Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a86e46c by security tracker role at 2021-02-01T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,219 @@
+CVE-2021-3379
+ RESERVED
+CVE-2021-3378
+ RESERVED
+CVE-2021-3377
+ RESERVED
+CVE-2021-3376
+ RESERVED
+CVE-2021-3375
+ RESERVED
+CVE-2021-3374
+ RESERVED
+CVE-2021-3373
+ RESERVED
+CVE-2021-3372
+ RESERVED
+CVE-2021-3371
+ RESERVED
+CVE-2021-3370
+ RESERVED
+CVE-2021-3369
+ RESERVED
+CVE-2021-3368
+ RESERVED
+CVE-2021-3367
+ RESERVED
+CVE-2021-3366
+ RESERVED
+CVE-2021-3365
+ RESERVED
+CVE-2021-3364
+ RESERVED
+CVE-2021-3363
+ RESERVED
+CVE-2021-3362
+ RESERVED
+CVE-2021-3361
+ RESERVED
+CVE-2021-3360
+ RESERVED
+CVE-2021-3359
+ RESERVED
+CVE-2021-3358
+ RESERVED
+CVE-2021-3357
+ RESERVED
+CVE-2021-3356
+ RESERVED
+CVE-2021-3355
+ RESERVED
+CVE-2021-3354
+ RESERVED
+CVE-2021-3353
+ RESERVED
+CVE-2021-3352
+ RESERVED
+CVE-2021-3351
+ RESERVED
+CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB
allows XSS ...)
+ TODO: check
+CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid
signat ...)
+ TODO: check
+CVE-2021-26538
+ RESERVED
+CVE-2021-26537
+ RESERVED
+CVE-2021-26536
+ RESERVED
+CVE-2021-26535
+ RESERVED
+CVE-2021-26534
+ RESERVED
+CVE-2021-26533
+ RESERVED
+CVE-2021-26532
+ RESERVED
+CVE-2021-26531
+ RESERVED
+CVE-2021-26530
+ RESERVED
+CVE-2021-26529
+ RESERVED
+CVE-2021-26528
+ RESERVED
+CVE-2021-26527
+ RESERVED
+CVE-2021-26526
+ RESERVED
+CVE-2021-26525
+ RESERVED
+CVE-2021-26524
+ RESERVED
+CVE-2021-26523
+ RESERVED
+CVE-2021-26522
+ RESERVED
+CVE-2021-26521
+ RESERVED
+CVE-2021-26520
+ RESERVED
+CVE-2021-26519
+ RESERVED
+CVE-2021-26518
+ RESERVED
+CVE-2021-26517
+ RESERVED
+CVE-2021-26516
+ RESERVED
+CVE-2021-26515
+ RESERVED
+CVE-2021-26514
+ RESERVED
+CVE-2021-26513
+ RESERVED
+CVE-2021-26512
+ RESERVED
+CVE-2021-26511
+ RESERVED
+CVE-2021-26510
+ RESERVED
+CVE-2021-26509
+ RESERVED
+CVE-2021-26508
+ RESERVED
+CVE-2021-26507
+ RESERVED
+CVE-2021-26506
+ RESERVED
+CVE-2021-26505
+ RESERVED
+CVE-2021-26504
+ RESERVED
+CVE-2021-26503
+ RESERVED
+CVE-2021-26502
+ RESERVED
+CVE-2021-26501
+ RESERVED
+CVE-2021-26500
+ RESERVED
+CVE-2021-26499
+ RESERVED
+CVE-2021-26498
+ RESERVED
+CVE-2021-26497
+ RESERVED
+CVE-2021-26496
+ RESERVED
+CVE-2021-26495
+ RESERVED
+CVE-2021-26494
+ RESERVED
+CVE-2021-26493
+ RESERVED
+CVE-2021-26492
+ RESERVED
+CVE-2021-26491
+ RESERVED
+CVE-2021-26490
+ RESERVED
+CVE-2021-26489
+ RESERVED
+CVE-2021-26488
+ RESERVED
+CVE-2021-26487
+ RESERVED
+CVE-2021-26486
+ RESERVED
+CVE-2021-26485
+ RESERVED
+CVE-2021-26484
+ RESERVED
+CVE-2021-26483
+ RESERVED
+CVE-2021-26482
+ RESERVED
+CVE-2021-26481
+ RESERVED
+CVE-2021-26480
+ RESERVED
+CVE-2021-26479
+ RESERVED
+CVE-2021-26478
+ RESERVED
+CVE-2021-26477
+ RESERVED
+CVE-2021-26476
+ RESERVED
+CVE-2021-26475
+ RESERVED
+CVE-2021-26474
+ RESERVED
+CVE-2021-26473
+ RESERVED
+CVE-2021-26472
+ RESERVED
+CVE-2021-26471
+ RESERVED
+CVE-2021-26470
+ RESERVED
+CVE-2021-26469
+ RESERVED
+CVE-2021-26468
+ RESERVED
+CVE-2021-26467
+ RESERVED
+CVE-2021-26466
+ RESERVED
+CVE-2021-26465
+ RESERVED
+CVE-2021-26464
+ RESERVED
+CVE-2021-26463
+ RESERVED
+CVE-2021-26462
+ RESERVED
CVE-2021-26461
RESERVED
CVE-2021-26460
@@ -321,10 +537,11 @@ CVE-2021-3345 (_gcry_md_block_write in
cipher/hash-common.c in Libgcrypt before
NOTE: https://dev.gnupg.org/T5275
NOTE: Introduced by:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e76617cbab018dd8f41fd6b4ec6740b5303f7e13
NOTE: Fixed by:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08
-CVE-2021-3348 [linux-block: nbd: use-after-free Read in nbd_queue_rq]
+CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel
through 5.10 ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/b98e762e3d71e893b221f871825dc64694cfb258 (5.11-rc6)
CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI
futexe ...)
+ {DSA-4843-1}
- linux 5.10.12-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1
CVE-2021-3343
@@ -5667,7 +5884,7 @@ CVE-2021-23965
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965
CVE-2021-23964
RESERVED
- {DSA-4840-1}
+ {DSA-4842-1 DSA-4840-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -5688,7 +5905,7 @@ CVE-2021-23961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961
CVE-2021-23960
RESERVED
- {DSA-4840-1}
+ {DSA-4842-1 DSA-4840-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -5717,7 +5934,7 @@ CVE-2021-23955
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955
CVE-2021-23954
RESERVED
- {DSA-4840-1}
+ {DSA-4842-1 DSA-4840-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -5726,7 +5943,7 @@ CVE-2021-23954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23954
CVE-2021-23953
RESERVED
- {DSA-4840-1}
+ {DSA-4842-1 DSA-4840-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -10888,6 +11105,7 @@ CVE-2021-21497
CVE-2021-21496
RESERVED
CVE-2020-36158 (mwifiex_cmd_802_11_ad_hoc_start in
drivers/net/wireless/marvell/mwifie ...)
+ {DSA-4843-1}
- linux 5.10.5-1
NOTE:
https://git.kernel.org/linus/5c455c5ab332773464d02ba17015acdca198f03d (5.11-rc1)
CVE-2020-36157 (An issue was discovered in the Ultimate Member plugin before
2.1.12 fo ...)
@@ -15047,6 +15265,7 @@ CVE-2021-20178 [user data leak in snmp_facts module]
NOTE: https://github.com/ansible-collections/community.general/pull/1621
CVE-2021-20177
RESERVED
+ {DSA-4843-1}
- linux 5.5.13-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823
@@ -17502,10 +17721,12 @@ CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and
v2.12.2 has an issue where r
CVE-2020-29662
RESERVED
CVE-2020-29661 (A locking issue was discovered in the tty subsystem of the
Linux kerne ...)
+ {DSA-4843-1}
- linux 5.9.15-1
NOTE:
https://git.kernel.org/linus/54ffccbf053b5b6ca4f6e45094b942fab92a25fc
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125
CVE-2020-29660 (A locking inconsistency issue was discovered in the tty
subsystem of t ...)
+ {DSA-4843-1}
- linux 5.9.15-1
NOTE:
https://git.kernel.org/linus/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125
@@ -18256,9 +18477,11 @@ CVE-2020-29570 (An issue was discovered in Xen through
4.14.x. Recording of the
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-358.html
CVE-2020-29569 (An issue was discovered in the Linux kernel through 5.10.1, as
used wi ...)
+ {DSA-4843-1}
- linux 5.9.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-350.html
CVE-2020-29568 (An issue was discovered in Xen through 4.14.x. Some OSes (such
as Linu ...)
+ {DSA-4843-1}
- linux 5.9.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-349.html
CVE-2020-29567 (An issue was discovered in Xen 4.14.x. When moving IRQs
between CPUs t ...)
@@ -22321,6 +22544,7 @@ CVE-2020-28376
CVE-2020-28375
RESERVED
CVE-2020-28374 (In drivers/target/target_core_xcopy.c in the Linux kernel
before 5.10. ...)
+ {DSA-4843-1}
- linux 5.10.9-1
NOTE:
https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12
@@ -25268,6 +25492,7 @@ CVE-2020-27831
NOT-FOR-US: Quay
CVE-2020-27830 [Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2]
RESERVED
+ {DSA-4843-1}
- linux 5.9.15-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/1
@@ -25294,6 +25519,7 @@ CVE-2020-27826
RESERVED
NOT-FOR-US: Keycloak
CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c
in Linux ...)
+ {DSA-4843-1}
- linux 5.9.6-1
NOTE:
https://git.kernel.org/linus/bbeb97464eefc65f506084fd9f18f21653e01137
CVE-2020-27824 [global-buffer-overflow read in lib-openjp2]
@@ -25333,6 +25559,7 @@ CVE-2020-27816 (The elasticsearch-operator does not
validate the namespace where
NOT-FOR-US: OpenShift Elasticsearch operator
CVE-2020-27815
RESERVED
+ {DSA-4843-1}
- linux 5.10.4-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/30/5
CVE-2020-27814 (A heap-buffer overflow was found in the way openjpeg2 handled
certain ...)
@@ -27721,7 +27948,7 @@ CVE-2020-26977 (By attempting to connect a website
using an unresponsive port, a
- firefox <not-affected> (Android specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26977
CVE-2020-26976 (When a HTTPS pages was embedded in a HTTP page, and there was
a servic ...)
- {DSA-4840-1}
+ {DSA-4842-1 DSA-4840-1}
- firefox 84.0-1
- firefox-esr 78.7.0esr-1
- thunderbird 1:78.7.0-1
@@ -28771,8 +28998,8 @@ CVE-2020-26549 (An issue was discovered in Aviatrix
Controller before R5.4.1290.
NOT-FOR-US: Aviatrix
CVE-2020-26548 (An issue was discovered in Aviatrix Controller before
R5.4.1290. There ...)
NOT-FOR-US: Aviatrix
-CVE-2020-26547
- RESERVED
+CVE-2020-26547 (Monal before 4.9 does not implement proper sender verification
on MAM ...)
+ TODO: check
CVE-2020-26546 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in
HelpDeskZ 1 ...)
NOT-FOR-US: HelpDeskZ
CVE-2020-26545
@@ -50877,7 +51104,7 @@ CVE-2020-16045 (Use after Free in Payments in Google
Chrome on Android prior to
TODO: check
CVE-2020-16044
RESERVED
- {DSA-4827-1 DLA-2521-1}
+ {DSA-4842-1 DSA-4827-1 DLA-2521-1}
- firefox 84.0.2-1
- firefox-esr 78.6.1esr-1
- thunderbird 1:78.6.1-1
@@ -51538,16 +51765,16 @@ CVE-2020-15838 (The Agent Update System in
ConnectWise Automate before 2020.8 al
NOT-FOR-US: ConnectWise Automate
CVE-2020-15837
RESERVED
-CVE-2020-15836
- RESERVED
-CVE-2020-15835
- RESERVED
-CVE-2020-15834
- RESERVED
-CVE-2020-15833
- RESERVED
-CVE-2020-15832
- RESERVED
+CVE-2020-15836 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE
4.1.5-std dev ...)
+ TODO: check
+CVE-2020-15835 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE
4.1.5-std dev ...)
+ TODO: check
+CVE-2020-15834 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE
4.1.5-std dev ...)
+ TODO: check
+CVE-2020-15833 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE
4.1.5-std dev ...)
+ TODO: check
+CVE-2020-15832 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE
4.1.5-std dev ...)
+ TODO: check
CVE-2020-15831 (JetBrains TeamCity before 2019.2.3 is vulnerable to reflected
XSS in t ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2020-15830 (JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS
in the ...)
@@ -51968,6 +52195,7 @@ CVE-2020-15686
RESERVED
CVE-2020-15685
RESERVED
+ {DSA-4842-1}
- thunderbird 1:78.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685
CVE-2020-15684 (Mozilla developers reported memory safety bugs present in
Firefox 81. ...)
@@ -54173,6 +54401,7 @@ CVE-2020-14814 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2020-14813 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
NOT-FOR-US: Oracle
CVE-2020-14812 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ {DLA-2538-1}
- mariadb-10.5 1:10.5.8-1
[experimental] - mariadb-10.3 1:10.3.27-1~exp1
- mariadb-10.3 <unfixed>
@@ -54315,6 +54544,7 @@ CVE-2020-14767 (Vulnerability in the Hyperion BI+
product of Oracle Hyperion (co
CVE-2020-14766 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
NOT-FOR-US: Oracle
CVE-2020-14765 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ {DLA-2538-1}
- mariadb-10.5 1:10.5.8-1
[experimental] - mariadb-10.3 1:10.3.27-1~exp1
- mariadb-10.3 <unfixed>
@@ -57057,16 +57287,16 @@ CVE-2020-13862
RESERVED
CVE-2020-13861
RESERVED
-CVE-2020-13860
- RESERVED
-CVE-2020-13859
- RESERVED
-CVE-2020-13858
- RESERVED
-CVE-2020-13857
- RESERVED
-CVE-2020-13856
- RESERVED
+CVE-2020-13860 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE
4.0.8-std dev ...)
+ TODO: check
+CVE-2020-13859 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE
4.0.8-std dev ...)
+ TODO: check
+CVE-2020-13858 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE
3.6.1-std and ...)
+ TODO: check
+CVE-2020-13857 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE
3.6.1-std and ...)
+ TODO: check
+CVE-2020-13856 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE
4.0.8-std dev ...)
+ TODO: check
CVE-2020-13855 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading
to remot ...)
NOT-FOR-US: Artica Pandora FMS
CVE-2020-13854 (Artica Pandora FMS 7.44 allows privilege escalation. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a86e46cc6e269f8323fd07db086d3fef58f94b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a86e46cc6e269f8323fd07db086d3fef58f94b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
