[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jan 28 20:10:31 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
431ac4d3 by security tracker role at 2021-01-28T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-3335
+	RESERVED
+CVE-2021-3334
+	RESERVED
+CVE-2021-26298
+	RESERVED
+CVE-2021-26297
+	RESERVED
+CVE-2021-26296
+	RESERVED
+CVE-2021-26295
+	RESERVED
 CVE-2021-3333
 	RESERVED
 CVE-2021-3332
@@ -1711,8 +1723,8 @@ CVE-2021-25649
 	RESERVED
 CVE-2021-25648
 	RESERVED
-CVE-2021-25647
-	RESERVED
+CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...)
+	TODO: check
 CVE-2021-25646
 	RESERVED
 CVE-2019-25014
@@ -7556,10 +7568,10 @@ CVE-2021-22877
 	RESERVED
 CVE-2021-22876
 	RESERVED
-CVE-2021-22875
-	RESERVED
-CVE-2021-22874
-	RESERVED
+CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
+	TODO: check
+CVE-2021-22874 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
+	TODO: check
 CVE-2021-22873 (Revive Adserver before 5.1.0 is vulnerable to open redirects via the ` ...)
 	NOT-FOR-US: Revive Adserver
 CVE-2021-22872 (Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site s ...)
@@ -13725,12 +13737,12 @@ CVE-2021-20624
 	RESERVED
 CVE-2021-20623
 	RESERVED
-CVE-2021-20622
-	RESERVED
-CVE-2021-20621
-	RESERVED
-CVE-2021-20620
-	RESERVED
+CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 ...)
+	TODO: check
+CVE-2021-20621 (Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firm ...)
+	TODO: check
+CVE-2021-20620 (Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9  ...)
+	TODO: check
 CVE-2021-20619 (Cross-site scripting vulnerability in GROWI (v4.2 Series) versions pri ...)
 	NOT-FOR-US: GROWI
 CVE-2021-20618 (Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, a ...)
@@ -14621,16 +14633,16 @@ CVE-2021-20189
 	REJECTED
 CVE-2021-20188
 	RESERVED
-CVE-2021-20187
-	RESERVED
-CVE-2021-20186
-	RESERVED
-CVE-2021-20185
-	RESERVED
-CVE-2021-20184
-	RESERVED
-CVE-2021-20183
-	RESERVED
+CVE-2021-20187 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16  ...)
+	TODO: check
+CVE-2021-20186 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16  ...)
+	TODO: check
+CVE-2021-20185 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16  ...)
+	TODO: check
+CVE-2021-20184 (It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a i ...)
+	TODO: check
+CVE-2021-20183 (It was found in Moodle before version 3.10.1 that some search inputs w ...)
+	TODO: check
 CVE-2021-20182
 	RESERVED
 CVE-2021-20181
@@ -28966,8 +28978,8 @@ CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there i
 	NOT-FOR-US: Node systeminformation
 CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, monitoring, ...)
 	- osquery <itp> (bug #803502)
-CVE-2020-26272
-	RESERVED
+CVE-2020-26272 (The Electron framework lets you write cross-platform desktop applicati ...)
+	TODO: check
 CVE-2020-26271 (In affected versions of TensorFlow under certain cases, loading a save ...)
 	- tensorflow <itp> (bug #804612)
 CVE-2020-26270 (In affected versions of TensorFlow running an LSTM/GRU model where the ...)
@@ -34619,7 +34631,7 @@ CVE-2020-23828 (A File Upload vulnerability in SourceCodester Online Course Regi
 	NOT-FOR-US: SourceCodester Online Course Registration
 CVE-2020-23827
 	RESERVED
-CVE-2020-23826 (The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote co ...)
+CVE-2020-23826 (** DISPUTED ** The Yale WIPC-303W 2.21 through 2.31 camera is vulnerab ...)
 	NOT-FOR-US: Yale WIPC-303W camera
 CVE-2020-23825
 	RESERVED
@@ -57509,8 +57521,8 @@ CVE-2020-13571
 	RESERVED
 CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
 	NOT-FOR-US: Foxit
-CVE-2020-13569
-	RESERVED
+CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL function ...)
+	TODO: check
 CVE-2020-13568
 	RESERVED
 CVE-2020-13567
@@ -79214,8 +79226,8 @@ CVE-2020-5628 (UNIQLO App for Android versions 7.3.3 and earlier allows remote a
 	NOT-FOR-US: UNIQLO App for Android
 CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows remote att ...)
 	NOT-FOR-US: Yodobashi App for Android
-CVE-2020-5626
-	RESERVED
+CVE-2020-5626 (Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0  ...)
+	TODO: check
 CVE-2020-5625 (Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows  ...)
 	NOT-FOR-US: XooNIps
 CVE-2020-5624 (SQL injection vulnerability in the XooNIps 3.48 and earlier allows rem ...)
@@ -81388,8 +81400,8 @@ CVE-2020-4890
 	RESERVED
 CVE-2020-4889 (IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local ...)
 	NOT-FOR-US: IBM
-CVE-2020-4888
-	RESERVED
+CVE-2020-4888 (IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 coul ...)
+	TODO: check
 CVE-2020-4887 (IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit  ...)
 	NOT-FOR-US: IBM
 CVE-2020-4886 (IBM InfoSphere Information Server 11.7 stores sensitive information in ...)
@@ -81803,8 +81815,8 @@ CVE-2020-4684
 	RESERVED
 CVE-2020-4683
 	RESERVED
-CVE-2020-4682
-	RESERVED
+CVE-2020-4682 (IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote at ...)
+	TODO: check
 CVE-2020-4681 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2020-4680 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
@@ -90511,13 +90523,12 @@ CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows conta
 	NOTE: Introduced in: https://github.com/containers/libpod/commit/997c4b56ed2121726e966afe9a102ed16ba78f93 (v1.6.0-rc1)
 	NOTE: https://github.com/containers/libpod/pull/5168
 	NOTE: Fixed by: https://github.com/containers/libpod/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42 (v1.8.1-rc1)
-CVE-2020-1725
-	RESERVED
+CVE-2020-1725 (A flaw was found in keycloak before version 13.0.0. In some scenarios  ...)
 	NOT-FOR-US: Keycloak
 CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This flaw allow ...)
 	NOT-FOR-US: Keycloak
-CVE-2020-1723
-	RESERVED
+CVE-2020-1723 (The logout endpoint /oauth/logout?redirect=url can be abused to redire ...)
+	TODO: check
 CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...)
 	- freeipa 4.8.8-2 (bug #966200)
 	[buster] - freeipa <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/431ac4d3c1b57f138a3058c6472a5a3920e15c7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/431ac4d3c1b57f138a3058c6472a5a3920e15c7a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210128/631535dc/attachment.html>


More information about the debian-security-tracker-commits mailing list