Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ebc7f258 by security tracker role at 2021-04-07T20:10:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,139 @@ +CVE-2021-3485 + RESERVED +CVE-2021-30244 + RESERVED +CVE-2021-30243 + RESERVED +CVE-2021-30242 + RESERVED +CVE-2021-30241 + RESERVED +CVE-2021-30240 + RESERVED +CVE-2021-30239 + RESERVED +CVE-2021-30238 + RESERVED +CVE-2021-30237 + RESERVED +CVE-2021-30236 + RESERVED +CVE-2021-30235 + RESERVED +CVE-2021-30234 + RESERVED +CVE-2021-30233 + RESERVED +CVE-2021-30232 + RESERVED +CVE-2021-30231 + RESERVED +CVE-2021-30230 + RESERVED +CVE-2021-30229 + RESERVED +CVE-2021-30228 + RESERVED +CVE-2021-30227 + RESERVED +CVE-2021-30226 + RESERVED +CVE-2021-30225 + RESERVED +CVE-2021-30224 + RESERVED +CVE-2021-30223 + RESERVED +CVE-2021-30222 + RESERVED +CVE-2021-30221 + RESERVED +CVE-2021-30220 + RESERVED +CVE-2021-30219 + RESERVED +CVE-2021-30218 + RESERVED +CVE-2021-30217 + RESERVED +CVE-2021-30216 + RESERVED +CVE-2021-30215 + RESERVED +CVE-2021-30214 + RESERVED +CVE-2021-30213 + RESERVED +CVE-2021-30212 + RESERVED +CVE-2021-30211 + RESERVED +CVE-2021-30210 + RESERVED +CVE-2021-30209 + RESERVED +CVE-2021-30208 + RESERVED +CVE-2021-30207 + RESERVED +CVE-2021-30206 + RESERVED +CVE-2021-30205 + RESERVED +CVE-2021-30204 + RESERVED +CVE-2021-30203 + RESERVED +CVE-2021-30202 + RESERVED +CVE-2021-30201 + RESERVED +CVE-2021-30200 + RESERVED +CVE-2021-30199 + RESERVED +CVE-2021-30198 + RESERVED +CVE-2021-30197 + RESERVED +CVE-2021-30196 + RESERVED +CVE-2021-30195 + RESERVED +CVE-2021-30194 + RESERVED +CVE-2021-30193 + RESERVED +CVE-2021-30192 + RESERVED +CVE-2021-30191 + RESERVED +CVE-2021-30190 + RESERVED +CVE-2021-30189 + RESERVED +CVE-2021-30188 + RESERVED +CVE-2021-30187 + RESERVED +CVE-2021-30186 + RESERVED +CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...) + TODO: check +CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...) + TODO: check +CVE-2021-30183 + RESERVED +CVE-2021-30182 + RESERVED +CVE-2021-30181 + RESERVED +CVE-2021-30180 + RESERVED +CVE-2021-30179 + RESERVED +CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used b ...) + TODO: check CVE-2021-3484 RESERVED CVE-2021-3483 @@ -7,8 +143,8 @@ CVE-2021-3483 CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918 -CVE-2021-30177 - RESERVED +CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User R ...) + TODO: check CVE-2021-30176 RESERVED CVE-2021-30175 @@ -1263,10 +1399,10 @@ CVE-2021-29629 RESERVED CVE-2021-29628 RESERVED -CVE-2021-29627 - RESERVED -CVE-2021-29626 - RESERVED +CVE-2021-29627 (In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13. ...) + TODO: check +CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11. ...) + TODO: check CVE-2021-29625 RESERVED CVE-2021-29624 @@ -2809,8 +2945,8 @@ CVE-2021-28929 RESERVED CVE-2021-28928 RESERVED -CVE-2021-28927 - RESERVED +CVE-2021-28927 (The text-to-speech engine in libretro RetroArch for Windows 0.11 passe ...) + TODO: check CVE-2021-28926 RESERVED CVE-2021-28925 @@ -4450,8 +4586,8 @@ CVE-2021-28168 RESERVED CVE-2021-28167 RESERVED -CVE-2021-28166 - RESERVED +CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...) + TODO: check CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...) - jetty9 <unfixed> NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w @@ -7897,8 +8033,8 @@ CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web NOT-FOR-US: Redwood Report2Web CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...) NOT-FOR-US: Redwood Report2Web -CVE-2021-26709 - RESERVED +CVE-2021-26709 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_ ...) + TODO: check CVE-2021-26707 RESERVED NOT-FOR-US: Node deep-merge @@ -19394,14 +19530,11 @@ CVE-2021-21643 RESERVED CVE-2021-21642 RESERVED -CVE-2021-21641 - RESERVED +CVE-2021-21641 (A cross-site request forgery (CSRF) vulnerability in Jenkins promoted ...) NOT-FOR-US: Jenkins plugin -CVE-2021-21640 - RESERVED +CVE-2021-21640 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly c ...) - jenkins <removed> -CVE-2021-21639 - RESERVED +CVE-2021-21639 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate t ...) - jenkins <removed> CVE-2021-21638 (A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foun ...) NOT-FOR-US: Jenkins plugin @@ -21087,8 +21220,8 @@ CVE-2021-21427 RESERVED CVE-2021-21426 RESERVED -CVE-2021-21425 - RESERVED +CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a way to con ...) + TODO: check CVE-2021-21424 RESERVED CVE-2021-21423 (`projen` is a project generation tool that synthesizes project configu ...) @@ -23042,24 +23175,24 @@ CVE-2021-20694 RESERVED CVE-2021-20693 RESERVED -CVE-2021-20692 - RESERVED -CVE-2021-20691 - RESERVED -CVE-2021-20690 - RESERVED -CVE-2021-20689 - RESERVED -CVE-2021-20688 - RESERVED -CVE-2021-20687 - RESERVED -CVE-2021-20686 - RESERVED -CVE-2021-20685 - RESERVED -CVE-2021-20684 - RESERVED +CVE-2021-20692 (Directory traversal vulnerability in Archive collectively operation ut ...) + TODO: check +CVE-2021-20691 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...) + TODO: check +CVE-2021-20690 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...) + TODO: check +CVE-2021-20689 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...) + TODO: check +CVE-2021-20688 (Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remo ...) + TODO: check +CVE-2021-20687 (Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allow ...) + TODO: check +CVE-2021-20686 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...) + TODO: check +CVE-2021-20685 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...) + TODO: check +CVE-2021-20684 (Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remot ...) + TODO: check CVE-2021-20683 (Improper neutralization of JavaScript input in the blog article editin ...) NOT-FOR-US: baserCMS CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with an admi ...) @@ -27148,8 +27281,8 @@ CVE-2021-1894 RESERVED CVE-2021-1893 RESERVED -CVE-2021-1892 - RESERVED +CVE-2021-1892 (Memory corruption due to improper input validation while processing IO ...) + TODO: check CVE-2021-1891 RESERVED CVE-2021-1890 @@ -40839,8 +40972,8 @@ CVE-2020-25586 RESERVED CVE-2020-25585 RESERVED -CVE-2020-25584 - RESERVED +CVE-2020-25584 (In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11. ...) + TODO: check CVE-2020-25583 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...) NOT-FOR-US: FreeBSD CVE-2020-25582 (In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12. ...) @@ -44065,18 +44198,18 @@ CVE-2020-24142 RESERVED CVE-2020-24141 RESERVED -CVE-2020-24140 - RESERVED -CVE-2020-24139 - RESERVED -CVE-2020-24138 - RESERVED -CVE-2020-24137 - RESERVED -CVE-2020-24136 - RESERVED -CVE-2020-24135 - RESERVED +CVE-2020-24140 (Server-side request forgery in Wcms 0.3.2 let an attacker send crafted ...) + TODO: check +CVE-2020-24139 (Server-side request forgery in Wcms 0.3.2 lets an attacker send crafte ...) + TODO: check +CVE-2020-24138 (Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote a ...) + TODO: check +CVE-2020-24137 (Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to ...) + TODO: check +CVE-2020-24136 (Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary ...) + TODO: check +CVE-2020-24135 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...) + TODO: check CVE-2020-24134 RESERVED CVE-2020-24133 @@ -74720,16 +74853,16 @@ CVE-2020-11257 RESERVED CVE-2020-11256 RESERVED -CVE-2020-11255 - RESERVED +CVE-2020-11255 (Denial of service while processing RTCP packets containing multiple SD ...) + TODO: check CVE-2020-11254 RESERVED CVE-2020-11253 (Arbitrary memory write issue in video driver while setting the interna ...) NOT-FOR-US: Qualcomm components for Android -CVE-2020-11252 - RESERVED -CVE-2020-11251 - RESERVED +CVE-2020-11252 (Trustzone initialization code will disable xPU`s when memory dumps are ...) + TODO: check +CVE-2020-11251 (Out-of-bounds read vulnerability while accessing DTMF payload due to l ...) + TODO: check CVE-2020-11250 RESERVED NOT-FOR-US: Qualcomm components for Android @@ -74737,18 +74870,18 @@ CVE-2020-11249 RESERVED CVE-2020-11248 RESERVED -CVE-2020-11247 - RESERVED -CVE-2020-11246 - RESERVED -CVE-2020-11245 - RESERVED +CVE-2020-11247 (Out of bound memory read while unpacking data due to lack of offset le ...) + TODO: check +CVE-2020-11246 (A double free condition can occur when the device moves to suspend mod ...) + TODO: check +CVE-2020-11245 (Unintended reads and writes by NS EL2 in access control driver due to ...) + TODO: check CVE-2020-11244 RESERVED -CVE-2020-11243 - RESERVED -CVE-2020-11242 - RESERVED +CVE-2020-11243 (RRC sends a connection establishment success to NAS even though connec ...) + TODO: check +CVE-2020-11242 (User could gain access to secure memory due to incorrect argument into ...) + TODO: check CVE-2020-11241 RESERVED NOT-FOR-US: Qualcomm components for Android @@ -74761,22 +74894,22 @@ CVE-2020-11239 CVE-2020-11238 RESERVED NOT-FOR-US: Qualcomm components for Android -CVE-2020-11237 - RESERVED -CVE-2020-11236 - RESERVED +CVE-2020-11237 (Memory crash when accessing histogram type KPI input received due to l ...) + TODO: check +CVE-2020-11236 (Memory corruption due to invalid value of total dimension in the non-h ...) + TODO: check CVE-2020-11235 RESERVED NOT-FOR-US: Qualcomm components for Android -CVE-2020-11234 - RESERVED +CVE-2020-11234 (When sending a socket event message to a user application, invalid inf ...) + TODO: check CVE-2020-11233 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-11232 RESERVED -CVE-2020-11231 - RESERVED +CVE-2020-11231 (Two threads call one or both functions concurrently leading to corrupt ...) + TODO: check CVE-2020-11230 (Potential arbitrary memory corruption when the qseecom driver updates ...) NOT-FOR-US: Snapdragon CVE-2020-11229 @@ -74817,8 +74950,8 @@ CVE-2020-11212 (Out of bounds reads while parsing NAN beacons attributes and OUI NOT-FOR-US: Qualcomm components for Android CVE-2020-11211 RESERVED -CVE-2020-11210 - RESERVED +CVE-2020-11210 (Possible memory corruption in RPM region due to improper XPU configura ...) + TODO: check CVE-2020-11209 (u'Improper authorization in DSP process could allow unauthorized users ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11208 (u'Out of Bound issue in DSP services while processing received argumen ...) @@ -74855,8 +74988,8 @@ CVE-2020-11193 (u'Buffer over read can happen while parsing mkv clip due to impr NOT-FOR-US: Qualcomm components for Android CVE-2020-11192 (Out of bound write while parsing SDP string due to missing check on nu ...) NOT-FOR-US: Qualcomm components for Android -CVE-2020-11191 - RESERVED +CVE-2020-11191 (Out of bound read occurs while processing crafted SDP due to lack of c ...) + TODO: check CVE-2020-11190 (Buffer over-read can happen while parsing received SDP values due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11189 (Buffer over-read can happen while parsing received SDP values due to l ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebc7f258874ec9332de7d6637a997a34f5386f18 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebc7f258874ec9332de7d6637a997a34f5386f18 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits