[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Dec 31 08:10:34 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7bdc5f7 by security tracker role at 2020-12-31T08:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2021-21493
+	RESERVED
+CVE-2021-21492
+	RESERVED
+CVE-2021-21491
+	RESERVED
+CVE-2021-21490
+	RESERVED
+CVE-2021-21489
+	RESERVED
+CVE-2021-21488
+	RESERVED
+CVE-2021-21487
+	RESERVED
+CVE-2021-21486
+	RESERVED
+CVE-2021-21485
+	RESERVED
+CVE-2021-21484
+	RESERVED
+CVE-2021-21483
+	RESERVED
+CVE-2021-21482
+	RESERVED
+CVE-2021-21481
+	RESERVED
+CVE-2021-21480
+	RESERVED
+CVE-2021-21479
+	RESERVED
+CVE-2021-21478
+	RESERVED
+CVE-2021-21477
+	RESERVED
+CVE-2021-21476
+	RESERVED
+CVE-2021-21475
+	RESERVED
+CVE-2021-21474
+	RESERVED
+CVE-2021-21473
+	RESERVED
+CVE-2021-21472
+	RESERVED
+CVE-2021-21471
+	RESERVED
+CVE-2021-21470
+	RESERVED
+CVE-2021-21469
+	RESERVED
+CVE-2021-21468
+	RESERVED
+CVE-2021-21467
+	RESERVED
+CVE-2021-21466
+	RESERVED
+CVE-2021-21465
+	RESERVED
+CVE-2021-21464
+	RESERVED
+CVE-2021-21463
+	RESERVED
+CVE-2021-21462
+	RESERVED
+CVE-2021-21461
+	RESERVED
+CVE-2021-21460
+	RESERVED
+CVE-2021-21459
+	RESERVED
+CVE-2021-21458
+	RESERVED
+CVE-2021-21457
+	RESERVED
+CVE-2021-21456
+	RESERVED
+CVE-2021-21455
+	RESERVED
+CVE-2021-21454
+	RESERVED
+CVE-2021-21453
+	RESERVED
+CVE-2021-21452
+	RESERVED
+CVE-2021-21451
+	RESERVED
+CVE-2021-21450
+	RESERVED
+CVE-2021-21449
+	RESERVED
+CVE-2021-21448
+	RESERVED
+CVE-2021-21447
+	RESERVED
+CVE-2021-21446
+	RESERVED
+CVE-2021-21445
+	RESERVED
+CVE-2021-21444
+	RESERVED
+CVE-2020-35856
+	RESERVED
+CVE-2020-35855
+	RESERVED
+CVE-2020-35854
+	RESERVED
 CVE-2020-35853
 	RESERVED
 CVE-2020-35852
@@ -255,8 +361,8 @@ CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples i
 	[buster] - wavpack <no-dsa> (Minor issue)
 	NOTE: https://github.com/dbry/WavPack/issues/91
 	NOTE: https://github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0
-CVE-2020-35737
-	RESERVED
+CVE-2020-35737 (In Correspondence Management System (corms) in Newgen eGov 12.0, an at ...)
+	TODO: check
 CVE-2020-35736 (GateOne 1.1 allows arbitrary file download without authentication via  ...)
 	NOT-FOR-US: GateOne
 CVE-2020-35735 (Vidyo 02-09-/D allows clickjacking via the portal/ URI. ...)
@@ -10250,8 +10356,8 @@ CVE-2020-28415 (A reflected cross-site scripting (XSS) vulnerability exists in t
 	NOT-FOR-US: TranzWare Payment Gateway
 CVE-2020-28414 (A reflected cross-site scripting (XSS) vulnerability exists in the Tra ...)
 	NOT-FOR-US: TranzWare Payment Gateway
-CVE-2020-28413
-	RESERVED
+CVE-2020-28413 (In MantisBT 2.24.3, SQL Injection can occur in the parameter "access"  ...)
+	TODO: check
 CVE-2020-28412
 	RESERVED
 CVE-2020-28411
@@ -12444,8 +12550,8 @@ CVE-2020-28097
 	RESERVED
 CVE-2020-28096 (FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART acc ...)
 	NOT-FOR-US: FOSCAM FHD
-CVE-2020-28095
-	RESERVED
+CVE-2020-28095 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP PO ...)
+	TODO: check
 CVE-2020-28094 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default set ...)
 	NOT-FOR-US: Tenda
 CVE-2020-28093 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, ...)
@@ -14543,8 +14649,8 @@ CVE-2020-27536
 	RESERVED
 CVE-2020-27535
 	RESERVED
-CVE-2020-27534
-	RESERVED
+CVE-2020-27534 (util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 c ...)
+	TODO: check
 CVE-2020-27533 (A Cross Site Scripting (XSS) issue was discovered in the search featur ...)
 	NOT-FOR-US: DedeCMS
 CVE-2020-27532
@@ -17293,8 +17399,8 @@ CVE-2020-26298
 	RESERVED
 CVE-2020-26297
 	RESERVED
-CVE-2020-26296
-	RESERVED
+CVE-2020-26296 (Vega is a visualization grammar, a declarative format for creating, sa ...)
+	TODO: check
 CVE-2020-26295
 	RESERVED
 CVE-2020-26294
@@ -17303,14 +17409,14 @@ CVE-2020-26293
 	RESERVED
 CVE-2020-26292
 	RESERVED
-CVE-2020-26291
-	RESERVED
+CVE-2020-26291 (URI.js is a javascript URL mutation library (npm package urijs). In UR ...)
+	TODO: check
 CVE-2020-26290 (Dex is a federated OpenID Connect provider written in Go. In Dex befor ...)
 	TODO: check
 CVE-2020-26289 (date-and-time is an npm package for manipulating date and time. In dat ...)
 	TODO: check
-CVE-2020-26288
-	RESERVED
+CVE-2020-26288 (Parse Server is an open source backend that can be deployed to any inf ...)
+	TODO: check
 CVE-2020-26287 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...)
 	NOT-FOR-US: HedgeDoc
 CVE-2020-26286 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...)
@@ -17433,6 +17539,7 @@ CVE-2020-26239 (Scratch Addons is a WebExtension that supports both Chrome and F
 CVE-2020-26238 (Cron-utils is a Java library to parse, validate, migrate crons as well ...)
 	NOT-FOR-US: cron-utils Java library
 CVE-2020-26237 (Highlight.js is a syntax highlighter written in JavaScript. Highlight. ...)
+	{DLA-2511-1}
 	- highlight.js 9.18.1+dfsg1-3 (bug #976446)
 	NOTE: https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx
 	NOTE: https://github.com/highlightjs/highlight.js/pull/2636
@@ -31291,8 +31398,8 @@ CVE-2020-19666
 	RESERVED
 CVE-2020-19665
 	RESERVED
-CVE-2020-19664
-	RESERVED
+CVE-2020-19664 (DrayTek Vigor2960 1.5.1 allows remote command execution via shell meta ...)
+	TODO: check
 CVE-2020-19663
 	RESERVED
 CVE-2020-19662
@@ -35978,8 +36085,8 @@ CVE-2020-17365 (Improper directory permissions in the Hotspot Shield VPN client
 	NOT-FOR-US: Hotspot Shield VPN client for Windows
 CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. ...)
 	NOT-FOR-US: User-friendly SVN
-CVE-2020-17363
-	RESERVED
+CVE-2020-17363 (USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution ...)
+	TODO: check
 CVE-2020-17362 (search.php in the Nova Lite theme before 1.3.9 for WordPress allows Re ...)
 	NOT-FOR-US: Nova Lite theme for WordPress
 CVE-2020-17361 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...)
@@ -38585,7 +38692,7 @@ CVE-2020-16134 (An issue was discovered on Swisscom Internet Box 2, Internet Box
 CVE-2020-16133
 	RESERVED
 CVE-2020-16132
-	RESERVED
+	REJECTED
 CVE-2017-18923 (beroNet VoIP Gateways before 3.0.16 have a PHP script that allows down ...)
 	NOT-FOR-US: beroNet
 CVE-2020-16131 (Tiki before 21.2 allows XSS because [\s\/"\'] is not properly consider ...)
@@ -45537,8 +45644,8 @@ CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implement
 	NOT-FOR-US: Hobbes
 CVE-2020-13655 (An issue was discovered in Collabtive 3.0 and later. managefile.php is ...)
 	- collabtive <removed>
-CVE-2020-13654
-	RESERVED
+CVE-2020-13654 (XWiki Platform before 12.8 mishandles escaping in the property display ...)
+	TODO: check
 CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra Collabo ...)
 	NOT-FOR-US: Zimbra
 CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...)
@@ -45565,8 +45672,7 @@ CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of G
 	NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135
 	NOTE: Updating glib-networking to address CVE-2020-13645 will need a compatibility
 	NOTE: update as well for balsa (cf. https://bugs.debian.org/961792)
-CVE-2019-20808 [out-of-bounds read in ati_cursor_define() function in hw/display/ati.c leads to DoS]
-	RESERVED
+CVE-2019-20808 (In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA imp ...)
 	- qemu 1:4.2-1
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -48059,8 +48165,8 @@ CVE-2020-12659 (An issue was discovered in the Linux kernel before 5.6.7. xdp_um
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2)
-CVE-2020-12658
-	RESERVED
+CVE-2020-12658 (gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex befor ...)
+	TODO: check
 CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There is a u ...)
 	- linux 5.6.7-1
 	[buster] - linux 4.19.118-1
@@ -49916,8 +50022,8 @@ CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras bef
 	NOT-FOR-US: VIVOTEK Network Cameras
 CVE-2020-11948
 	RESERVED
-CVE-2020-11947 [heap-based buffer over-read]
-	RESERVED
+CVE-2020-11947 (iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buf ...)
+	{DSA-4665-1}
 	- qemu 1:4.2-7
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 (v5.0.0-rc4)
 CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...)
@@ -53152,8 +53258,8 @@ CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It emp
 	NOT-FOR-US: USC iLab cereal
 CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...)
 	NOT-FOR-US: USC iLab cereal
-CVE-2020-11103
-	RESERVED
+CVE-2020-11103 (JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1,  ...)
+	TODO: check
 CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying  ...)
 	- qemu 1:4.2-4 (bug #956145)
 	[buster] - qemu <not-affected> (Vulnerable code/Tulip NIC emulator added later)
@@ -89210,8 +89316,8 @@ CVE-2019-16749
 CVE-2019-16748 (In wolfSSL through 4.1.0, there is a missing sanity check of memory ac ...)
 	- wolfssl 4.2.0+dfsg-1
 	NOTE: https://github.com/wolfSSL/wolfssl/issues/2459
-CVE-2019-16747
-	RESERVED
+CVE-2019-16747 (In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an inval ...)
+	TODO: check
 CVE-2019-16745 (eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. ...)
 	NOT-FOR-US: eBrigade
 CVE-2019-16744 (eBrigade before 5.0 has evenements.php cid SQL Injection. ...)
@@ -90409,8 +90515,8 @@ CVE-2019-16283
 	RESERVED
 CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...)
 	NOT-FOR-US: NCH Express Invoice
-CVE-2019-16281
-	RESERVED
+CVE-2019-16281 (Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token ...)
+	TODO: check
 CVE-2019-16280
 	RESERVED
 CVE-2019-16279 (A memory error in the function SSL_accept in nostromo nhttpd through 1 ...)
@@ -92822,8 +92928,8 @@ CVE-2019-15525 (There is Missing SSL Certificate Validation in the pw3270 termin
 	NOT-FOR-US: pw3270 terminal emulator
 CVE-2019-15524 (CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php  ...)
 	NOT-FOR-US: CSZ CMS
-CVE-2019-15523
-	RESERVED
+CVE-2019-15523 (An issue was discovered in LINBIT csync2 through 2.0. It does not corr ...)
+	TODO: check
 CVE-2019-15522 (An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_ses ...)
 	- csync2 2.0-25-gc0faaf9-1 (bug #955445)
 	[buster] - csync2 2.0-22-gce67c55-1+deb10u1
@@ -94247,12 +94353,12 @@ CVE-2019-15082 (The 360-product-rotation plugin before 1.4.8 for WordPress has r
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-15081 (OpenCart 3.x, when the attacker has login access to the admin panel, a ...)
 	NOT-FOR-US: OpenCart
-CVE-2019-15080
-	RESERVED
-CVE-2019-15079
-	RESERVED
-CVE-2019-15078
-	RESERVED
+CVE-2019-15080 (An issue was discovered in a smart contract implementation for MORPH T ...)
+	TODO: check
+CVE-2019-15079 (A typo exists in the constructor of a smart contract implementation fo ...)
+	TODO: check
+CVE-2019-15078 (An issue was discovered in a smart contract implementation for AIRDROP ...)
+	TODO: check
 CVE-2019-15077
 	RESERVED
 CVE-2019-15076
@@ -102189,8 +102295,8 @@ CVE-2019-12955
 	RESERVED
 CVE-2019-12954 (SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, ...)
 	NOT-FOR-US: SolarWinds
-CVE-2019-12953
-	RESERVED
+CVE-2019-12953 (Dropbear 2011.54 through 2018.76 has an inconsistent failure delay tha ...)
+	TODO: check
 CVE-2019-12952
 	RESERVED
 CVE-2019-12951 (An issue was discovered in Mongoose before 6.15. The parse_mqtt() func ...)
@@ -102702,8 +102808,8 @@ CVE-2019-12770
 	RESERVED
 CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 ...)
 	NOT-FOR-US: SolarWinds
-CVE-2019-12768
-	RESERVED
+CVE-2019-12768 (An issue was discovered on D-Link DAP-1650 devices through v1.03b07 be ...)
+	TODO: check
 CVE-2019-12767 (An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H ...)
 	NOT-FOR-US: D-Link
 CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform fieldtype ...)
@@ -104357,7 +104463,7 @@ CVE-2019-12157 (In JetBrains TeamCity versions before 2018.2.5 and UpSource vers
 	NOT-FOR-US: JetBrains TeamCity
 CVE-2019-12156 (Server metadata could be exposed because one of the error messages ref ...)
 	NOT-FOR-US: JetBrains TeamCity
-CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NUL ...)
+CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4 ...)
 	{DSA-4454-1 DLA-1927-1}
 	- qemu 1:3.1+dfsg-8 (bug #929353)
 	[buster] - qemu 1:3.1+dfsg-8~deb10u1
@@ -117552,10 +117658,10 @@ CVE-2019-7728 (An issue was discovered in the Bosch Smart Camera App before 1.3.
 	NOT-FOR-US: Bosch Smart Camera App
 CVE-2019-7727 (In NICE Engage through 6.5, the default configuration binds an unauthe ...)
 	NOT-FOR-US: NICE Engage
-CVE-2019-7726
-	RESERVED
-CVE-2019-7725
-	RESERVED
+CVE-2019-7726 (modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL IN ...)
+	TODO: check
+CVE-2019-7725 (includes/core/is_user.php in NukeViet before 4.3.04 deserializes the u ...)
+	TODO: check
 CVE-2019-7724
 	RESERVED
 CVE-2019-7723
@@ -146378,8 +146484,8 @@ CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1
 	NOT-FOR-US: PotPlayer
 CVE-2018-16796 (HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files wit ...)
 	NOT-FOR-US: HiScout GRC Suite
-CVE-2018-16795
-	RESERVED
+CVE-2018-16795 (OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/a ...)
+	TODO: check
 CVE-2018-16794 (Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory  ...)
 	NOT-FOR-US: Microsoft ADFS 4.0 Windows Server
 CVE-2018-16793 (Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions ...)
@@ -153558,8 +153664,8 @@ CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnera
 	NOT-FOR-US: SRCMS
 CVE-2018-14068 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
 	NOT-FOR-US: SRCMS
-CVE-2018-14067
-	RESERVED
+CVE-2018-14067 (Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injec ...)
+	TODO: check
 CVE-2018-14066 (The content://wappush content provider in com.android.provider.telepho ...)
 	NOT-FOR-US: Lenovo
 CVE-2018-14065 (XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. ...)
@@ -246042,18 +246148,18 @@ CVE-2016-9028 (Unauthorized redirect vulnerability in Citrix NetScaler ADC befor
 	NOT-FOR-US: Citrix
 CVE-2016-9027
 	RESERVED
-CVE-2016-9026
-	RESERVED
-CVE-2016-9025
-	RESERVED
+CVE-2016-9026 (Exponent CMS before 2.6.0 has improper input validation in fileControl ...)
+	TODO: check
+CVE-2016-9025 (Exponent CMS before 2.6.0 has improper input validation in purchaseOrd ...)
+	TODO: check
 CVE-2016-9024
 	RESERVED
-CVE-2016-9023
-	RESERVED
-CVE-2016-9022
-	RESERVED
-CVE-2016-9021
-	RESERVED
+CVE-2016-9023 (Exponent CMS before 2.6.0 has improper input validation in cron/find_h ...)
+	TODO: check
+CVE-2016-9022 (Exponent CMS before 2.6.0 has improper input validation in usersContro ...)
+	TODO: check
+CVE-2016-9021 (Exponent CMS before 2.6.0 has improper input validation in storeContro ...)
+	TODO: check
 CVE-2016-9020 (SQL injection vulnerability in framework/modules/help/controllers/help ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2016-9019 (SQL injection vulnerability in the activate_address function in framew ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7bdc5f70e64dfe62b9c86a9911fccac307abaf2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7bdc5f70e64dfe62b9c86a9911fccac307abaf2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201231/1338f162/attachment.html>


More information about the debian-security-tracker-commits mailing list