Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e65e5b60 by security tracker role at 2021-01-29T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,26 @@
+CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML
escapin ...)
+ TODO: check
+CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt
before 1.9.1 ...)
+ TODO: check
+CVE-2021-3344
+ RESERVED
+CVE-2021-26310
+ RESERVED
+CVE-2021-26309
+ RESERVED
+CVE-2018-25006
+ RESERVED
+CVE-2018-25005
+ RESERVED
+CVE-2018-25004
+ RESERVED
CVE-2021-XXXX [libgcrypt heap overflow]
[experimental] - libgcrypt20 <unfixed>
- libgcrypt20 <not-affected> (Only affected 1.9)
NOTE:
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
NOTE: https://dev.gnupg.org/T5275
NOTE: Introduced by:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e76617cbab018dd8f41fd6b4ec6740b5303f7e13
-CVE-2021-3347 [UAF in futex]
+CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI
futexe ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1
CVE-2021-3343
@@ -44,7 +60,7 @@ CVE-2021-26300
RESERVED
CVE-2021-26299
RESERVED
-CVE-2019-25016 (There is an unsafe incomplete reset of PATH in OpenDoas 6.6
through 6. ...)
+CVE-2019-25016 (In OpenDoas from 6.6 to 6.8 the users PATH variable was
incorrectly in ...)
- doas <itp> (bug #981176)
NOTE:
https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168
NOTE: https://github.com/Duncaen/OpenDoas/issues/45
@@ -965,10 +981,10 @@ CVE-2018-25003
RESERVED
CVE-2021-25911
RESERVED
-CVE-2021-25910
- RESERVED
-CVE-2021-25909
- RESERVED
+CVE-2021-25910 (Improper Authentication vulnerability in the cookie parameter
of ZIV A ...)
+ TODO: check
+CVE-2021-25909 (ZIV Automation 4CCT-EA6-334126BF firmware version
3.23.80.27.36371, al ...)
+ TODO: check
CVE-2021-25908 (An issue was discovered in the fil-ocl crate through
2021-01-04 for Ru ...)
NOT-FOR-US: Rust crate fil-ocl
CVE-2021-25907 (An issue was discovered in the containers crate before 0.9.11
for Rust ...)
@@ -2948,38 +2964,38 @@ CVE-2021-25140
RESERVED
CVE-2021-25139
RESERVED
-CVE-2021-25138
- RESERVED
-CVE-2021-25137
- RESERVED
-CVE-2021-25136
- RESERVED
-CVE-2021-25135
- RESERVED
-CVE-2021-25134
- RESERVED
-CVE-2021-25133
- RESERVED
-CVE-2021-25132
- RESERVED
-CVE-2021-25131
- RESERVED
-CVE-2021-25130
- RESERVED
-CVE-2021-25129
- RESERVED
-CVE-2021-25128
- RESERVED
-CVE-2021-25127
- RESERVED
-CVE-2021-25126
- RESERVED
-CVE-2021-25125
- RESERVED
-CVE-2021-25124
- RESERVED
-CVE-2021-25123
- RESERVED
+CVE-2021-25138 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25137 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25136 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25135 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25134 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25133 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25132 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25131 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25130 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25129 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25128 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25127 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25126 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25125 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25124 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
+CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
+ TODO: check
CVE-2021-25122
RESERVED
CVE-2021-25121
@@ -6735,8 +6751,8 @@ CVE-2021-23330
RESERVED
CVE-2021-23329
RESERVED
-CVE-2021-23328
- RESERVED
+CVE-2021-23328 (This affects all versions of package iniparserjs. This
vulnerability r ...)
+ TODO: check
CVE-2021-23327
RESERVED
CVE-2021-23326 (This affects the package @graphql-tools/git-loader before
6.2.6. The u ...)
@@ -11848,8 +11864,7 @@ CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a
buffer over-read when de
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
NOTE: https://github.com/python-pillow/Pillow/pull/5174
NOTE:
https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
-CVE-2020-35652 [remote crash in res_pjsip_diversion]
- RESERVED
+CVE-2020-35652 (An issue was discovered in res_pjsip_diversion.c in Sangoma
Asterisk b ...)
- asterisk 1:16.15.1~dfsg-1 (bug #979372)
[buster] - asterisk <no-dsa> (Minor issue)
[stretch] - asterisk <no-dsa> (Minor issue)
@@ -13858,8 +13873,8 @@ CVE-2021-20588
RESERVED
CVE-2021-20587
RESERVED
-CVE-2021-20586
- RESERVED
+CVE-2021-20586 (Resource management errors vulnerability in a robot controller
of MELF ...)
+ TODO: check
CVE-2021-20585
RESERVED
CVE-2021-20584
@@ -18566,7 +18581,7 @@ CVE-2020-29396 (A sandboxing issue in Odoo Community
11.0 through 13.0 and Odoo
NOTE: https://github.com/odoo/odoo/issues/63712
CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows
addons/?q= XSS v ...)
NOT-FOR-US: EventON plugin for WordPress
-CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in
dlt_common.c in d ...)
+CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in
dlt_common.c from ...)
- dlt-daemon 2.18.5-0.3 (bug #976228)
[buster] - dlt-daemon <no-dsa> (Minor issue)
NOTE: https://github.com/GENIVI/dlt-daemon/issues/274
@@ -32855,20 +32870,20 @@ CVE-2020-24672
RESERVED
CVE-2020-24671
RESERVED
-CVE-2020-24670
- RESERVED
-CVE-2020-24669
- RESERVED
+CVE-2020-24670 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x -
8.x cont ...)
+ TODO: check
+CVE-2020-24669 (The New Analysis Report in Hitachi Vantara Pentaho through 7.x
- 8.x c ...)
+ TODO: check
CVE-2020-24668
RESERVED
CVE-2020-24667
RESERVED
-CVE-2020-24666
- RESERVED
-CVE-2020-24665
- RESERVED
-CVE-2020-24664
- RESERVED
+CVE-2020-24666 (The Analysis Report in Hitachi Vantara Pentaho through 7.x -
8.x conta ...)
+ TODO: check
+CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x -
8.x cont ...)
+ TODO: check
+CVE-2020-24664 (The dashboard Editor in Hitachi Vantara Pentaho through 7.x -
8.x cont ...)
+ TODO: check
CVE-2020-24663
RESERVED
CVE-2020-24662
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e65e5b607a4259756d9599fa30069f97f973bbf3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e65e5b607a4259756d9599fa30069f97f973bbf3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
