Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca6ea65d by security tracker role at 2021-01-08T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-3112
+ RESERVED
+CVE-2021-3111
+ RESERVED
+CVE-2021-3110
+ RESERVED
+CVE-2021-3109
+ RESERVED
+CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal
via ../ ...)
+ TODO: check
+CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal
via ../ ...)
+ TODO: check
+CVE-2021-23240
+ RESERVED
+CVE-2021-23239
+ RESERVED
CVE-2021-3108
RESERVED
CVE-2021-3107
@@ -1139,8 +1155,8 @@ CVE-2021-3027
RESERVED
CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows
XSS durin ...)
NOT-FOR-US: Invision Community IPS Community Suite
-CVE-2021-3025
- RESERVED
+CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows
SQL Injec ...)
+ TODO: check
CVE-2021-22695
RESERVED
CVE-2021-22694
@@ -3822,10 +3838,10 @@ CVE-2020-36051 (Directory traversal vulnerability in
page_edit.php in MiniCMS V1
NOT-FOR-US: MiniCMS
CVE-2020-36050
RESERVED
-CVE-2020-36049
- RESERVED
-CVE-2020-36048
- RESERVED
+CVE-2020-36049 (socket.io-parser before 3.4.1 allows attackers to cause a
denial of se ...)
+ TODO: check
+CVE-2020-36048 (Engine.IO before 4.0.0 allows attackers to cause a denial of
service ( ...)
+ TODO: check
CVE-2020-36047
RESERVED
CVE-2020-36046
@@ -4628,8 +4644,8 @@ CVE-2020-35747
RESERVED
CVE-2020-35746
RESERVED
-CVE-2020-35745
- RESERVED
+CVE-2020-35745 (PHPGURUKUL Hospital Management System V 4.0 does not properly
restrict ...)
+ TODO: check
CVE-2020-35744
RESERVED
CVE-2020-35743 (HGiga MailSherlock contains a SQL injection flaw. Attackers
can inject ...)
@@ -14358,18 +14374,18 @@ CVE-2021-1058
RESERVED
CVE-2021-1057
RESERVED
-CVE-2021-1056
- RESERVED
-CVE-2021-1055
- RESERVED
-CVE-2021-1054
- RESERVED
-CVE-2021-1053
- RESERVED
-CVE-2021-1052
- RESERVED
-CVE-2021-1051
- RESERVED
+CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a
vulnerab ...)
+ TODO: check
+CVE-2021-1055 (NVIDIA GPU Display Driver for Windows, all versions, contains a
vulner ...)
+ TODO: check
+CVE-2021-1054 (NVIDIA GPU Display Driver for Windows, all versions, contains a
vulner ...)
+ TODO: check
+CVE-2021-1053 (NVIDIA GPU Display Driver for Windows and Linux, all versions,
contain ...)
+ TODO: check
+CVE-2021-1052 (NVIDIA GPU Display Driver for Windows and Linux, all versions,
contain ...)
+ TODO: check
+CVE-2021-1051 (NVIDIA GPU Display Driver for Windows, all versions, contains a
vulner ...)
+ TODO: check
CVE-2020-28576 (An improper access control information disclosure
vulnerability in Tre ...)
NOT-FOR-US: Trend Micro
CVE-2020-28575 (A heap-based buffer overflow privilege escalation
vulnerability in Tre ...)
@@ -21841,12 +21857,12 @@ CVE-2020-26261 (jupyterhub-systemdspawner enables
JupyterHub to spawn single-use
CVE-2020-26260 (BookStack is a platform for storing and organising information
and doc ...)
NOT-FOR-US: BookStack
CVE-2020-26259 (XStream is a Java library to serialize objects to XML and back
again. ...)
- {DLA-2507-1}
+ {DSA-4828-1 DLA-2507-1}
- libxstream-java 1.4.15-1 (bug #977624)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-jfvx-7wrx-43fh
NOTE: https://x-stream.github.io/CVE-2020-26259.html
CVE-2020-26258 (XStream is a Java library to serialize objects to XML and back
again. ...)
- {DLA-2507-1}
+ {DSA-4828-1 DLA-2507-1}
- libxstream-java 1.4.15-1 (bug #977625)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28
NOTE: https://x-stream.github.io/CVE-2020-26258.html
@@ -22567,8 +22583,8 @@ CVE-2020-25952 (SQL injection vulnerability in
PHPGurukul User Registration &
NOT-FOR-US: PHPGurukul
CVE-2020-25951
RESERVED
-CVE-2020-25950
- RESERVED
+CVE-2020-25950 (Advanced Webhost Billing System 3.7.0 is affected by Cross
Site Reques ...)
+ TODO: check
CVE-2020-25949
RESERVED
CVE-2020-25948
@@ -25824,8 +25840,8 @@ CVE-2020-24579 (An issue was discovered on D-Link
DSL-2888A devices with firmwar
NOT-FOR-US: D-Link
CVE-2020-24578 (An issue was discovered on D-Link DSL-2888A devices with
firmware prio ...)
NOT-FOR-US: D-Link
-CVE-2020-24577
- RESERVED
+CVE-2020-24577 (An issue was discovered on D-Link DSL-2888A devices with
firmware prio ...)
+ TODO: check
CVE-2020-24576
RESERVED
CVE-2020-24575
@@ -40136,8 +40152,8 @@ CVE-2020-17502
RESERVED
CVE-2020-17501
RESERVED
-CVE-2020-17500
- RESERVED
+CVE-2020-17500 (Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and
NDN-211 P ...)
+ TODO: check
CVE-2020-17499
RESERVED
CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector
could crash. ...)
@@ -43282,6 +43298,7 @@ CVE-2020-16045
RESERVED
CVE-2020-16044
RESERVED
+ {DSA-4827-1}
- firefox 84.0.2-1
- firefox-esr 78.6.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044
@@ -50566,14 +50583,14 @@ CVE-2020-13454
RESERVED
CVE-2020-13453
RESERVED
-CVE-2020-13452
- RESERVED
-CVE-2020-13451
- RESERVED
-CVE-2020-13450
- RESERVED
-CVE-2020-13449
- RESERVED
+CVE-2020-13452 (In Gotenberg through 6.2.1, insecure permissions for tini
(writable by ...)
+ TODO: check
+CVE-2020-13451 (An incomplete-cleanup vulnerability in the Office rendering
engine of ...)
+ TODO: check
+CVE-2020-13450 (A directory traversal vulnerability in file upload function of
Gotenbe ...)
+ TODO: check
+CVE-2020-13449 (A directory traversal vulnerability in the Markdown engine of
Gotenber ...)
+ TODO: check
CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition
through 2.1.8 ...)
NOT-FOR-US: QuickBox
CVE-2020-13447
@@ -87645,10 +87662,10 @@ CVE-2019-18645 (The quarantine restoration function
in Total Defense Anti-virus
NOT-FOR-US: Total Defense Anti-virus
CVE-2019-18644 (The malware scan function in Total Defense Anti-virus
11.5.2.28 is vul ...)
NOT-FOR-US: Total Defense Anti-virus
-CVE-2019-18643
- RESERVED
-CVE-2019-18642
- RESERVED
+CVE-2019-18643 (Rock RMS versions before 8.10 and versions 9.0 through 9.3
fails to pr ...)
+ TODO: check
+CVE-2019-18642 (Rock RMS version before 8.6 is vulnerable to account takeover
by tampe ...)
+ TODO: check
CVE-2019-18641 (Rock RMS before 1.8.6 mishandles vCard access control within
the Peopl ...)
NOT-FOR-US: Rock RMS
CVE-2019-18640
@@ -165974,7 +165991,7 @@ CVE-2018-11213 (An issue was discovered in libjpeg
9a. The get_text_gray_row fun
- libjpeg9 1:9c-1 (low; bug #902176)
- libjpeg-turbo 1:1.4.2-1
NOTE:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91
(1.4.2)
-CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray
function in jm ...)
+CVE-2018-11212 (An issue was discovered in libjpeg 9a and 9d. The alloc_sarray
functio ...)
{DLA-1638-1}
- libjpeg9 1:9c-1 (low; bug #902176)
- libjpeg-turbo 1:1.4.2-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6ea65d378ea994a9a3550cd59675e83f2d3368
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6ea65d378ea994a9a3550cd59675e83f2d3368
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
