Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
775da16d by security tracker role at 2021-01-12T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2021-3127
+ RESERVED
+CVE-2021-3126
+ RESERVED
+CVE-2021-23896
+ RESERVED
+CVE-2021-23895
+ RESERVED
+CVE-2021-23894
+ RESERVED
+CVE-2021-23893
+ RESERVED
+CVE-2021-23892
+ RESERVED
+CVE-2021-23891
+ RESERVED
+CVE-2021-23890
+ RESERVED
+CVE-2021-23889
+ RESERVED
+CVE-2021-23888
+ RESERVED
+CVE-2021-23887
+ RESERVED
+CVE-2021-23886
+ RESERVED
+CVE-2021-23885
+ RESERVED
+CVE-2021-23884
+ RESERVED
+CVE-2021-23883
+ RESERVED
+CVE-2021-23882
+ RESERVED
+CVE-2021-23881
+ RESERVED
+CVE-2021-23880
+ RESERVED
+CVE-2021-23879
+ RESERVED
+CVE-2021-23878
+ RESERVED
+CVE-2021-23877
+ RESERVED
+CVE-2021-23876
+ RESERVED
+CVE-2021-23875
+ RESERVED
+CVE-2021-23874
+ RESERVED
+CVE-2021-23873
+ RESERVED
+CVE-2021-23872
+ RESERVED
+CVE-2021-23871
+ RESERVED
+CVE-2021-23870
+ RESERVED
+CVE-2021-23869
+ RESERVED
+CVE-2021-23868
+ RESERVED
+CVE-2021-23867
+ RESERVED
+CVE-2021-23866
+ RESERVED
+CVE-2021-23865
+ RESERVED
+CVE-2021-23864
+ RESERVED
+CVE-2021-23863
+ RESERVED
+CVE-2021-23862
+ RESERVED
+CVE-2021-23861
+ RESERVED
+CVE-2021-23860
+ RESERVED
+CVE-2021-23859
+ RESERVED
+CVE-2021-23858
+ RESERVED
+CVE-2021-23857
+ RESERVED
+CVE-2021-23856
+ RESERVED
+CVE-2021-23855
+ RESERVED
+CVE-2021-23854
+ RESERVED
+CVE-2021-23853
+ RESERVED
+CVE-2021-23852
+ RESERVED
+CVE-2021-23851
+ RESERVED
+CVE-2021-23850
+ RESERVED
+CVE-2021-23849
+ RESERVED
+CVE-2021-23848
+ RESERVED
+CVE-2021-23847
+ RESERVED
+CVE-2021-23846
+ RESERVED
+CVE-2021-23845
+ RESERVED
+CVE-2021-23844
+ RESERVED
+CVE-2021-23843
+ RESERVED
+CVE-2021-23842
+ RESERVED
+CVE-2021-23841
+ RESERVED
+CVE-2021-23840
+ RESERVED
+CVE-2021-23839
+ RESERVED
+CVE-2021-23838
+ RESERVED
+CVE-2021-23837
+ RESERVED
+CVE-2021-23836
+ RESERVED
+CVE-2021-23835
+ RESERVED
CVE-2021-3125
RESERVED
CVE-2021-3124
@@ -6536,8 +6664,8 @@ CVE-2021-21243
RESERVED
CVE-2021-21242
RESERVED
-CVE-2021-21241
- RESERVED
+CVE-2021-21241 (The Python "Flask-Security-Too" package is used for adding
security fe ...)
+ TODO: check
CVE-2021-21240
RESERVED
CVE-2021-21239
@@ -17591,8 +17719,7 @@ CVE-2021-0344
RESERVED
CVE-2021-0343
RESERVED
-CVE-2021-0342
- RESERVED
+CVE-2021-0342 (In tun_get_user of tun.c, there is possible memory corruption
due to a ...)
- linux 5.7.6-1
[buster] - linux 4.19.131-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -17636,63 +17763,49 @@ CVE-2021-0324
CVE-2021-0323
RESERVED
NOTE: Duplicate for CVE-2020-10767, clarification with Android security
team pending
-CVE-2021-0322
- RESERVED
+CVE-2021-0322 (In onCreate of SlicePermissionActivity.java, there is a
possible misle ...)
NOT-FOR-US: Android
-CVE-2021-0321
- RESERVED
+CVE-2021-0321 (In enforceDumpPermissionForPackage of
ActivityManagerService.java, the ...)
NOT-FOR-US: Android
-CVE-2021-0320
- RESERVED
-CVE-2021-0319
- RESERVED
+CVE-2021-0320 (In is_device_locked and set_device_locked of
keystore_keymaster_enforc ...)
+ TODO: check
+CVE-2021-0319 (In checkCallerIsSystemOr of CompanionDeviceManagerService.java,
there ...)
NOT-FOR-US: Android
-CVE-2021-0318
- RESERVED
+CVE-2021-0318 (In appendEventsToCacheLocked of SensorEventConnection.cpp,
there is a ...)
NOT-FOR-US: Android
-CVE-2021-0317
- RESERVED
+CVE-2021-0317 (In createOrUpdate of Permission.java and related code, there is
possib ...)
NOT-FOR-US: Android
-CVE-2021-0316
- RESERVED
-CVE-2021-0315
- RESERVED
+CVE-2021-0316 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible
out of ...)
+ TODO: check
+CVE-2021-0315 (In onCreate of GrantCredentialsPermissionActivity.java, there
is a pos ...)
NOT-FOR-US: Android
CVE-2021-0314
RESERVED
-CVE-2021-0313
- RESERVED
+CVE-2021-0313 (In isWordBreakAfter of LayoutUtils.cpp, there is a possible way
to slo ...)
NOT-FOR-US: Android
-CVE-2021-0312
- RESERVED
-CVE-2021-0311
- RESERVED
-CVE-2021-0310
- RESERVED
+CVE-2021-0312 (In WAVSource::read of WAVExtractor.cpp, there is a possible out
of bou ...)
+ TODO: check
+CVE-2021-0311 (In ElementaryStreamQueue::dequeueAccessUnitH264() of
ESQueue.cpp, ther ...)
+ TODO: check
+CVE-2021-0310 (In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a
possib ...)
NOT-FOR-US: Android
-CVE-2021-0309
- RESERVED
+CVE-2021-0309 (In onCreate of grantCredentialsPermissionActivity, there is a
confused ...)
NOT-FOR-US: Android
-CVE-2021-0308
- RESERVED
-CVE-2021-0307
- RESERVED
+CVE-2021-0308 (In ReadLogicalParts of basicmbr.cc, there is a possible out of
bounds ...)
+ TODO: check
+CVE-2021-0307 (In updatePermissionSourcePackage of
PermissionManagerService.java, the ...)
NOT-FOR-US: Android
-CVE-2021-0306
- RESERVED
+CVE-2021-0306 (In addAllPermissions of PermissionManagerService.java, there is
a poss ...)
NOT-FOR-US: Android
CVE-2021-0305
RESERVED
-CVE-2021-0304
- RESERVED
+CVE-2021-0304 (In several functions of GlobalScreenshot.java, there is a
possible per ...)
NOT-FOR-US: Android
-CVE-2021-0303
- RESERVED
+CVE-2021-0303 (In dispatchGraphTerminationMessage() of
packages/services/Car/computep ...)
NOT-FOR-US: Android
CVE-2021-0302
RESERVED
-CVE-2021-0301
- RESERVED
+CVE-2021-0301 (In ged, there is a possible out of bounds write due to a
missing bound ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-28335
RESERVED
@@ -20027,8 +20140,8 @@ CVE-2020-27640 (The Bluetooth handset of Mitel MiVoice
6940 and 6930 MiNet phone
NOT-FOR-US: Mitel
CVE-2020-27639 (The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940
SIP phone ...)
NOT-FOR-US: Mitel
-CVE-2020-27637
- RESERVED
+CVE-2020-27637 (The R programming language’s default package manager
CRAN is aff ...)
+ TODO: check
CVE-2020-27636
RESERVED
CVE-2020-27635
@@ -21283,8 +21396,7 @@ CVE-2020-27061
RESERVED
CVE-2020-27060
RESERVED
-CVE-2020-27059
- RESERVED
+CVE-2020-27059 (In onAuthenticated of AuthenticationClient.java, there is a
possible t ...)
NOT-FOR-US: Android
CVE-2020-27058
RESERVED
@@ -23040,8 +23152,8 @@ CVE-2020-26300
RESERVED
CVE-2020-26299
RESERVED
-CVE-2020-26298
- RESERVED
+CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In
Redcarpet befo ...)
+ TODO: check
CVE-2020-26297 (mdBook is a utility to create modern online books from
Markdown files ...)
NOT-FOR-US: mdBook
CVE-2020-26296 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
@@ -23664,8 +23776,8 @@ CVE-2020-26052
RESERVED
CVE-2020-26051
RESERVED
-CVE-2020-26050
- RESERVED
+CVE-2020-26050 (SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow
local pr ...)
+ TODO: check
CVE-2020-26049 (Nifty-PM CPE 2.3 is affected by stored HTML injection. The
impact is r ...)
NOT-FOR-US: Nifty-PM CPE
CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows
an authen ...)
@@ -28320,8 +28432,8 @@ CVE-2020-24029 (Because of unauthenticated password
changes in ForLogic Qualiex
NOT-FOR-US: ForLogic Qualiex
CVE-2020-24028 (ForLogic Qualiex v1 and v3 allows any authenticated customer
to achiev ...)
NOT-FOR-US: ForLogic Qualiex
-CVE-2020-24027
- RESERVED
+CVE-2020-24027 (In Live Networks, Inc., liblivemedia version 20200625, there
is a pote ...)
+ TODO: check
CVE-2020-24026
RESERVED
CVE-2020-24025 (Certificate validation in node-sass 2.0.0 to 4.14.1 is
disabled when r ...)
@@ -29112,8 +29224,8 @@ CVE-2020-23633
RESERVED
CVE-2020-23632
RESERVED
-CVE-2020-23631
- RESERVED
+CVE-2020-23631 (Cross-site request forgery (CSRF) in admin/global/manage.php
in WDJA C ...)
+ TODO: check
CVE-2020-23630 (A blind SQL injection vulnerability exists in zzcms ver201910
based on ...)
NOT-FOR-US: zzcms
CVE-2020-23629
@@ -44319,8 +44431,8 @@ CVE-2020-16148 (The ping page of the administration
panel in Telmat AccessLog &l
NOT-FOR-US: Telmat AccessLog
CVE-2020-16147 (The login page in Telmat AccessLog <= 6.0 (TAL_20180415)
allows an ...)
NOT-FOR-US: Telmat AccessLog
-CVE-2020-16146
- RESERVED
+CVE-2020-16146 (Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through
3.1.7, 3.2.x ...)
+ TODO: check
CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in
HTML me ...)
{DSA-4744-1 DLA-2322-1}
- roundcube 1.4.8+dfsg.1-1 (bug #968216)
@@ -90331,8 +90443,8 @@ CVE-2020-0473 (In updateIncomingFileConfirmNotification
of BluetoothOppNotificat
NOT-FOR-US: Android
CVE-2020-0472
RESERVED
-CVE-2020-0471
- RESERVED
+CVE-2020-0471 (In reassemble_and_dispatch of packet_fragmenter.cc, there is a
possibl ...)
+ TODO: check
CVE-2020-0470 (In extend_frame_highbd of restoration.c, there is a possible
out of bo ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0469 (In addEscrowToken of LockSettingsService.java, there is a
possible los ...)
@@ -119282,7 +119394,7 @@ CVE-2019-9378 (In the Activity Manager service, there
is a possible permission b
NOT-FOR-US: Android
CVE-2019-9377 (In FingerprintService, there is a possible bypass for operating
system ...)
NOT-FOR-US: Android
-CVE-2019-9376 (In the Accounts package, there is a possible crash due to
improper inp ...)
+CVE-2019-9376 (In Account of Account.java, there is a possible boot loop due
to impro ...)
NOT-FOR-US: Android
CVE-2019-9375 (In hostapd, there is a possible out of bounds write due to a
race cond ...)
NOT-FOR-US: Android
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/775da16d606c6f42ab42c7b642c46aac7e69e40c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/775da16d606c6f42ab42c7b642c46aac7e69e40c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
