Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
341d685b by security tracker role at 2021-02-05T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2021-26733
+ RESERVED
+CVE-2021-26732
+ RESERVED
+CVE-2021-26731
+ RESERVED
+CVE-2021-26730
+ RESERVED
+CVE-2021-26729
+ RESERVED
+CVE-2021-26728
+ RESERVED
+CVE-2021-26727
+ RESERVED
+CVE-2021-26726
+ RESERVED
+CVE-2021-26725
+ RESERVED
+CVE-2021-26724
+ RESERVED
+CVE-2021-26723
+ RESERVED
+CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query
because ...)
+ TODO: check
+CVE-2021-26721
+ RESERVED
+CVE-2021-26720
+ RESERVED
+CVE-2021-26719
+ RESERVED
+CVE-2021-26718
+ RESERVED
+CVE-2021-26717
+ RESERVED
+CVE-2021-26716
+ RESERVED
+CVE-2021-26715
+ RESERVED
+CVE-2021-26714
+ RESERVED
+CVE-2021-26713
+ RESERVED
+CVE-2021-26712
+ RESERVED
+CVE-2021-26711 (A frame-injection issue in the online help in Redwood
Report2Web 4.3.4 ...)
+ TODO: check
+CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in
Redwood Repor ...)
+ TODO: check
+CVE-2021-26709
+ RESERVED
+CVE-2021-26707
+ RESERVED
+CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as
used by GNO ...)
+ TODO: check
CVE-2021-XXXX [wpa_supplicant P2P group information processing vulnerability]
- wpa <unfixed> (bug #981971)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/4
@@ -21,7 +75,7 @@ CVE-2021-26699
RESERVED
CVE-2021-26698
RESERVED
-CVE-2021-26708 [vsock: fix the race conditions in multi-transport support]
+CVE-2021-26708 (A local privilege escalation was discovered in the Linux
kernel before ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -378,8 +432,8 @@ CVE-2021-3384
RESERVED
CVE-2021-3383
RESERVED
-CVE-2021-3382
- RESERVED
+CVE-2021-3382 (Stack buffer overflow vulnerability in gitea 1.9.0 through
1.13.1 allo ...)
+ TODO: check
CVE-2021-3381
RESERVED
CVE-2021-3380
@@ -1004,8 +1058,8 @@ CVE-2021-26296
RESERVED
CVE-2021-26295
RESERVED
-CVE-2021-3333
- RESERVED
+CVE-2021-3333 (Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting
(XSS). W ...)
+ TODO: check
CVE-2021-3332
RESERVED
CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute
arbitrary pro ...)
@@ -2088,8 +2142,8 @@ CVE-2021-3260
RESERVED
CVE-2021-3259
RESERVED
-CVE-2021-3258
- RESERVED
+CVE-2021-3258 (Question2Answer Q2A Ultimate SEO Version 1.3 is affected by
cross-site ...)
+ TODO: check
CVE-2021-3257
RESERVED
CVE-2021-3256
@@ -12548,8 +12602,8 @@ CVE-2020-35767
CVE-2020-35766 (The test suite in libopendkim in OpenDKIM through 2.10.3
allows local ...)
- opendkim <unfixed> (unimportant)
NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/113
-CVE-2020-35765
- RESERVED
+CVE-2020-35765 (doFilter in com.adventnet.appmanager.filter.UriCollector in
Zoho Manag ...)
+ TODO: check
CVE-2020-35764
RESERVED
CVE-2020-35763
@@ -14741,8 +14795,8 @@ CVE-2021-20654
RESERVED
CVE-2021-20653
RESERVED
-CVE-2021-20652
- RESERVED
+CVE-2021-20652 (Cross-site request forgery (CSRF) vulnerability in Name
Directory 1.17 ...)
+ TODO: check
CVE-2021-20651
RESERVED
CVE-2021-20650
@@ -14799,8 +14853,8 @@ CVE-2021-20625
RESERVED
CVE-2021-20624
RESERVED
-CVE-2021-20623
- RESERVED
+CVE-2021-20623 (Video Insight VMS versions prior to 7.8 allows a remote
attacker to ex ...)
+ TODO: check
CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware
Ver1.0.2 ...)
NOT-FOR-US: Aterm WG2600HP firmware
CVE-2021-20621 (Cross-site request forgery (CSRF) vulnerability in Aterm
WG2600HP firm ...)
@@ -45989,8 +46043,8 @@ CVE-2020-18752
RESERVED
CVE-2020-18751
RESERVED
-CVE-2020-18750
- RESERVED
+CVE-2020-18750 (Buffer overflow in pdf2json 0.69 allows local users to execute
arbitra ...)
+ TODO: check
CVE-2020-18749
RESERVED
CVE-2020-18748
@@ -46015,8 +46069,8 @@ CVE-2020-18739
RESERVED
CVE-2020-18738
RESERVED
-CVE-2020-18737
- RESERVED
+CVE-2020-18737 (An issue was discovered in Typora 0.9.67. There is an XSS
vulnerabilit ...)
+ TODO: check
CVE-2020-18736
RESERVED
CVE-2020-18735
@@ -49257,7 +49311,8 @@ CVE-2020-17162
RESERVED
CVE-2020-17161
RESERVED
-CVE-2020-17160 (, aka 'RETRACTED'. ...)
+CVE-2020-17160
+ REJECTED
NOT-FOR-US: Microsoft
CVE-2020-17159 (Visual Studio Code Java Extension Pack Remote Code Execution
Vulnerabi ...)
NOT-FOR-US: Microsoft
@@ -62405,8 +62460,8 @@ CVE-2020-12124 (A remote command-line injection
vulnerability in the /cgi-bin/li
NOT-FOR-US: WAVLINK
CVE-2020-12123 (CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK
WN530H4 ...)
NOT-FOR-US: WAVLINK
-CVE-2020-12122
- RESERVED
+CVE-2020-12122 (In Max Secure Max Spyware Detector 1.0.0.044, the driver file
(MaxProc ...)
+ TODO: check
CVE-2020-12121
RESERVED
CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7
allows remote ...)
@@ -68220,12 +68275,12 @@ CVE-2020-10541 (Zoho ManageEngine OpManager before
12.4.179 allows remote code e
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain
combinations of ...)
NOT-FOR-US: Untis WebUntis
-CVE-2020-10539
- RESERVED
-CVE-2020-10538
- RESERVED
-CVE-2020-10537
- RESERVED
+CVE-2020-10539 (An issue was discovered in Epikur before 20.1.1. The Epikur
server con ...)
+ TODO: check
+CVE-2020-10538 (An issue was discovered in Epikur before 20.1.1. It stores the
secret ...)
+ TODO: check
+CVE-2020-10537 (An issue was discovered in Epikur before 20.1.1. A Glassfish
4.1 serve ...)
+ TODO: check
CVE-2020-10536
RESERVED
CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for
MediaWiki throug ...)
@@ -68875,8 +68930,8 @@ CVE-2020-10236 (An issue was discovered in Froxlor
before 0.10.14. It created fi
NOT-FOR-US: Froxlor
CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote
attackers wi ...)
NOT-FOR-US: Froxlor
-CVE-2020-10234
- RESERVED
+CVE-2020-10234 (The AscRegistryFilter.sys kernel driver in IObit Advanced
SystemCare 1 ...)
+ TODO: check
CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is
a heap- ...)
- sleuthkit <unfixed> (unimportant)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829
@@ -70749,8 +70804,8 @@ CVE-2020-9455 (The RegistrationMagic plugin through
4.6.0.3 for WordPress allows
NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through
4.6.0.3 f ...)
NOT-FOR-US: RegistrationMagic plugin for WordPress
-CVE-2020-9453
- RESERVED
+CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows
local ...)
+ TODO: check
CVE-2020-9452
RESERVED
CVE-2020-9451
@@ -71799,8 +71854,8 @@ CVE-2020-9016 (Dolibarr 11.0 allows XSS via the
joinfiles, topic, or code parame
- dolibarr <removed>
CVE-2020-9015 (** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M,
DCS-7050CX3-32S-R 4.20 ...)
NOT-FOR-US: Arista devices
-CVE-2020-9014
- RESERVED
+CVE-2020-9014 (In Epson iProjection v2.30, the driver file (EMP_NSAU.sys)
allows loca ...)
+ TODO: check
CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print
restric ...)
NOT-FOR-US: Arvato Skillpipe
CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People
functi ...)
@@ -72356,10 +72411,10 @@ CVE-2020-8809 (Gurux GXDLMS Director prior to
8.5.1905.1301 downloads updates to
NOT-FOR-US: Gurux
CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in
CORSAIR ...)
NOT-FOR-US: CORSAIR iCUE
-CVE-2020-8807
- RESERVED
-CVE-2020-8806
- RESERVED
+CVE-2020-8807 (In Electric Coin Company Zcashd before 2.1.1-1, the time offset
betwee ...)
+ TODO: check
+CVE-2020-8806 (Electric Coin Company Zcashd before 2.1.1-1 allows attackers to
trigge ...)
+ TODO: check
CVE-2020-8805
RESERVED
CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API,
the Em ...)
@@ -72592,16 +72647,19 @@ CVE-2020-8700
CVE-2020-8699
RESERVED
CVE-2020-8698 (Improper isolation of shared resources in some Intel(R)
Processors may ...)
+ {DLA-2546-1}
- intel-microcode 3.20201110.1
[buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via
point release)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
CVE-2020-8697
RESERVED
CVE-2020-8696 (Improper removal of sensitive information before storage or
transfer i ...)
+ {DLA-2546-1}
- intel-microcode 3.20201110.1
[buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via
point release)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R)
Process ...)
+ {DLA-2546-1}
- intel-microcode 3.20201110.1
[buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via
point release)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
@@ -82739,8 +82797,8 @@ CVE-2020-4834
RESERVED
CVE-2020-4833
RESERVED
-CVE-2020-4832
- RESERVED
+CVE-2020-4832 (IBM PowerHA 7.2 could allow a local attacker to obtain
sensitive infor ...)
+ TODO: check
CVE-2020-4831
RESERVED
CVE-2020-4830
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341d685b2c97935ec10fe0d1c4017e7b6c349442
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341d685b2c97935ec10fe0d1c4017e7b6c349442
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
