[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 17 08:10:24 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
96acce99 by security tracker role at 2021-03-17T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2021-3448
+ RESERVED
+CVE-2021-3447
+ RESERVED
+CVE-2021-3446
+ RESERVED
+CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOM ...)
+ TODO: check
+CVE-2021-28649
+ RESERVED
+CVE-2021-28648
+ RESERVED
+CVE-2021-28647
+ RESERVED
+CVE-2021-28646
+ RESERVED
+CVE-2021-28645
+ RESERVED
+CVE-2017-20002 (The Debian shadow package before 4.5-1 for Shadow incorrectly lists pt ...)
+ TODO: check
CVE-2021-3445
RESERVED
CVE-2021-28644
@@ -537,10 +557,10 @@ CVE-2021-28383
RESERVED
CVE-2021-28382
RESERVED
-CVE-2021-28381
- RESERVED
-CVE-2021-28380
- RESERVED
+CVE-2021-28381 (The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 ...)
+ TODO: check
+CVE-2021-28380 (The aimeos (aka Aimeos shop and e-commerce framework) extension before ...)
+ TODO: check
CVE-2021-28379 (web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) thro ...)
NOT-FOR-US: Vesta Control Panel
CVE-2021-28378 (Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue dat ...)
@@ -718,10 +738,10 @@ CVE-2021-28297
RESERVED
CVE-2021-28296
RESERVED
-CVE-2021-28295
- RESERVED
-CVE-2021-28294
- RESERVED
+CVE-2021-28295 (Online Ordering System 1.0 is vulnerable to unauthenticated SQL inject ...)
+ TODO: check
+CVE-2021-28294 (Online Ordering System 1.0 is vulnerable to arbitrary file upload thro ...)
+ TODO: check
CVE-2021-28293
RESERVED
CVE-2021-28292
@@ -1267,12 +1287,14 @@ CVE-2021-28091
RESERVED
CVE-2021-28090
RESERVED
+ {DSA-4871-1}
- tor 0.4.5.7-1
[stretch] - tor <end-of-life> (See DSA 4644)
NOTE: https://blog.torproject.org/node/2009
NOTE: https://bugs.torproject.org/tpo/core/tor/40316
CVE-2021-28089
RESERVED
+ {DSA-4871-1}
- tor 0.4.5.7-1
[stretch] - tor <end-of-life> (See DSA 4644)
NOTE: https://blog.torproject.org/node/2009
@@ -5321,8 +5343,7 @@ CVE-2021-26311
RESERVED
CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...)
NOT-FOR-US: Foris
-CVE-2021-3344
- RESERVED
+CVE-2021-3344 (A privilege escalation flaw was found in OpenShift builder. During bui ...)
NOT-FOR-US: OpenShift
CVE-2021-26310
RESERVED
@@ -10994,8 +11015,7 @@ CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 and
- rust-smallvec 1.4.2-2 (bug #984665)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0003.html
NOTE: https://github.com/servo/rust-smallvec/issues/252
-CVE-2021-3127
- RESERVED
+CVE-2021-3127 (NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorre ...)
NOT-FOR-US: nats-server
CVE-2021-3126
RESERVED
@@ -20486,8 +20506,7 @@ CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-20
TODO: CVE for incomplete fix for CVE-2020-10687 but not clear if affected any Debian released version
CVE-2021-20219
RESERVED
-CVE-2021-20218
- RESERVED
+CVE-2021-20218 (A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and ...)
NOT-FOR-US: fabric8io / kubernetes-client
CVE-2021-20217
RESERVED
@@ -21852,7 +21871,8 @@ CVE-2020-35234 (The easy-wp-smtp plugin before 1.4.4 for WordPress allows Admini
NOT-FOR-US: WordPress plugin easy-wp-smtp
CVE-2020-35233 (The TFTP server fails to handle multiple connections on NETGEAR JGS516 ...)
NOT-FOR-US: Netgear
-CVE-2020-35232 (The TFTP firmware update mechanism on NETGEAR JGS516PE/GS116Ev2 v2.6.0 ...)
+CVE-2020-35232
+ REJECTED
NOT-FOR-US: Netgear
CVE-2020-35231 (The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.4 ...)
NOT-FOR-US: Netgear
@@ -21872,11 +21892,13 @@ CVE-2020-35224 (A buffer overflow vulnerability in the NSDP protocol authenticat
NOT-FOR-US: Netgear
CVE-2020-35223 (The CSRF protection mechanism implemented in the web administration pa ...)
NOT-FOR-US: Netgear
-CVE-2020-35222 (The NSDP protocol version implemented on NETGEAR JGS516PE/GS116Ev2 v2. ...)
+CVE-2020-35222
+ REJECTED
NOT-FOR-US: Netgear
CVE-2020-35221 (The hashing algorithm implemented for NSDP password authentication on ...)
NOT-FOR-US: Netgear
-CVE-2020-35220 (A TFTP server was found to be active by default on NETGEAR JGS516PE/GS ...)
+CVE-2020-35220
+ REJECTED
NOT-FOR-US: Netgear
CVE-2020-35219 (The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to acce ...)
NOT-FOR-US: ASUS
@@ -70752,18 +70774,16 @@ CVE-2020-11311
RESERVED
CVE-2020-11310
RESERVED
-CVE-2020-11309
- RESERVED
+CVE-2020-11309 (Use after free in GPU driver while mapping the user memory to GPU memo ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11308
- RESERVED
+CVE-2020-11308 (Buffer overflow occurs when trying to convert ASCII string to Unicode ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11307
RESERVED
CVE-2020-11306
RESERVED
-CVE-2020-11305
- RESERVED
+CVE-2020-11305 (Integer overflow in boot due to improper length check on arguments rec ...)
+ TODO: check
CVE-2020-11304
RESERVED
CVE-2020-11303
@@ -70774,8 +70794,7 @@ CVE-2020-11301
RESERVED
CVE-2020-11300
RESERVED
-CVE-2020-11299
- RESERVED
+CVE-2020-11299 (Buffer overflow can occur in video while playing the non-standard clip ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11298
RESERVED
@@ -70793,8 +70812,7 @@ CVE-2020-11292
RESERVED
CVE-2020-11291
RESERVED
-CVE-2020-11290
- RESERVED
+CVE-2020-11290 (Use after free condition in msm ioctl events due to race between the i ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11289
RESERVED
@@ -70924,18 +70942,15 @@ CVE-2020-11232
RESERVED
CVE-2020-11231
RESERVED
-CVE-2020-11230
- RESERVED
+CVE-2020-11230 (Potential arbitrary memory corruption when the qseecom driver updates ...)
+ TODO: check
CVE-2020-11229
RESERVED
-CVE-2020-11228
- RESERVED
+CVE-2020-11228 (Part of RPM region was not protected from xblSec itself due to imprope ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11227
- RESERVED
+CVE-2020-11227 (Out of bound write while parsing RTT/TTY packet parsing due to lack of ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11226
- RESERVED
+CVE-2020-11226 (Out of bound memory read in Data modem while unpacking data due to lac ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11225 (Out of bound access in WLAN driver due to lack of validation of array ...)
NOT-FOR-US: Qualcomm components for Android
@@ -70943,19 +70958,15 @@ CVE-2020-11224
RESERVED
CVE-2020-11223 (Out of bound in camera driver due to lack of check of validation of ar ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11222
- RESERVED
+CVE-2020-11222 (Buffer over read while processing MT SMS with maximum length due to im ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11221
- RESERVED
+CVE-2020-11221 (Usage of syscall by non-secure entity can allow extraction of secure Q ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11220
- RESERVED
+CVE-2020-11220 (While processing storage SCM commands there is a time of check or time ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11219
RESERVED
-CVE-2020-11218
- RESERVED
+CVE-2020-11218 (Denial of service in baseband when NW configures LTE betaOffset-RI-Ind ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11217 (A possible double free or invalid memory access in audio driver while ...)
NOT-FOR-US: Qualcomm components for Android
@@ -70993,8 +71004,7 @@ CVE-2020-11201 (u'Arbitrary access to DSP memory due to improper check in loaded
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11200 (Buffer over-read while parsing RPS due to lack of check of input valid ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11199
- RESERVED
+CVE-2020-11199 (HLOS to access EL3 stack canary by just mapping imem region due to Imp ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11198 (Key material used for TZ diag buffer encryption and other data related ...)
NOT-FOR-US: Qualcomm components for Android
@@ -71008,24 +71018,19 @@ CVE-2020-11194 (Possible out of bound access in TA while processing a command fr
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11193 (u'Buffer over read can happen while parsing mkv clip due to improper t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11192
- RESERVED
+CVE-2020-11192 (Out of bound write while parsing SDP string due to missing check on nu ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11191
RESERVED
-CVE-2020-11190
- RESERVED
+CVE-2020-11190 (Buffer over-read can happen while parsing received SDP values due to l ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11189
- RESERVED
+CVE-2020-11189 (Buffer over-read can happen while parsing received SDP values due to l ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11188
- RESERVED
+CVE-2020-11188 (Buffer over-read can happen while parsing received SDP values due to l ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11187 (Possible memory corruption in BSI module due to improper validation of ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11186
- RESERVED
+CVE-2020-11186 (Modem will enter into busy mode in an infinite loop while parsing hist ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11185 (Out of bound issue in WLAN driver while processing vdev responses from ...)
NOT-FOR-US: Qualcomm components for Android
@@ -71057,8 +71062,7 @@ CVE-2020-11173 (u'Two threads running simultaneously from user space can lead to
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11172 (u'fscanf reads a string from a file and stores its contents on a stati ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11171
- RESERVED
+CVE-2020-11171 (Buffer over-read can happen while parsing received SDP values due to l ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11170 (Out of bound memory access while playing music playbacks with crafted ...)
NOT-FOR-US: Qualcomm components for Android
@@ -71068,8 +71072,7 @@ CVE-2020-11168 (u'Null-pointer dereference can occur while accessing data buffer
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11167 (Memory corruption while calculating L2CAP packet length in reassembly ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11166
- RESERVED
+CVE-2020-11166 (Potential out of bound read exception when UE receives unusually large ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11165
RESERVED
@@ -145201,7 +145204,7 @@ CVE-2019-3905 (Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SS
CVE-2019-3904
RESERVED
CVE-2019-3903
- RESERVED
+ REJECTED
CVE-2019-3902 (A flaw was found in Mercurial before 4.9. It was possible to use symli ...)
{DLA-2293-1 DLA-1764-1}
- mercurial 4.9-1 (bug #927674)
@@ -145222,9 +145225,8 @@ CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module i
CVE-2019-3899 (It was found that default configuration of Heketi does not require any ...)
- heketi <itp> (bug #903384)
CVE-2019-3898
- RESERVED
-CVE-2019-3897
- RESERVED
+ REJECTED
+CVE-2019-3897 (It has been discovered in redhat-certification that any unauthorized u ...)
NOT-FOR-US: redhat-certification
CVE-2019-3896 (A double-free can happen in idr_remove_all() in lib/idr.c in the Linux ...)
- linux 3.2.41-1
@@ -145446,7 +145448,7 @@ CVE-2019-3855 (An integer overflow flaw which could lead to an out of bounds wri
CVE-2019-3854
REJECTED
CVE-2019-3853
- RESERVED
+ REJECTED
CVE-2019-3852 (A vulnerability was found in moodle before version 3.6.3. The get_with ...)
- moodle <removed>
CVE-2019-3851 (A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. T ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96acce999583c830c6ed81ba474857e5edfaf7e6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96acce999583c830c6ed81ba474857e5edfaf7e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210317/1e5eb5bf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list