Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
77d00c8f by security tracker role at 2021-02-22T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2021-27558
+ RESERVED
+CVE-2021-27557
+ RESERVED
+CVE-2021-27556
+ RESERVED
+CVE-2021-27555
+ RESERVED
+CVE-2021-27554
+ RESERVED
+CVE-2021-27553
+ RESERVED
+CVE-2021-27552
+ RESERVED
+CVE-2021-27551
+ RESERVED
+CVE-2021-27550
+ RESERVED
+CVE-2021-27549
+ RESERVED
+CVE-2021-27548
+ RESERVED
+CVE-2021-27547
+ RESERVED
+CVE-2021-27546
+ RESERVED
+CVE-2021-27545
+ RESERVED
+CVE-2021-27544
+ RESERVED
+CVE-2021-27543
+ RESERVED
+CVE-2021-27542
+ RESERVED
+CVE-2021-27541
+ RESERVED
+CVE-2021-27540
+ RESERVED
+CVE-2021-27539
+ RESERVED
+CVE-2021-27538
+ RESERVED
+CVE-2021-27537
+ RESERVED
+CVE-2021-27536
+ RESERVED
+CVE-2021-27535
+ RESERVED
+CVE-2021-27534
+ RESERVED
+CVE-2021-27533
+ RESERVED
+CVE-2021-27532
+ RESERVED
+CVE-2021-27531
+ RESERVED
+CVE-2021-27530
+ RESERVED
+CVE-2021-27529
+ RESERVED
+CVE-2021-27528
+ RESERVED
+CVE-2021-27527
+ RESERVED
+CVE-2021-27526
+ RESERVED
+CVE-2021-27525
+ RESERVED
+CVE-2021-27524
+ RESERVED
+CVE-2021-27523
+ RESERVED
+CVE-2021-27522
+ RESERVED
+CVE-2021-27521
+ RESERVED
+CVE-2021-27520
+ RESERVED
+CVE-2021-27519
+ RESERVED
+CVE-2021-27518
+ RESERVED
+CVE-2021-27517
+ RESERVED
+CVE-2021-27516 (URI.js (aka urijs) before 1.19.6 mishandles certain uses of
backslash ...)
+ TODO: check
+CVE-2021-27515 (url-parse before 1.5.0 mishandles certain uses of backslash
such as ht ...)
+ TODO: check
+CVE-2021-27514 (EyesOfNetwork 5.3-10 uses an integer of between 8 and 10
digits for th ...)
+ TODO: check
+CVE-2021-27513 (The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote
authentica ...)
+ TODO: check
+CVE-2021-27512
+ RESERVED
CVE-2021-27511
RESERVED
CVE-2021-27510
@@ -1228,7 +1322,7 @@ CVE-2021-27135 (xterm through Patch #365 allows remote
attackers to cause a deni
NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366
NOTE:
https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
CVE-2021-26937 (encoding.c in GNU Screen through 4.8.0 allows remote attackers
to caus ...)
- {DLA-2570-1}
+ {DSA-4861-1 DLA-2570-1}
- screen 4.8.0-5 (bug #982435)
NOTE:
https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/3
@@ -3280,10 +3374,10 @@ CVE-2021-26122
RESERVED
CVE-2021-26121
RESERVED
-CVE-2021-26120
- RESERVED
-CVE-2021-26119
- RESERVED
+CVE-2021-26120 (Smarty before 3.1.39 allows code injection via an unexpected
function ...)
+ TODO: check
+CVE-2021-26119 (Smarty before 3.1.39 allows a Sandbox Escape because
$smarty.template_ ...)
+ TODO: check
CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the
creation of adv ...)
NOT-FOR-US: Apache ActiveMQ Artemis
CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to
use anony ...)
@@ -5603,8 +5697,8 @@ CVE-2021-3151
RESERVED
CVE-2021-3150
RESERVED
-CVE-2021-3149
- RESERVED
+CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices,
/usr/local/webmin/System/manual_ ...)
+ TODO: check
CVE-2021-3148
RESERVED
CVE-2021-3147
@@ -7804,8 +7898,8 @@ CVE-2021-24117
RESERVED
CVE-2021-24116
RESERVED
-CVE-2021-24115
- RESERVED
+CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not
used for ce ...)
+ TODO: check
CVE-2021-24114
RESERVED
CVE-2021-24113
@@ -14620,8 +14714,7 @@ CVE-2020-35683
RESERVED
CVE-2020-35682
RESERVED
-CVE-2020-35681 [Potential leakage of session identifiers using legacy
AsgiHandler]
- RESERVED
+CVE-2020-35681 (Django Channels 3.x before 3.0.3 allows remote attackers to
obtain sen ...)
- python-django-channels 3.0.3-1 (bug #979376)
[buster] - python-django-channels <no-dsa> (Minor issue)
NOTE: https://channels.readthedocs.io/en/latest/releases/3.0.3.html
@@ -14669,8 +14762,8 @@ CVE-2020-35666 (Steedos Platform through 1.21.24 allows
NoSQL injection because
NOT-FOR-US: Steedos Platform
CVE-2020-35665 (An unauthenticated command-execution vulnerability exists in
TerraMast ...)
NOT-FOR-US: TerraMaster TOS
-CVE-2020-35664
- RESERVED
+CVE-2020-35664 (An issue was discovered in Acronis Cyber Protect before 15
Update 1 bu ...)
+ TODO: check
CVE-2020-35663
RESERVED
CVE-2020-35662
@@ -15702,8 +15795,8 @@ CVE-2020-35572 (Adminer through 4.7.8 allows XSS via
the history parameter to th
NOTE: https://sourceforge.net/p/adminer/bugs-and-features/775/
NOTE:
https://github.com/vrana/adminer/security/advisories/GHSA-9pgx-gcph-mpqr
NOTE:
https://github.com/vrana/adminer/commit/5c395afc098e501be3417017c6421968aac477bd
(v4.7.9)
-CVE-2020-35571
- RESERVED
+CVE-2020-35571 (An issue was discovered in MantisBT through 2.24.3. In the
helper_ensu ...)
+ TODO: check
CVE-2021-21105
RESERVED
CVE-2021-21104
@@ -15937,8 +16030,8 @@ CVE-2020-35558 (An issue was discovered in MB CONNECT
LINE mymbCONNECT24 and mbC
NOT-FOR-US: MB CONNECT
CVE-2020-35557 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
NOT-FOR-US: MB CONNECT
-CVE-2020-35556
- RESERVED
+CVE-2020-35556 (An issue was discovered in Acronis Cyber Protect before 15
Update 1 bu ...)
+ TODO: check
CVE-2020-35555 (An issue was discovered on LG mobile devices with Android OS
10 softwa ...)
NOT-FOR-US: LG mobile devices
CVE-2020-35554 (An issue was discovered on LG mobile devices with Android OS
8.0, 8.1, ...)
@@ -18226,7 +18319,7 @@ CVE-2020-35501
NOTE: https://www.openwall.com/lists/oss-security/2021/02/18/1
CVE-2020-35500
REJECTED
-CVE-2020-35499 (A NULL pointer dereference flaw in kernel versions prior to
5.11 may b ...)
+CVE-2020-35499 (A NULL pointer dereference flaw in Linux kernel versions prior
to 5.11 ...)
- linux 5.10.4-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -21171,7 +21264,7 @@ CVE-2020-29534 (An issue was discovered in the Linux
kernel before 5.9.3. io_uri
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2089
NOTE:
https://git.kernel.org/linus/0f2122045b946241a9e549c2a76cea54fa58a7ff
-CVE-2020-29529 (HashiCorp go-slug up to 0.4.3 did not fully protect against
Zip Slip a ...)
+CVE-2020-29529 (HashiCorp go-slug up to 0.4.3 did not fully protect against
directory ...)
- golang-github-hashicorp-go-slug 0.5.0-1 (bug #976873)
NOTE: https://github.com/hashicorp/go-slug/pull/12
CVE-2020-29528
@@ -67786,11 +67879,9 @@ CVE-2020-11299
RESERVED
CVE-2020-11298
RESERVED
-CVE-2020-11297
- RESERVED
+CVE-2020-11297 (Denial of service in WLAN module due to improper check of
subtypes in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11296
- RESERVED
+CVE-2020-11296 (Arithmetic overflow can happen while processing NOA IE due to
improper ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11295
RESERVED
@@ -67808,57 +67899,43 @@ CVE-2020-11289
RESERVED
CVE-2020-11288
RESERVED
-CVE-2020-11287
- RESERVED
+CVE-2020-11287 (Allowing RTT frames to be linked with non randomized MAC
address by co ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11286
- RESERVED
+CVE-2020-11286 (An Untrusted Pointer Dereference can occur while doing USB
control tra ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11285
RESERVED
CVE-2020-11284
RESERVED
-CVE-2020-11283
- RESERVED
+CVE-2020-11283 (A buffer overflow can occur when playing an MKV clip due to
lack of in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11282
- RESERVED
+CVE-2020-11282 (Improper access control when using mmap with the kgsl driver
with a sp ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11281
- RESERVED
+CVE-2020-11281 (Allowing RTT frames to be linked with non randomized MAC
address by co ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11280
- RESERVED
+CVE-2020-11280 (Denial of service while processing fine timing measurement
request (FT ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11279
RESERVED
-CVE-2020-11278
- RESERVED
+CVE-2020-11278 (Possible denial of service while handling host WMI command due
to impr ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11277
- RESERVED
+CVE-2020-11277 (Possible race condition during async fastrpc session after
sending RPC ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11276
- RESERVED
+CVE-2020-11276 (Possible buffer over read while processing P2P IE and NOA
attribute of ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11275
- RESERVED
+CVE-2020-11275 (Possible buffer over-read while parsing quiet IE in Rx beacon
frame du ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11274
RESERVED
CVE-2020-11273
RESERVED
-CVE-2020-11272
- RESERVED
+CVE-2020-11272 (Before enqueuing a frame to the PE queue for further
processing, an en ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11271
- RESERVED
+CVE-2020-11271 (Possible out of bounds while accessing global control elements
due to ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11270
- RESERVED
+CVE-2020-11270 (Possible denial of service due to RTT responder consistently
rejects a ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11269
- RESERVED
+CVE-2020-11269 (Possible memory corruption while processing EAPOL frames due
to lack o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11268
RESERVED
@@ -67893,8 +67970,7 @@ CVE-2020-11255
RESERVED
CVE-2020-11254
RESERVED
-CVE-2020-11253
- RESERVED
+CVE-2020-11253 (Arbitrary memory write issue in video driver while setting the
interna ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11252
RESERVED
@@ -67961,8 +68037,8 @@ CVE-2020-11225 (Out of bound access in WLAN driver due
to lack of validation of
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11224
RESERVED
-CVE-2020-11223
- RESERVED
+CVE-2020-11223 (Out of bound in camera driver due to lack of check of
validation of ar ...)
+ TODO: check
CVE-2020-11222
RESERVED
CVE-2020-11221
@@ -67999,10 +68075,9 @@ CVE-2020-11206 (u'Possible buffer overflow in Fastrpc
while handling received pa
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11205 (u'Possible integer overflow to heap overflow while processing
command ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11204
- RESERVED
-CVE-2020-11203
- RESERVED
+CVE-2020-11204 (Possible memory corruption and information leakage in
sub-system due t ...)
+ TODO: check
+CVE-2020-11203 (Stack overflow may occur if GSM/WCDMA broadcast config size
received f ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11202 (u'Buffer overflow/underflow occurs when typecasting the buffer
passed ...)
NOT-FOR-US: Qualcomm components for Android
@@ -68012,16 +68087,16 @@ CVE-2020-11200 (Buffer over-read while parsing RPS
due to lack of check of input
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11199
RESERVED
-CVE-2020-11198
- RESERVED
+CVE-2020-11198 (Key material used for TZ diag buffer encryption and other data
related ...)
+ TODO: check
CVE-2020-11197 (Possible integer overflow can occur when stream info update is
called ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11196 (u'Integer overflow to buffer overflow occurs while playback of
ASF cli ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11195
- RESERVED
-CVE-2020-11194
- RESERVED
+CVE-2020-11195 (Out of bound write and read in TA while processing command
from NS sid ...)
+ TODO: check
+CVE-2020-11194 (Possible out of bound access in TA while processing a command
from NS ...)
+ TODO: check
CVE-2020-11193 (u'Buffer over read can happen while parsing mkv clip due to
improper t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11192
@@ -68034,8 +68109,7 @@ CVE-2020-11189
RESERVED
CVE-2020-11188
RESERVED
-CVE-2020-11187
- RESERVED
+CVE-2020-11187 (Possible memory corruption in BSI module due to improper
validation of ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11186
RESERVED
@@ -68056,8 +68130,7 @@ CVE-2020-11179 (Arbitrary read and write to kernel
addresses by temporarily over
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11178
RESERVED
-CVE-2020-11177
- RESERVED
+CVE-2020-11177 (User can overwrite Security Code NV item without knowing
current SPC d ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11176
RESERVED
@@ -68071,8 +68144,7 @@ CVE-2020-11172 (u'fscanf reads a string from a file and
stores its contents on a
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11171
RESERVED
-CVE-2020-11170
- RESERVED
+CVE-2020-11170 (Out of bound memory access while playing music playbacks with
crafted ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11169 (u'Buffer over-read while processing received L2CAP packet due
to lack ...)
NOT-FOR-US: Qualcomm components for Android
@@ -68086,8 +68158,7 @@ CVE-2020-11165
RESERVED
CVE-2020-11164 (u'Third-party app may also call the broadcasts in Perfdump and
cause p ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11163
- RESERVED
+CVE-2020-11163 (Possible buffer overflow while updating ikev2 parameters due
to lack o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11162 (u'Possible buffer overflow in MHI driver due to lack of input
paramete ...)
NOT-FOR-US: Qualcomm components for Android
@@ -68122,8 +68193,8 @@ CVE-2020-11149 (Out of bound access due to usage of an
out-of-range pointer offs
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11148 (Use after free issue in HIDL while using callback to post
event in Rx ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11147
- RESERVED
+CVE-2020-11147 (Use after free issue in audio modules while removing and
freeing objec ...)
+ TODO: check
CVE-2020-11146 (Out of bound write while copying data using IOCTL due to lack
of check ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11145 (Divide by zero issue can happen while updating delta extension
header ...)
@@ -88111,8 +88182,8 @@ CVE-2020-3666 (u'Out of bounds memory access during
memory copy while processing
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3665 (A possible buffer overflow would occur while processing command
from f ...)
NOT-FOR-US: Snapdragon
-CVE-2020-3664
- RESERVED
+CVE-2020-3664 (Out of bound read access in hypervisor due to an invalid read
access a ...)
+ TODO: check
CVE-2020-3663 (Buffer over-write may occur during fetching track decoder
specific inf ...)
NOT-FOR-US: Snapdragon
CVE-2020-3662 (Buffer overflow can occur while parsing eac3 header while
playing the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77d00c8f70abd8007a9e8a0a3325f9ccc513363b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77d00c8f70abd8007a9e8a0a3325f9ccc513363b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
