[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jan 28 08:10:30 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d8b91cfa by security tracker role at 2021-01-28T08:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2021-3333
+	RESERVED
+CVE-2021-3332
+	RESERVED
+CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...)
+	TODO: check
+CVE-2021-3330
+	RESERVED
+CVE-2021-3329
+	RESERVED
+CVE-2021-3328
+	RESERVED
+CVE-2021-3327
+	RESERVED
+CVE-2021-26294
+	RESERVED
+CVE-2021-26293
+	RESERVED
+CVE-2021-26292
+	RESERVED
+CVE-2021-26291
+	RESERVED
+CVE-2021-26290
+	RESERVED
+CVE-2021-26289
+	RESERVED
+CVE-2021-26288
+	RESERVED
+CVE-2021-26287
+	RESERVED
+CVE-2021-26286
+	RESERVED
+CVE-2021-26285
+	RESERVED
+CVE-2021-26284
+	RESERVED
+CVE-2021-26283
+	RESERVED
+CVE-2021-26282
+	RESERVED
+CVE-2021-26281
+	RESERVED
+CVE-2021-26280
+	RESERVED
+CVE-2021-26279
+	RESERVED
+CVE-2021-26278
+	RESERVED
+CVE-2021-26277
+	RESERVED
+CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka C ...)
+	TODO: check
+CVE-2021-26275
+	RESERVED
+CVE-2020-36240
+	RESERVED
+CVE-2020-36239
+	RESERVED
+CVE-2020-36238
+	RESERVED
+CVE-2020-36237
+	RESERVED
+CVE-2020-36236
+	RESERVED
+CVE-2020-36235
+	RESERVED
+CVE-2020-36234
+	RESERVED
+CVE-2020-36233
+	RESERVED
+CVE-2020-36232
+	RESERVED
+CVE-2020-36231
+	RESERVED
 CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...)
 	NOT-FOR-US: Monitorix
 CVE-2021-3324
@@ -18,7 +92,7 @@ CVE-2021-26274
 	RESERVED
 CVE-2021-26273
 	RESERVED
-CVE-2021-3326 [glibc: assertion failure in ISO-2022-JP-3 module]
+CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and  ...)
 	- glibc <unfixed> (bug #981198)
 	[buster] - glibc <no-dsa> (Minor issue)
 	[stretch] - glibc <no-dsa> (Minor issue)
@@ -495,8 +569,8 @@ CVE-2021-26069
 	RESERVED
 CVE-2021-26068
 	RESERVED
-CVE-2021-26067
-	RESERVED
+CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated remote  ...)
+	TODO: check
 CVE-2021-26066
 	RESERVED
 CVE-2021-26065
@@ -2560,8 +2634,8 @@ CVE-2021-25249
 	RESERVED
 CVE-2021-25248
 	RESERVED
-CVE-2021-25247
-	RESERVED
+CVE-2021-25247 (A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks  ...)
+	TODO: check
 CVE-2021-25246
 	RESERVED
 CVE-2021-25245
@@ -2602,12 +2676,12 @@ CVE-2021-25228
 	RESERVED
 CVE-2021-25227
 	RESERVED
-CVE-2021-25226
-	RESERVED
-CVE-2021-25225
-	RESERVED
-CVE-2021-25224
-	RESERVED
+CVE-2021-25226 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...)
+	TODO: check
+CVE-2021-25225 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...)
+	TODO: check
+CVE-2021-25224 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...)
+	TODO: check
 CVE-2021-25223
 	RESERVED
 CVE-2021-25222
@@ -4874,7 +4948,7 @@ CVE-2021-3144
 CVE-2021-3143
 	RESERVED
 CVE-2021-3142
-	RESERVED
+	REJECTED
 CVE-2021-3141
 	RESERVED
 CVE-2021-24121
@@ -8109,8 +8183,8 @@ CVE-2021-22639 (An uninitialized pointer issue has been identified in the way th
 	TODO: check
 CVE-2021-22638
 	RESERVED
-CVE-2021-22637
-	RESERVED
+CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...)
+	TODO: check
 CVE-2021-22636
 	RESERVED
 CVE-2021-22635
@@ -15922,8 +15996,8 @@ CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to c
 	NOT-FOR-US: Typesetter CMS
 CVE-2020-35125
 	RESERVED
-CVE-2020-35124
-	RESERVED
+CVE-2020-35124 (A cross-site scripting (XSS) vulnerability in the assets component of  ...)
+	TODO: check
 CVE-2020-35123 (In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10  ...)
 	NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
 CVE-2020-35122 (An issue was discovered in the Keysight Database Connector plugin befo ...)
@@ -30023,14 +30097,14 @@ CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 202
 	NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
 CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L  ...)
 	NOT-FOR-US: D-Link
-CVE-2020-25785
-	RESERVED
-CVE-2020-25784
-	RESERVED
-CVE-2020-25783
-	RESERVED
-CVE-2020-25782
-	RESERVED
+CVE-2020-25785 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...)
+	TODO: check
+CVE-2020-25784 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...)
+	TODO: check
+CVE-2020-25783 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...)
+	TODO: check
+CVE-2020-25782 (An issue was discovered on Accfly Wireless Security IR Camera 720P Sys ...)
+	TODO: check
 CVE-2020-25781 (An issue was discovered in file_download.php in MantisBT before 2.24.3 ...)
 	- mantis <removed>
 CVE-2020-25796 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
@@ -72280,7 +72354,7 @@ CVE-2020-8297
 CVE-2020-8296
 	RESERVED
 CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...)
-	 - nextcloud-server <itp> (bug #941708)
+	- nextcloud-server <itp> (bug #941708)
 CVE-2020-8294
 	RESERVED
 CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2, 19.0.5,  ...)
@@ -96659,7 +96733,7 @@ CVE-2020-0239 (In getDocumentMetadata of DocumentsContract.java, there is a poss
 CVE-2020-0238 (In updatePreferenceIntents of AccountTypePreferenceLoader, there is a  ...)
 	NOT-FOR-US: Android
 CVE-2020-0237
-	RESERVED
+	REJECTED
 CVE-2020-0236 (In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of- ...)
 	TODO: check
 CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size ...)
@@ -121531,7 +121605,6 @@ CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a
 	NOTE: https://github.com/ansible/ansible/pull/63351
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
 CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...)
-	{DLA-2535-1}
 	- ansible 2.8.6+dfsg-1 (bug #933005)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[jessie] - ansible <not-affected> (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8b91cfaa06d0273000e62ad5d4b64249aa678e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8b91cfaa06d0273000e62ad5d4b64249aa678e4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210128/a5c71128/attachment.html>


More information about the debian-security-tracker-commits mailing list