[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 21 08:10:24 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f1816ee8 by security tracker role at 2021-01-21T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2021-3189
+ RESERVED
+CVE-2021-3188 (phpList 3.6.0 allows CSV injection, related to the email parameter, an ...)
+ TODO: check
+CVE-2021-3187
+ RESERVED
+CVE-2021-3186
+ RESERVED
+CVE-2021-25645
+ RESERVED
+CVE-2021-25644
+ RESERVED
+CVE-2021-25643
+ RESERVED
+CVE-2020-36200
+ RESERVED
+CVE-2020-36199
+ RESERVED
CVE-2021-25642
RESERVED
CVE-2021-25641
@@ -641,6 +659,7 @@ CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because t
CVE-2021-3182 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer ...)
NOT-FOR-US: D-Link
CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a deni ...)
+ {DLA-2529-1}
- mutt <unfixed> (bug #980326)
NOTE: https://gitlab.com/muttmua/mutt/-/issues/323
NOTE: https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17
@@ -748,8 +767,8 @@ CVE-2021-3166 (An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices.
NOT-FOR-US: ASUS devices
CVE-2021-3165
RESERVED
-CVE-2021-3164
- RESERVED
+CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. ...)
+ TODO: check
CVE-2021-3163
RESERVED
CVE-2021-25301
@@ -13882,8 +13901,8 @@ CVE-2020-35241 (FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the
NOT-FOR-US: FlatPress
CVE-2020-35240 (FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Con ...)
NOT-FOR-US: FluxBB
-CVE-2020-35239
- RESERVED
+CVE-2020-35239 (A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The Cs ...)
+ TODO: check
CVE-2020-35238
RESERVED
CVE-2020-35237
@@ -18837,8 +18856,8 @@ CVE-2021-1366
RESERVED
CVE-2021-1365
RESERVED
-CVE-2021-1364
- RESERVED
+CVE-2021-1364 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ TODO: check
CVE-2021-1363
RESERVED
CVE-2021-1362
@@ -18851,24 +18870,24 @@ CVE-2021-1359
RESERVED
CVE-2021-1358
RESERVED
-CVE-2021-1357
- RESERVED
+CVE-2021-1357 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ TODO: check
CVE-2021-1356
RESERVED
-CVE-2021-1355
- RESERVED
+CVE-2021-1355 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ TODO: check
CVE-2021-1354
RESERVED
-CVE-2021-1353
- RESERVED
+CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS could al ...)
+ TODO: check
CVE-2021-1352
RESERVED
CVE-2021-1351
RESERVED
-CVE-2021-1350
- RESERVED
-CVE-2021-1349
- RESERVED
+CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an unauthe ...)
+ TODO: check
+CVE-2021-1349 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ TODO: check
CVE-2021-1348
RESERVED
CVE-2021-1347
@@ -18941,8 +18960,8 @@ CVE-2021-1314
RESERVED
CVE-2021-1313
RESERVED
-CVE-2021-1312
- RESERVED
+CVE-2021-1312 (A vulnerability in the system resource management of Cisco Elastic Ser ...)
+ TODO: check
CVE-2021-1311 (A vulnerability in the reclaim host role feature of Cisco Webex Meetin ...)
NOT-FOR-US: Cisco
CVE-2021-1310 (A vulnerability in the web-based management interface of Cisco Webex M ...)
@@ -18955,22 +18974,22 @@ CVE-2021-1307 (Multiple vulnerabilities in the web-based management interface of
NOT-FOR-US: Cisco
CVE-2021-1306
RESERVED
-CVE-2021-1305
- RESERVED
-CVE-2021-1304
- RESERVED
-CVE-2021-1303
- RESERVED
-CVE-2021-1302
- RESERVED
-CVE-2021-1301
- RESERVED
-CVE-2021-1300
- RESERVED
-CVE-2021-1299
- RESERVED
-CVE-2021-1298
- RESERVED
+CVE-2021-1305 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1304 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1303 (A vulnerability in the user management roles of Cisco DNA Center could ...)
+ TODO: check
+CVE-2021-1302 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1301 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ TODO: check
+CVE-2021-1300 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ TODO: check
+CVE-2021-1299 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ TODO: check
+CVE-2021-1298 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ TODO: check
CVE-2021-1297
RESERVED
CVE-2021-1296
@@ -18993,86 +19012,86 @@ CVE-2021-1288
RESERVED
CVE-2021-1287
RESERVED
-CVE-2021-1286
- RESERVED
+CVE-2021-1286 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2021-1285
RESERVED
CVE-2021-1284
RESERVED
-CVE-2021-1283
- RESERVED
-CVE-2021-1282
- RESERVED
+CVE-2021-1283 (A vulnerability in the logging subsystem of Cisco Data Center Network ...)
+ TODO: check
+CVE-2021-1282 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ TODO: check
CVE-2021-1281
RESERVED
-CVE-2021-1280
- RESERVED
-CVE-2021-1279
- RESERVED
-CVE-2021-1278
- RESERVED
-CVE-2021-1277
- RESERVED
-CVE-2021-1276
- RESERVED
+CVE-2021-1280 (A vulnerability in the loading mechanism of specific DLLs of Cisco Adv ...)
+ TODO: check
+CVE-2021-1279 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ TODO: check
+CVE-2021-1278 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ TODO: check
+CVE-2021-1277 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) c ...)
+ TODO: check
+CVE-2021-1276 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) c ...)
+ TODO: check
CVE-2021-1275
RESERVED
-CVE-2021-1274
- RESERVED
-CVE-2021-1273
- RESERVED
-CVE-2021-1272
- RESERVED
-CVE-2021-1271
- RESERVED
-CVE-2021-1270
- RESERVED
-CVE-2021-1269
- RESERVED
+CVE-2021-1274 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ TODO: check
+CVE-2021-1273 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ TODO: check
+CVE-2021-1272 (A vulnerability in the session validation feature of Cisco Data Center ...)
+ TODO: check
+CVE-2021-1271 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ TODO: check
+CVE-2021-1270 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1269 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2021-1268
RESERVED
CVE-2021-1267 (A vulnerability in the dashboard widget of Cisco Firepower Management ...)
NOT-FOR-US: Cisco
CVE-2021-1266
RESERVED
-CVE-2021-1265
- RESERVED
-CVE-2021-1264
- RESERVED
-CVE-2021-1263
- RESERVED
-CVE-2021-1262
- RESERVED
-CVE-2021-1261
- RESERVED
-CVE-2021-1260
- RESERVED
-CVE-2021-1259
- RESERVED
+CVE-2021-1265 (A vulnerability in the configuration archive functionality of Cisco DN ...)
+ TODO: check
+CVE-2021-1264 (A vulnerability in the Command Runner tool of Cisco DNA Center could a ...)
+ TODO: check
+CVE-2021-1263 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ TODO: check
+CVE-2021-1262 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ TODO: check
+CVE-2021-1261 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ TODO: check
+CVE-2021-1260 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ TODO: check
+CVE-2021-1259 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ TODO: check
CVE-2021-1258 (A vulnerability in the upgrade component of Cisco AnyConnect Secure Mo ...)
NOT-FOR-US: Cisco
-CVE-2021-1257
- RESERVED
+CVE-2021-1257 (A vulnerability in the web-based management interface of Cisco DNA Cen ...)
+ TODO: check
CVE-2021-1256
RESERVED
-CVE-2021-1255
- RESERVED
+CVE-2021-1255 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
+ TODO: check
CVE-2021-1254
RESERVED
-CVE-2021-1253
- RESERVED
+CVE-2021-1253 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2021-1252
RESERVED
CVE-2021-1251
RESERVED
-CVE-2021-1250
- RESERVED
-CVE-2021-1249
- RESERVED
-CVE-2021-1248
- RESERVED
-CVE-2021-1247
- RESERVED
+CVE-2021-1250 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1249 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1248 (Multiple vulnerabilities in certain REST API endpoints of Cisco Data C ...)
+ TODO: check
+CVE-2021-1247 (Multiple vulnerabilities in certain REST API endpoints of Cisco Data C ...)
+ TODO: check
CVE-2021-1246 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1245 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -19083,8 +19102,8 @@ CVE-2021-1243
RESERVED
CVE-2021-1242 (A vulnerability in Cisco Webex Teams could allow an unauthenticated, r ...)
NOT-FOR-US: Cisco
-CVE-2021-1241
- RESERVED
+CVE-2021-1241 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ TODO: check
CVE-2021-1240 (A vulnerability in the loading process of specific DLLs in Cisco Proxi ...)
NOT-FOR-US: Cisco
CVE-2021-1239 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -19095,12 +19114,12 @@ CVE-2021-1237 (A vulnerability in the Network Access Manager and Web Security Ag
NOT-FOR-US: Cisco
CVE-2021-1236 (Multiple Cisco products are affected by a vulnerability in the Snort a ...)
NOT-FOR-US: Cisco
-CVE-2021-1235
- RESERVED
+CVE-2021-1235 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
+ TODO: check
CVE-2021-1234
RESERVED
-CVE-2021-1233
- RESERVED
+CVE-2021-1233 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ TODO: check
CVE-2021-1232
RESERVED
CVE-2021-1231
@@ -19115,22 +19134,22 @@ CVE-2021-1227
RESERVED
CVE-2021-1226 (A vulnerability in the audit logging component of Cisco Unified Commun ...)
NOT-FOR-US: Cisco
-CVE-2021-1225
- RESERVED
+CVE-2021-1225 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2021-1224 (Multiple Cisco products are affected by a vulnerability with TCP Fast ...)
NOT-FOR-US: Cisco
CVE-2021-1223 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
NOT-FOR-US: Cisco
-CVE-2021-1222
- RESERVED
+CVE-2021-1222 (A vulnerability in the web-based management interface of Cisco Smart S ...)
+ TODO: check
CVE-2021-1221
RESERVED
CVE-2021-1220
RESERVED
-CVE-2021-1219
- RESERVED
-CVE-2021-1218
- RESERVED
+CVE-2021-1219 (A vulnerability in Cisco Smart Software Manager Satellite could allow ...)
+ TODO: check
+CVE-2021-1218 (A vulnerability in the web management interface of Cisco Smart Softwar ...)
+ TODO: check
CVE-2021-1217 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1216 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -19281,34 +19300,34 @@ CVE-2021-1144 (A vulnerability in Cisco Connected Mobile Experiences (CMX) could
NOT-FOR-US: Cisco
CVE-2021-1143 (A vulnerability in Cisco Connected Mobile Experiences (CMX) API author ...)
NOT-FOR-US: Cisco
-CVE-2021-1142
- RESERVED
-CVE-2021-1141
- RESERVED
-CVE-2021-1140
- RESERVED
-CVE-2021-1139
- RESERVED
-CVE-2021-1138
- RESERVED
+CVE-2021-1142 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ TODO: check
+CVE-2021-1141 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ TODO: check
+CVE-2021-1140 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ TODO: check
+CVE-2021-1139 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ TODO: check
+CVE-2021-1138 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ TODO: check
CVE-2021-1137
RESERVED
CVE-2021-1136
RESERVED
-CVE-2021-1135
- RESERVED
+CVE-2021-1135 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
+ TODO: check
CVE-2021-1134
RESERVED
-CVE-2021-1133
- RESERVED
+CVE-2021-1133 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
+ TODO: check
CVE-2021-1132
RESERVED
CVE-2021-1131 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
NOT-FOR-US: Cisco
CVE-2021-1130 (A vulnerability in the web-based management interface of Cisco DNA Cen ...)
NOT-FOR-US: Cisco
-CVE-2021-1129
- RESERVED
+CVE-2021-1129 (A vulnerability in the authentication for the general purpose APIs imp ...)
+ TODO: check
CVE-2021-1128
RESERVED
CVE-2021-1127 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
@@ -19563,12 +19582,12 @@ CVE-2021-1071
RESERVED
CVE-2021-1070
RESERVED
-CVE-2021-1069
- RESERVED
-CVE-2021-1068
- RESERVED
-CVE-2021-1067
- RESERVED
+CVE-2021-1069 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
+ TODO: check
+CVE-2021-1068 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
+ TODO: check
+CVE-2021-1067 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
+ TODO: check
CVE-2021-1066 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
NOT-FOR-US: NVIDIA vGPU manager
CVE-2021-1065 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
@@ -22889,10 +22908,10 @@ CVE-2020-27861
RESERVED
CVE-2020-27860
RESERVED
-CVE-2020-27859
- RESERVED
-CVE-2020-27858
- RESERVED
+CVE-2020-27859 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2020-27858 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
CVE-2020-27857
RESERVED
CVE-2020-27856
@@ -23400,8 +23419,8 @@ CVE-2020-27737
RESERVED
CVE-2020-27736
RESERVED
-CVE-2020-27735
- RESERVED
+CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME ele ...)
+ TODO: check
CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to take own ...)
- openrc <unfixed> (bug #973245)
[buster] - openrc <no-dsa> (Minor issue)
@@ -24163,8 +24182,8 @@ CVE-2020-27585 (Quick Heal Total Security before 19.0 allows attackers with loca
NOT-FOR-US: Quick Heal Total Security
CVE-2020-27584
RESERVED
-CVE-2020-27583
- RESERVED
+CVE-2020-27583 (** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5. ...)
+ TODO: check
CVE-2020-27582
RESERVED
CVE-2020-27581
@@ -24740,8 +24759,8 @@ CVE-2020-27300
RESERVED
CVE-2020-27299
RESERVED
-CVE-2020-27298
- RESERVED
+CVE-2020-27298 (Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1 ...)
+ TODO: check
CVE-2020-27297
RESERVED
CVE-2020-27296
@@ -24894,8 +24913,8 @@ CVE-2020-27223
RESERVED
CVE-2020-27222
RESERVED
-CVE-2020-27221
- RESERVED
+CVE-2020-27221 (In Eclipse OpenJ9 up to version 0.23, there is potential for a stack-b ...)
+ TODO: check
CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check whether ...)
TODO: check
CVE-2020-27219 (In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not ...)
@@ -27052,8 +27071,8 @@ CVE-2020-26280 (OpenSlides is a free, Web-based presentation and assembly system
NOT-FOR-US: OpenSlides
CVE-2020-26279
RESERVED
-CVE-2020-26278
- RESERVED
+CVE-2020-26278 (Weave Net is open source software which creates a virtual network that ...)
+ TODO: check
CVE-2020-26277 (DBdeployer is a tool that deploys MySQL database servers easily. In DB ...)
NOT-FOR-US: DBdeployer
CVE-2020-26276 (Fleet is an open source osquery manager. In Fleet before version 3.5.1 ...)
@@ -27130,8 +27149,8 @@ CVE-2020-26254 (omniauth-apple is the OmniAuth strategy for "Sign In with Apple"
NOT-FOR-US: omniauth-apple
CVE-2020-26253 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and ...)
NOT-FOR-US: Kirby CMS
-CVE-2020-26252
- RESERVED
+CVE-2020-26252 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...)
+ TODO: check
CVE-2020-26251 (Open Zaak is a modern, open-source data- and services-layer to enable ...)
NOT-FOR-US: Open Zaak
CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthent ...)
@@ -31188,8 +31207,8 @@ CVE-2020-24551 (IProom MMC+ Server login page does not validate specific paramet
NOT-FOR-US: IProom MMC+ Server
CVE-2020-24550
RESERVED
-CVE-2020-24549
- RESERVED
+CVE-2020-24549 (openMAINT before 1.1-2.4.2 allows remote authenticated users to run ar ...)
+ TODO: check
CVE-2020-24548 (Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSR ...)
NOT-FOR-US: Ericom
CVE-2020-24547
@@ -32196,8 +32215,8 @@ CVE-2020-24087
RESERVED
CVE-2020-24086
RESERVED
-CVE-2020-24085
- RESERVED
+CVE-2020-24085 (A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in ...)
+ TODO: check
CVE-2020-24084
RESERVED
CVE-2020-24083
@@ -64271,7 +64290,7 @@ CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remot
NOT-FOR-US: Gira TKS-IP-Gateway
CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...)
NOT-FOR-US: Gira TKS-IP-Gateway
-CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to ga ...)
+CVE-2020-10793 (CodeIgniter through 4.0.0 allows remote attackers to gain privileges v ...)
- codeigniter <itp> (bug #471583)
CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
NOT-FOR-US: openITCOCKPIT
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1816ee8f3cabf6e223eaeb6985c064ff66cf36b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1816ee8f3cabf6e223eaeb6985c064ff66cf36b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210121/e8840892/attachment.html>
More information about the debian-security-tracker-commits
mailing list