[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jan 26 20:10:30 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d0dbf096 by security tracker role at 2021-01-26T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,8 +18,8 @@ CVE-2021-3299
 	RESERVED
 CVE-2021-3298
 	RESERVED
-CVE-2021-3297
-	RESERVED
+CVE-2021-3297 (On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to  ...)
+	TODO: check
 CVE-2021-3296
 	RESERVED
 CVE-2021-3295
@@ -1124,8 +1124,8 @@ CVE-2021-25866
 	RESERVED
 CVE-2021-25865
 	RESERVED
-CVE-2021-25864
-	RESERVED
+CVE-2021-25864 (node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Direct ...)
+	TODO: check
 CVE-2021-25863 (Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 14 ...)
 	NOT-FOR-US: Open5GS
 CVE-2021-25862
@@ -2609,6 +2609,7 @@ CVE-2021-3157
 	RESERVED
 CVE-2021-3156 [Heap-based buffer overflow]
 	RESERVED
+	{DSA-4839-1 DLA-2534-1}
 	- sudo 1.9.5p1-1.1
 	NOTE: https://www.sudo.ws/alerts/unescape_overflow.html
 	NOTE: https://www.sudo.ws/repos/sudo/rev/9b97f1787804
@@ -6638,8 +6639,8 @@ CVE-2021-23274
 	RESERVED
 CVE-2021-23273
 	RESERVED
-CVE-2021-23272
-	RESERVED
+CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...)
+	TODO: check
 CVE-2021-23271
 	RESERVED
 CVE-2021-3113 (Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers  ...)
@@ -10109,8 +10110,7 @@ CVE-2021-21617
 	RESERVED
 CVE-2021-21616
 	RESERVED
-CVE-2021-21615
-	RESERVED
+CVE-2021-21615 (Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the ...)
 	NOT-FOR-US: Jenkins
 CVE-2021-21614 (Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials u ...)
 	NOT-FOR-US: Jenkins plugin
@@ -15558,8 +15558,8 @@ CVE-2020-35265
 	RESERVED
 CVE-2020-35264
 	RESERVED
-CVE-2020-35263
-	RESERVED
+CVE-2020-35263 (EgavilanMedia User Registration & Login System 1.0 is affected by  ...)
+	TODO: check
 CVE-2020-35262 (Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be e ...)
 	NOT-FOR-US: Digisol
 CVE-2020-35261
@@ -21516,7 +21516,7 @@ CVE-2020-28494
 CVE-2020-28493
 	RESERVED
 CVE-2020-28492
-	RESERVED
+	REJECTED
 CVE-2020-28491
 	RESERVED
 CVE-2020-28490
@@ -26476,16 +26476,16 @@ CVE-2020-27301
 	RESERVED
 CVE-2020-27300
 	RESERVED
-CVE-2020-27299
-	RESERVED
+CVE-2020-27299 (The affected product is vulnerable to an out-of-bounds read, which may ...)
+	TODO: check
 CVE-2020-27298 (Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1 ...)
 	NOT-FOR-US: Philips
-CVE-2020-27297
-	RESERVED
+CVE-2020-27297 (The affected product is vulnerable to a heap-based buffer overflow, wh ...)
+	TODO: check
 CVE-2020-27296
 	RESERVED
-CVE-2020-27295
-	RESERVED
+CVE-2020-27295 (The affected product has uncontrolled resource consumption issues, whi ...)
+	TODO: check
 CVE-2020-27294
 	RESERVED
 CVE-2020-27293 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type conf ...)
@@ -26498,24 +26498,24 @@ CVE-2020-27290
 	RESERVED
 CVE-2020-27289 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null poin ...)
 	NOT-FOR-US: Delta Electronics CNCSoft-B
-CVE-2020-27288
-	RESERVED
+CVE-2020-27288 (An untrusted pointer dereference has been identified in the way TPEdit ...)
+	TODO: check
 CVE-2020-27287 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable t ...)
 	NOT-FOR-US: Delta Electronics CNCSoft-B
 CVE-2020-27286
 	RESERVED
 CVE-2020-27285 (The default configuration of Crimson 3.1 (Build versions prior to 3119 ...)
 	NOT-FOR-US: Crimson
-CVE-2020-27284
-	RESERVED
+CVE-2020-27284 (TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write in ...)
+	TODO: check
 CVE-2020-27283 (An attacker could send a specially crafted message to Crimson 3.1 (Bui ...)
 	NOT-FOR-US: Crimson
 CVE-2020-27282
 	RESERVED
 CVE-2020-27281 (A stack-based buffer overflow may exist in Delta Electronics CNCSoft S ...)
 	NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
-CVE-2020-27280
-	RESERVED
+CVE-2020-27280 (A use after free issue has been identified in the way ISPSoft(v3.12 an ...)
+	TODO: check
 CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in the prot ...)
 	NOT-FOR-US: Crimson
 CVE-2020-27278
@@ -26526,8 +26526,8 @@ CVE-2020-27276 (SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A,
 	NOT-FOR-US: SOOIL Developments Co., Ltd.
 CVE-2020-27275 (Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to  ...)
 	NOT-FOR-US: Delta Electronics DOPSoft
-CVE-2020-27274
-	RESERVED
+CVE-2020-27274 (Some parsing functions in the affected product do not check the return ...)
+	TODO: check
 CVE-2020-27273
 	RESERVED
 CVE-2020-27272 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The commun ...)
@@ -31558,16 +31558,16 @@ CVE-2020-25175 (GE Healthcare Imaging and Ultrasound Products may allow specific
 	NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
 CVE-2020-25174 (A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3 ...)
 	NOT-FOR-US: B. Braun OnlineSuite Version AP
-CVE-2020-25173
-	RESERVED
+CVE-2020-25173 (An attacker with local network access can obtain a fixed cryptography  ...)
+	TODO: check
 CVE-2020-25172 (A relative path traversal attack in the B. Braun OnlineSuite Version A ...)
 	NOT-FOR-US: B. Braun OnlineSuite Version AP
 CVE-2020-25171
 	RESERVED
 CVE-2020-25170 (An Excel Macro Injection vulnerability exists in the export feature in ...)
 	NOT-FOR-US: B. Braun OnlineSuite Version AP
-CVE-2020-25169
-	RESERVED
+CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect data tra ...)
+	TODO: check
 CVE-2020-25168
 	RESERVED
 CVE-2020-25167
@@ -35214,12 +35214,12 @@ CVE-2020-23451 (Spiceworks Version <= 7.5.00107 is affected by CSRF which can
 	NOT-FOR-US: Spiceworks
 CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed  ...)
 	NOT-FOR-US: Spiceworks
-CVE-2020-23449
-	RESERVED
-CVE-2020-23448
-	RESERVED
-CVE-2020-23447
-	RESERVED
+CVE-2020-23449 (newbee-mall all versions are affected by incorrect access control to r ...)
+	TODO: check
+CVE-2020-23448 (newbee-mall all versions are affected by incorrect access control to r ...)
+	TODO: check
+CVE-2020-23447 (newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settl ...)
+	TODO: check
 CVE-2020-23446 (Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenti ...)
 	NOT-FOR-US: Verint Workforce Optimization suite
 CVE-2020-23445
@@ -47105,8 +47105,7 @@ CVE-2020-17524
 	REJECTED
 CVE-2020-17523
 	RESERVED
-CVE-2020-17522
-	RESERVED
+CVE-2020-17522 (When ORT (now via atstccfg) generates ip_allow.config files in Apache  ...)
 	NOT-FOR-US: Apache Traffic Control
 CVE-2020-17521 (Apache Groovy provides extension methods to aid with creating temporar ...)
 	- groovy 2.4.21-1 (bug #977399)
@@ -57323,8 +57322,8 @@ CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK
 	NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
 CVE-2020-13583
 	RESERVED
-CVE-2020-13582
-	RESERVED
+CVE-2020-13582 (A denial-of-service vulnerability exists in the HTTP Server functional ...)
+	TODO: check
 CVE-2020-13581
 	RESERVED
 CVE-2020-13580
@@ -69235,8 +69234,7 @@ CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0
 	NOTE: https://github.com/apache/trafficserver/pull/6922
 CVE-2020-9493
 	RESERVED
-CVE-2020-9492
-	RESERVED
+CVE-2020-9492 (In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alph ...)
 	- hadoop <itp> (bug #793644)
 CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by  ...)
 	NOT-FOR-US: Apache NiFi
@@ -72196,12 +72194,12 @@ CVE-2020-8297
 	RESERVED
 CVE-2020-8296
 	RESERVED
-CVE-2020-8295
-	RESERVED
+CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...)
+	TODO: check
 CVE-2020-8294
 	RESERVED
-CVE-2020-8293
-	RESERVED
+CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2, 19.0.5,  ...)
+	TODO: check
 CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scr ...)
 	NOT-FOR-US: Rocket.Chat
 CVE-2020-8291
@@ -78220,7 +78218,7 @@ CVE-2020-6026
 	RESERVED
 CVE-2020-6025
 	RESERVED
-CVE-2020-6024 (Check Point SmartConsole before R80.20 Build 119, R80.30 before Build  ...)
+CVE-2020-6024 (Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R8 ...)
 	TODO: check
 CVE-2020-6023 (Check Point ZoneAlarm before version 15.8.139.18543 allows a local act ...)
 	NOT-FOR-US: Check Point ZoneAlarm
@@ -81106,8 +81104,8 @@ CVE-2020-4951
 	RESERVED
 CVE-2020-4950
 	RESERVED
-CVE-2020-4949
-	RESERVED
+CVE-2020-4949 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
+	TODO: check
 CVE-2020-4948
 	RESERVED
 CVE-2020-4947
@@ -81226,8 +81224,8 @@ CVE-2020-4891
 	RESERVED
 CVE-2020-4890
 	RESERVED
-CVE-2020-4889
-	RESERVED
+CVE-2020-4889 (IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local ...)
+	TODO: check
 CVE-2020-4888
 	RESERVED
 CVE-2020-4887 (IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0dbf0967f524d95181ecfe10431793782e069cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0dbf0967f524d95181ecfe10431793782e069cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210126/3ace7539/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list