[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Dec 30 08:10:29 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
713322f7 by security tracker role at 2020-12-30T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,173 @@
+CVE-2021-21443
+	RESERVED
+CVE-2021-21442
+	RESERVED
+CVE-2021-21441
+	RESERVED
+CVE-2021-21440
+	RESERVED
+CVE-2021-21439
+	RESERVED
+CVE-2021-21438
+	RESERVED
+CVE-2021-21437
+	RESERVED
+CVE-2021-21436
+	RESERVED
+CVE-2021-21435
+	RESERVED
+CVE-2021-21434
+	RESERVED
+CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...)
+	TODO: check
+CVE-2020-35849
+	RESERVED
+CVE-2020-35848 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...)
+	TODO: check
+CVE-2020-35847 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...)
+	TODO: check
+CVE-2020-35846 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...)
+	TODO: check
+CVE-2020-35845
+	RESERVED
+CVE-2020-35844
+	RESERVED
+CVE-2020-35843
+	RESERVED
+CVE-2020-35842 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+	TODO: check
+CVE-2020-35841 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+	TODO: check
+CVE-2020-35840 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+	TODO: check
+CVE-2020-35839 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35838 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35837 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35836 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35835 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35834 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35833 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35832 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35831 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35830 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35829 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35828 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35827 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35826 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35825 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35824 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35823 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35822 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35821 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35820 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35819 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35818 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35817 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35816 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35815 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35814 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35813 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35812 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35811 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35810 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35809 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35808 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...)
+	TODO: check
+CVE-2020-35807 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35806 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35805 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2020-35804 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+	TODO: check
+CVE-2020-35803 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+	TODO: check
+CVE-2020-35802 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+	TODO: check
+CVE-2020-35801 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+	TODO: check
+CVE-2020-35800 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+	TODO: check
+CVE-2020-35799 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2020-35798 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2020-35797 (NETGEAR NMS300 devices before 1.6.0.27 are affected by command injecti ...)
+	TODO: check
+CVE-2020-35796 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+	TODO: check
+CVE-2020-35795 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+	TODO: check
+CVE-2020-35794 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2020-35793 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2020-35792 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2020-35791 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2020-35790 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2020-35789 (NETGEAR NMS300 devices before 1.6.0.27 are affected by command injecti ...)
+	TODO: check
+CVE-2020-35788 (NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overfl ...)
+	TODO: check
+CVE-2020-35787 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+	TODO: check
+CVE-2020-35786 (NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflo ...)
+	TODO: check
+CVE-2020-35785 (NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authenticat ...)
+	TODO: check
+CVE-2020-35784 (Certain NETGEAR devices are affected by lack of access control at the  ...)
+	TODO: check
+CVE-2020-35783 (Certain NETGEAR devices are affected by lack of access control at the  ...)
+	TODO: check
+CVE-2020-35782 (Certain NETGEAR devices are affected by lack of access control at the  ...)
+	TODO: check
+CVE-2020-35781 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...)
+	TODO: check
+CVE-2020-35780 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...)
+	TODO: check
+CVE-2020-35779 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...)
+	TODO: check
+CVE-2020-35778 (Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 be ...)
+	TODO: check
+CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command inj ...)
+	TODO: check
+CVE-2020-35776
+	RESERVED
 CVE-2020-35775
 	RESERVED
 CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (a ...)
@@ -6067,8 +6237,8 @@ CVE-2020-29596 (MiniWeb HTTP server 0.8.19 allows remote attackers to cause a de
 	NOT-FOR-US: MiniWeb HTTP server
 CVE-2020-29595 (PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 ...)
 	NOT-FOR-US: ACDSee Photo Studio Studio Professional
-CVE-2020-29594
-	RESERVED
+CVE-2020-29594 (Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x be ...)
+	TODO: check
 CVE-2020-29593
 	RESERVED
 CVE-2020-29592
@@ -11850,17 +12020,17 @@ CVE-2020-28285
 	RESERVED
 CVE-2020-28284
 	RESERVED
-CVE-2020-28283 (Prototype pollution vulnerability in ‘libnested’ versions  ...)
+CVE-2020-28283 (Prototype pollution vulnerability in 'libnested' versions 0.0.0 throug ...)
 	TODO: check
-CVE-2020-28282 (Prototype pollution vulnerability in ‘getobject’ version 0 ...)
+CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0 allows  ...)
 	TODO: check
-CVE-2020-28281 (Prototype pollution vulnerability in ‘set-object-value’ ve ...)
+CVE-2020-28281 (Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 ...)
 	TODO: check
-CVE-2020-28280 (Prototype pollution vulnerability in ‘predefine’ versions  ...)
+CVE-2020-28280 (Prototype pollution vulnerability in 'predefine' versions 0.0.0 throug ...)
 	TODO: check
-CVE-2020-28279 (Prototype pollution vulnerability in ‘flattenizer’ version ...)
+CVE-2020-28279 (Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 thro ...)
 	TODO: check
-CVE-2020-28278 (Prototype pollution vulnerability in ‘shvl’ versions 1.0.0 ...)
+CVE-2020-28278 (Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0 ...)
 	TODO: check
 CVE-2020-28277 (Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0 ...)
 	TODO: check
@@ -14061,12 +14231,12 @@ CVE-2020-27647
 	RESERVED
 CVE-2020-27646 (Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1 ...)
 	NOT-FOR-US: Biscom Secure File Transfer (SFT)
-CVE-2020-27645
-	RESERVED
-CVE-2020-27644
-	RESERVED
-CVE-2020-27643
-	RESERVED
+CVE-2020-27645 (The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unqu ...)
+	TODO: check
+CVE-2020-27644 (The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unqu ...)
+	TODO: check
+CVE-2020-27643 (The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0 ...)
+	TODO: check
 CVE-2020-27642 (A cross-site scripting (XSS) vulnerability exists in the 'merge accoun ...)
 	NOT-FOR-US: BigBlueButton
 CVE-2020-27641
@@ -19781,7 +19951,7 @@ CVE-2020-25201 (HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a
 	[buster] - consul <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/hashicorp/consul/pull/9024
 	NOTE: https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020
-CVE-2020-25200 (Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames ...)
+CVE-2020-25200 (** DISPUTED ** Pritunl 1.29.2145.25 allows attackers to enumerate vali ...)
 	NOT-FOR-US: Pritunl
 CVE-2019-20916 (The pip package before 19.2 for Python allows Directory Traversal when ...)
 	{DLA-2370-1}
@@ -38077,8 +38247,8 @@ CVE-2020-16270 (OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote
 CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...)
 	- radare2 <unfixed>
 	NOTE: https://github.com/radareorg/radare2/issues/17383
-CVE-2020-16268
-	RESERVED
+CVE-2020-16268 (The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote a ...)
+	TODO: check
 CVE-2020-16267 (Zoho ManageEngine Applications Manager version 14740 and prior allows  ...)
 	NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...)
@@ -55745,16 +55915,16 @@ CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SS
 	NOT-FOR-US: Responsive FileManager
 CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...)
 	NOT-FOR-US: Mitel
-CVE-2020-10210
-	RESERVED
-CVE-2020-10209
-	RESERVED
-CVE-2020-10208
-	RESERVED
-CVE-2020-10207
-	RESERVED
-CVE-2020-10206
-	RESERVED
+CVE-2020-10210 (Because of hard-coded SSH keys for the root user in Amino Communicatio ...)
+	TODO: check
+CVE-2020-10209 (Command Injection in the CPE WAN Management Protocol (CWMP) registrati ...)
+	TODO: check
+CVE-2020-10208 (Command Injection in EntoneWebEngine in Amino Communications AK45x ser ...)
+	TODO: check
+CVE-2020-10207 (Use of Hard-coded Credentials in EntoneWebEngine in Amino Communicatio ...)
+	TODO: check
+CVE-2020-10206 (Use of a Hard-coded Password in VNCserver in Amino Communications AK45 ...)
+	TODO: check
 CVE-2020-10205
 	RESERVED
 CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. ...)
@@ -55914,8 +56084,8 @@ CVE-2020-10150
 	RESERVED
 CVE-2020-10149
 	RESERVED
-CVE-2020-10148
-	RESERVED
+CVE-2020-10148 (The SolarWinds Orion API is vulnerable to an authentication bypass tha ...)
+	TODO: check
 CVE-2020-10147
 	RESERVED
 CVE-2020-10146 (The Microsoft Teams online service contains a stored cross-site script ...)
@@ -202888,7 +203058,7 @@ CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an E
 	- libav <removed>
 	[jessie] - libav <not-affected> (vulnerable code is not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6
-CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not  ...)
+CVE-2017-14058 (In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c d ...)
 	{DSA-3996-1 DLA-1740-1}
 	- ffmpeg 7:3.3.4-1 (low)
 	- libav <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/713322f7d4337c52b5b93c9e4c48fc13c02a9c09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/713322f7d4337c52b5b93c9e4c48fc13c02a9c09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201230/5d800e55/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list