[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jan 30 08:10:25 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76039389 by security tracker role at 2021-01-30T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,303 @@
+CVE-2021-26460
+	RESERVED
+CVE-2021-26459
+	RESERVED
+CVE-2021-26458
+	RESERVED
+CVE-2021-26457
+	RESERVED
+CVE-2021-26456
+	RESERVED
+CVE-2021-26455
+	RESERVED
+CVE-2021-26454
+	RESERVED
+CVE-2021-26453
+	RESERVED
+CVE-2021-26452
+	RESERVED
+CVE-2021-26451
+	RESERVED
+CVE-2021-26450
+	RESERVED
+CVE-2021-26449
+	RESERVED
+CVE-2021-26448
+	RESERVED
+CVE-2021-26447
+	RESERVED
+CVE-2021-26446
+	RESERVED
+CVE-2021-26445
+	RESERVED
+CVE-2021-26444
+	RESERVED
+CVE-2021-26443
+	RESERVED
+CVE-2021-26442
+	RESERVED
+CVE-2021-26441
+	RESERVED
+CVE-2021-26440
+	RESERVED
+CVE-2021-26439
+	RESERVED
+CVE-2021-26438
+	RESERVED
+CVE-2021-26437
+	RESERVED
+CVE-2021-26436
+	RESERVED
+CVE-2021-26435
+	RESERVED
+CVE-2021-26434
+	RESERVED
+CVE-2021-26433
+	RESERVED
+CVE-2021-26432
+	RESERVED
+CVE-2021-26431
+	RESERVED
+CVE-2021-26430
+	RESERVED
+CVE-2021-26429
+	RESERVED
+CVE-2021-26428
+	RESERVED
+CVE-2021-26427
+	RESERVED
+CVE-2021-26426
+	RESERVED
+CVE-2021-26425
+	RESERVED
+CVE-2021-26424
+	RESERVED
+CVE-2021-26423
+	RESERVED
+CVE-2021-26422
+	RESERVED
+CVE-2021-26421
+	RESERVED
+CVE-2021-26420
+	RESERVED
+CVE-2021-26419
+	RESERVED
+CVE-2021-26418
+	RESERVED
+CVE-2021-26417
+	RESERVED
+CVE-2021-26416
+	RESERVED
+CVE-2021-26415
+	RESERVED
+CVE-2021-26414
+	RESERVED
+CVE-2021-26413
+	RESERVED
+CVE-2021-26412
+	RESERVED
+CVE-2021-26411
+	RESERVED
+CVE-2021-26410
+	RESERVED
+CVE-2021-26409
+	RESERVED
+CVE-2021-26408
+	RESERVED
+CVE-2021-26407
+	RESERVED
+CVE-2021-26406
+	RESERVED
+CVE-2021-26405
+	RESERVED
+CVE-2021-26404
+	RESERVED
+CVE-2021-26403
+	RESERVED
+CVE-2021-26402
+	RESERVED
+CVE-2021-26401
+	RESERVED
+CVE-2021-26400
+	RESERVED
+CVE-2021-26399
+	RESERVED
+CVE-2021-26398
+	RESERVED
+CVE-2021-26397
+	RESERVED
+CVE-2021-26396
+	RESERVED
+CVE-2021-26395
+	RESERVED
+CVE-2021-26394
+	RESERVED
+CVE-2021-26393
+	RESERVED
+CVE-2021-26392
+	RESERVED
+CVE-2021-26391
+	RESERVED
+CVE-2021-26390
+	RESERVED
+CVE-2021-26389
+	RESERVED
+CVE-2021-26388
+	RESERVED
+CVE-2021-26387
+	RESERVED
+CVE-2021-26386
+	RESERVED
+CVE-2021-26385
+	RESERVED
+CVE-2021-26384
+	RESERVED
+CVE-2021-26383
+	RESERVED
+CVE-2021-26382
+	RESERVED
+CVE-2021-26381
+	RESERVED
+CVE-2021-26380
+	RESERVED
+CVE-2021-26379
+	RESERVED
+CVE-2021-26378
+	RESERVED
+CVE-2021-26377
+	RESERVED
+CVE-2021-26376
+	RESERVED
+CVE-2021-26375
+	RESERVED
+CVE-2021-26374
+	RESERVED
+CVE-2021-26373
+	RESERVED
+CVE-2021-26372
+	RESERVED
+CVE-2021-26371
+	RESERVED
+CVE-2021-26370
+	RESERVED
+CVE-2021-26369
+	RESERVED
+CVE-2021-26368
+	RESERVED
+CVE-2021-26367
+	RESERVED
+CVE-2021-26366
+	RESERVED
+CVE-2021-26365
+	RESERVED
+CVE-2021-26364
+	RESERVED
+CVE-2021-26363
+	RESERVED
+CVE-2021-26362
+	RESERVED
+CVE-2021-26361
+	RESERVED
+CVE-2021-26360
+	RESERVED
+CVE-2021-26359
+	RESERVED
+CVE-2021-26358
+	RESERVED
+CVE-2021-26357
+	RESERVED
+CVE-2021-26356
+	RESERVED
+CVE-2021-26355
+	RESERVED
+CVE-2021-26354
+	RESERVED
+CVE-2021-26353
+	RESERVED
+CVE-2021-26352
+	RESERVED
+CVE-2021-26351
+	RESERVED
+CVE-2021-26350
+	RESERVED
+CVE-2021-26349
+	RESERVED
+CVE-2021-26348
+	RESERVED
+CVE-2021-26347
+	RESERVED
+CVE-2021-26346
+	RESERVED
+CVE-2021-26345
+	RESERVED
+CVE-2021-26344
+	RESERVED
+CVE-2021-26343
+	RESERVED
+CVE-2021-26342
+	RESERVED
+CVE-2021-26341
+	RESERVED
+CVE-2021-26340
+	RESERVED
+CVE-2021-26339
+	RESERVED
+CVE-2021-26338
+	RESERVED
+CVE-2021-26337
+	RESERVED
+CVE-2021-26336
+	RESERVED
+CVE-2021-26335
+	RESERVED
+CVE-2021-26334
+	RESERVED
+CVE-2021-26333
+	RESERVED
+CVE-2021-26332
+	RESERVED
+CVE-2021-26331
+	RESERVED
+CVE-2021-26330
+	RESERVED
+CVE-2021-26329
+	RESERVED
+CVE-2021-26328
+	RESERVED
+CVE-2021-26327
+	RESERVED
+CVE-2021-26326
+	RESERVED
+CVE-2021-26325
+	RESERVED
+CVE-2021-26324
+	RESERVED
+CVE-2021-26323
+	RESERVED
+CVE-2021-26322
+	RESERVED
+CVE-2021-26321
+	RESERVED
+CVE-2021-26320
+	RESERVED
+CVE-2021-26319
+	RESERVED
+CVE-2021-26318
+	RESERVED
+CVE-2021-26317
+	RESERVED
+CVE-2021-26316
+	RESERVED
+CVE-2021-26315
+	RESERVED
+CVE-2021-26314
+	RESERVED
+CVE-2021-26313
+	RESERVED
+CVE-2021-26312
+	RESERVED
+CVE-2021-26311
+	RESERVED
 CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...)
 	TODO: check
 CVE-2021-3344
@@ -12,7 +312,7 @@ CVE-2018-25005
 	RESERVED
 CVE-2018-25004
 	RESERVED
-CVE-2021-3345 [libgcrypt heap overflow]
+CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 ...)
 	[experimental] - libgcrypt20 <unfixed> (bug #981370)
 	- libgcrypt20 <not-affected> (Only affected 1.9)
 	NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
@@ -1790,8 +2090,8 @@ CVE-2021-25648
 	RESERVED
 CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...)
 	NOT-FOR-US: Mobile application "Testes de Codigo"
-CVE-2021-25646
-	RESERVED
+CVE-2021-25646 (Apache Druid includes the ability to execute user-provided JavaScript  ...)
+	TODO: check
 CVE-2019-25014 (A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go ge ...)
 	NOT-FOR-US: Istio
 CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 throug ...)
@@ -12275,8 +12575,8 @@ CVE-2021-21256
 	RESERVED
 CVE-2021-21255
 	RESERVED
-CVE-2021-21254
-	RESERVED
+CVE-2021-21254 (CKEditor 5 is an open source rich text editor framework with a modular ...)
+	TODO: check
 CVE-2021-21253 (OnlineVotingSystem is an open source project hosted on GitHub. OnlineV ...)
 	NOT-FOR-US: OnlineVotingSystem
 CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...)
@@ -17973,8 +18273,8 @@ CVE-2020-29559
 	RESERVED
 CVE-2020-29558
 	RESERVED
-CVE-2020-29557
-	RESERVED
+CVE-2020-29557 (An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 bef ...)
+	TODO: check
 CVE-2020-29556
 	RESERVED
 CVE-2020-29555
@@ -47677,8 +47977,7 @@ CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow
 	NOT-FOR-US: MSI AmbientLink MsIo64 driver
 CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...)
 	NOT-FOR-US: Ghisler Total Commander
-CVE-2020-17380 [heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c]
-	RESERVED
+CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ...)
 	- qemu <unfixed> (bug #970937)
 	[buster] - qemu <postponed> (Minor issue, fix along in future DSA)
 	[stretch] - qemu <postponed> (Minor issue, fix along in future DLA)
@@ -51607,8 +51906,8 @@ CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL a
 	[stretch] - nim <no-dsa> (Minor issue)
 CVE-2020-15691
 	RESERVED
-CVE-2020-15690
-	RESERVED
+CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks a check ...)
+	TODO: check
 CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...)
 	NOT-FOR-US: Appweb
 CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server before 5.1.2  ...)
@@ -52024,8 +52323,8 @@ CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-afte
 	- milkytracker 1.02.00+dfsg-2.1 (bug #964797)
 	[buster] - milkytracker 1.02.00+dfsg-1+deb10u1
 	NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
-CVE-2020-15568
-	RESERVED
+CVE-2020-15568 (TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that lead ...)
+	TODO: check
 CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel guest OS ...)
 	{DSA-4723-1}
 	- xen 4.11.4+24-gddaaccbbab-1
@@ -55039,8 +55338,8 @@ CVE-2020-14420
 	RESERVED
 CVE-2020-14419
 	RESERVED
-CVE-2020-14418
-	RESERVED
+CVE-2020-14418 (A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that al ...)
+	TODO: check
 CVE-2020-14417
 	RESERVED
 CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...)
@@ -150493,11 +150792,11 @@ CVE-2018-19542 (An issue was discovered in JasPer 2.0.14. There is a NULL pointe
 	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/182
-CVE-2018-19541 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
+CVE-2018-19541 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...)
 	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/182
-CVE-2018-19540 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
+CVE-2018-19540 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...)
 	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/182
@@ -211931,7 +212230,7 @@ CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allow
 	[wheezy] - redis <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/antirez/redis/issues/4278
 	NOTE: Pull request: https://github.com/antirez/redis/pull/4365
-CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples i ...)
+CVE-2017-15046 (LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based  ...)
 	- lame 3.99.5+repack1-8
 	[jessie] - lame 3.99.5+repack1-7+deb8u2
 	NOTE: https://sourceforge.net/p/lame/bugs/479/
@@ -212075,7 +212374,7 @@ CVE-2017-15019 (LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_ini
 	[stretch] - lame <ignored> (Minor issue)
 	[jessie] - lame <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/lame/bugs/477/
-CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a malforme ...)
+CVE-2017-15018 (LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and  ...)
 	- lame 3.99.5+repack1-8
 	[jessie] - lame 3.99.5+repack1-7+deb8u2
 	NOTE: https://sourceforge.net/p/lame/bugs/480/
@@ -214778,7 +215077,7 @@ CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password pag
 	NOT-FOR-US: Maplesoft Maple
 CVE-2017-14133
 	RESERVED
-CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of service (he ...)
+CVE-2017-14132 (JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900 ...)
 	{DLA-1583-1}
 	- jasper <removed> (low)
 	[wheezy] - jasper <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76039389455e9e30d873381f262c1df2b3260f7b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76039389455e9e30d873381f262c1df2b3260f7b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210130/ed3808c5/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list