[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 9 09:10:37 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe41a4a5 by security tracker role at 2021-06-09T08:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,20 +1,65 @@
+CVE-2021-34362
+ RESERVED
+CVE-2021-34361
+ RESERVED
+CVE-2021-34360
+ RESERVED
+CVE-2021-34359
+ RESERVED
+CVE-2021-34358
+ RESERVED
+CVE-2021-34357
+ RESERVED
+CVE-2021-34356
+ RESERVED
+CVE-2021-34355
+ RESERVED
+CVE-2021-34354
+ RESERVED
+CVE-2021-34353
+ RESERVED
+CVE-2021-34352
+ RESERVED
+CVE-2021-34351
+ RESERVED
+CVE-2021-34350
+ RESERVED
+CVE-2021-34349
+ RESERVED
+CVE-2021-34348
+ RESERVED
+CVE-2021-34347
+ RESERVED
+CVE-2021-34346
+ RESERVED
+CVE-2021-34345
+ RESERVED
+CVE-2021-34344
+ RESERVED
+CVE-2021-34343
+ RESERVED
CVE-2022-20001
RESERVED
CVE-2021-3588
RESERVED
CVE-2021-34342
+ RESERVED
- ming <removed>
NOTE: https://github.com/libming/libming/issues/205
CVE-2021-34341
+ RESERVED
- ming <removed>
NOTE: https://github.com/libming/libming/issues/204
CVE-2021-34340
+ RESERVED
- ming <removed>
NOTE: https://github.com/libming/libming/issues/203
CVE-2021-34339
+ RESERVED
- ming <removed>
NOTE: https://github.com/libming/libming/issues/202
CVE-2021-34338
+ RESERVED
- ming <removed>
NOTE: https://github.com/libming/libming/issues/201
CVE-2021-34337
@@ -1304,14 +1349,14 @@ CVE-2021-33744
RESERVED
CVE-2021-33743
RESERVED
-CVE-2021-33742
- RESERVED
-CVE-2021-33741
- RESERVED
+CVE-2021-33742 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-33741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-33740
RESERVED
-CVE-2021-33739
- RESERVED
+CVE-2021-33739 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2020-36381
RESERVED
CVE-2020-36380
@@ -1410,8 +1455,8 @@ CVE-2021-33714
RESERVED
CVE-2021-33713
RESERVED
-CVE-2021-33712
- RESERVED
+CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All version ...)
+ TODO: check
CVE-2021-33711
RESERVED
CVE-2021-33710
@@ -5376,102 +5421,102 @@ CVE-2021-31987
RESERVED
CVE-2021-31986
RESERVED
-CVE-2021-31985
- RESERVED
+CVE-2021-31985 (Microsoft Defender Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-31984
RESERVED
-CVE-2021-31983
- RESERVED
+CVE-2021-31983 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...)
+ TODO: check
CVE-2021-31982
RESERVED
CVE-2021-31981
RESERVED
-CVE-2021-31980
- RESERVED
+CVE-2021-31980 (Microsoft Intune Management Extension Remote Code Execution Vulnerabil ...)
+ TODO: check
CVE-2021-31979
RESERVED
-CVE-2021-31978
- RESERVED
-CVE-2021-31977
- RESERVED
-CVE-2021-31976
- RESERVED
-CVE-2021-31975
- RESERVED
-CVE-2021-31974
- RESERVED
-CVE-2021-31973
- RESERVED
-CVE-2021-31972
- RESERVED
-CVE-2021-31971
- RESERVED
-CVE-2021-31970
- RESERVED
-CVE-2021-31969
- RESERVED
-CVE-2021-31968
- RESERVED
-CVE-2021-31967
- RESERVED
-CVE-2021-31966
- RESERVED
-CVE-2021-31965
- RESERVED
-CVE-2021-31964
- RESERVED
-CVE-2021-31963
- RESERVED
-CVE-2021-31962
- RESERVED
+CVE-2021-31978 (Microsoft Defender Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-31977 (Windows Hyper-V Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-31976 (Server for NFS Information Disclosure Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-31975 (Server for NFS Information Disclosure Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-31974 (Server for NFS Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-31973 (Windows GPSVC Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31972 (Event Tracing for Windows Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-31971 (Windows HTML Platform Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-31970 (Windows TCP/IP Driver Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-31969 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2021-31968 (Windows Remote Desktop Services Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-31967 (VP9 Video Extensions Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-31966 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ TODO: check
+CVE-2021-31965 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-31964 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ TODO: check
+CVE-2021-31963 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ TODO: check
+CVE-2021-31962 (Kerberos AppContainer Security Feature Bypass Vulnerability ...)
+ TODO: check
CVE-2021-31961
RESERVED
-CVE-2021-31960
- RESERVED
-CVE-2021-31959
- RESERVED
-CVE-2021-31958
- RESERVED
-CVE-2021-31957
- RESERVED
-CVE-2021-31956
- RESERVED
-CVE-2021-31955
- RESERVED
-CVE-2021-31954
- RESERVED
-CVE-2021-31953
- RESERVED
-CVE-2021-31952
- RESERVED
-CVE-2021-31951
- RESERVED
-CVE-2021-31950
- RESERVED
-CVE-2021-31949
- RESERVED
-CVE-2021-31948
- RESERVED
+CVE-2021-31960 (Windows Bind Filter Driver Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-31959 (Scripting Engine Memory Corruption Vulnerability ...)
+ TODO: check
+CVE-2021-31958 (Windows NTLM Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31957 (ASP.NET Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-31956 (Windows NTFS Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31955 (Windows Kernel Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-31954 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2021-31953 (Windows Filter Manager Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31952 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31951 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31950 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ TODO: check
+CVE-2021-31949 (Microsoft Outlook Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-31948 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ TODO: check
CVE-2021-31947
RESERVED
-CVE-2021-31946
- RESERVED
-CVE-2021-31945
- RESERVED
-CVE-2021-31944
- RESERVED
-CVE-2021-31943
- RESERVED
-CVE-2021-31942
- RESERVED
-CVE-2021-31941
- RESERVED
-CVE-2021-31940
- RESERVED
-CVE-2021-31939
- RESERVED
-CVE-2021-31938
- RESERVED
+CVE-2021-31946 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...)
+ TODO: check
+CVE-2021-31945 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...)
+ TODO: check
+CVE-2021-31944 (3D Viewer Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-31943 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ TODO: check
+CVE-2021-31942 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ TODO: check
+CVE-2021-31941 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ TODO: check
+CVE-2021-31940 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ TODO: check
+CVE-2021-31939 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-31938 (Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vul ...)
+ TODO: check
CVE-2021-31937
RESERVED
CVE-2021-31936 (Microsoft Accessibility Insights for Web Information Disclosure Vulner ...)
@@ -5941,8 +5986,7 @@ CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
-CVE-2021-31807
- RESERVED
+CVE-2021-31807 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An ...)
{DSA-4924-1}
- squid 4.13-10 (bug #989043)
- squid3 <removed>
@@ -7018,14 +7062,14 @@ CVE-2021-31345
RESERVED
CVE-2021-31344
RESERVED
-CVE-2021-31343
- RESERVED
-CVE-2021-31342
- RESERVED
+CVE-2021-31343 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
+ TODO: check
+CVE-2021-31342 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
+ TODO: check
CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...)
NOT-FOR-US: Mendix Database Replication
-CVE-2021-31340
- RESERVED
+CVE-2021-31340 (A vulnerability has been identified in SIMATIC RF166C (All versions &g ...)
+ TODO: check
CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Module (A ...)
NOT-FOR-US: Mendix Excel Importer Module
CVE-2021-31338
@@ -7335,12 +7379,12 @@ CVE-2021-31203
RESERVED
CVE-2021-31202
RESERVED
-CVE-2021-31201
- RESERVED
+CVE-2021-31201 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...)
+ TODO: check
CVE-2021-31200 (Common Utilities Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-31199
- RESERVED
+CVE-2021-31199 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...)
+ TODO: check
CVE-2021-31198 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
NOT-FOR-US: Microsoft
CVE-2021-31197
@@ -14574,8 +14618,8 @@ CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earl
NOTE: https://github.com/eclipse-ee4j/el-ri/issues/155
NOTE: https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
NOTE: Only affects the EL reference implementation which isn't built into the binary packages
-CVE-2021-28169
- RESERVED
+CVE-2021-28169 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...)
+ TODO: check
CVE-2021-28168 (Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains ...)
NOT-FOR-US: Eclipse Jersey
CVE-2021-28167 (In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect ...)
@@ -16464,8 +16508,8 @@ CVE-2021-3413 (A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azur
NOT-FOR-US: Red Hat Satellite
CVE-2021-3412 (It was found that all versions of 3Scale developer portal lacked brute ...)
NOT-FOR-US: Red Hat 3scale API Management
-CVE-2021-27399
- RESERVED
+CVE-2021-27399 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...)
+ TODO: check
CVE-2021-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
NOT-FOR-US: Tecnomatix Plant Simulation
CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
@@ -16482,14 +16526,14 @@ CVE-2021-27392 (A vulnerability has been identified in Siveillance Video Open Ne
NOT-FOR-US: Siveillance
CVE-2021-27391
RESERVED
-CVE-2021-27390
- RESERVED
+CVE-2021-27390 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
+ TODO: check
CVE-2021-27389 (A vulnerability has been identified in Opcenter Quality (All versions ...)
NOT-FOR-US: Opcenter Quality
CVE-2021-27388
RESERVED
-CVE-2021-27387
- RESERVED
+CVE-2021-27387 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...)
+ TODO: check
CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
NOT-FOR-US: Siemens
CVE-2021-27385 (A remote attacker could send specially crafted packets to a SmartVNC d ...)
@@ -18812,8 +18856,8 @@ CVE-2021-26422 (Skype for Business and Lync Remote Code Execution Vulnerability
NOT-FOR-US: Microsoft
CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-26420
- RESERVED
+CVE-2021-26420 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ TODO: check
CVE-2021-26419 (Scripting Engine Memory Corruption Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26418 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
@@ -18824,8 +18868,8 @@ CVE-2021-26416 (Windows Hyper-V Denial of Service Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26415 (Windows Installer Elevation of Privilege Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
-CVE-2021-26414
- RESERVED
+CVE-2021-26414 (Windows DCOM Server Security Feature Bypass ...)
+ TODO: check
CVE-2021-26413 (Windows Installer Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26412 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
@@ -28550,8 +28594,8 @@ CVE-2021-22218 (All versions of GitLab CE/EE starting with 12.8 were affected by
TODO: check
CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
TODO: check
-CVE-2021-22216
- RESERVED
+CVE-2021-22216 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
+ TODO: check
CVE-2021-22215 (An information disclosure vulnerability in GitLab EE versions 13.11 an ...)
TODO: check
CVE-2021-22214 (When requests to the internal network for webhooks are enabled, a serv ...)
@@ -33459,16 +33503,16 @@ CVE-2021-20734
RESERVED
CVE-2021-20733
RESERVED
-CVE-2021-20732
- RESERVED
-CVE-2021-20731
- RESERVED
-CVE-2021-20730
- RESERVED
+CVE-2021-20732 (The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 an ...)
+ TODO: check
+CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver ...)
+ TODO: check
+CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.1 ...)
+ TODO: check
CVE-2021-20729
RESERVED
-CVE-2021-20728
- RESERVED
+CVE-2021-20728 (Improper access control vulnerability in goo blog App for Android ver. ...)
+ TODO: check
CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...)
NOT-FOR-US: Zettlr
CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...)
@@ -37634,8 +37678,7 @@ CVE-2021-1939
RESERVED
CVE-2021-1938
RESERVED
-CVE-2021-1937
- RESERVED
+CVE-2021-1937 (Reachable assertion is possible while processing peer association WLAN ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1936
RESERVED
@@ -37709,8 +37752,7 @@ CVE-2021-1902
RESERVED
CVE-2021-1901
RESERVED
-CVE-2021-1900
- RESERVED
+CVE-2021-1900 (Possible use after free in Display due to race condition while creatin ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1899
RESERVED
@@ -38638,8 +38680,8 @@ CVE-2021-1677 (Azure Active Directory Pod Identity Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-1676 (Windows NT Lan Manager Datagram Receiver Driver Information Disclosure ...)
NOT-FOR-US: Microsoft
-CVE-2021-1675
- RESERVED
+CVE-2021-1675 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-1674 (Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerabi ...)
NOT-FOR-US: Microsoft
CVE-2021-1673 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
@@ -50114,8 +50156,8 @@ CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker cont
NOTE: https://bugs.python.org/issue39603
NOTE: https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b (1.25.9)
NOTE: https://github.com/urllib3/urllib3/pull/1800
-CVE-2020-26136
- RESERVED
+CVE-2020-26136 (In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-f ...)
+ TODO: check
CVE-2020-26135 (Live Helper Chat before 3.44v allows reflected XSS via the setsettinga ...)
NOT-FOR-US: Live Helper Chat
CVE-2020-26134 (Live Helper Chat before 3.44v allows stored XSS in chat messages with ...)
@@ -85652,13 +85694,11 @@ CVE-2020-11308 (Buffer overflow occurs when trying to convert ASCII string to Un
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11307
RESERVED
-CVE-2020-11306
- RESERVED
+CVE-2020-11306 (Possible integer overflow in RPMB counter due to lack of length check ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11305 (Integer overflow in boot due to improper length check on arguments rec ...)
NOT-FOR-US: Snapdragon
-CVE-2020-11304
- RESERVED
+CVE-2020-11304 (Possible out of bound read in DRM due to improper buffer length check. ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11303
RESERVED
@@ -85670,8 +85710,7 @@ CVE-2020-11300
RESERVED
CVE-2020-11299 (Buffer overflow can occur in video while playing the non-standard clip ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11298
- RESERVED
+CVE-2020-11298 (While waiting for a response to a callback or listener request, non-se ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11297 (Denial of service in WLAN module due to improper check of subtypes in ...)
NOT-FOR-US: Qualcomm components for Android
@@ -85683,11 +85722,9 @@ CVE-2020-11294 (Out of bound write in logger due to prefix size is not validated
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11293 (Out of bound read can happen in Widevine TA while copying data to buff ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11292
- RESERVED
+CVE-2020-11292 (Possible buffer overflow in voice service due to lack of input validat ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11291
- RESERVED
+CVE-2020-11291 (Possible buffer overflow while updating ikev2 parameters for delete pa ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11290 (Use after free condition in msm ioctl events due to race between the i ...)
NOT-FOR-US: Qualcomm components for Android
@@ -85735,34 +85772,30 @@ CVE-2020-11269 (Possible memory corruption while processing EAPOL frames due to
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11268 (Potential UE reset while decoding a crafted Sib1 or SIB1 that schedule ...)
NOT-FOR-US: Snapdragon
-CVE-2020-11267
- RESERVED
+CVE-2020-11267 (Stack out-of-bounds write occurs while setting up a cipher device if t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11266
- RESERVED
-CVE-2020-11265
- RESERVED
+CVE-2020-11266 (Image address is dereferenced before validating its range which can ca ...)
+ TODO: check
+CVE-2020-11265 (Information disclosure issue due to lack of validation of pointer argu ...)
+ TODO: check
CVE-2020-11264
RESERVED
CVE-2020-11263
RESERVED
-CVE-2020-11262
- RESERVED
+CVE-2020-11262 (A race between command submission and destroying the context can cause ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11261
- RESERVED
+CVE-2020-11261 (Memory corruption due to improper check to return error when user appl ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11260
- RESERVED
+CVE-2020-11260 (An improper free of uninitialized memory can occur in DIAG services in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11259
- RESERVED
-CVE-2020-11258
- RESERVED
-CVE-2020-11257
- RESERVED
-CVE-2020-11256
- RESERVED
+CVE-2020-11259 (Memory corruption due to lack of validation of pointer arguments passe ...)
+ TODO: check
+CVE-2020-11258 (Memory corruption due to lack of validation of pointer arguments passe ...)
+ TODO: check
+CVE-2020-11257 (Memory corruption due to lack of validation of pointer arguments passe ...)
+ TODO: check
+CVE-2020-11256 (Memory corruption due to lack of check of validation of pointer to buf ...)
+ TODO: check
CVE-2020-11255 (Denial of service while processing RTCP packets containing multiple SD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11254 (Memory corruption during buffer allocation due to dereferencing sessio ...)
@@ -85773,8 +85806,7 @@ CVE-2020-11252 (Trustzone initialization code will disable xPU`s when memory dum
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11251 (Out-of-bounds read vulnerability while accessing DTMF payload due to l ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11250
- RESERVED
+CVE-2020-11250 (Use after free due to race condition when reopening the device driver ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11249
RESERVED
@@ -85792,29 +85824,23 @@ CVE-2020-11243 (RRC sends a connection establishment success to NAS even though
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11242 (User could gain access to secure memory due to incorrect argument into ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11241
- RESERVED
+CVE-2020-11241 (Out of bound read will happen if EAPOL Key length is less than expecte ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11240
- RESERVED
+CVE-2020-11240 (Memory corruption due to ioctl command size was incorrectly set to the ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11239
- RESERVED
+CVE-2020-11239 (Use after free issue when importing a DMA buffer by using the CPU addr ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11238
- RESERVED
+CVE-2020-11238 (Possible Buffer over-read in ARP/NS parsing due to lack of check of pa ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11237 (Memory crash when accessing histogram type KPI input received due to l ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11236 (Memory corruption due to invalid value of total dimension in the non-h ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11235
- RESERVED
+CVE-2020-11235 (Buffer overflow might occur while parsing unified command due to lack ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11234 (When sending a socket event message to a user application, invalid inf ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11233
- RESERVED
+CVE-2020-11233 (Time-of-check time-of-use race condition While processing partition en ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11232
RESERVED
@@ -85916,8 +85942,7 @@ CVE-2020-11184 (u'Possible buffer overflow will occur in video while parsing mp4
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11183 (A process can potentially cause a buffer overflow in the display servi ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11182
- RESERVED
+CVE-2020-11182 (Possible heap overflow while parsing NAL header due to lack of check o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11181 (Out of bound access issue while handling cvp process control command d ...)
NOT-FOR-US: Qualcomm components for Android
@@ -85925,13 +85950,11 @@ CVE-2020-11180 (Out of bound access in computer vision control due to improper v
NOT-FOR-US: Snapdragon
CVE-2020-11179 (Arbitrary read and write to kernel addresses by temporarily overwritin ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11178
- RESERVED
+CVE-2020-11178 (Trusted APPS to overwrite the CPZ memory of another use-case as TZ onl ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11177 (User can overwrite Security Code NV item without knowing current SPC d ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11176
- RESERVED
+CVE-2020-11176 (While processing server certificate from IPSec server, certificate val ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11175 (u'Use after free issue in Bluetooth transport driver when a method in ...)
NOT-FOR-US: Qualcomm components for Android
@@ -85953,8 +85976,7 @@ CVE-2020-11167 (Memory corruption while calculating L2CAP packet length in reass
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11166 (Potential out of bound read exception when UE receives unusually large ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11165
- RESERVED
+CVE-2020-11165 (Memory corruption due to buffer overflow while copying the message pro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11164 (u'Third-party app may also call the broadcasts in Perfdump and cause p ...)
NOT-FOR-US: Qualcomm components for Android
@@ -85962,14 +85984,11 @@ CVE-2020-11163 (Possible buffer overflow while updating ikev2 parameters due to
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11162 (u'Possible buffer overflow in MHI driver due to lack of input paramete ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11161
- RESERVED
+CVE-2020-11161 (Out-of-bounds memory access can occur while calculating alignment requ ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11160
- RESERVED
+CVE-2020-11160 (Resource leakage issue during dci client registration due to reference ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11159
- RESERVED
+CVE-2020-11159 (Buffer over-read can happen while processing WPA,RSN IE of beacon and ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11158 (u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due t ...)
NOT-FOR-US: Qualcomm
@@ -86019,8 +86038,7 @@ CVE-2020-11136 (Buffer Over-read in audio driver while using malloc management f
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11135 (u'Reachable assertion when wrong data size is returned by parser for a ...)
NOT-FOR-US: Snapdragon
-CVE-2020-11134
- RESERVED
+CVE-2020-11134 (Possible stack out of bound write might happen due to time bitmap leng ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due to lack o ...)
NOT-FOR-US: Snapdragon
@@ -86036,8 +86054,7 @@ CVE-2020-11128 (u'Possible out of bound access while copying the mask file conte
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11127 (u'Integer overflow can cause a buffer overflow due to lack of table le ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11126
- RESERVED
+CVE-2020-11126 (Possible out of bound read while WLAN frame parsing due to lack of che ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11125 (u'Out of bound access can happen in MHI command process due to lack of ...)
NOT-FOR-US: Qualcomm components for Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe41a4a547e0930ebe4934826c28b62837f90f2d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe41a4a547e0930ebe4934826c28b62837f90f2d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210609/a1b9313f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list