[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 12 09:10:37 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d9354c7a by security tracker role at 2021-05-12T08:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,66 @@
-CVE-2021-32606 [net/can/isotp: race condition leads to local privilege escalation]
+CVE-2021-3547
+ RESERVED
+CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrar ...)
+ TODO: check
+CVE-2021-32604 (SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEma ...)
+ TODO: check
+CVE-2021-32603
+ RESERVED
+CVE-2021-32602
+ RESERVED
+CVE-2021-32601
+ RESERVED
+CVE-2021-32600
+ RESERVED
+CVE-2021-32599
+ RESERVED
+CVE-2021-32598
+ RESERVED
+CVE-2021-32597
+ RESERVED
+CVE-2021-32596
+ RESERVED
+CVE-2021-32595
+ RESERVED
+CVE-2021-32594
+ RESERVED
+CVE-2021-32593
+ RESERVED
+CVE-2021-32592
+ RESERVED
+CVE-2021-32591
+ RESERVED
+CVE-2021-32590
+ RESERVED
+CVE-2021-32589
+ RESERVED
+CVE-2021-32588
+ RESERVED
+CVE-2021-32587
+ RESERVED
+CVE-2021-32586
+ RESERVED
+CVE-2021-32585
+ RESERVED
+CVE-2021-32584
+ RESERVED
+CVE-2021-32583
+ RESERVED
+CVE-2021-32582
+ RESERVED
+CVE-2021-32581
+ RESERVED
+CVE-2021-32580
+ RESERVED
+CVE-2021-32579
+ RESERVED
+CVE-2021-32578
+ RESERVED
+CVE-2021-32577
+ RESERVED
+CVE-2021-32576
+ RESERVED
+CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/i ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16
CVE-2021-3545 [vhost-user-gpu: information disclosure due to uninitialized memory read]
@@ -17,6 +79,7 @@ CVE-2021-3544 [vhost-user-gpu: multiple memory leaks]
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html
CVE-2021-3548 [OOB in dmg2img.c memcpy() causing undefined behavior]
+ RESERVED
- dmg2img <unfixed>
NOTE: https://github.com/Lekensteyn/dmg2img/issues/9
CVE-2021-3543
@@ -1021,8 +1084,8 @@ CVE-2021-32091 (A Cross-site scripting (XSS) vulnerability exists in StackLift L
NOT-FOR-US: StackList LocalStack
CVE-2021-32090 (The dashboard component of StackLift LocalStack 0.12.6 allows attacker ...)
NOT-FOR-US: StackList LocalStack
-CVE-2021-32089
- RESERVED
+CVE-2021-32089 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (form ...)
+ TODO: check
CVE-2021-32088
RESERVED
CVE-2021-32087
@@ -1458,8 +1521,8 @@ CVE-2021-31938
RESERVED
CVE-2021-31937
RESERVED
-CVE-2021-31936
- RESERVED
+CVE-2021-31936 (Microsoft Accessibility Insights for Web Information Disclosure Vulner ...)
+ TODO: check
CVE-2021-31935 (OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution ...)
NOT-FOR-US: OX App Suite
CVE-2021-31934 (OX App Suite 7.10.4 and earlier allows XSS via a crafted contact objec ...)
@@ -2551,9 +2614,8 @@ CVE-2021-3505 (A flaw was found in libtpms in versions before 0.8.0. The TPM 2 i
NOTE: https://github.com/stefanberger/libtpms/issues/183
NOTE: https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8 (v0.8.0)
NOTE: https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b (v0.8.0)
-CVE-2021-3504
- RESERVED
- {DSA-4913-1}
+CVE-2021-3504 (A flaw was found in the hivex library in versions before 1.3.20. It is ...)
+ {DSA-4913-1 DLA-2656-1}
- hivex 1.3.20-1 (bug #988024)
NOTE: https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html
NOTE: https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381
@@ -3201,106 +3263,106 @@ CVE-2021-31215
CVE-2021-3499
RESERVED
NOT-FOR-US: Openshift/ovn-kubernetes
-CVE-2021-31214
- RESERVED
-CVE-2021-31213
- RESERVED
+CVE-2021-31214 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ TODO: check
+CVE-2021-31213 (Visual Studio Code Remote Containers Extension Remote Code Execution V ...)
+ TODO: check
CVE-2021-31212
RESERVED
-CVE-2021-31211
- RESERVED
+CVE-2021-31211 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ TODO: check
CVE-2021-31210
RESERVED
-CVE-2021-31209
- RESERVED
-CVE-2021-31208
- RESERVED
-CVE-2021-31207
- RESERVED
+CVE-2021-31209 (Microsoft Exchange Server Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-31208 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31207 (Microsoft Exchange Server Security Feature Bypass Vulnerability ...)
+ TODO: check
CVE-2021-31206
RESERVED
-CVE-2021-31205
- RESERVED
-CVE-2021-31204
- RESERVED
+CVE-2021-31205 (Windows SMB Client Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-31204 (.NET and Visual Studio Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-31203
RESERVED
CVE-2021-31202
RESERVED
CVE-2021-31201
RESERVED
-CVE-2021-31200
- RESERVED
+CVE-2021-31200 (Common Utilities Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-31199
RESERVED
-CVE-2021-31198
- RESERVED
+CVE-2021-31198 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ TODO: check
CVE-2021-31197
RESERVED
CVE-2021-31196
RESERVED
-CVE-2021-31195
- RESERVED
-CVE-2021-31194
- RESERVED
-CVE-2021-31193
- RESERVED
-CVE-2021-31192
- RESERVED
-CVE-2021-31191
- RESERVED
-CVE-2021-31190
- RESERVED
+CVE-2021-31195 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ TODO: check
+CVE-2021-31194 (OLE Automation Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-31193 (Windows SSDP Service Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31192 (Windows Media Foundation Core Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-31191 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ TODO: check
+CVE-2021-31190 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...)
+ TODO: check
CVE-2021-31189
RESERVED
-CVE-2021-31188
- RESERVED
-CVE-2021-31187
- RESERVED
-CVE-2021-31186
- RESERVED
-CVE-2021-31185
- RESERVED
-CVE-2021-31184
- RESERVED
+CVE-2021-31188 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...)
+ TODO: check
+CVE-2021-31187 (Windows WalletService Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31186 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
+ TODO: check
+CVE-2021-31185 (Windows Desktop Bridge Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-31184 (Microsoft Windows Infrared Data Association (IrDA) Information Disclos ...)
+ TODO: check
CVE-2021-31183
RESERVED
-CVE-2021-31182
- RESERVED
-CVE-2021-31181
- RESERVED
-CVE-2021-31180
- RESERVED
-CVE-2021-31179
- RESERVED
-CVE-2021-31178
- RESERVED
-CVE-2021-31177
- RESERVED
-CVE-2021-31176
- RESERVED
-CVE-2021-31175
- RESERVED
-CVE-2021-31174
- RESERVED
-CVE-2021-31173
- RESERVED
-CVE-2021-31172
- RESERVED
-CVE-2021-31171
- RESERVED
-CVE-2021-31170
- RESERVED
-CVE-2021-31169
- RESERVED
-CVE-2021-31168
- RESERVED
-CVE-2021-31167
- RESERVED
-CVE-2021-31166
- RESERVED
-CVE-2021-31165
- RESERVED
+CVE-2021-31182 (Microsoft Bluetooth Driver Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-31181 (Microsoft SharePoint Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-31180 (Microsoft Office Graphics Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-31179 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ TODO: check
+CVE-2021-31178 (Microsoft Office Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-31177 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ TODO: check
+CVE-2021-31176 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ TODO: check
+CVE-2021-31175 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ TODO: check
+CVE-2021-31174 (Microsoft Excel Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-31173 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-31172 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ TODO: check
+CVE-2021-31171 (Microsoft SharePoint Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-31170 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...)
+ TODO: check
+CVE-2021-31169 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31168 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31167 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-31166 (HTTP Protocol Stack Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-31165 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-31164 (Apache Unomi prior to version 1.5.5 allows CRLF log injection because ...)
NOT-FOR-US: Apache Unomi
CVE-2021-31163
@@ -6766,8 +6828,8 @@ CVE-2020-36291
RESERVED
CVE-2020-36290
RESERVED
-CVE-2020-36289
- RESERVED
+CVE-2020-36289 (Affected versions of Atlassian Jira Server and Data Center allow an un ...)
+ TODO: check
CVE-2020-36288 (The issue navigation and search view in Jira Server and Data Center be ...)
NOT-FOR-US: Atlassian
CVE-2020-36287 (The dashboard gadgets preference resource of the Atlassian gadgets plu ...)
@@ -7226,7 +7288,7 @@ CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write
NOTE: https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b
NOTE: https://github.com/Exiv2/exiv2/commit/f0ff11f044b2c8ddf4792415beb91fd815c633a1
CVE-2021-29472 (Composer is a dependency manager for PHP. URLs for Mercurial repositor ...)
- {DSA-4907-1}
+ {DSA-4907-1 DLA-2654-1}
- composer 2.0.9-2
NOTE: https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx
NOTE: https://github.com/composer/composer/commit/083b73515d1d72bc61c6374440b3f8a37531f8cf
@@ -9571,18 +9633,18 @@ CVE-2021-28481 (Microsoft Exchange Server Remote Code Execution Vulnerability Th
NOT-FOR-US: Microsoft
CVE-2021-28480 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
NOT-FOR-US: Microsoft
-CVE-2021-28479
- RESERVED
-CVE-2021-28478
- RESERVED
+CVE-2021-28479 (Windows CSC Service Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-28478 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ TODO: check
CVE-2021-28477 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
-CVE-2021-28476
- RESERVED
+CVE-2021-28476 (Hyper-V Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-28475 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
-CVE-2021-28474
- RESERVED
+CVE-2021-28474 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-28473 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2021-28472 (Visual Studio Code Maven for Java Extension Remote Code Execution Vuln ...)
@@ -9599,16 +9661,16 @@ CVE-2021-28467
RESERVED
CVE-2021-28466 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
-CVE-2021-28465
- RESERVED
+CVE-2021-28465 (Web Media Extensions Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-28464 (VP9 Video Extensions Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-28463
RESERVED
CVE-2021-28462
RESERVED
-CVE-2021-28461
- RESERVED
+CVE-2021-28461 (Dynamics Finance and Operations Cross-site Scripting Vulnerability ...)
+ TODO: check
CVE-2021-28460 (Azure Sphere Unsigned Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-28459 (Azure DevOps Server Spoofing Vulnerability ...)
@@ -9619,8 +9681,8 @@ CVE-2021-28457 (Visual Studio Code Remote Code Execution Vulnerability This CVE
NOT-FOR-US: Microsoft
CVE-2021-28456 (Microsoft Excel Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-28455
- RESERVED
+CVE-2021-28455 (Microsoft Jet Red Database Engine and Access Connectivity Engine Remot ...)
+ TODO: check
CVE-2021-28454 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
NOT-FOR-US: Microsoft
CVE-2021-28453 (Microsoft Word Remote Code Execution Vulnerability ...)
@@ -12877,8 +12939,8 @@ CVE-2021-27070 (Windows 10 Update Assistant Elevation of Privilege Vulnerability
NOT-FOR-US: Microsoft
CVE-2021-27069
RESERVED
-CVE-2021-27068
- RESERVED
+CVE-2021-27068 (Visual Studio Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-27067 (Azure DevOps Server and Team Foundation Server Information Disclosure ...)
NOT-FOR-US: Microsoft
CVE-2021-27066 (Windows Admin Center Security Feature Bypass Vulnerability ...)
@@ -14450,16 +14512,16 @@ CVE-2021-26424
RESERVED
CVE-2021-26423
RESERVED
-CVE-2021-26422
- RESERVED
-CVE-2021-26421
- RESERVED
+CVE-2021-26422 (Skype for Business and Lync Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...)
+ TODO: check
CVE-2021-26420
RESERVED
-CVE-2021-26419
- RESERVED
-CVE-2021-26418
- RESERVED
+CVE-2021-26419 (Scripting Engine Memory Corruption Vulnerability ...)
+ TODO: check
+CVE-2021-26418 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ TODO: check
CVE-2021-26417 (Windows Overlay Filter Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26416 (Windows Hyper-V Denial of Service Vulnerability ...)
@@ -22581,6 +22643,7 @@ CVE-2021-22905
RESERVED
CVE-2021-22904 [Possible DoS Vulnerability in Action Controller Token Authentication]
RESERVED
+ {DLA-2655-1}
- rails <unfixed> (bug #988214)
NOTE: https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main)
NOTE: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7)
@@ -22635,6 +22698,7 @@ CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to p
NOT-FOR-US: Rocket.Chat
CVE-2021-22885 [Possible Information Disclosure / Unintended Method Execution in Action Pack]
RESERVED
+ {DLA-2655-1}
- rails <unfixed> (bug #988214)
NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main)
NOTE: https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7)
@@ -29888,31 +29952,26 @@ CVE-2021-20315
RESERVED
CVE-2021-20314
RESERVED
-CVE-2021-20313 [Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c]
- RESERVED
+CVE-2021-20313 (A flaw was found in ImageMagick in versions before 7.0.11. A potential ...)
- imagemagick <unfixed>
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
NOTE: IM6: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
-CVE-2021-20312 [Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c]
- RESERVED
+CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an integer o ...)
- imagemagick <unfixed>
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
-CVE-2021-20311 [Division by zero in sRGBTransformImage() in MagickCore/colorspace.c]
- RESERVED
+CVE-2021-20311 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...)
- imagemagick <not-affected> (Specific to IM7)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
-CVE-2021-20310 [Division by zero in ConvertXYZToJzazbz() of MagickCore/colorspace.c]
- RESERVED
+CVE-2021-20310 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...)
- imagemagick <not-affected> (Specific to IM7)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3295
NOTE: https://github.com/ImageMagick/ImageMagick/commit/75f6f5032690077cae3eaeda3c0165cc765eaeb5
-CVE-2021-20309 [Division by zero in WaveImage() of MagickCore/visual-effects.c]
- RESERVED
+CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and before 6 ...)
- imagemagick <unfixed>
[bullseye] - imagemagick <ignored> (Minor issue)
[buster] - imagemagick <ignored> (Minor issue)
@@ -45595,40 +45654,36 @@ CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to
- md4c 0.4.5-2 (bug #971396)
NOTE: https://github.com/mity/md4c/issues/130
NOTE: https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0
-CVE-2020-26147
- RESERVED
+CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, ...)
- linux <unfixed>
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid/
-CVE-2020-26146
- RESERVED
-CVE-2020-26145
- RESERVED
+CVE-2020-26146 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The ...)
+ TODO: check
+CVE-2020-26145 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The ...)
- linux <unfixed>
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.5a0bd289bda8.Idd6ebea20038fb1cfee6de924aa595e5647c9eae@changeid/
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.9ca6ca7945a9.I1e18b514590af17c155bda86699bc3a971a8dcf4@changeid/
-CVE-2020-26144
- RESERVED
-CVE-2020-26143
- RESERVED
-CVE-2020-26142
- RESERVED
-CVE-2020-26141
- RESERVED
+CVE-2020-26144 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The ...)
+ TODO: check
+CVE-2020-26143 (An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for ...)
+ TODO: check
+CVE-2020-26142 (An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WP ...)
+ TODO: check
+CVE-2020-26141 (An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for ...)
- linux <unfixed>
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.c3f1d42c6746.I795593fcaae941c471425b8c7d5f7bb185d29142@changeid/
-CVE-2020-26140
- RESERVED
-CVE-2020-26139
- RESERVED
+CVE-2020-26140 (An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for ...)
+ TODO: check
+CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access Point ( ...)
- linux <unfixed>
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
@@ -49377,24 +49432,21 @@ CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API
NOT-FOR-US: WSO2
CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
NOT-FOR-US: WSO2
-CVE-2020-24588
- RESERVED
+CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
- linux <unfixed>
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid/
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.11968c725b5c.Idd166365ebea2771c0c0a38c78b5060750f90e17@changeid/
-CVE-2020-24587
- RESERVED
+CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
- linux <unfixed>
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/
-CVE-2020-24586
- RESERVED
+CVE-2020-24586 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
- linux <unfixed>
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9354c7a8d7299be0607eff53e5c7279bae3ea32
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9354c7a8d7299be0607eff53e5c7279bae3ea32
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210512/50139df5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list