[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 03 Feb 2021 00:10:38 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
45c062c6 by security tracker role at 2021-02-03T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
-CVE-2021-3395
-       RESERVED
+CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 
allows r ...)
+       TODO: check
 CVE-2021-3394
        RESERVED
 CVE-2021-3393
@@ -689,7 +689,7 @@ CVE-2018-25005
        RESERVED
 CVE-2018-25004
        RESERVED
-CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt 
before 1.9.1 ...)
+CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt 
version 1.9. ...)
        [experimental] - libgcrypt20 1.9.1-1 (bug #981370)
        - libgcrypt20 <not-affected> (Only affected 1.9)
        NOTE: 
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
@@ -12904,12 +12904,12 @@ CVE-2021-21296
        RESERVED
 CVE-2021-21295
        RESERVED
-CVE-2021-21294
-       RESERVED
-CVE-2021-21293
-       RESERVED
-CVE-2021-21292
-       RESERVED
+CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala 
interface f ...)
+       TODO: check
+CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines, 
with a f ...)
+       TODO: check
+CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar 
before versi ...)
+       TODO: check
 CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file 
server th ...)
        TODO: check
 CVE-2021-21290
@@ -13621,8 +13621,8 @@ CVE-2021-21045
        RESERVED
 CVE-2021-21044
        RESERVED
-CVE-2021-21043
-       RESERVED
+CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a 
Reflected Cross ...)
+       TODO: check
 CVE-2021-21042
        RESERVED
 CVE-2021-21041
@@ -16748,8 +16748,8 @@ CVE-2020-35154
        RESERVED
 CVE-2020-35153
        RESERVED
-CVE-2020-35152
-       RESERVED
+CVE-2020-35152 (Cloudflare WARP for Windows allows privilege escalation due to 
an unqu ...)
+       TODO: check
 CVE-2020-35151 (The Online Marriage Registration System 1.0 post parameter 
"searchdata ...)
        NOT-FOR-US: Online Marriage Registration System
 CVE-2020-35150
@@ -17911,8 +17911,8 @@ CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and 
v2.12.2 has an issue where r
        NOTE: 
https://github.com/Icinga/icinga2/security/advisories/GHSA-pcmr-2p2f-r7j6
        NOTE: 
https://github.com/Icinga/icinga2/commit/abbd7d5494369af8bbf8fc12f5dc1a0f05a1f817
        NOTE: 
https://github.com/Icinga/icinga2/commit/cae22a89da9e6a381904c3b207e5a3f93f6ed838
-CVE-2020-29662
-       RESERVED
+CVE-2020-29662 (In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the 
catalog&#8217;s  ...)
+       TODO: check
 CVE-2020-29661 (A locking issue was discovered in the tty subsystem of the 
Linux kerne ...)
        {DSA-4843-1}
        - linux 5.9.15-1
@@ -24224,34 +24224,34 @@ CVE-2021-0367
        RESERVED
 CVE-2021-0366
        RESERVED
-CVE-2021-0365
-       RESERVED
-CVE-2021-0364
-       RESERVED
-CVE-2021-0363
-       RESERVED
-CVE-2021-0362
-       RESERVED
-CVE-2021-0361
-       RESERVED
-CVE-2021-0360
-       RESERVED
-CVE-2021-0359
-       RESERVED
-CVE-2021-0358
-       RESERVED
-CVE-2021-0357
-       RESERVED
-CVE-2021-0356
-       RESERVED
-CVE-2021-0355
-       RESERVED
-CVE-2021-0354
-       RESERVED
-CVE-2021-0353
-       RESERVED
-CVE-2021-0352
-       RESERVED
+CVE-2021-0365 (In display driver, there is a possible memory corruption due to 
a use  ...)
+       TODO: check
+CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to 
improper ...)
+       TODO: check
+CVE-2021-0363 (In mobile_log_d, there is a possible command injection due to a 
missin ...)
+       TODO: check
+CVE-2021-0362 (In aee, there is a possible memory corruption due to a stack 
buffer ov ...)
+       TODO: check
+CVE-2021-0361 (In kisd, there is a possible out of bounds read due to improper 
input  ...)
+       TODO: check
+CVE-2021-0360 (In netdiag, there is a possible out of bounds write due to an 
incorrec ...)
+       TODO: check
+CVE-2021-0359 (In netdiag, there is a possible out of bounds write due to a 
missing b ...)
+       TODO: check
+CVE-2021-0358 (In netdiag, there is a possible command injection due to 
improper inpu ...)
+       TODO: check
+CVE-2021-0357 (In netdiag, there is a possible out of bounds write due to a 
missing b ...)
+       TODO: check
+CVE-2021-0356 (In netdiag, there is a possible command injection due to 
improper inpu ...)
+       TODO: check
+CVE-2021-0355 (In kisd, there is a possible out of bounds write due to an 
integer ove ...)
+       TODO: check
+CVE-2021-0354 (In ged, there is a possible out of bounds write due to an 
integer over ...)
+       TODO: check
+CVE-2021-0353 (In kisd, there is a possible memory corruption due to a heap 
buffer ov ...)
+       TODO: check
+CVE-2021-0352 (In RT regmap driver, there is a possible memory corruption due 
to type ...)
+       TODO: check
 CVE-2021-0351
        RESERVED
 CVE-2021-0350
@@ -30079,7 +30079,8 @@ CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows 
attackers to bypass intended
        NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
        NOTE: https://github.com/dgrijalva/jwt-go/issues/422
        NOTE: https://github.com/dgrijalva/jwt-go/pull/286
-CVE-2020-26159 (In Oniguruma 6.9.5_rev1, an attacker able to supply a regular 
expressi ...)
+CVE-2020-26159
+       REJECTED
        NOTE: This was a false positive, see #972113
        NOTE: original report: https://github.com/kkos/oniguruma/issues/207
        NOTE: original patch: 
https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0
@@ -34039,8 +34040,7 @@ CVE-2020-24492
        RESERVED
 CVE-2020-24491
        RESERVED
-CVE-2020-24490
-       RESERVED
+CVE-2020-24490 (Improper buffer restrictions in BlueZ may allow an 
unauthenticated use ...)
        {DLA-2420-1}
        - linux 5.7.17-1
        [buster] - linux 4.19.146-1
@@ -56424,8 +56424,8 @@ CVE-2020-14257
        RESERVED
 CVE-2020-14256
        RESERVED
-CVE-2020-14255
-       RESERVED
+CVE-2020-14255 (HCL Digital Experience 9.5 containers include vulnerabilities 
that cou ...)
+       TODO: check
 CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory 
up to v ...)
        NOT-FOR-US: HCL BigFix Inventory
 CVE-2020-14253
@@ -56492,8 +56492,8 @@ CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is 
susceptible to cross-sit
        NOT-FOR-US: HCL Digital Experience
 CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross 
site scri ...)
        NOT-FOR-US: HCL Digital Experience
-CVE-2020-14221
-       RESERVED
+CVE-2020-14221 (HCL Digital Experience 8.5, 9.0, and 9.5 exposes information 
about the ...)
+       TODO: check
 CVE-2020-14220
        RESERVED
 CVE-2020-14219
@@ -72130,8 +72130,7 @@ CVE-2020-8736 (Improper access control in subsystem for 
the Intel(R) Computing I
        NOT-FOR-US: Intel
 CVE-2020-8735
        RESERVED
-CVE-2020-8734
-       RESERVED
+CVE-2020-8734 (Improper input validation in the firmware for Intel(R) Server 
Board M1 ...)
        NOT-FOR-US: Intel
 CVE-2020-8733 (Improper buffer restrictions in the firmware for Intel(R) 
Server Board ...)
        NOT-FOR-US: Intel
@@ -72267,8 +72266,8 @@ CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem 
in Intel(R) AMT and Intel(
        NOT-FOR-US: Intel
 CVE-2020-8673
        RESERVED
-CVE-2020-8672
-       RESERVED
+CVE-2020-8672 (Out of bound read in BIOS firmware for 8th, 9th Generation 
Intel(R) Co ...)
+       TODO: check
 CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th 
Generat ...)
        NOT-FOR-US: Intel
 CVE-2020-8670
@@ -83854,8 +83853,8 @@ CVE-2020-4083 (HCL Connections 6.5 is vulnerable to 
possible information leakage
        NOT-FOR-US: HCL Connections
 CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site 
script ...)
        NOT-FOR-US: HCL Connections
-CVE-2020-4081
-       RESERVED
+CVE-2020-4081 (In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is 
vulnerable t ...)
+       TODO: check
 CVE-2020-4080 (HCL Verse v10 and v11 is susceptible to a Stored Cross-Site 
Scripting  ...)
        NOT-FOR-US: HCL
 CVE-2020-4079 (Combodo iTop is a web based IT Service Management tool. In iTop 
before ...)
@@ -90467,8 +90466,8 @@ CVE-2020-1912 (An out-of-bounds read/write 
vulnerability when executing lazily c
        NOT-FOR-US: Facebook Hermes
 CVE-2020-1911 (A type confusion vulnerability when resolving properties of 
JavaScript ...)
        NOT-FOR-US: Facebook Hermes
-CVE-2020-1910
-       RESERVED
+CVE-2020-1910 (A missing bounds check in WhatsApp for Android prior to 
v2.21.1.13 and ...)
+       TODO: check
 CVE-2020-1909 (A use-after-free in a logging library in WhatsApp for iOS prior 
to v2. ...)
        NOT-FOR-US: WhatsApp
 CVE-2020-1908 (Improper authorization of the Screen Lock feature in WhatsApp 
and What ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45c062c6cd64c4ad9fb088a0d2961a140b85c2b1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45c062c6cd64c4ad9fb088a0d2961a140b85c2b1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to