[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Feb 19 08:10:23 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f0ced0d by security tracker role at 2021-02-19T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...)
+	TODO: check
+CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...)
+	TODO: check
+CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-b ...)
+	TODO: check
+CVE-2021-27402
+	RESERVED
+CVE-2021-27401
+	RESERVED
+CVE-2021-27400
+	RESERVED
+CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has one out ...)
+	TODO: check
+CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has received non ...)
+	TODO: check
+CVE-2020-36250 (In the ownCloud application before 2.15 for Android, the lock protecti ...)
+	TODO: check
+CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not properly e ...)
+	TODO: check
+CVE-2020-36248 (The ownCloud application before 2.15 for Android allows attackers to u ...)
+	TODO: check
+CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. ...)
+	TODO: check
+CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain root privil ...)
+	TODO: check
+CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...)
+	TODO: check
+CVE-2019-25023
+	RESERVED
+CVE-2019-25022
+	RESERVED
+CVE-2019-25021
+	RESERVED
+CVE-2019-25020
+	RESERVED
 CVE-2021-3413
 	RESERVED
 CVE-2021-3412
@@ -53,7 +89,7 @@ CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Ru
 	NOT-FOR-US: Rust crate yottadb
 CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3 for Rust. ...)
 	NOT-FOR-US: Rust crate nb-connect
-CVE-2021-27375 (Traefik 2.4.3 allows the loading of IFRAME elements from other domains ...)
+CVE-2021-27375 (Traefik before 2.4.5 allows the loading of IFRAME elements from other  ...)
 	NOT-FOR-US: Traefik
 CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before p ...)
 	NOT-FOR-US: VertiGIS WebOffice
@@ -1067,8 +1103,8 @@ CVE-2021-26908
 	RESERVED
 CVE-2021-26907
 	RESERVED
-CVE-2021-26906
-	RESERVED
+CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...)
+	TODO: check
 CVE-2021-3402
 	RESERVED
 CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...)
@@ -1422,10 +1458,10 @@ CVE-2021-26749
 	RESERVED
 CVE-2021-26748
 	RESERVED
-CVE-2021-26747
-	RESERVED
-CVE-2021-26746
-	RESERVED
+CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metach ...)
+	TODO: check
+CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= U ...)
+	TODO: check
 CVE-2021-26745
 	RESERVED
 CVE-2021-26744
@@ -1486,8 +1522,8 @@ CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-ente
 	NOT-FOR-US: gradle-enterprise-test-distribution-agent
 CVE-2021-26718
 	RESERVED
-CVE-2021-26717
-	RESERVED
+CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x  ...)
+	TODO: check
 CVE-2021-26716
 	RESERVED
 CVE-2021-26715
@@ -1496,8 +1532,8 @@ CVE-2021-26714
 	RESERVED
 CVE-2021-26713
 	RESERVED
-CVE-2021-26712
-	RESERVED
+CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 1 ...)
+	TODO: check
 CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web 4.3.4 ...)
 	NOT-FOR-US: Redwood Report2Web
 CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...)
@@ -2481,8 +2517,8 @@ CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH
 	NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows
 CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of Wikindx be ...)
 	NOT-FOR-US: Wikindx
-CVE-2021-3339
-	RESERVED
+CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access to mem ...)
+	TODO: check
 CVE-2021-3338
 	RESERVED
 CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...)
@@ -14100,8 +14136,8 @@ CVE-2020-35778 (Certain NETGEAR devices are affected by CSRF. This affects GS716
 	NOT-FOR-US: Netgear
 CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command inj ...)
 	NOT-FOR-US: Netgear
-CVE-2020-35776
-	RESERVED
+CVE-2020-35776 (A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk version ...)
+	TODO: check
 CVE-2020-35775 (CITSmart before 9.1.2.23 allows LDAP Injection. ...)
 	NOT-FOR-US: CITSmart
 CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (a ...)
@@ -15351,10 +15387,10 @@ CVE-2020-35594
 	RESERVED
 CVE-2020-35593
 	RESERVED
-CVE-2020-35592
-	RESERVED
-CVE-2020-35591
-	RESERVED
+CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the a ...)
+	TODO: check
+CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application d ...)
+	TODO: check
 CVE-2020-35590 (LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin bef ...)
 	NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress
 CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress a ...)
@@ -35239,8 +35275,8 @@ CVE-2020-24910
 	RESERVED
 CVE-2020-24909
 	RESERVED
-CVE-2020-24908
-	RESERVED
+CVE-2020-24908 (Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges ...)
+	TODO: check
 CVE-2020-24907
 	RESERVED
 CVE-2020-24906
@@ -46225,8 +46261,8 @@ CVE-2020-19515
 	RESERVED
 CVE-2020-19514
 	RESERVED
-CVE-2020-19513
-	RESERVED
+CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows atta ...)
+	TODO: check
 CVE-2020-19512
 	RESERVED
 CVE-2020-19511
@@ -58668,7 +58704,7 @@ CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14
 CVE-2020-14211
 	RESERVED
-CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected  ...)
+CVE-2020-14210 (Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF i ...)
 	NOT-FOR-US: MONITORAPP
 CVE-2020-14209 (Dolibarr before 11.0.5 allows low-privilege users to upload files of d ...)
 	- dolibarr <removed>
@@ -70607,12 +70643,12 @@ CVE-2020-10256 (An issue was discovered in beta versions of the 1Password comman
 	NOT-FOR-US: 1Password
 CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...)
 	NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips
-CVE-2020-10254
-	RESERVED
+CVE-2020-10254 (An issue was discovered in ownCloud before 10.4. An attacker can bypas ...)
+	TODO: check
 CVE-2020-10253
 	RESERVED
-CVE-2020-10252
-	RESERVED
+CVE-2020-10252 (An issue was discovered in ownCloud before 10.4. Because of an SSRF is ...)
+	TODO: check
 CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...)
 	- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #953741)
 	[buster] - imagemagick <ignored> (Minor issue)
@@ -81009,6 +81045,7 @@ CVE-2020-6178 (SAP Enable Now, before version 1911, sends the Session ID cookie
 CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate an XM ...)
 	NOT-FOR-US: SAP
 CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...)
+	{DLA-2566-1}
 	- libbsd 0.10.0-1
 	[buster] - libbsd <no-dsa> (Minor issue)
 	[jessie] - libbsd <no-dsa> (Minor issue)
@@ -217789,15 +217826,17 @@ CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR wh
 CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upl ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based b ...)
+	{DLA-2567-1}
 	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874060)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
 	NOTE: Crash in CLI tool, no security impact
 CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...)
+	{DLA-2567-1}
 	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874061)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
 	NOTE: Crash in CLI tool, no security impact
 CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory tra ...)
-	{DLA-1091-1}
+	{DLA-2567-1 DLA-1091-1}
 	- unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
 	[jessie] - unrar-free <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f0ced0d4eef25729899c2fc4e6c76cef2c41bae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f0ced0d4eef25729899c2fc4e6c76cef2c41bae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210219/347a3f2e/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list