[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jan 29 20:34:15 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e65e5b60 by security tracker role at 2021-01-29T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,26 @@
+CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...)
+	TODO: check
+CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 ...)
+	TODO: check
+CVE-2021-3344
+	RESERVED
+CVE-2021-26310
+	RESERVED
+CVE-2021-26309
+	RESERVED
+CVE-2018-25006
+	RESERVED
+CVE-2018-25005
+	RESERVED
+CVE-2018-25004
+	RESERVED
 CVE-2021-XXXX [libgcrypt heap overflow]
 	[experimental] - libgcrypt20 <unfixed>
 	- libgcrypt20 <not-affected> (Only affected 1.9)
 	NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
 	NOTE: https://dev.gnupg.org/T5275
 	NOTE: Introduced by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e76617cbab018dd8f41fd6b4ec6740b5303f7e13
-CVE-2021-3347 [UAF in futex]
+CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI futexe ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1
 CVE-2021-3343
@@ -44,7 +60,7 @@ CVE-2021-26300
 	RESERVED
 CVE-2021-26299
 	RESERVED
-CVE-2019-25016 (There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6. ...)
+CVE-2019-25016 (In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly in ...)
 	- doas <itp> (bug #981176)
 	NOTE: https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168
 	NOTE: https://github.com/Duncaen/OpenDoas/issues/45
@@ -965,10 +981,10 @@ CVE-2018-25003
 	RESERVED
 CVE-2021-25911
 	RESERVED
-CVE-2021-25910
-	RESERVED
-CVE-2021-25909
-	RESERVED
+CVE-2021-25910 (Improper Authentication vulnerability in the cookie parameter of ZIV A ...)
+	TODO: check
+CVE-2021-25909 (ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, al ...)
+	TODO: check
 CVE-2021-25908 (An issue was discovered in the fil-ocl crate through 2021-01-04 for Ru ...)
 	NOT-FOR-US: Rust crate fil-ocl
 CVE-2021-25907 (An issue was discovered in the containers crate before 0.9.11 for Rust ...)
@@ -2948,38 +2964,38 @@ CVE-2021-25140
 	RESERVED
 CVE-2021-25139
 	RESERVED
-CVE-2021-25138
-	RESERVED
-CVE-2021-25137
-	RESERVED
-CVE-2021-25136
-	RESERVED
-CVE-2021-25135
-	RESERVED
-CVE-2021-25134
-	RESERVED
-CVE-2021-25133
-	RESERVED
-CVE-2021-25132
-	RESERVED
-CVE-2021-25131
-	RESERVED
-CVE-2021-25130
-	RESERVED
-CVE-2021-25129
-	RESERVED
-CVE-2021-25128
-	RESERVED
-CVE-2021-25127
-	RESERVED
-CVE-2021-25126
-	RESERVED
-CVE-2021-25125
-	RESERVED
-CVE-2021-25124
-	RESERVED
-CVE-2021-25123
-	RESERVED
+CVE-2021-25138 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25137 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25136 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25135 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25134 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25133 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25132 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25131 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25130 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25129 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25128 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25127 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25126 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25125 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25124 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
+CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
+	TODO: check
 CVE-2021-25122
 	RESERVED
 CVE-2021-25121
@@ -6735,8 +6751,8 @@ CVE-2021-23330
 	RESERVED
 CVE-2021-23329
 	RESERVED
-CVE-2021-23328
-	RESERVED
+CVE-2021-23328 (This affects all versions of package iniparserjs. This vulnerability r ...)
+	TODO: check
 CVE-2021-23327
 	RESERVED
 CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 6.2.6. The u ...)
@@ -11848,8 +11864,7 @@ CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when de
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5174
 	NOTE: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
-CVE-2020-35652 [remote crash in res_pjsip_diversion]
-	RESERVED
+CVE-2020-35652 (An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk b ...)
 	- asterisk 1:16.15.1~dfsg-1 (bug #979372)
 	[buster] - asterisk <no-dsa> (Minor issue)
 	[stretch] - asterisk <no-dsa> (Minor issue)
@@ -13858,8 +13873,8 @@ CVE-2021-20588
 	RESERVED
 CVE-2021-20587
 	RESERVED
-CVE-2021-20586
-	RESERVED
+CVE-2021-20586 (Resource management errors vulnerability in a robot controller of MELF ...)
+	TODO: check
 CVE-2021-20585
 	RESERVED
 CVE-2021-20584
@@ -18566,7 +18581,7 @@ CVE-2020-29396 (A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo
 	NOTE: https://github.com/odoo/odoo/issues/63712
 CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS v ...)
 	NOT-FOR-US: EventON plugin for WordPress
-CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in dlt_common.c in d ...)
+CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in dlt_common.c from ...)
 	- dlt-daemon 2.18.5-0.3 (bug #976228)
 	[buster] - dlt-daemon <no-dsa> (Minor issue)
 	NOTE: https://github.com/GENIVI/dlt-daemon/issues/274
@@ -32855,20 +32870,20 @@ CVE-2020-24672
 	RESERVED
 CVE-2020-24671
 	RESERVED
-CVE-2020-24670
-	RESERVED
-CVE-2020-24669
-	RESERVED
+CVE-2020-24670 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
+	TODO: check
+CVE-2020-24669 (The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x c ...)
+	TODO: check
 CVE-2020-24668
 	RESERVED
 CVE-2020-24667
 	RESERVED
-CVE-2020-24666
-	RESERVED
-CVE-2020-24665
-	RESERVED
-CVE-2020-24664
-	RESERVED
+CVE-2020-24666 (The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x conta ...)
+	TODO: check
+CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
+	TODO: check
+CVE-2020-24664 (The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
+	TODO: check
 CVE-2020-24663
 	RESERVED
 CVE-2020-24662



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e65e5b607a4259756d9599fa30069f97f973bbf3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e65e5b607a4259756d9599fa30069f97f973bbf3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210129/c550f957/attachment.html>

More information about the debian-security-tracker-commits mailing list