[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Feb 19 20:10:36 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb649141 by security tracker role at 2021-02-19T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,205 @@
+CVE-2021-27506
+	RESERVED
+CVE-2021-27505
+	RESERVED
+CVE-2021-27504
+	RESERVED
+CVE-2021-27503
+	RESERVED
+CVE-2021-27502
+	RESERVED
+CVE-2021-27501
+	RESERVED
+CVE-2021-27500
+	RESERVED
+CVE-2021-27499
+	RESERVED
+CVE-2021-27498
+	RESERVED
+CVE-2021-27497
+	RESERVED
+CVE-2021-27496
+	RESERVED
+CVE-2021-27495
+	RESERVED
+CVE-2021-27494
+	RESERVED
+CVE-2021-27493
+	RESERVED
+CVE-2021-27492
+	RESERVED
+CVE-2021-27491
+	RESERVED
+CVE-2021-27490
+	RESERVED
+CVE-2021-27489
+	RESERVED
+CVE-2021-27488
+	RESERVED
+CVE-2021-27487
+	RESERVED
+CVE-2021-27486
+	RESERVED
+CVE-2021-27485
+	RESERVED
+CVE-2021-27484
+	RESERVED
+CVE-2021-27483
+	RESERVED
+CVE-2021-27482
+	RESERVED
+CVE-2021-27481
+	RESERVED
+CVE-2021-27480
+	RESERVED
+CVE-2021-27479
+	RESERVED
+CVE-2021-27478
+	RESERVED
+CVE-2021-27477
+	RESERVED
+CVE-2021-27476
+	RESERVED
+CVE-2021-27475
+	RESERVED
+CVE-2021-27474
+	RESERVED
+CVE-2021-27473
+	RESERVED
+CVE-2021-27472
+	RESERVED
+CVE-2021-27471
+	RESERVED
+CVE-2021-27470
+	RESERVED
+CVE-2021-27469
+	RESERVED
+CVE-2021-27468
+	RESERVED
+CVE-2021-27467
+	RESERVED
+CVE-2021-27466
+	RESERVED
+CVE-2021-27465
+	RESERVED
+CVE-2021-27464
+	RESERVED
+CVE-2021-27463
+	RESERVED
+CVE-2021-27462
+	RESERVED
+CVE-2021-27461
+	RESERVED
+CVE-2021-27460
+	RESERVED
+CVE-2021-27459
+	RESERVED
+CVE-2021-27458
+	RESERVED
+CVE-2021-27457
+	RESERVED
+CVE-2021-27456
+	RESERVED
+CVE-2021-27455
+	RESERVED
+CVE-2021-27454
+	RESERVED
+CVE-2021-27453
+	RESERVED
+CVE-2021-27452
+	RESERVED
+CVE-2021-27451
+	RESERVED
+CVE-2021-27450
+	RESERVED
+CVE-2021-27449
+	RESERVED
+CVE-2021-27448
+	RESERVED
+CVE-2021-27447
+	RESERVED
+CVE-2021-27446
+	RESERVED
+CVE-2021-27445
+	RESERVED
+CVE-2021-27444
+	RESERVED
+CVE-2021-27443
+	RESERVED
+CVE-2021-27442
+	RESERVED
+CVE-2021-27441
+	RESERVED
+CVE-2021-27440
+	RESERVED
+CVE-2021-27439
+	RESERVED
+CVE-2021-27438
+	RESERVED
+CVE-2021-27437
+	RESERVED
+CVE-2021-27436
+	RESERVED
+CVE-2021-27435
+	RESERVED
+CVE-2021-27434
+	RESERVED
+CVE-2021-27433
+	RESERVED
+CVE-2021-27432
+	RESERVED
+CVE-2021-27431
+	RESERVED
+CVE-2021-27430
+	RESERVED
+CVE-2021-27429
+	RESERVED
+CVE-2021-27428
+	RESERVED
+CVE-2021-27427
+	RESERVED
+CVE-2021-27426
+	RESERVED
+CVE-2021-27425
+	RESERVED
+CVE-2021-27424
+	RESERVED
+CVE-2021-27423
+	RESERVED
+CVE-2021-27422
+	RESERVED
+CVE-2021-27421
+	RESERVED
+CVE-2021-27420
+	RESERVED
+CVE-2021-27419
+	RESERVED
+CVE-2021-27418
+	RESERVED
+CVE-2021-27417
+	RESERVED
+CVE-2021-27416
+	RESERVED
+CVE-2021-27415
+	RESERVED
+CVE-2021-27414
+	RESERVED
+CVE-2021-27413
+	RESERVED
+CVE-2021-27412
+	RESERVED
+CVE-2021-27411
+	RESERVED
+CVE-2021-27410
+	RESERVED
+CVE-2021-27409
+	RESERVED
+CVE-2021-27408
+	RESERVED
+CVE-2021-27407
+	RESERVED
+CVE-2021-27406
+	RESERVED
 CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...)
 	TODO: check
 CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...)
@@ -141,8 +343,8 @@ CVE-2021-27353
 	RESERVED
 CVE-2021-27352
 	RESERVED
-CVE-2021-27351
-	RESERVED
+CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...)
+	TODO: check
 CVE-2021-27350
 	RESERVED
 CVE-2021-27349
@@ -187,8 +389,8 @@ CVE-2021-27330
 	RESERVED
 CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...)
 	NOT-FOR-US: Friendica
-CVE-2021-27328
-	RESERVED
+CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Trave ...)
+	TODO: check
 CVE-2021-27327
 	RESERVED
 CVE-2021-27326
@@ -414,8 +616,8 @@ CVE-2021-27216
 	RESERVED
 CVE-2021-27215
 	RESERVED
-CVE-2021-27214
-	RESERVED
+CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...)
+	TODO: check
 CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution via YAML ...)
 	NOT-FOR-US: pystemon
 CVE-2019-25019 (LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant m ...)
@@ -999,6 +1201,7 @@ CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a deni
 	NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366
 	NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
 CVE-2021-26937 (encoding.c in GNU Screen through 4.8.0 allows remote attackers to caus ...)
+	{DLA-2570-1}
 	- screen 4.8.0-5 (bug #982435)
 	NOTE: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/3
@@ -2567,8 +2770,7 @@ CVE-2021-26298
 	RESERVED
 CVE-2021-26297
 	RESERVED
-CVE-2021-26296
-	RESERVED
+CVE-2021-26296 (In the default configuration, Apache MyFaces Core versions 2.2.0 to 2. ...)
 	- kibana <itp> (bug #700337)
 	NOTE: https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915
 CVE-2021-26295
@@ -3753,8 +3955,8 @@ CVE-2021-3212
 	RESERVED
 CVE-2021-3211
 	RESERVED
-CVE-2021-3210
-	RESERVED
+CVE-2021-3210 (components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound &l ...)
+	TODO: check
 CVE-2021-3209
 	RESERVED
 CVE-2021-3208
@@ -3765,8 +3967,8 @@ CVE-2021-3206
 	RESERVED
 CVE-2021-3205
 	RESERVED
-CVE-2021-3204
-	RESERVED
+CVE-2021-3204 (SSRF in the document conversion component of Webware Webdesktop 5.1.15 ...)
+	TODO: check
 CVE-2021-3203
 	RESERVED
 CVE-2021-3202
@@ -9258,8 +9460,8 @@ CVE-2021-23344
 	RESERVED
 CVE-2021-23343
 	RESERVED
-CVE-2021-23342
-	RESERVED
+CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...)
+	TODO: check
 CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expression ...)
 	- node-prismjs <unfixed>
 	NOTE: https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609
@@ -9275,6 +9477,7 @@ CVE-2021-23337 (All versions of package lodash; all versions of package org.fuji
 	- node-lodash <unfixed>
 	NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724
 CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...)
+	{DLA-2569-1}
 	- python-django 2:2.2.19-1 (bug #983090)
 	- python3.9 <unfixed>
 	- python3.8 <removed>
@@ -10535,12 +10738,12 @@ CVE-2021-22705
 	RESERVED
 CVE-2021-22704
 	RESERVED
-CVE-2021-22703
-	RESERVED
-CVE-2021-22702
-	RESERVED
-CVE-2021-22701
-	RESERVED
+CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
+	TODO: check
+CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
+	TODO: check
+CVE-2021-22701 (A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLog ...)
+	TODO: check
 CVE-2021-22700
 	RESERVED
 CVE-2021-22699
@@ -13119,8 +13322,8 @@ CVE-2021-21514
 	RESERVED
 CVE-2021-21513
 	RESERVED
-CVE-2021-21512
-	RESERVED
+CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an In ...)
+	TODO: check
 CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Aut ...)
 	NOT-FOR-US: EMC Avamar Server
 CVE-2021-21510
@@ -29774,7 +29977,7 @@ CVE-2020-27223
 	RESERVED
 CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...)
 	NOT-FOR-US: Eclipse Californium
-CVE-2020-27221 (In Eclipse OpenJ9 up to version 0.23, there is potential for a stack-b ...)
+CVE-2020-27221 (In Eclipse OpenJ9 up to and including version 0.23, there is potential ...)
 	NOT-FOR-US: Eclipse OpenJ9
 CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check whether  ...)
 	NOT-FOR-US: Eclipse Hono
@@ -34710,8 +34913,8 @@ CVE-2020-25173 (An attacker with local network access can obtain a fixed cryptog
 	NOT-FOR-US: Reolink P2P cameras
 CVE-2020-25172 (A relative path traversal attack in the B. Braun OnlineSuite Version A ...)
 	NOT-FOR-US: B. Braun OnlineSuite Version AP
-CVE-2020-25171
-	RESERVED
+CVE-2020-25171 (The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 ar ...)
+	TODO: check
 CVE-2020-25170 (An Excel Macro Injection vulnerability exists in the export feature in ...)
 	NOT-FOR-US: B. Braun OnlineSuite Version AP
 CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect data tra ...)
@@ -60587,8 +60790,8 @@ CVE-2020-13551 (An exploitable local privilege elevation vulnerability exists in
 	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2020-13550 (A local file inclusion vulnerability exists in the installation functi ...)
 	NOT-FOR-US: Advantech WebAccess/SCADA
-CVE-2020-13549
-	RESERVED
+CVE-2020-13549 (An exploitable local privilege elevation vulnerability exists in the f ...)
+	TODO: check
 CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...)
@@ -63615,9 +63818,9 @@ CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Serv
 	NOT-FOR-US: Intel
 CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server Boards, Ser ...)
 	NOT-FOR-US: Intel
-CVE-2020-12374
-	RESERVED
-CVE-2020-12373 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...)
+CVE-2020-12374 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...)
+	TODO: check
+CVE-2020-12373 (Expired pointer dereference in some Intel(R) Graphics Drivers before v ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers before versio ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
@@ -73558,8 +73761,8 @@ CVE-2020-9052
 	RESERVED
 CVE-2020-9051
 	RESERVED
-CVE-2020-9050
-	RESERVED
+CVE-2020-9050 (Path Traversal vulnerability exists in Metasys Reporting Engine (MRE)  ...)
+	TODO: check
 CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web  ...)
 	NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls
 CVE-2020-9048 (A vulnerability in specified versions of American Dynamics victor Web  ...)
@@ -74622,7 +74825,7 @@ CVE-2020-8627
 CVE-2020-8626
 	RESERVED
 CVE-2020-8625 (BIND servers are vulnerable if they are running an affected version an ...)
-	{DSA-4857-1}
+	{DSA-4857-1 DLA-2568-1}
 	- bind9 1:9.16.12-1 (bug #983004)
 	NOTE: https://kb.isc.org/v1/docs/cve-2020-8625
 	NOTE: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.28/patches



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb649141d3410656ad3e49ac753fc9e8d87f9ff2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb649141d3410656ad3e49ac753fc9e8d87f9ff2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210219/1a614f6a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list