[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 28 20:10:31 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
431ac4d3 by security tracker role at 2021-01-28T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-3335
+ RESERVED
+CVE-2021-3334
+ RESERVED
+CVE-2021-26298
+ RESERVED
+CVE-2021-26297
+ RESERVED
+CVE-2021-26296
+ RESERVED
+CVE-2021-26295
+ RESERVED
CVE-2021-3333
RESERVED
CVE-2021-3332
@@ -1711,8 +1723,8 @@ CVE-2021-25649
RESERVED
CVE-2021-25648
RESERVED
-CVE-2021-25647
- RESERVED
+CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...)
+ TODO: check
CVE-2021-25646
RESERVED
CVE-2019-25014
@@ -7556,10 +7568,10 @@ CVE-2021-22877
RESERVED
CVE-2021-22876
RESERVED
-CVE-2021-22875
- RESERVED
-CVE-2021-22874
- RESERVED
+CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
+ TODO: check
+CVE-2021-22874 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
+ TODO: check
CVE-2021-22873 (Revive Adserver before 5.1.0 is vulnerable to open redirects via the ` ...)
NOT-FOR-US: Revive Adserver
CVE-2021-22872 (Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site s ...)
@@ -13725,12 +13737,12 @@ CVE-2021-20624
RESERVED
CVE-2021-20623
RESERVED
-CVE-2021-20622
- RESERVED
-CVE-2021-20621
- RESERVED
-CVE-2021-20620
- RESERVED
+CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 ...)
+ TODO: check
+CVE-2021-20621 (Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firm ...)
+ TODO: check
+CVE-2021-20620 (Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 ...)
+ TODO: check
CVE-2021-20619 (Cross-site scripting vulnerability in GROWI (v4.2 Series) versions pri ...)
NOT-FOR-US: GROWI
CVE-2021-20618 (Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, a ...)
@@ -14621,16 +14633,16 @@ CVE-2021-20189
REJECTED
CVE-2021-20188
RESERVED
-CVE-2021-20187
- RESERVED
-CVE-2021-20186
- RESERVED
-CVE-2021-20185
- RESERVED
-CVE-2021-20184
- RESERVED
-CVE-2021-20183
- RESERVED
+CVE-2021-20187 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...)
+ TODO: check
+CVE-2021-20186 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...)
+ TODO: check
+CVE-2021-20185 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...)
+ TODO: check
+CVE-2021-20184 (It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a i ...)
+ TODO: check
+CVE-2021-20183 (It was found in Moodle before version 3.10.1 that some search inputs w ...)
+ TODO: check
CVE-2021-20182
RESERVED
CVE-2021-20181
@@ -28966,8 +28978,8 @@ CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there i
NOT-FOR-US: Node systeminformation
CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, monitoring, ...)
- osquery <itp> (bug #803502)
-CVE-2020-26272
- RESERVED
+CVE-2020-26272 (The Electron framework lets you write cross-platform desktop applicati ...)
+ TODO: check
CVE-2020-26271 (In affected versions of TensorFlow under certain cases, loading a save ...)
- tensorflow <itp> (bug #804612)
CVE-2020-26270 (In affected versions of TensorFlow running an LSTM/GRU model where the ...)
@@ -34619,7 +34631,7 @@ CVE-2020-23828 (A File Upload vulnerability in SourceCodester Online Course Regi
NOT-FOR-US: SourceCodester Online Course Registration
CVE-2020-23827
RESERVED
-CVE-2020-23826 (The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote co ...)
+CVE-2020-23826 (** DISPUTED ** The Yale WIPC-303W 2.21 through 2.31 camera is vulnerab ...)
NOT-FOR-US: Yale WIPC-303W camera
CVE-2020-23825
RESERVED
@@ -57509,8 +57521,8 @@ CVE-2020-13571
RESERVED
CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
-CVE-2020-13569
- RESERVED
+CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL function ...)
+ TODO: check
CVE-2020-13568
RESERVED
CVE-2020-13567
@@ -79214,8 +79226,8 @@ CVE-2020-5628 (UNIQLO App for Android versions 7.3.3 and earlier allows remote a
NOT-FOR-US: UNIQLO App for Android
CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows remote att ...)
NOT-FOR-US: Yodobashi App for Android
-CVE-2020-5626
- RESERVED
+CVE-2020-5626 (Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 ...)
+ TODO: check
CVE-2020-5625 (Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows ...)
NOT-FOR-US: XooNIps
CVE-2020-5624 (SQL injection vulnerability in the XooNIps 3.48 and earlier allows rem ...)
@@ -81388,8 +81400,8 @@ CVE-2020-4890
RESERVED
CVE-2020-4889 (IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local ...)
NOT-FOR-US: IBM
-CVE-2020-4888
- RESERVED
+CVE-2020-4888 (IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 coul ...)
+ TODO: check
CVE-2020-4887 (IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit ...)
NOT-FOR-US: IBM
CVE-2020-4886 (IBM InfoSphere Information Server 11.7 stores sensitive information in ...)
@@ -81803,8 +81815,8 @@ CVE-2020-4684
RESERVED
CVE-2020-4683
RESERVED
-CVE-2020-4682
- RESERVED
+CVE-2020-4682 (IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote at ...)
+ TODO: check
CVE-2020-4681 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
CVE-2020-4680 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
@@ -90511,13 +90523,12 @@ CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows conta
NOTE: Introduced in: https://github.com/containers/libpod/commit/997c4b56ed2121726e966afe9a102ed16ba78f93 (v1.6.0-rc1)
NOTE: https://github.com/containers/libpod/pull/5168
NOTE: Fixed by: https://github.com/containers/libpod/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42 (v1.8.1-rc1)
-CVE-2020-1725
- RESERVED
+CVE-2020-1725 (A flaw was found in keycloak before version 13.0.0. In some scenarios ...)
NOT-FOR-US: Keycloak
CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This flaw allow ...)
NOT-FOR-US: Keycloak
-CVE-2020-1723
- RESERVED
+CVE-2020-1723 (The logout endpoint /oauth/logout?redirect=url can be abused to redire ...)
+ TODO: check
CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...)
- freeipa 4.8.8-2 (bug #966200)
[buster] - freeipa <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/431ac4d3c1b57f138a3058c6472a5a3920e15c7a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/431ac4d3c1b57f138a3058c6472a5a3920e15c7a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210128/631535dc/attachment.html>
More information about the debian-security-tracker-commits
mailing list