 (Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (
CVE-2020-17528 (Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incuba ...)
NOT-FOR-US: Apache NuttX
CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomcat 10. ...)
- {DLA-2495-1}
+ {DSA-4835-1 DLA-2495-1}
- tomcat9 9.0.40-1
- tomcat8 <removed>
NOTE: https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65 (9.0.40)
@@ -55282,7 +55346,7 @@ CVE-2020-13945 (In Apache APISIX, the user enabled the Admin API and deleted the
CVE-2020-13944 (In Apache Airflow < 1.10.12, the "origin" parameter passed to some ...)
- airflow <itp> (bug #819700)
CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7 ...)
- {DLA-2407-1}
+ {DSA-4835-1 DLA-2407-1}
- tomcat9 9.0.38-1
- tomcat8 <removed>
NOTE: https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b (9.0.38)
@@ -58951,8 +59015,8 @@ CVE-2020-12527
RESERVED
CVE-2020-12526
RESERVED
-CVE-2020-12525
- RESERVED
+CVE-2020-12525 (M&M Software fdtCONTAINER Component in versions below 3.5.20304.x ...)
+ TODO: check
CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...)
NOT-FOR-US: Phoenix Contact HMIs BTP
CVE-2020-12523 (On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get ...)
@@ -58973,14 +59037,14 @@ CVE-2020-12516 (Older firmware versions (FW1 up to FW10) of the WAGO PLC family
NOT-FOR-US: WAGO
CVE-2020-12515
RESERVED
-CVE-2020-12514
- RESERVED
-CVE-2020-12513
- RESERVED
-CVE-2020-12512
- RESERVED
-CVE-2020-12511
- RESERVED
+CVE-2020-12514 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
+ TODO: check
+CVE-2020-12513 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
+ TODO: check
+CVE-2020-12512 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
+ TODO: check
+CVE-2020-12511 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
+ TODO: check
CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software in all v ...)
NOT-FOR-US: Beckhoff
CVE-2020-12509
@@ -80494,8 +80558,8 @@ CVE-2020-4768
RESERVED
CVE-2020-4767 (IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6 ...)
NOT-FOR-US: IBM
-CVE-2020-4766
- RESERVED
+CVE-2020-4766 (IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cau ...)
+ TODO: check
CVE-2020-4765
RESERVED
CVE-2020-4764 (IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery ...)
@@ -288508,6 +288572,7 @@ CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel
- linux-2.6 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=60533
CVE-2015-8011 (Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c ...)
+ {DSA-4836-1}
- lldpd 0.7.19-1
[jessie] - lldpd 0.7.11-2+deb8u1
[wheezy] - lldpd <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0550784c0187239dbc047cdaad3e7918d0ed615
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0550784c0187239dbc047cdaad3e7918d0ed615
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210122/fa6b998a/attachment.html>
More information about the debian-security-tracker-commits
mailing list