Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
acf9289d by security tracker role at 2021-01-07T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3108
+ RESERVED
+CVE-2021-3107
+ RESERVED
+CVE-2021-3106
+ RESERVED
+CVE-2021-23238
+ RESERVED
+CVE-2021-23237
+ RESERVED
CVE-2021-3105
RESERVED
CVE-2021-3104
@@ -1098,8 +1108,8 @@ CVE-2020-36179 (FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the in
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-36178 (oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N
6_EU_0.9.1_4.16 d ...)
NOT-FOR-US: TP-Link
-CVE-2021-3029
- RESERVED
+CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS
Imaging) ...)
+ TODO: check
CVE-2021-3028
RESERVED
CVE-2021-22696
@@ -2627,8 +2637,8 @@ CVE-2021-3013
RESERVED
CVE-2021-3012
RESERVED
-CVE-2021-3011
- RESERVED
+CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on
NXP Smart ...)
+ TODO: check
CVE-2021-3010
RESERVED
CVE-2021-3009
@@ -8926,12 +8936,10 @@ CVE-2020-35116
RESERVED
CVE-2020-35115
RESERVED
-CVE-2020-35114
- RESERVED
+CVE-2020-35114 (Mozilla developers reported memory safety bugs present in
Firefox 83. ...)
- firefox 84.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35114
-CVE-2020-35113
- RESERVED
+CVE-2020-35113 (Mozilla developers reported memory safety bugs present in
Firefox 83 a ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -8939,16 +8947,14 @@ CVE-2020-35113
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35113
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35113
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35113
-CVE-2020-35112
- RESERVED
+CVE-2020-35112 (If a user downloaded a file lacking an extension on Windows,
and then ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (only affects Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35112
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35112
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112
-CVE-2020-35111
- RESERVED
+CVE-2020-35111 (When an extension with the proxy permission registered to
receive < ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -13009,8 +13015,8 @@ CVE-2020-28674
RESERVED
CVE-2020-28673
RESERVED
-CVE-2020-28672
- RESERVED
+CVE-2020-28672 (MonoCMS Blog 1.0 is affected by incorrect access control that
can lead ...)
+ TODO: check
CVE-2020-28671
RESERVED
CVE-2020-28670
@@ -17714,8 +17720,7 @@ CVE-2020-27837 (A flaw was found in GDM in versions
prior to 3.38.2.1. A race co
CVE-2020-27836
RESERVED
NOT-FOR-US: OpenShift
-CVE-2020-27835 [IB/hfi1: Ensure correct mm is used at all times]
- RESERVED
+CVE-2020-27835 (A use after free in the Linux kernel infiniband hfi1 driver in
version ...)
- linux 5.9.15-1
NOTE:
https://git.kernel.org/linus/3d2a9d642512c21a12d19b9250e7a835dcb41a79
CVE-2020-27834 [attacker can send the same request over and over again without
changing the CSRF token]
@@ -20158,12 +20163,10 @@ CVE-2020-26981
RESERVED
CVE-2020-26980
RESERVED
-CVE-2020-26979
- RESERVED
+CVE-2020-26979 (When a user typed a URL in the address bar or the search bar
and quick ...)
- firefox 84.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26979
-CVE-2020-26978
- RESERVED
+CVE-2020-26978 (Using techniques that built on the slipstream research, a
malicious we ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -20171,20 +20174,16 @@ CVE-2020-26978
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26978
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26978
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26978
-CVE-2020-26977
- RESERVED
+CVE-2020-26977 (By attempting to connect a website using an unresponsive port,
an atta ...)
- firefox <not-affected> (Android specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26977
-CVE-2020-26976
- RESERVED
+CVE-2020-26976 (When a HTTPS pages was embedded in a HTTP page, and there was
a servic ...)
- firefox 84.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26976
-CVE-2020-26975
- RESERVED
+CVE-2020-26975 (When a malicious application installed on the user's device
broadcast ...)
- firefox <not-affected> (Android specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26975
-CVE-2020-26974
- RESERVED
+CVE-2020-26974 (When flex-basis was used on a table wrapper, a
StyleGenericFlexBasis o ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -20192,8 +20191,7 @@ CVE-2020-26974
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26974
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26974
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974
-CVE-2020-26973
- RESERVED
+CVE-2020-26973 (Certain input to the CSS Sanitizer confused it, resulting in
incorrect ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -20201,12 +20199,10 @@ CVE-2020-26973
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26973
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26973
-CVE-2020-26972
- RESERVED
+CVE-2020-26972 (The lifecycle of IPC Actors allows managed actors to outlive
their man ...)
- firefox 84.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26972
-CVE-2020-26971
- RESERVED
+CVE-2020-26971 (Certain blit values provided by the user were not properly
constrained ...)
{DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
- firefox 84.0-1
- firefox-esr 78.6.0esr-1
@@ -20705,8 +20701,8 @@ CVE-2020-26775
RESERVED
CVE-2020-26774
RESERVED
-CVE-2020-26773
- RESERVED
+CVE-2020-26773 (Restaurant Reservation System 1.0 suffers from an
authenticated SQL in ...)
+ TODO: check
CVE-2020-26772
RESERVED
CVE-2020-26771
@@ -20715,8 +20711,8 @@ CVE-2020-26770
RESERVED
CVE-2020-26769
RESERVED
-CVE-2020-26768
- RESERVED
+CVE-2020-26768 (Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site
Scriptin ...)
+ TODO: check
CVE-2020-26767
RESERVED
CVE-2020-26766 (A Cross Site Request Forgery (CSRF) vulnerability exists in
the logins ...)
@@ -23234,8 +23230,7 @@ CVE-2020-25682
RESERVED
CVE-2020-25681
RESERVED
-CVE-2020-25680
- RESERVED
+CVE-2020-25680 (A flaw was found in JBCS httpd in version 2.4.37 SP3, where it
uses a ...)
NOT-FOR-US: JBCS httpd
CVE-2020-25679
RESERVED
@@ -23834,8 +23829,8 @@ CVE-2020-25478
RESERVED
CVE-2020-25477
RESERVED
-CVE-2020-25476
- RESERVED
+CVE-2020-25476 (Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind
persistent cro ...)
+ TODO: check
CVE-2020-25475 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL
Injectio ...)
NOT-FOR-US: SimplePHPscripts News Script PHP Pro
CVE-2020-25474 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a
Cross Site S ...)
@@ -25120,14 +25115,14 @@ CVE-2020-24905
RESERVED
CVE-2020-24904
RESERVED
-CVE-2020-24903
- RESERVED
-CVE-2020-24902
- RESERVED
-CVE-2020-24901
- RESERVED
-CVE-2020-24900
- RESERVED
+CVE-2020-24903 (Cute Editor for ASP.NET 6.4 is vulnerable to reflected
cross-site scri ...)
+ TODO: check
+CVE-2020-24902 (Quixplorer <=2.4.1 is vulnerable to reflected cross-site
scripting ...)
+ TODO: check
+CVE-2020-24901 (The default installation of Krpano Panorama Viewer version
<=1.20.8 ...)
+ TODO: check
+CVE-2020-24900 (The default installation of Krpano Panorama Viewer version
<=1.20.8 ...)
+ TODO: check
CVE-2020-24899
RESERVED
CVE-2020-24898 (The Table Filter and Charts for Confluence Server app before
5.3.26 (f ...)
@@ -50323,8 +50318,8 @@ CVE-2020-13575
RESERVED
CVE-2020-13574
RESERVED
-CVE-2020-13573
- RESERVED
+CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP
server fun ...)
+ TODO: check
CVE-2020-13572
RESERVED
CVE-2020-13571
@@ -63328,7 +63323,7 @@ CVE-2020-9050
RESERVED
CVE-2020-9049 (A vulnerability in specified versions of American Dynamics
victor Web ...)
NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson
Controls
-CVE-2020-9048 (A vulnerability in victor Web Client versions up to and
including v5.4 ...)
+CVE-2020-9048 (A vulnerability in specified versions of American Dynamics
victor Web ...)
NOT-FOR-US: Johnson Controls
CVE-2020-9047 (A vulnerability exists that could allow the execution of
unauthorized ...)
NOT-FOR-US: exacqVision Web Service
@@ -69365,10 +69360,10 @@ CVE-2020-6658
RESERVED
CVE-2020-6657
RESERVED
-CVE-2020-6656
- RESERVED
-CVE-2020-6655
- RESERVED
+CVE-2020-6656 (Eaton's easySoft software v7.20 and prior are susceptible to
file pars ...)
+ TODO: check
+CVE-2020-6655 (The Eaton's easySoft software v7.20 and prior are susceptible
to Out-o ...)
+ TODO: check
CVE-2020-6654 (A DLL Hijacking vulnerability in Eaton's 9000x Programming and
Configu ...)
NOT-FOR-US: Eaton
CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 & prior stores the
user l ...)
@@ -74203,20 +74198,20 @@ CVE-2020-4900 (IBM Business Automation Workflow
19.0.0.3 stores potentially sens
NOT-FOR-US: IBM
CVE-2020-4899 (IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak
sensit ...)
NOT-FOR-US: IBM
-CVE-2020-4898
- RESERVED
-CVE-2020-4897
- RESERVED
-CVE-2020-4896
- RESERVED
-CVE-2020-4895
- RESERVED
+CVE-2020-4898 (IBM Emptoris Strategic Supply Management 10.1.3 uses weaker
than expec ...)
+ TODO: check
+CVE-2020-4897 (IBM Emptoris Contract Management and IBM Emptoris Spend
Analysis 10.1. ...)
+ TODO: check
+CVE-2020-4896 (IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable
to web ...)
+ TODO: check
+CVE-2020-4895 (IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and
10.1.3 is ...)
+ TODO: check
CVE-2020-4894
RESERVED
-CVE-2020-4893
- RESERVED
-CVE-2020-4892
- RESERVED
+CVE-2020-4893 (IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and
10.1.3 tr ...)
+ TODO: check
+CVE-2020-4892 (IBM Emptoris Contract Management 10.1.3 is vulnerable to
cross-site sc ...)
+ TODO: check
CVE-2020-4891
RESERVED
CVE-2020-4890
@@ -134069,22 +134064,22 @@ CVE-2018-1000883 (Elixir Plug Plug version All
contains a Header Injection vulne
NOT-FOR-US: Elixir Plug, different from src:elixir-lang
CVE-2018-20317
RESERVED
-CVE-2018-20316
- RESERVED
-CVE-2018-20315
- RESERVED
-CVE-2018-20314
- RESERVED
-CVE-2018-20313
- RESERVED
-CVE-2018-20312
- RESERVED
-CVE-2018-20311
- RESERVED
-CVE-2018-20310
- RESERVED
-CVE-2018-20309
- RESERVED
+CVE-2018-20316 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x
before 9 ...)
+ TODO: check
+CVE-2018-20315 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x
before 9 ...)
+ TODO: check
+CVE-2018-20314 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x
before 9 ...)
+ TODO: check
+CVE-2018-20313 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x
before 9 ...)
+ TODO: check
+CVE-2018-20312 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x
before 9 ...)
+ TODO: check
+CVE-2018-20311 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x
before 9 ...)
+ TODO: check
+CVE-2018-20310 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x
before 9 ...)
+ TODO: check
+CVE-2018-20309 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x
before 9 ...)
+ TODO: check
CVE-2018-20308
RESERVED
CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a
Directory Travers ...)
@@ -143609,8 +143604,8 @@ CVE-2018-19420 (In GetSimpleCMS 3.3.15,
admin/upload.php blocks .html uploads bu
NOT-FOR-US: GetSimpleCMS
CVE-2018-19419
RESERVED
-CVE-2018-19418
- RESERVED
+CVE-2018-19418 (Foxit PDF ActiveX before 5.5.1 allows remote code execution
via comman ...)
+ TODO: check
CVE-2018-19417 (An issue was discovered in the MQTT server in Contiki-NG
before 4.2. T ...)
NOT-FOR-US: Contiki-NG
CVE-2018-19517 (An issue was discovered in sysstat 12.1.1. The remap_struct
function i ...)
@@ -145863,10 +145858,10 @@ CVE-2018-18690 (In the Linux kernel before 4.17, a
local attacker able to set at
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199119
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1105025
NOTE:
https://git.kernel.org/linus/7b38460dc8e4eafba06c78f8e37099d3b34d473c
-CVE-2018-18689
- RESERVED
-CVE-2018-18688
- RESERVED
+CVE-2018-18689 (The Portable Document Format (PDF) specification does not
provide any ...)
+ TODO: check
+CVE-2018-18688 (The Portable Document Format (PDF) specification does not
provide any ...)
+ TODO: check
CVE-2018-18687
RESERVED
CVE-2018-18686
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acf9289d3a0d222ed46c4f205845151496e78c04
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acf9289d3a0d222ed46c4f205845151496e78c04
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
