[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 10 20:10:42 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cf2ba7da by security tracker role at 2021-03-10T20:10:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,27 @@
+CVE-2021-3427
+ RESERVED
+CVE-2021-28132
+ RESERVED
+CVE-2021-28131
+ RESERVED
+CVE-2021-28130
+ RESERVED
+CVE-2021-28129
+ RESERVED
+CVE-2021-28128
+ RESERVED
+CVE-2021-28127
+ RESERVED
+CVE-2021-28126
+ RESERVED
+CVE-2021-28125
+ RESERVED
CVE-2021-28124
RESERVED
CVE-2021-28123
RESERVED
-CVE-2021-28122
- RESERVED
+CVE-2021-28122 (A request-validation issue was discovered in Open5GS 2.1.3 through 2.2 ...)
+ TODO: check
CVE-2021-28121
RESERVED
CVE-2021-28120
@@ -295,8 +313,8 @@ CVE-2021-28009
RESERVED
CVE-2021-28008
RESERVED
-CVE-2021-28007
- RESERVED
+CVE-2021-28007 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...)
+ TODO: check
CVE-2021-28006 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...)
NOT-FOR-US: Web Based Quiz System
CVE-2021-28005
@@ -5376,8 +5394,8 @@ CVE-2021-3226
RESERVED
CVE-2021-3225
RESERVED
-CVE-2021-3224
- RESERVED
+CVE-2021-3224 (A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exis ...)
+ TODO: check
CVE-2021-3223 (Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory tra ...)
NOT-FOR-US: Node-RED-Dashboard
CVE-2021-3222
@@ -9418,8 +9436,8 @@ CVE-2021-24034
RESERVED
CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...)
NOT-FOR-US: react-dev-utils
-CVE-2021-24030
- RESERVED
+CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook Gameroom d ...)
+ TODO: check
CVE-2021-24029
RESERVED
CVE-2021-24028
@@ -9428,8 +9446,8 @@ CVE-2021-24027
RESERVED
CVE-2021-24026
RESERVED
-CVE-2021-24025
- RESERVED
+CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote functi ...)
+ TODO: check
CVE-2021-24024
RESERVED
CVE-2021-24023
@@ -11364,8 +11382,8 @@ CVE-2021-3036
RESERVED
CVE-2021-3035
RESERVED
-CVE-2021-3034
- RESERVED
+CVE-2021-3034 (An information exposure through log file vulnerability exists in Corte ...)
+ TODO: check
CVE-2021-3033 (An improper verification of cryptographic signature vulnerability exis ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3032 (An information exposure through log file vulnerability exists in Palo ...)
@@ -14325,8 +14343,8 @@ CVE-2021-21774
RESERVED
CVE-2021-21773
RESERVED
-CVE-2021-21772
- RESERVED
+CVE-2021-21772 (A use-after-free vulnerability exists in the NMR::COpcPackageReader::r ...)
+ TODO: check
CVE-2021-21771
RESERVED
CVE-2021-21770
@@ -15605,8 +15623,8 @@ CVE-2021-21493 (When a user opens manipulated Graphics Interchange Format (.GIF)
NOT-FOR-US: SAP
CVE-2021-21492
RESERVED
-CVE-2021-21491
- RESERVED
+CVE-2021-21491 (SAP Netweaver Application Server Java (Applications based on WebDynpro ...)
+ TODO: check
CVE-2021-21490
RESERVED
CVE-2021-21489
@@ -15936,8 +15954,8 @@ CVE-2020-35754 (OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an
NOT-FOR-US: OpenSolution Quick.CMS
CVE-2020-35753 (The job posting recommendation form in Persis Human Resource Managemen ...)
NOT-FOR-US: Persis Human Resource Management Portal
-CVE-2020-35752
- RESERVED
+CVE-2020-35752 (Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulne ...)
+ TODO: check
CVE-2020-35751
RESERVED
CVE-2020-35750
@@ -18179,20 +18197,20 @@ CVE-2021-20675
RESERVED
CVE-2021-20674
RESERVED
-CVE-2021-20673
- RESERVED
-CVE-2021-20672
- RESERVED
-CVE-2021-20671
- RESERVED
-CVE-2021-20670
- RESERVED
-CVE-2021-20669
- RESERVED
-CVE-2021-20668
- RESERVED
-CVE-2021-20667
- RESERVED
+CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 ...)
+ TODO: check
+CVE-2021-20672 (Reflected cross-site scripting vulnerability due to insufficient verif ...)
+ TODO: check
+CVE-2021-20671 (Invalid file validation on the upload feature in GROWI versions v4.2.2 ...)
+ TODO: check
+CVE-2021-20670 (Improper access control vulnerability in GROWI versions v4.2.2 and ear ...)
+ TODO: check
+CVE-2021-20669 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...)
+ TODO: check
+CVE-2021-20668 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...)
+ TODO: check
+CVE-2021-20667 (Stored cross-site scripting vulnerability due to inadequate CSP (Conte ...)
+ TODO: check
CVE-2021-20666
RESERVED
CVE-2021-20665 (Cross-site scripting vulnerability in in Add asset screen of Contents ...)
@@ -19028,8 +19046,7 @@ CVE-2021-20267
NOTE: https://review.opendev.org/c/openstack/neutron/+/776599
CVE-2021-20266
RESERVED
-CVE-2021-20265 [increase slab leak leads to DoS]
- RESERVED
+CVE-2021-20265 (A flaw was found in the way memory resources were freed in the unix_st ...)
- linux 4.4.4-1
NOTE: https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (4.5-rc3)
CVE-2021-20264
@@ -19312,8 +19329,8 @@ CVE-2021-20206
NOTE: https://github.com/containernetworking/cni/pull/808
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919391
TODO: check details, impact on docker.io?
-CVE-2021-20205
- RESERVED
+CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of ...)
+ TODO: check
CVE-2021-20204
RESERVED
CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...)
@@ -20594,34 +20611,34 @@ CVE-2020-35235 (** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.mi
NOT-FOR-US: WordPress plugin secure-file-manager
CVE-2020-35234 (The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrato ...)
NOT-FOR-US: WordPress plugin easy-wp-smtp
-CVE-2020-35233
- RESERVED
-CVE-2020-35232
- RESERVED
-CVE-2020-35231
- RESERVED
-CVE-2020-35230
- RESERVED
-CVE-2020-35229
- RESERVED
-CVE-2020-35228
- RESERVED
-CVE-2020-35227
- RESERVED
-CVE-2020-35226
- RESERVED
-CVE-2020-35225
- RESERVED
-CVE-2020-35224
- RESERVED
-CVE-2020-35223
- RESERVED
-CVE-2020-35222
- RESERVED
-CVE-2020-35221
- RESERVED
-CVE-2020-35220
- RESERVED
+CVE-2020-35233 (The TFTP server fails to handle multiple connections on NETGEAR JGS516 ...)
+ TODO: check
+CVE-2020-35232 (The TFTP firmware update mechanism on NETGEAR JGS516PE/GS116Ev2 v2.6.0 ...)
+ TODO: check
+CVE-2020-35231 (The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.4 ...)
+ TODO: check
+CVE-2020-35230 (Multiple integer overflow parameters were found in the web administrat ...)
+ TODO: check
+CVE-2020-35229 (The authentication token required to execute NSDP write requests on NE ...)
+ TODO: check
+CVE-2020-35228 (A cross-site scripting (XSS) vulnerability in the administration web p ...)
+ TODO: check
+CVE-2020-35227 (A buffer overflow vulnerability in the access control section on NETGE ...)
+ TODO: check
+CVE-2020-35226 (NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated user ...)
+ TODO: check
+CVE-2020-35225 (The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.4 ...)
+ TODO: check
+CVE-2020-35224 (A buffer overflow vulnerability in the NSDP protocol authentication me ...)
+ TODO: check
+CVE-2020-35223 (The CSRF protection mechanism implemented in the web administration pa ...)
+ TODO: check
+CVE-2020-35222 (The NSDP protocol version implemented on NETGEAR JGS516PE/GS116Ev2 v2. ...)
+ TODO: check
+CVE-2020-35221 (The hashing algorithm implemented for NSDP password authentication on ...)
+ TODO: check
+CVE-2020-35220 (A TFTP server was found to be active by default on NETGEAR JGS516PE/GS ...)
+ TODO: check
CVE-2020-35219 (The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to acce ...)
NOT-FOR-US: ASUS
CVE-2020-35218
@@ -23089,8 +23106,8 @@ CVE-2021-1642 (Windows AppX Deployment Extensions Elevation of Privilege Vulnera
NOT-FOR-US: Microsoft
CVE-2021-1641 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
NOT-FOR-US: Microsoft
-CVE-2021-1640
- RESERVED
+CVE-2021-1640 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ TODO: check
CVE-2021-1639 (Visual Studio Code Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
@@ -24906,8 +24923,8 @@ CVE-2020-28707 (The Stockdio Historical Chart plugin before 2.8.1 for WordPress
NOT-FOR-US: Stockdio Historical Chart plugin for WordPress
CVE-2020-28706
RESERVED
-CVE-2020-28705
- RESERVED
+CVE-2020-28705 (FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerabi ...)
+ TODO: check
CVE-2020-28704
RESERVED
CVE-2020-28703
@@ -28080,40 +28097,40 @@ CVE-2021-0467
RESERVED
CVE-2021-0466
RESERVED
-CVE-2021-0465
- RESERVED
-CVE-2021-0464
- RESERVED
-CVE-2021-0463
- RESERVED
-CVE-2021-0462
- RESERVED
-CVE-2021-0461
- RESERVED
-CVE-2021-0460
- RESERVED
-CVE-2021-0459
- RESERVED
-CVE-2021-0458
- RESERVED
-CVE-2021-0457
- RESERVED
-CVE-2021-0456
- RESERVED
-CVE-2021-0455
- RESERVED
-CVE-2021-0454
- RESERVED
-CVE-2021-0453
- RESERVED
-CVE-2021-0452
- RESERVED
-CVE-2021-0451
- RESERVED
-CVE-2021-0450
- RESERVED
-CVE-2021-0449
- RESERVED
+CVE-2021-0465 (In GenerateFaceMask of face.cc, there is a possible out of bounds writ ...)
+ TODO: check
+CVE-2021-0464 (In sound_trigger_event_alloc of platform.h, there is a possible out of ...)
+ TODO: check
+CVE-2021-0463 (In convertToHidl of convert.cpp, there is a possible out of bounds rea ...)
+ TODO: check
+CVE-2021-0462 (In the NXP NFC firmware, there is a possible insecure firmware update ...)
+ TODO: check
+CVE-2021-0461 (In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possib ...)
+ TODO: check
+CVE-2021-0460 (In the FingerTipS touch screen driver, there is a possible out of boun ...)
+ TODO: check
+CVE-2021-0459 (In fts_driver_test_write of fts_proc.c, there is a possible out of bou ...)
+ TODO: check
+CVE-2021-0458 (In the FingerTipS touch screen driver, there is a possible out of boun ...)
+ TODO: check
+CVE-2021-0457 (In the FingerTipS touch screen driver, there is a possible out of boun ...)
+ TODO: check
+CVE-2021-0456 (In the Citadel chip firmware, there is a possible out of bounds write ...)
+ TODO: check
+CVE-2021-0455 (In the Citadel chip firmware, there is a possible out of bounds write ...)
+ TODO: check
+CVE-2021-0454 (In the Citadel chip firmware, there is a possible out of bounds write ...)
+ TODO: check
+CVE-2021-0453 (In the Titan-M chip firmware, there is a possible disclosure of stack ...)
+ TODO: check
+CVE-2021-0452 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ TODO: check
+CVE-2021-0451 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ TODO: check
+CVE-2021-0450 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ TODO: check
+CVE-2021-0449 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ TODO: check
CVE-2021-0448
RESERVED
CVE-2021-0447
@@ -28214,102 +28231,71 @@ CVE-2021-0401 (In vow, there is a possible memory corruption due to a race condi
NOT-FOR-US: MediaTek
CVE-2021-0400
RESERVED
-CVE-2021-0399
- RESERVED
+CVE-2021-0399 (In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruptio ...)
- linux <not-affected> (Android-specific xt_qtaguid code)
NOTE: https://source.android.com/security/bulletin/2021-03-01
-CVE-2021-0398
- RESERVED
+CVE-2021-0398 (In bindServiceLocked of ActiveServices.java, there is a possible foreg ...)
NOT-FOR-US: Android
-CVE-2021-0397
- RESERVED
+CVE-2021-0397 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system c ...)
NOT-FOR-US: Android
-CVE-2021-0396
- RESERVED
+CVE-2021-0396 (In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc an ...)
NOT-FOR-US: Android
-CVE-2021-0395
- RESERVED
+CVE-2021-0395 (In StopServicesAndLogViolations of reboot.cpp, there is possible memor ...)
NOT-FOR-US: Android
-CVE-2021-0394
- RESERVED
+CVE-2021-0394 (In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a ...)
NOT-FOR-US: Android
-CVE-2021-0393
- RESERVED
+CVE-2021-0393 (In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possi ...)
NOT-FOR-US: Android
-CVE-2021-0392
- RESERVED
+CVE-2021-0392 (In main of main.cpp, there is a possible memory corruption due to a do ...)
NOT-FOR-US: Android
-CVE-2021-0391
- RESERVED
+CVE-2021-0391 (In onCreate() of ChooseTypeAndAccountActivity.java, there is a possibl ...)
NOT-FOR-US: Android
-CVE-2021-0390
- RESERVED
+CVE-2021-0390 (In various methods of WifiNetworkSuggestionsManager.java, there is a p ...)
NOT-FOR-US: Android
-CVE-2021-0389
- RESERVED
+CVE-2021-0389 (In setNightModeActivated of UiModeManagerService.java, there is a miss ...)
NOT-FOR-US: Android
-CVE-2021-0388
- RESERVED
+CVE-2021-0388 (In onReceive of ImsPhoneCallTracker.java, there is a possible misattri ...)
NOT-FOR-US: Android
-CVE-2021-0387
- RESERVED
+CVE-2021-0387 (In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-a ...)
NOT-FOR-US: Android
-CVE-2021-0386
- RESERVED
+CVE-2021-0386 (In onCreate of UsbConfirmActivity, there is a possible tapjacking vect ...)
NOT-FOR-US: Android
-CVE-2021-0385
- RESERVED
+CVE-2021-0385 (In createConnectToAvailableNetworkNotification of ConnectToNetworkNoti ...)
NOT-FOR-US: Android
-CVE-2021-0384
- RESERVED
+CVE-2021-0384 (In read_and_discard_scanlines of jdapistd.c, there is a possible null ...)
- libjpeg-turbo <unfixed>
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6d2e8837b440ce4d8befd805a5abc0d351028d70
-CVE-2021-0383
- RESERVED
+CVE-2021-0383 (In done of CaptivePortalLoginActivity.java, there is a confused deputy ...)
NOT-FOR-US: Android
-CVE-2021-0382
- RESERVED
+CVE-2021-0382 (In checkSlicePermission of SliceManagerService.java, there is a possib ...)
NOT-FOR-US: Android
-CVE-2021-0381
- RESERVED
+CVE-2021-0381 (In updateNotifications of DeviceStorageMonitorService.java, there is a ...)
NOT-FOR-US: Android
-CVE-2021-0380
- RESERVED
+CVE-2021-0380 (In onReceive of DcTracker.java, there is a possible way to trigger a p ...)
NOT-FOR-US: Android
-CVE-2021-0379
- RESERVED
+CVE-2021-0379 (In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of boun ...)
NOT-FOR-US: Android media framework
-CVE-2021-0378
- RESERVED
+CVE-2021-0378 (In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds re ...)
NOT-FOR-US: Android media framework
-CVE-2021-0377
- RESERVED
+CVE-2021-0377 (In DeltaPerformer::Write of delta_performer.cc, there is a possible us ...)
NOT-FOR-US: Android
-CVE-2021-0376
- RESERVED
+CVE-2021-0376 (In checkUriPermission and related functions of MediaProvider.java, the ...)
NOT-FOR-US: Android
-CVE-2021-0375
- RESERVED
+CVE-2021-0375 (In onPackageModified of VoiceInteractionManagerService.java, there is ...)
NOT-FOR-US: Android
-CVE-2021-0374
- RESERVED
+CVE-2021-0374 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there ...)
NOT-FOR-US: Android media framework
CVE-2021-0373
RESERVED
-CVE-2021-0372
- RESERVED
+CVE-2021-0372 (In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a poss ...)
NOT-FOR-US: Android
-CVE-2021-0371
- RESERVED
+CVE-2021-0371 (In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2021-0370
- RESERVED
+CVE-2021-0370 (In Write of NxpMfcReader.cc, there is a possible out of bounds write d ...)
NOT-FOR-US: Android
-CVE-2021-0369
- RESERVED
+CVE-2021-0369 (In CrossProfileAppsServiceImpl.java, there is the possibility of an ap ...)
NOT-FOR-US: Android
-CVE-2021-0368
- RESERVED
+CVE-2021-0368 (In oggpack_look of bitwise.c, there is a possible out of bounds read d ...)
NOT-FOR-US: Android media framework
CVE-2021-0367 (In vpu, there is a possible memory corruption due to a race condition. ...)
NOT-FOR-US: MediaTek
@@ -30842,8 +30828,8 @@ CVE-2020-27634
RESERVED
CVE-2020-27633
RESERVED
-CVE-2020-27632
- RESERVED
+CVE-2020-27632 (In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is ...)
+ TODO: check
CVE-2020-27631
RESERVED
CVE-2020-27630
@@ -37521,8 +37507,8 @@ CVE-2020-24793
RESERVED
CVE-2020-24792
RESERVED
-CVE-2020-24791
- RESERVED
+CVE-2020-24791 (FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' paramete ...)
+ TODO: check
CVE-2020-24790
RESERVED
CVE-2020-24789
@@ -39818,10 +39804,10 @@ CVE-2020-23724
RESERVED
CVE-2020-23723
RESERVED
-CVE-2020-23722
- RESERVED
-CVE-2020-23721
- RESERVED
+CVE-2020-23722 (An issue was discovered in FUEL CMS 1.4.7. There is a escalation of pr ...)
+ TODO: check
+CVE-2020-23721 (An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS ...)
+ TODO: check
CVE-2020-23720
RESERVED
CVE-2020-23719
@@ -48446,12 +48432,12 @@ CVE-2020-19421
RESERVED
CVE-2020-19420
RESERVED
-CVE-2020-19419
- RESERVED
+CVE-2020-19419 (Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 ...)
+ TODO: check
CVE-2020-19418
RESERVED
-CVE-2020-19417
- RESERVED
+CVE-2020-19417 (Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users ...)
+ TODO: check
CVE-2020-19416
RESERVED
CVE-2020-19415
@@ -61400,8 +61386,7 @@ CVE-2020-13961 (Strapi before 3.0.2 could allow a remote authenticated attacker
NOT-FOR-US: Strapi
CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have t ...)
NOT-FOR-US: D-Link
-CVE-2020-13959
- RESERVED
+CVE-2020-13959 (The default error page for VelocityView in Apache Velocity Tools prior ...)
- velocity <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/2
CVE-2020-13958 (A vulnerability in Apache OpenOffice scripting events allows an attack ...)
@@ -61463,8 +61448,7 @@ CVE-2020-13938
RESERVED
CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2 ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
-CVE-2020-13936
- RESERVED
+CVE-2020-13936 (An attacker that is able to modify Velocity templates may execute arbi ...)
- velocity <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/1
CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...)
@@ -86223,8 +86207,8 @@ CVE-2020-5018 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensi
NOT-FOR-US: IBM
CVE-2020-5017 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user ...)
NOT-FOR-US: IBM
-CVE-2020-5016
- RESERVED
+CVE-2020-5016 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ TODO: check
CVE-2020-5015
RESERVED
CVE-2020-5014 (IBM DataPower Gateway V10 and V2018 could allow a local attacker with ...)
@@ -86824,8 +86808,8 @@ CVE-2020-4719 (The IBM Cloud APM 8.1.4 server will issue a DNS request to resolv
NOT-FOR-US: IBM
CVE-2020-4718 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerabl ...)
NOT-FOR-US: IBM
-CVE-2020-4717
- RESERVED
+CVE-2020-4717 (A vulnerability exists in IBM SPSS Modeler Subscription Installer that ...)
+ TODO: check
CVE-2020-4716
RESERVED
CVE-2020-4715
@@ -94686,18 +94670,18 @@ CVE-2020-1923
RESERVED
CVE-2020-1922
RESERVED
-CVE-2020-1921
- RESERVED
+CVE-2020-1921 (In the crypt function, we attempt to null terminate a buffer using the ...)
+ TODO: check
CVE-2020-1920
RESERVED
-CVE-2020-1919
- RESERVED
-CVE-2020-1918
- RESERVED
-CVE-2020-1917
- RESERVED
-CVE-2020-1916
- RESERVED
+CVE-2020-1919 (Incorrect bounds calculations in substr_compare could lead to an out-o ...)
+ TODO: check
+CVE-2020-1918 (In-memory file operations (ie: using fopen on a data URI) did not prop ...)
+ TODO: check
+CVE-2020-1917 (xbuf_format_converter, used as part of exif_read_data, was appending a ...)
+ TODO: check
+CVE-2020-1916 (An incorrect size calculation in ldap_escape may lead to an integer ov ...)
+ TODO: check
CVE-2020-1915 (An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes ...)
NOT-FOR-US: Facebook Hermes
CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong instruction ...)
@@ -102294,8 +102278,7 @@ CVE-2020-0027 (In HidRawSensor::batch of HidRawSensor.cpp, there is a possible o
NOT-FOR-US: Android
CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible memory corru ...)
NOT-FOR-US: Android
-CVE-2020-0025
- RESERVED
+CVE-2020-0025 (In deletePackageVersionedInternal of PackageManagerService.java, there ...)
NOT-FOR-US: Android
CVE-2020-0024 (In onCreate of SettingsBaseActivity.java, there is a possible unauthor ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf2ba7dac055b6e392d82ffa437ec2152a042ee4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf2ba7dac055b6e392d82ffa437ec2152a042ee4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210310/04836365/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list