Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ebc7f258 by security tracker role at 2021-04-07T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,139 @@
+CVE-2021-3485
+ RESERVED
+CVE-2021-30244
+ RESERVED
+CVE-2021-30243
+ RESERVED
+CVE-2021-30242
+ RESERVED
+CVE-2021-30241
+ RESERVED
+CVE-2021-30240
+ RESERVED
+CVE-2021-30239
+ RESERVED
+CVE-2021-30238
+ RESERVED
+CVE-2021-30237
+ RESERVED
+CVE-2021-30236
+ RESERVED
+CVE-2021-30235
+ RESERVED
+CVE-2021-30234
+ RESERVED
+CVE-2021-30233
+ RESERVED
+CVE-2021-30232
+ RESERVED
+CVE-2021-30231
+ RESERVED
+CVE-2021-30230
+ RESERVED
+CVE-2021-30229
+ RESERVED
+CVE-2021-30228
+ RESERVED
+CVE-2021-30227
+ RESERVED
+CVE-2021-30226
+ RESERVED
+CVE-2021-30225
+ RESERVED
+CVE-2021-30224
+ RESERVED
+CVE-2021-30223
+ RESERVED
+CVE-2021-30222
+ RESERVED
+CVE-2021-30221
+ RESERVED
+CVE-2021-30220
+ RESERVED
+CVE-2021-30219
+ RESERVED
+CVE-2021-30218
+ RESERVED
+CVE-2021-30217
+ RESERVED
+CVE-2021-30216
+ RESERVED
+CVE-2021-30215
+ RESERVED
+CVE-2021-30214
+ RESERVED
+CVE-2021-30213
+ RESERVED
+CVE-2021-30212
+ RESERVED
+CVE-2021-30211
+ RESERVED
+CVE-2021-30210
+ RESERVED
+CVE-2021-30209
+ RESERVED
+CVE-2021-30208
+ RESERVED
+CVE-2021-30207
+ RESERVED
+CVE-2021-30206
+ RESERVED
+CVE-2021-30205
+ RESERVED
+CVE-2021-30204
+ RESERVED
+CVE-2021-30203
+ RESERVED
+CVE-2021-30202
+ RESERVED
+CVE-2021-30201
+ RESERVED
+CVE-2021-30200
+ RESERVED
+CVE-2021-30199
+ RESERVED
+CVE-2021-30198
+ RESERVED
+CVE-2021-30197
+ RESERVED
+CVE-2021-30196
+ RESERVED
+CVE-2021-30195
+ RESERVED
+CVE-2021-30194
+ RESERVED
+CVE-2021-30193
+ RESERVED
+CVE-2021-30192
+ RESERVED
+CVE-2021-30191
+ RESERVED
+CVE-2021-30190
+ RESERVED
+CVE-2021-30189
+ RESERVED
+CVE-2021-30188
+ RESERVED
+CVE-2021-30187
+ RESERVED
+CVE-2021-30186
+ RESERVED
+CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host
header in a ...)
+ TODO: check
+CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via
crafted ...)
+ TODO: check
+CVE-2021-30183
+ RESERVED
+CVE-2021-30182
+ RESERVED
+CVE-2021-30181
+ RESERVED
+CVE-2021-30180
+ RESERVED
+CVE-2021-30179
+ RESERVED
+CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0,
as used b ...)
+ TODO: check
CVE-2021-3484
RESERVED
CVE-2021-3483
@@ -7,8 +143,8 @@ CVE-2021-3483
CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11.
synic_get ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918
-CVE-2021-30177
- RESERVED
+CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in
the User R ...)
+ TODO: check
CVE-2021-30176
RESERVED
CVE-2021-30175
@@ -1263,10 +1399,10 @@ CVE-2021-29629
RESERVED
CVE-2021-29628
RESERVED
-CVE-2021-29627
- RESERVED
-CVE-2021-29626
- RESERVED
+CVE-2021-29627 (In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before
r369525, 13. ...)
+ TODO: check
+CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before
r369551, 11. ...)
+ TODO: check
CVE-2021-29625
RESERVED
CVE-2021-29624
@@ -2809,8 +2945,8 @@ CVE-2021-28929
RESERVED
CVE-2021-28928
RESERVED
-CVE-2021-28927
- RESERVED
+CVE-2021-28927 (The text-to-speech engine in libretro RetroArch for Windows
0.11 passe ...)
+ TODO: check
CVE-2021-28926
RESERVED
CVE-2021-28925
@@ -4450,8 +4586,8 @@ CVE-2021-28168
RESERVED
CVE-2021-28167
RESERVED
-CVE-2021-28166
- RESERVED
+CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an
authenticated clien ...)
+ TODO: check
CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and
11.0.0. ...)
- jetty9 <unfixed>
NOTE:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
@@ -7897,8 +8033,8 @@ CVE-2021-26711 (A frame-injection issue in the online
help in Redwood Report2Web
NOT-FOR-US: Redwood Report2Web
CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in
Redwood Repor ...)
NOT-FOR-US: Redwood Report2Web
-CVE-2021-26709
- RESERVED
+CVE-2021-26709 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices
through EU_ ...)
+ TODO: check
CVE-2021-26707
RESERVED
NOT-FOR-US: Node deep-merge
@@ -19394,14 +19530,11 @@ CVE-2021-21643
RESERVED
CVE-2021-21642
RESERVED
-CVE-2021-21641
- RESERVED
+CVE-2021-21641 (A cross-site request forgery (CSRF) vulnerability in Jenkins
promoted ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21640
- RESERVED
+CVE-2021-21640 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not
properly c ...)
- jenkins <removed>
-CVE-2021-21639
- RESERVED
+CVE-2021-21639 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not
validate t ...)
- jenkins <removed>
CVE-2021-21638 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Team Foun ...)
NOT-FOR-US: Jenkins plugin
@@ -21087,8 +21220,8 @@ CVE-2021-21427
RESERVED
CVE-2021-21426
RESERVED
-CVE-2021-21425
- RESERVED
+CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a
way to con ...)
+ TODO: check
CVE-2021-21424
RESERVED
CVE-2021-21423 (`projen` is a project generation tool that synthesizes project
configu ...)
@@ -23042,24 +23175,24 @@ CVE-2021-20694
RESERVED
CVE-2021-20693
RESERVED
-CVE-2021-20692
- RESERVED
-CVE-2021-20691
- RESERVED
-CVE-2021-20690
- RESERVED
-CVE-2021-20689
- RESERVED
-CVE-2021-20688
- RESERVED
-CVE-2021-20687
- RESERVED
-CVE-2021-20686
- RESERVED
-CVE-2021-20685
- RESERVED
-CVE-2021-20684
- RESERVED
+CVE-2021-20692 (Directory traversal vulnerability in Archive collectively
operation ut ...)
+ TODO: check
+CVE-2021-20691 (Cross-site scripting vulnerability in Yomi-Search Ver4.22
allows remot ...)
+ TODO: check
+CVE-2021-20690 (Cross-site scripting vulnerability in Yomi-Search Ver4.22
allows remot ...)
+ TODO: check
+CVE-2021-20689 (Cross-site scripting vulnerability in Yomi-Search Ver4.22
allows remot ...)
+ TODO: check
+CVE-2021-20688 (Cross-site scripting vulnerability in Click Ranker Ver.3.5
allows remo ...)
+ TODO: check
+CVE-2021-20687 (Cross-site request forgery (CSRF) vulnerability in Kagemai
0.8.8 allow ...)
+ TODO: check
+CVE-2021-20686 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows
remote atta ...)
+ TODO: check
+CVE-2021-20685 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows
remote atta ...)
+ TODO: check
+CVE-2021-20684 (Cross-site scripting vulnerability in MagazinegerZ v.1.01
allows remot ...)
+ TODO: check
CVE-2021-20683 (Improper neutralization of JavaScript input in the blog
article editin ...)
NOT-FOR-US: baserCMS
CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with
an admi ...)
@@ -27148,8 +27281,8 @@ CVE-2021-1894
RESERVED
CVE-2021-1893
RESERVED
-CVE-2021-1892
- RESERVED
+CVE-2021-1892 (Memory corruption due to improper input validation while
processing IO ...)
+ TODO: check
CVE-2021-1891
RESERVED
CVE-2021-1890
@@ -40839,8 +40972,8 @@ CVE-2020-25586
RESERVED
CVE-2020-25585
RESERVED
-CVE-2020-25584
- RESERVED
+CVE-2020-25584 (In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before
r369552, 11. ...)
+ TODO: check
CVE-2020-25583 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before
r368253, 12. ...)
NOT-FOR-US: FreeBSD
CVE-2020-25582 (In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before
r369335, 12. ...)
@@ -44065,18 +44198,18 @@ CVE-2020-24142
RESERVED
CVE-2020-24141
RESERVED
-CVE-2020-24140
- RESERVED
-CVE-2020-24139
- RESERVED
-CVE-2020-24138
- RESERVED
-CVE-2020-24137
- RESERVED
-CVE-2020-24136
- RESERVED
-CVE-2020-24135
- RESERVED
+CVE-2020-24140 (Server-side request forgery in Wcms 0.3.2 let an attacker send
crafted ...)
+ TODO: check
+CVE-2020-24139 (Server-side request forgery in Wcms 0.3.2 lets an attacker
send crafte ...)
+ TODO: check
+CVE-2020-24138 (Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows
remote a ...)
+ TODO: check
+CVE-2020-24137 (Directory traversal vulnerability in Wcms 0.3.2 allows an
attacker to ...)
+ TODO: check
+CVE-2020-24136 (Directory traversal in Wcms 0.3.2 allows an attacker to read
arbitrary ...)
+ TODO: check
+CVE-2020-24135 (A Reflected Cross Site Scripting (XSS) Vulnerability was
discovered in ...)
+ TODO: check
CVE-2020-24134
RESERVED
CVE-2020-24133
@@ -74720,16 +74853,16 @@ CVE-2020-11257
RESERVED
CVE-2020-11256
RESERVED
-CVE-2020-11255
- RESERVED
+CVE-2020-11255 (Denial of service while processing RTCP packets containing
multiple SD ...)
+ TODO: check
CVE-2020-11254
RESERVED
CVE-2020-11253 (Arbitrary memory write issue in video driver while setting the
interna ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11252
- RESERVED
-CVE-2020-11251
- RESERVED
+CVE-2020-11252 (Trustzone initialization code will disable xPU`s when memory
dumps are ...)
+ TODO: check
+CVE-2020-11251 (Out-of-bounds read vulnerability while accessing DTMF payload
due to l ...)
+ TODO: check
CVE-2020-11250
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -74737,18 +74870,18 @@ CVE-2020-11249
RESERVED
CVE-2020-11248
RESERVED
-CVE-2020-11247
- RESERVED
-CVE-2020-11246
- RESERVED
-CVE-2020-11245
- RESERVED
+CVE-2020-11247 (Out of bound memory read while unpacking data due to lack of
offset le ...)
+ TODO: check
+CVE-2020-11246 (A double free condition can occur when the device moves to
suspend mod ...)
+ TODO: check
+CVE-2020-11245 (Unintended reads and writes by NS EL2 in access control driver
due to ...)
+ TODO: check
CVE-2020-11244
RESERVED
-CVE-2020-11243
- RESERVED
-CVE-2020-11242
- RESERVED
+CVE-2020-11243 (RRC sends a connection establishment success to NAS even
though connec ...)
+ TODO: check
+CVE-2020-11242 (User could gain access to secure memory due to incorrect
argument into ...)
+ TODO: check
CVE-2020-11241
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -74761,22 +74894,22 @@ CVE-2020-11239
CVE-2020-11238
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11237
- RESERVED
-CVE-2020-11236
- RESERVED
+CVE-2020-11237 (Memory crash when accessing histogram type KPI input received
due to l ...)
+ TODO: check
+CVE-2020-11236 (Memory corruption due to invalid value of total dimension in
the non-h ...)
+ TODO: check
CVE-2020-11235
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11234
- RESERVED
+CVE-2020-11234 (When sending a socket event message to a user application,
invalid inf ...)
+ TODO: check
CVE-2020-11233
RESERVED
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11232
RESERVED
-CVE-2020-11231
- RESERVED
+CVE-2020-11231 (Two threads call one or both functions concurrently leading to
corrupt ...)
+ TODO: check
CVE-2020-11230 (Potential arbitrary memory corruption when the qseecom driver
updates ...)
NOT-FOR-US: Snapdragon
CVE-2020-11229
@@ -74817,8 +74950,8 @@ CVE-2020-11212 (Out of bounds reads while parsing NAN
beacons attributes and OUI
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11211
RESERVED
-CVE-2020-11210
- RESERVED
+CVE-2020-11210 (Possible memory corruption in RPM region due to improper XPU
configura ...)
+ TODO: check
CVE-2020-11209 (u'Improper authorization in DSP process could allow
unauthorized users ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11208 (u'Out of Bound issue in DSP services while processing received
argumen ...)
@@ -74855,8 +74988,8 @@ CVE-2020-11193 (u'Buffer over read can happen while
parsing mkv clip due to impr
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11192 (Out of bound write while parsing SDP string due to missing
check on nu ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11191
- RESERVED
+CVE-2020-11191 (Out of bound read occurs while processing crafted SDP due to
lack of c ...)
+ TODO: check
CVE-2020-11190 (Buffer over-read can happen while parsing received SDP values
due to l ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11189 (Buffer over-read can happen while parsing received SDP values
due to l ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebc7f258874ec9332de7d6637a997a34f5386f18
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebc7f258874ec9332de7d6637a997a34f5386f18
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
