[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 19 20:10:31 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4650ed7 by security tracker role at 2021-01-19T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...)
+ TODO: check
+CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because the cl ...)
+ TODO: check
+CVE-2021-3182 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer ...)
+ TODO: check
+CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a deni ...)
+ TODO: check
+CVE-2021-3180
+ RESERVED
+CVE-2021-25329
+ RESERVED
+CVE-2021-25328
+ RESERVED
+CVE-2021-25327
+ RESERVED
+CVE-2021-25326
+ RESERVED
+CVE-2021-25325 (MISP 2.4.136 has XSS via galaxy cluster element values to app/View/Gal ...)
+ TODO: check
+CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster n ...)
+ TODO: check
+CVE-2021-25323 (The default setting of MISP 2.4.136 did not enable the requirements (a ...)
+ TODO: check
+CVE-2021-25322
+ RESERVED
+CVE-2021-25321
+ RESERVED
+CVE-2021-25320
+ RESERVED
+CVE-2021-25319
+ RESERVED
+CVE-2021-25318
+ RESERVED
+CVE-2021-25317
+ RESERVED
+CVE-2021-25316
+ RESERVED
+CVE-2021-25315
+ RESERVED
+CVE-2021-25314
+ RESERVED
+CVE-2021-25313
+ RESERVED
CVE-2021-3179
RESERVED
CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...)
@@ -5077,12 +5121,12 @@ CVE-2021-22854
RESERVED
CVE-2021-22853
RESERVED
-CVE-2021-22852
- RESERVED
-CVE-2021-22851
- RESERVED
-CVE-2021-22850
- RESERVED
+CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...)
+ TODO: check
+CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...)
+ TODO: check
+CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pages th ...)
+ TODO: check
CVE-2021-22849
RESERVED
CVE-2021-22848
@@ -5936,8 +5980,8 @@ CVE-2021-22500
RESERVED
CVE-2021-22499
RESERVED
-CVE-2021-22498
- RESERVED
+CVE-2021-22498 (XML External Entity Injection vulnerability in Micro Focus Application ...)
+ TODO: check
CVE-2021-22497
RESERVED
CVE-2021-22496
@@ -8486,8 +8530,8 @@ CVE-2016-20001 (The REST/JSON project 7.x-1.x for Drupal allows node access bypa
NOT-FOR-US: REST/JSON project for Drupal
CVE-2020-35930 (Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url ...)
NOT-FOR-US: Seo Panel
-CVE-2020-35929
- RESERVED
+CVE-2020-35929 (In TinyCheck before commits 9fd360d and ea53de8, the installation scri ...)
+ TODO: check
CVE-2020-35928 (An issue was discovered in the concread crate before 0.2.6 for Rust. A ...)
NOT-FOR-US: concread rust crate
CVE-2020-35927 (An issue was discovered in the thex crate through 2020-12-08 for Rust. ...)
@@ -11996,8 +12040,7 @@ CVE-2021-20191
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1916813
NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227
-CVE-2021-20190
- RESERVED
+CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishan ...)
- jackson-databind 2.12.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2854
@@ -13353,10 +13396,10 @@ CVE-2020-35131 (Cockpit before 0.6.1 allows an attacker to inject custom PHP cod
NOT-FOR-US: Agentejo Cockpit
CVE-2020-35130
RESERVED
-CVE-2020-35129
- RESERVED
-CVE-2020-35128
- RESERVED
+CVE-2020-35129 (Mautic before 3.2.4 is affected by stored XSS. An attacker with access ...)
+ TODO: check
+CVE-2020-35128 (Mautic before 3.2.4 is affected by stored XSS. An attacker with permis ...)
+ TODO: check
CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.j ...)
NOT-FOR-US: Ignite Realtime Openfire
CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct ...)
@@ -19041,18 +19084,18 @@ CVE-2020-28484
RESERVED
CVE-2020-28483
RESERVED
-CVE-2020-28482
- RESERVED
-CVE-2020-28481
- RESERVED
-CVE-2020-28480
- RESERVED
-CVE-2020-28479
- RESERVED
-CVE-2020-28478
- RESERVED
-CVE-2020-28477
- RESERVED
+CVE-2020-28482 (This affects the package fastify-csrf before 3.0.0. 1. The generated c ...)
+ TODO: check
+CVE-2020-28481 (The package socket.io before 2.4.0 are vulnerable to Insecure Defaults ...)
+ TODO: check
+CVE-2020-28480 (The package jointjs before 3.3.0 are vulnerable to Prototype Pollution ...)
+ TODO: check
+CVE-2020-28479 (The package jointjs before 3.3.0 are vulnerable to Denial of Service ( ...)
+ TODO: check
+CVE-2020-28478 (This affects the package gsap before 3.6.0. ...)
+ TODO: check
+CVE-2020-28477 (This affects all versions of package immer. ...)
+ TODO: check
CVE-2020-28476 (All versions of package tornado are vulnerable to Web Cache Poisoning ...)
TODO: check
CVE-2020-28475
@@ -19061,8 +19104,8 @@ CVE-2020-28474
RESERVED
CVE-2020-28473 (The package bottle from 0 and before 0.12.19 are vulnerable to Web Cac ...)
TODO: check
-CVE-2020-28472
- RESERVED
+CVE-2020-28472 (This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0- ...)
+ TODO: check
CVE-2020-28471
RESERVED
CVE-2020-28470 (This affects the package @scullyio/scully before 1.0.9. The transfer s ...)
@@ -22647,8 +22690,8 @@ CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to ta
NOTE: https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335
CVE-2020-27734
RESERVED
-CVE-2020-27733
- RESERVED
+CVE-2020-27733 (Zoho ManageEngine Applications Manager before 14 build 14880 allows an ...)
+ TODO: check
CVE-2020-27732
RESERVED
CVE-2020-27731
@@ -24020,20 +24063,20 @@ CVE-2020-27278
RESERVED
CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointe ...)
NOT-FOR-US: Delta Electronics DOPSoft
-CVE-2020-27276
- RESERVED
+CVE-2020-27276 (SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the c ...)
+ TODO: check
CVE-2020-27275 (Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to ...)
NOT-FOR-US: Delta Electronics DOPSoft
CVE-2020-27274
RESERVED
CVE-2020-27273
RESERVED
-CVE-2020-27272
- RESERVED
+CVE-2020-27272 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The commun ...)
+ TODO: check
CVE-2020-27271
RESERVED
-CVE-2020-27270
- RESERVED
+CVE-2020-27270 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communicat ...)
+ TODO: check
CVE-2020-27269
RESERVED
CVE-2020-27268
@@ -32568,8 +32611,8 @@ CVE-2020-23524
RESERVED
CVE-2020-23523
RESERVED
-CVE-2020-23522
- RESERVED
+CVE-2020-23522 (Pixelimity 1.0 has cross-site request forgery via the admin/setting.ph ...)
+ TODO: check
CVE-2020-23521
RESERVED
CVE-2020-23520 (imcat 5.2 allows an authenticated file upload and consequently remote ...)
@@ -32928,8 +32971,8 @@ CVE-2020-23344
RESERVED
CVE-2020-23343
RESERVED
-CVE-2020-23342
- RESERVED
+CVE-2020-23342 (A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/ed ...)
+ TODO: check
CVE-2020-23341
RESERVED
CVE-2020-23340
@@ -37717,8 +37760,8 @@ CVE-2020-20952
RESERVED
CVE-2020-20951
RESERVED
-CVE-2020-20950
- RESERVED
+CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip L ...)
+ TODO: check
CVE-2020-20949
RESERVED
CVE-2020-20948
@@ -69040,8 +69083,8 @@ CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to
NOT-FOR-US: HCI
CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
NOT-FOR-US: HCI
-CVE-2020-8581
- RESERVED
+CVE-2020-8581 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible ...)
+ TODO: check
CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are suscep ...)
NOT-FOR-US: SANtricity OS Controller Software
CVE-2020-8579 (Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a v ...)
@@ -78757,8 +78800,8 @@ CVE-2020-4883
RESERVED
CVE-2020-4882
RESERVED
-CVE-2020-4881
- RESERVED
+CVE-2020-4881 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ TODO: check
CVE-2020-4880
RESERVED
CVE-2020-4879
@@ -78773,12 +78816,12 @@ CVE-2020-4875
RESERVED
CVE-2020-4874
RESERVED
-CVE-2020-4873
- RESERVED
+CVE-2020-4873 (IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive ...)
+ TODO: check
CVE-2020-4872
RESERVED
-CVE-2020-4871
- RESERVED
+CVE-2020-4871 (IBM Planning Analytics 2.0 allows web pages to be stored locally which ...)
+ TODO: check
CVE-2020-4870 (IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack cau ...)
NOT-FOR-US: IBM
CVE-2020-4869 (IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of servi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4650ed77d24c7892bf4a9f869c97a8eb9fefccf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4650ed77d24c7892bf4a9f869c97a8eb9fefccf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210119/b7c8ccc8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list