[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Feb 8 20:10:37 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e2318988 by security tracker role at 2021-02-08T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,111 @@
+CVE-2021-3402
+ RESERVED
+CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of requests f ...)
+ TODO: check
+CVE-2021-26904
+ RESERVED
+CVE-2021-26903
+ RESERVED
+CVE-2021-26902
+ RESERVED
+CVE-2021-26901
+ RESERVED
+CVE-2021-26900
+ RESERVED
+CVE-2021-26899
+ RESERVED
+CVE-2021-26898
+ RESERVED
+CVE-2021-26897
+ RESERVED
+CVE-2021-26896
+ RESERVED
+CVE-2021-26895
+ RESERVED
+CVE-2021-26894
+ RESERVED
+CVE-2021-26893
+ RESERVED
+CVE-2021-26892
+ RESERVED
+CVE-2021-26891
+ RESERVED
+CVE-2021-26890
+ RESERVED
+CVE-2021-26889
+ RESERVED
+CVE-2021-26888
+ RESERVED
+CVE-2021-26887
+ RESERVED
+CVE-2021-26886
+ RESERVED
+CVE-2021-26885
+ RESERVED
+CVE-2021-26884
+ RESERVED
+CVE-2021-26883
+ RESERVED
+CVE-2021-26882
+ RESERVED
+CVE-2021-26881
+ RESERVED
+CVE-2021-26880
+ RESERVED
+CVE-2021-26879
+ RESERVED
+CVE-2021-26878
+ RESERVED
+CVE-2021-26877
+ RESERVED
+CVE-2021-26876
+ RESERVED
+CVE-2021-26875
+ RESERVED
+CVE-2021-26874
+ RESERVED
+CVE-2021-26873
+ RESERVED
+CVE-2021-26872
+ RESERVED
+CVE-2021-26871
+ RESERVED
+CVE-2021-26870
+ RESERVED
+CVE-2021-26869
+ RESERVED
+CVE-2021-26868
+ RESERVED
+CVE-2021-26867
+ RESERVED
+CVE-2021-26866
+ RESERVED
+CVE-2021-26865
+ RESERVED
+CVE-2021-26864
+ RESERVED
+CVE-2021-26863
+ RESERVED
+CVE-2021-26862
+ RESERVED
+CVE-2021-26861
+ RESERVED
+CVE-2021-26860
+ RESERVED
+CVE-2021-26859
+ RESERVED
+CVE-2021-26858
+ RESERVED
+CVE-2021-26857
+ RESERVED
+CVE-2021-26856
+ RESERVED
+CVE-2021-26855
+ RESERVED
+CVE-2021-26854
+ RESERVED
+CVE-2021-26853
+ RESERVED
CVE-2021-XXXX [root privilege escalation in OverlayFS code]
- firejail 0.9.64.4-1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/08/5
@@ -75,10 +183,10 @@ CVE-2021-26828
RESERVED
CVE-2021-26827
RESERVED
-CVE-2021-26826
- RESERVED
-CVE-2021-26825
- RESERVED
+CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...)
+ TODO: check
+CVE-2021-26825 (An integer overflow issue exists in Godot Engine up to v3.2 that can b ...)
+ TODO: check
CVE-2021-26824
RESERVED
CVE-2021-26823
@@ -403,11 +511,13 @@ CVE-2021-3396
RESERVED
CVE-2021-26676
RESERVED
+ {DSA-4847-1}
- connman 1.36-2.1
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
CVE-2021-26675
RESERVED
+ {DSA-4847-1}
- connman 1.36-2.1
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
CVE-2021-26674
@@ -623,14 +733,14 @@ CVE-2021-26575
RESERVED
CVE-2021-26574
RESERVED
-CVE-2021-26573
- RESERVED
-CVE-2021-26572
- RESERVED
-CVE-2021-26571
- RESERVED
-CVE-2021-26570
- RESERVED
+CVE-2021-26573 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ TODO: check
+CVE-2021-26572 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ TODO: check
+CVE-2021-26571 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ TODO: check
+CVE-2021-26570 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ TODO: check
CVE-2021-26569
RESERVED
CVE-2021-26568
@@ -717,12 +827,12 @@ CVE-2021-26543
RESERVED
CVE-2021-26542
RESERVED
-CVE-2021-26541
- RESERVED
-CVE-2021-26540
- RESERVED
-CVE-2021-26539
- RESERVED
+CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...)
+ TODO: check
+CVE-2021-26540 (Apostrophe Technologies sanitize-html before 2.3.2 does not properly v ...)
+ TODO: check
+CVE-2021-26539 (Apostrophe Technologies sanitize-html before 2.3.1 does not properly h ...)
+ TODO: check
CVE-2021-3379
RESERVED
CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a ...)
@@ -1481,8 +1591,8 @@ CVE-2021-3295
RESERVED
CVE-2021-3294
RESERVED
-CVE-2021-3293
- RESERVED
+CVE-2021-3293 (emlog v5.3.1 has full path disclosure vulnerability in t/index.php, wh ...)
+ TODO: check
CVE-2021-3292
RESERVED
CVE-2021-3291 (Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by insp ...)
@@ -2654,14 +2764,14 @@ CVE-2021-25839
RESERVED
CVE-2021-25838
RESERVED
-CVE-2021-25837
- RESERVED
-CVE-2021-25836
- RESERVED
-CVE-2021-25835
- RESERVED
-CVE-2021-25834
- RESERVED
+CVE-2021-25837 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...)
+ TODO: check
+CVE-2021-25836 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...)
+ TODO: check
+CVE-2021-25835 (Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain tra ...)
+ TODO: check
+CVE-2021-25834 (Cosmos Network Ethermint <= v0.4.0 is affected by a transaction rep ...)
+ TODO: check
CVE-2021-25833
RESERVED
CVE-2021-25832
@@ -4168,16 +4278,16 @@ CVE-2021-25174 (An issue was discovered in Open Design Alliance Drawings SDK bef
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-25173 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
-CVE-2021-25172
- RESERVED
-CVE-2021-25171
- RESERVED
-CVE-2021-25170
- RESERVED
-CVE-2021-25169
- RESERVED
-CVE-2021-25168
- RESERVED
+CVE-2021-25172 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ TODO: check
+CVE-2021-25171 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ TODO: check
+CVE-2021-25170 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ TODO: check
+CVE-2021-25169 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ TODO: check
+CVE-2021-25168 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ TODO: check
CVE-2021-25167
RESERVED
CVE-2021-25166
@@ -4228,8 +4338,8 @@ CVE-2021-25144
RESERVED
CVE-2021-25143
RESERVED
-CVE-2021-25142
- RESERVED
+CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ TODO: check
CVE-2021-25141
RESERVED
CVE-2021-25140
@@ -10593,8 +10703,8 @@ CVE-2021-22124
RESERVED
CVE-2021-22123
RESERVED
-CVE-2021-22122
- RESERVED
+CVE-2021-22122 (An improper neutralization of input during web page generation in Fort ...)
+ TODO: check
CVE-2021-22121
RESERVED
CVE-2021-22120
@@ -12688,12 +12798,12 @@ CVE-2021-21438
RESERVED
CVE-2021-21437
RESERVED
-CVE-2021-21436
- RESERVED
-CVE-2021-21435
- RESERVED
-CVE-2021-21434
- RESERVED
+CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...)
+ TODO: check
+CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...)
+ TODO: check
+CVE-2021-21434 (Survey administrator can craft a survey in such way that malicious cod ...)
+ TODO: check
CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...)
- cockpit <unfixed>
[bullseye] - cockpit <ignored> (Minor issue)
@@ -13032,8 +13142,7 @@ CVE-2020-35701 (An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL inj
NOTE: https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/
NOTE: Introduced in: https://github.com/Cacti/cacti/commit/6e1b8431b77efe55ba5115e35fe045e101dd619b (1.2.0)
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82
-CVE-2020-35700
- RESERVED
+CVE-2020-35700 (A second-order SQL injection issue in Widgets/TopDevicesController.php ...)
NOT-FOR-US: LibreNMS
NOTE: https://github.com/librenms/librenms/releases/tag/21.1.0
NOTE: https://github.com/librenms/librenms/pull/12422
@@ -13479,8 +13588,8 @@ CVE-2021-21306
RESERVED
CVE-2021-21305
RESERVED
-CVE-2021-21304
- RESERVED
+CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dy ...)
+ TODO: check
CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernetes Pack ...)
TODO: check
CVE-2021-21302
@@ -15678,10 +15787,10 @@ CVE-2021-20361
RESERVED
CVE-2021-20360
RESERVED
-CVE-2021-20359
- RESERVED
-CVE-2021-20358
- RESERVED
+CVE-2021-20359 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automatio ...)
+ TODO: check
+CVE-2021-20358 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially s ...)
+ TODO: check
CVE-2021-20357 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
NOT-FOR-US: IBM
CVE-2021-20356
@@ -31093,10 +31202,10 @@ CVE-2020-26054
RESERVED
CVE-2020-26053
REJECTED
-CVE-2020-26052
- RESERVED
-CVE-2020-26051
- RESERVED
+CVE-2020-26052 (Online Marriage Registration System 1.0 is affected by stored cross-si ...)
+ TODO: check
+CVE-2020-26051 (College Management System Php 1.0 suffers from SQL injection vulnerabi ...)
+ TODO: check
CVE-2020-26050 (SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local pr ...)
NOT-FOR-US: SaferVPN for Windows
CVE-2020-26049 (Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is r ...)
@@ -50709,8 +50818,8 @@ CVE-2020-16631
RESERVED
CVE-2020-16630
RESERVED
-CVE-2020-16629
- RESERVED
+CVE-2020-16629 (PhpOK 5.4.137 contains a SQL injection vulnerability that can inject a ...)
+ TODO: check
CVE-2020-16628
RESERVED
CVE-2020-16627
@@ -59891,9 +60000,9 @@ CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 doe
- mariadb-10.1 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 (v3.1.8)
NOTE: Introduced around: https://github.com/mariadb-corporation/mariadb-connector-c/commit/b4efe73c9e725f97b3550371f8a78a10a20bf2fd (v3.0-cc-server-integ-0)
-CVE-2020-13248 (BooleBox Secure File Sharing Utility (potentially all versions) allows ...)
+CVE-2020-13248 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS ...)
NOT-FOR-US: BooleBox Secure File Sharing Utility
-CVE-2020-13247 (BooleBox Secure File Sharing Utility (potentially all versions) allows ...)
+CVE-2020-13247 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injecti ...)
NOT-FOR-US: BooleBox Secure File Sharing Utility
CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...)
- gitea <removed>
@@ -75401,16 +75510,16 @@ CVE-2020-7788 (This affects the package ini before 1.3.6. If an attacker submits
NOTE: https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)
CVE-2020-7787 (This affects all versions of package react-adal. It is possible for a ...)
NOT-FOR-US: Node react-adal
-CVE-2020-7786
- RESERVED
-CVE-2020-7785
- RESERVED
+CVE-2020-7786 (This affects all versions of package macfromip. The injection point is ...)
+ TODO: check
+CVE-2020-7785 (This affects all versions of package node-ps. The injection point is l ...)
+ TODO: check
CVE-2020-7784 (This affects all versions of package ts-process-promises. The injectio ...)
TODO: check
CVE-2020-7783
RESERVED
-CVE-2020-7782
- RESERVED
+CVE-2020-7782 (This affects all versions of package spritesheet-js. It depends on a v ...)
+ TODO: check
CVE-2020-7781 (This affects the package connection-tester before 0.2.1. The injection ...)
NOT-FOR-US: Node connection-tester
CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13 ...)
@@ -78158,8 +78267,8 @@ CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (I
NOT-FOR-US: Eaton
CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by ‘Eval In ...)
NOT-FOR-US: UPS companion software
-CVE-2020-6649
- RESERVED
+CVE-2020-6649 (An insufficient session expiration vulnerability in FortiNet's FortiIs ...)
+ TODO: check
CVE-2020-6648 (A cleartext storage of sensitive information vulnerability in FortiOS ...)
NOT-FOR-US: Fortiguard FortiOS
CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of ...)
@@ -91777,8 +91886,8 @@ CVE-2020-1781
RESERVED
CVE-2020-1780
RESERVED
-CVE-2020-1779
- RESERVED
+CVE-2020-1779 (When dynamic templates are used (OTRSTicketForms), admin can use OTRS ...)
+ TODO: check
CVE-2020-1778 (When OTRS uses multiple backends for user authentication (with LDAP), ...)
- otrs2 <not-affected> (Only affects 8.x)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-16/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e23189888103208f4cbeeed3ccf5bda6dfc17627
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e23189888103208f4cbeeed3ccf5bda6dfc17627
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210208/c979f1c0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list