[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 2 08:10:29 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a6c149ed by security tracker role at 2021-02-02T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2021-3391
+ RESERVED
+CVE-2021-3390
+ RESERVED
+CVE-2021-3389
+ RESERVED
+CVE-2021-3388
+ RESERVED
+CVE-2021-3387
+ RESERVED
+CVE-2021-26557
+ RESERVED
+CVE-2021-26556
+ RESERVED
+CVE-2021-26555
+ RESERVED
+CVE-2021-26554
+ RESERVED
+CVE-2021-26553
+ RESERVED
+CVE-2021-26552
+ RESERVED
+CVE-2021-26551
+ RESERVED
+CVE-2021-26550
+ RESERVED
+CVE-2021-26549
+ RESERVED
CVE-2021-3386
RESERVED
CVE-2021-3385
@@ -34,8 +62,8 @@ CVE-2021-26539
RESERVED
CVE-2021-3379
RESERVED
-CVE-2021-3378
- RESERVED
+CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a ...)
+ TODO: check
CVE-2021-3377
RESERVED
CVE-2021-3376
@@ -584,8 +612,8 @@ CVE-2021-3342
RESERVED
CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH2i Dx ...)
NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows
-CVE-2021-3340
- RESERVED
+CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of Wikindx be ...)
+ TODO: check
CVE-2021-3339
RESERVED
CVE-2021-3338
@@ -703,8 +731,8 @@ CVE-2020-36233
RESERVED
CVE-2020-36232
RESERVED
-CVE-2020-36231
- RESERVED
+CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ TODO: check
CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...)
NOT-FOR-US: Monitorix
CVE-2021-3324
@@ -1308,8 +1336,7 @@ CVE-2021-3283 (HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java t
TODO: check details
CVE-2021-3282 (HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` ...)
NOT-FOR-US: HashiCorp Vault
-CVE-2021-3281
- RESERVED
+CVE-2021-3281 (In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, ...)
{DLA-2540-1}
- python-django 2:2.2.18-1 (bug #981562)
NOTE: https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
@@ -15214,7 +15241,7 @@ CVE-2021-20209
CVE-2021-20208
RESERVED
CVE-2021-20207
- RESERVED
+ REJECTED
CVE-2021-20206
RESERVED
CVE-2021-20205
@@ -16284,7 +16311,8 @@ CVE-2020-35312
RESERVED
CVE-2020-35311
RESERVED
-CVE-2020-35310 (Composr CMS 10.0.34 is affected by cross-site scripting (XSS) which al ...)
+CVE-2020-35310
+ REJECTED
NOT-FOR-US: Composr CMS
CVE-2020-35309 (Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross ...)
NOT-FOR-US: Bakeshop Online Ordering System in PHP/MySQLi
@@ -22342,8 +22370,8 @@ CVE-2020-28495
RESERVED
CVE-2020-28494
RESERVED
-CVE-2020-28493
- RESERVED
+CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDO ...)
+ TODO: check
CVE-2020-28492
REJECTED
CVE-2020-28491
@@ -32692,12 +32720,12 @@ CVE-2020-25039 (Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions
NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7
CVE-2020-25038
RESERVED
-CVE-2020-25037
- RESERVED
-CVE-2020-25036
- RESERVED
-CVE-2020-25035
- RESERVED
+CVE-2020-25037 (UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admi ...)
+ TODO: check
+CVE-2020-25036 (UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to ...)
+ TODO: check
+CVE-2020-25035 (UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root ...)
+ TODO: check
CVE-2020-25034 (eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authentic ...)
NOT-FOR-US: eMPS
CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for ...)
@@ -34248,8 +34276,8 @@ CVE-2020-24337 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0.
NOT-FOR-US: picoTCP (and picoTCP-NG)
CVE-2020-24336 (An issue was discovered in Contiki through 3.0 and Contiki-NG through ...)
NOT-FOR-US: Contiki
-CVE-2020-24335
- RESERVED
+CVE-2020-24335 (An issue was discovered in uIP through 1.0, as used in Contiki and Con ...)
+ TODO: check
CVE-2020-24334 (The code that processes DNS responses in uIP through 1.0, as used in C ...)
NOT-FOR-US: uIP
CVE-2020-24333 (A vulnerability in Arista’s CloudVision Portal (CVP) prior to 20 ...)
@@ -51322,7 +51350,6 @@ CVE-2020-16008 (Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-16007 (Insufficient data validation in installer in Google Chrome prior to 86 ...)
- {DSA-4824-1}
- chromium <not-affected> (debian package disables the installer)
CVE-2020-16006 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...)
{DSA-4824-1}
@@ -56426,8 +56453,8 @@ CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a topic
- zulip-server <itp> (bug #800052)
CVE-2020-14193 (Affected versions of Automation for Jira - Server allowed remote attac ...)
NOT-FOR-US: Atlassian
-CVE-2020-14192
- RESERVED
+CVE-2020-14192 (Affected versions of Atlassian Fisheye and Crucible allow remote attac ...)
+ TODO: check
CVE-2020-14191 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...)
NOT-FOR-US: Atlassian
CVE-2020-14190 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...)
@@ -71263,18 +71290,18 @@ CVE-2020-9009
RESERVED
CVE-2020-9008 (Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/Pe ...)
NOT-FOR-US: Blackboard Learn/PeopleTool
-CVE-2019-20473
- RESERVED
+CVE-2019-20473 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...)
+ TODO: check
CVE-2019-20472
RESERVED
-CVE-2019-20471
- RESERVED
-CVE-2019-20470
- RESERVED
+CVE-2019-20471 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...)
+ TODO: check
+CVE-2019-20470 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...)
+ TODO: check
CVE-2019-20469
RESERVED
-CVE-2019-20468
- RESERVED
+CVE-2019-20468 (An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horlo ...)
+ TODO: check
CVE-2019-20467
RESERVED
CVE-2019-20466
@@ -77444,7 +77471,6 @@ CVE-2020-6575 (Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a re
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6574 (Insufficient policy enforcement in installer in Google Chrome on OS X ...)
- {DSA-4824-1}
- chromium <not-affected> (debian package disables the installer)
CVE-2020-6573 (Use after free in video in Google Chrome on Android prior to 85.0.4183 ...)
{DSA-4824-1}
@@ -77506,7 +77532,6 @@ CVE-2020-6559 (Use after free in presentation API in Google Chrome prior to 85.0
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6558 (Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prio ...)
- {DSA-4824-1}
- chromium <not-affected> (ios specific)
CVE-2020-6557 (Inappropriate implementation in networking in Google Chrome prior to 8 ...)
{DSA-4824-1}
@@ -77553,7 +77578,6 @@ CVE-2020-6547 (Incorrect security UI in media in Google Chrome prior to 84.0.414
- chromium 87.0.4280.88-0.1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6546 (Inappropriate implementation in installer in Google Chrome prior to 84 ...)
- {DSA-4824-1}
- chromium <not-affected> (debian package disables the installer)
CVE-2020-6545 (Use after free in audio in Google Chrome prior to 84.0.4147.125 allowe ...)
{DSA-4824-1}
@@ -90337,8 +90361,8 @@ CVE-2020-1898
RESERVED
CVE-2020-1897 (A use-after-free is possible due to an error in lifetime management in ...)
NOT-FOR-US: Facebook Proxygen
-CVE-2020-1896
- RESERVED
+CVE-2020-1896 (A stack overflow vulnerability in Facebook Hermes ‘builtin apply ...)
+ TODO: check
CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...)
NOT-FOR-US: Instagram for Android
CVE-2020-1894 (A stack write overflow in WhatsApp for Android prior to v2.20.35, What ...)
@@ -111506,7 +111530,6 @@ CVE-2019-13703 (Insufficient policy enforcement in the Omnibox in Google Chrome
- chromium 78.0.3904.87-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13702 (Inappropriate implementation in installer in Google Chrome on Windows ...)
- {DSA-4562-1}
- chromium <not-affected> (debian package disables the installer)
CVE-2019-13701 (Incorrect implementation in navigation in Google Chrome prior to 78.0. ...)
{DSA-4562-1}
@@ -129358,7 +129381,6 @@ CVE-2019-8077 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 201
CVE-2019-8076 (Adobe application manager installer version 10.0 have an Insecure Libr ...)
NOT-FOR-US: Adobe
CVE-2019-8075 (Adobe Flash Player version 32.0.0.192 and earlier versions have a Same ...)
- {DSA-4824-1}
NOT-FOR-US: Adobe
CVE-2019-8074 (ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 a ...)
NOT-FOR-US: Adobe
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6c149eddee6265645fbd429c11e3b3fed7ee2f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6c149eddee6265645fbd429c11e3b3fed7ee2f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210202/8446e20e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list