[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 26 08:10:32 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8187c5d7 by security tracker role at 2021-01-26T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,335 @@
+CVE-2021-3307
+ RESERVED
+CVE-2021-3306
+ RESERVED
+CVE-2021-3305
+ RESERVED
+CVE-2021-3304 (Sagemcom F at ST 3686 v2 3.495 devices have a buffer overflow via a long ...)
+ TODO: check
+CVE-2021-3303
+ RESERVED
+CVE-2021-3302
+ RESERVED
+CVE-2021-3301
+ RESERVED
+CVE-2021-3300
+ RESERVED
+CVE-2021-3299
+ RESERVED
+CVE-2021-3298
+ RESERVED
+CVE-2021-3297
+ RESERVED
+CVE-2021-3296
+ RESERVED
+CVE-2021-3295
+ RESERVED
+CVE-2021-3294
+ RESERVED
+CVE-2021-3293
+ RESERVED
+CVE-2021-3292
+ RESERVED
+CVE-2021-3291 (Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by insp ...)
+ TODO: check
+CVE-2021-3290
+ RESERVED
+CVE-2021-3289
+ RESERVED
+CVE-2021-3288
+ RESERVED
+CVE-2021-26269
+ RESERVED
+CVE-2021-26268
+ RESERVED
+CVE-2021-26267 (cPanel before 92.0.9 allows a MySQL user (who has an old-style passwor ...)
+ TODO: check
+CVE-2021-26266 (cPanel before 92.0.9 allows a Reseller to bypass the suspension lock ( ...)
+ TODO: check
+CVE-2021-26246
+ RESERVED
+CVE-2021-26245
+ RESERVED
+CVE-2021-26244
+ RESERVED
+CVE-2021-26243
+ RESERVED
+CVE-2021-26242
+ RESERVED
+CVE-2021-26241
+ RESERVED
+CVE-2021-26240
+ RESERVED
+CVE-2021-26239
+ RESERVED
+CVE-2021-26238
+ RESERVED
+CVE-2021-26237
+ RESERVED
+CVE-2021-26236
+ RESERVED
+CVE-2021-26235
+ RESERVED
+CVE-2021-26234
+ RESERVED
+CVE-2021-26233
+ RESERVED
+CVE-2021-26232
+ RESERVED
+CVE-2021-26231
+ RESERVED
+CVE-2021-26230
+ RESERVED
+CVE-2021-26229
+ RESERVED
+CVE-2021-26228
+ RESERVED
+CVE-2021-26227
+ RESERVED
+CVE-2021-26226
+ RESERVED
+CVE-2021-26225
+ RESERVED
+CVE-2021-26224
+ RESERVED
+CVE-2021-26223
+ RESERVED
+CVE-2021-26222
+ RESERVED
+CVE-2021-26221
+ RESERVED
+CVE-2021-26220
+ RESERVED
+CVE-2021-26219
+ RESERVED
+CVE-2021-26218
+ RESERVED
+CVE-2021-26217
+ RESERVED
+CVE-2021-26216
+ RESERVED
+CVE-2021-26215
+ RESERVED
+CVE-2021-26214
+ RESERVED
+CVE-2021-26213
+ RESERVED
+CVE-2021-26212
+ RESERVED
+CVE-2021-26211
+ RESERVED
+CVE-2021-26210
+ RESERVED
+CVE-2021-26209
+ RESERVED
+CVE-2021-26208
+ RESERVED
+CVE-2021-26207
+ RESERVED
+CVE-2021-26206
+ RESERVED
+CVE-2021-26205
+ RESERVED
+CVE-2021-26204
+ RESERVED
+CVE-2021-26203
+ RESERVED
+CVE-2021-26202
+ RESERVED
+CVE-2021-26201
+ RESERVED
+CVE-2021-26200
+ RESERVED
+CVE-2021-26199
+ RESERVED
+CVE-2021-26198
+ RESERVED
+CVE-2021-26197
+ RESERVED
+CVE-2021-26196
+ RESERVED
+CVE-2021-26195
+ RESERVED
+CVE-2021-26194
+ RESERVED
+CVE-2021-26193
+ RESERVED
+CVE-2021-26192
+ RESERVED
+CVE-2021-26191
+ RESERVED
+CVE-2021-26190
+ RESERVED
+CVE-2021-26189
+ RESERVED
+CVE-2021-26188
+ RESERVED
+CVE-2021-26187
+ RESERVED
+CVE-2021-26186
+ RESERVED
+CVE-2021-26185
+ RESERVED
+CVE-2021-26184
+ RESERVED
+CVE-2021-26183
+ RESERVED
+CVE-2021-26182
+ RESERVED
+CVE-2021-26181
+ RESERVED
+CVE-2021-26180
+ RESERVED
+CVE-2021-26179
+ RESERVED
+CVE-2021-26178
+ RESERVED
+CVE-2021-26177
+ RESERVED
+CVE-2021-26176
+ RESERVED
+CVE-2021-26175
+ RESERVED
+CVE-2021-26174
+ RESERVED
+CVE-2021-26173
+ RESERVED
+CVE-2021-26172
+ RESERVED
+CVE-2021-26171
+ RESERVED
+CVE-2021-26170
+ RESERVED
+CVE-2021-26169
+ RESERVED
+CVE-2021-26168
+ RESERVED
+CVE-2021-26167
+ RESERVED
+CVE-2021-26166
+ RESERVED
+CVE-2021-26165
+ RESERVED
+CVE-2021-26164
+ RESERVED
+CVE-2021-26163
+ RESERVED
+CVE-2021-26162
+ RESERVED
+CVE-2021-26161
+ RESERVED
+CVE-2021-26160
+ RESERVED
+CVE-2021-26159
+ RESERVED
+CVE-2021-26158
+ RESERVED
+CVE-2021-26157
+ RESERVED
+CVE-2021-26156
+ RESERVED
+CVE-2021-26155
+ RESERVED
+CVE-2021-26154
+ RESERVED
+CVE-2021-26153
+ RESERVED
+CVE-2021-26152
+ RESERVED
+CVE-2021-26151
+ RESERVED
+CVE-2021-26150
+ RESERVED
+CVE-2021-26149
+ RESERVED
+CVE-2021-26148
+ RESERVED
+CVE-2021-26147
+ RESERVED
+CVE-2021-26146
+ RESERVED
+CVE-2021-26145
+ RESERVED
+CVE-2021-26144
+ RESERVED
+CVE-2021-26143
+ RESERVED
+CVE-2021-26142
+ RESERVED
+CVE-2021-26141
+ RESERVED
+CVE-2021-26140
+ RESERVED
+CVE-2021-26139
+ RESERVED
+CVE-2021-26138
+ RESERVED
+CVE-2021-26137
+ RESERVED
+CVE-2021-26136
+ RESERVED
+CVE-2021-26135
+ RESERVED
+CVE-2021-26134
+ RESERVED
+CVE-2021-26133
+ RESERVED
+CVE-2021-26132
+ RESERVED
+CVE-2021-26131
+ RESERVED
+CVE-2021-26130
+ RESERVED
+CVE-2021-26129
+ RESERVED
+CVE-2021-26128
+ RESERVED
+CVE-2021-26127
+ RESERVED
+CVE-2021-26126
+ RESERVED
+CVE-2021-26125
+ RESERVED
+CVE-2021-26124
+ RESERVED
+CVE-2021-23232
+ RESERVED
+CVE-2021-23230
+ RESERVED
+CVE-2021-23224
+ RESERVED
+CVE-2021-23220
+ RESERVED
+CVE-2021-23212
+ RESERVED
+CVE-2021-23211
+ RESERVED
+CVE-2021-23205
+ RESERVED
+CVE-2021-23204
+ RESERVED
+CVE-2021-23199
+ RESERVED
+CVE-2021-23197
+ RESERVED
+CVE-2021-23193
+ RESERVED
+CVE-2021-23185
+ RESERVED
+CVE-2021-23182
+ RESERVED
+CVE-2021-23167
+ RESERVED
+CVE-2021-23162
+ RESERVED
+CVE-2021-23155
+ RESERVED
+CVE-2021-23146
+ RESERVED
+CVE-2021-23140
+ RESERVED
+CVE-2021-23136
+ RESERVED
CVE-2021-26123
RESERVED
CVE-2021-26122
@@ -670,8 +1002,8 @@ CVE-2021-3225
RESERVED
CVE-2021-3224
RESERVED
-CVE-2021-3223
- RESERVED
+CVE-2021-3223 (Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory tra ...)
+ TODO: check
CVE-2021-3222
RESERVED
CVE-2021-3221
@@ -794,8 +1126,8 @@ CVE-2021-25865
RESERVED
CVE-2021-25864
RESERVED
-CVE-2021-25863
- RESERVED
+CVE-2021-25863 (Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 14 ...)
+ TODO: check
CVE-2021-25862
RESERVED
CVE-2021-25861
@@ -1924,7 +2256,7 @@ CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because t
CVE-2021-3182 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer ...)
NOT-FOR-US: D-Link
CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a deni ...)
- {DLA-2529-1}
+ {DSA-4838-1 DLA-2529-1}
- mutt 2.0.5-1 (bug #980326)
NOTE: https://gitlab.com/muttmua/mutt/-/issues/323
NOTE: https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17
@@ -5121,8 +5453,7 @@ CVE-2021-3117
RESERVED
CVE-2021-3116 (before_upstream_connection in AuthPlugin in http/proxy/auth.py in prox ...)
NOT-FOR-US: proxy.py
-CVE-2021-3115 [cmd/go: packages using cgo can cause arbitrary code execution at build time]
- RESERVED
+CVE-2021-3115 (Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to ...)
- golang-1.15 1.15.7-1
- golang-1.11 <removed>
- golang-1.8 <removed>
@@ -5133,8 +5464,7 @@ CVE-2021-3115 [cmd/go: packages using cgo can cause arbitrary code execution at
NOTE: Mainly an issue on Windows but as well for Unix users who have '.' listed
NOTE: explicitly in PATH and running 'go get' outside of a module or with module
NOTE: mode disabled.
-CVE-2021-3114 [crypto/elliptic: incorrect operations on the P-224 curve]
- RESERVED
+CVE-2021-3114 (In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go ...)
- golang-1.15 1.15.7-1
- golang-1.11 <removed>
- golang-1.8 <removed>
@@ -10281,8 +10611,8 @@ CVE-2020-36013
RESERVED
CVE-2020-36012
RESERVED
-CVE-2020-36011
- RESERVED
+CVE-2020-36011 (A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart ...)
+ TODO: check
CVE-2020-36010
RESERVED
CVE-2020-36009
@@ -10814,10 +11144,10 @@ CVE-2020-35847 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Co
NOT-FOR-US: Agentejo Cockpit
CVE-2020-35846 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...)
NOT-FOR-US: Agentejo Cockpit
-CVE-2020-35845
- RESERVED
-CVE-2020-35844
- RESERVED
+CVE-2020-35845 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...)
+ TODO: check
+CVE-2020-35844 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...)
+ TODO: check
CVE-2020-35843 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...)
NOT-FOR-US: FastStone Image Viewer
CVE-2020-35842 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
@@ -11642,8 +11972,8 @@ CVE-2021-21277
RESERVED
CVE-2021-21276
RESERVED
-CVE-2021-21275
- RESERVED
+CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSR ...)
+ TODO: check
CVE-2021-21274
RESERVED
CVE-2021-21273
@@ -12177,8 +12507,8 @@ CVE-2020-35578 (An issue was discovered in the Manage Plugins page in Nagios XI
NOT-FOR-US: Nagios XI
CVE-2020-35577
RESERVED
-CVE-2020-35576
- RESERVED
+CVE-2020-35576 (A Command Injection issue in the traceroute feature on TP-Link TL-WR84 ...)
+ TODO: check
CVE-2020-35575 (A password-disclosure issue in the web interface on certain TP-Link de ...)
NOT-FOR-US: TP-Link
CVE-2020-35574
@@ -18840,14 +19170,14 @@ CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via a
NOT-FOR-US: PollNY MediaWiki extension
CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki ...)
NOT-FOR-US: CologneBlue MediaWiki skin
-CVE-2020-29001
- RESERVED
-CVE-2020-29000
- RESERVED
-CVE-2020-28999
- RESERVED
-CVE-2020-28998
- RESERVED
+CVE-2020-29001 (An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW0 ...)
+ TODO: check
+CVE-2020-29000 (An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A v ...)
+ TODO: check
+CVE-2020-28999 (An issue was discovered in Apexis Streaming Video Web Application on G ...)
+ TODO: check
+CVE-2020-28998 (An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A v ...)
+ TODO: check
CVE-2020-28997
RESERVED
CVE-2020-28996
@@ -25611,14 +25941,14 @@ CVE-2020-27544
RESERVED
CVE-2020-27543
RESERVED
-CVE-2020-27542
- RESERVED
-CVE-2020-27541
- RESERVED
-CVE-2020-27540
- RESERVED
-CVE-2020-27539
- RESERVED
+CVE-2020-27542 (Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. ...)
+ TODO: check
+CVE-2020-27541 (Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. Agen ...)
+ TODO: check
+CVE-2020-27540 (Bash injection vulnerability and bypass of signature verification in R ...)
+ TODO: check
+CVE-2020-27539 (Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW ...)
+ TODO: check
CVE-2020-27538
RESERVED
CVE-2020-27537
@@ -115655,7 +115985,7 @@ CVE-2019-12159 (GoHTTP through 2017-07-25 has a stack-based buffer over-read in
NOT-FOR-US: GoHTTP
CVE-2019-12158 (GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflo ...)
NOT-FOR-US: GoHTTP
-CVE-2019-12157 (In JetBrains TeamCity versions before 2018.2.5 and UpSource versions b ...)
+CVE-2019-12157 (In JetBrains UpSource versions before 2018.2 build 1293, there is cred ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2019-12156 (Server metadata could be exposed because one of the error messages ref ...)
NOT-FOR-US: JetBrains TeamCity
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8187c5d7f05427d552bc6bd59001c6c373e42d1f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8187c5d7f05427d552bc6bd59001c6c373e42d1f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210126/ac726224/attachment.html>
More information about the debian-security-tracker-commits
mailing list