[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jan 29 08:10:24 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b756a367 by security tracker role at 2021-01-29T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-3343
+	RESERVED
+CVE-2021-3342
+	RESERVED
+CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH2i Dx ...)
+	TODO: check
+CVE-2021-3340
+	RESERVED
+CVE-2021-3339
+	RESERVED
+CVE-2021-3338
+	RESERVED
+CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...)
+	TODO: check
+CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not  ...)
+	TODO: check
+CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for Rust. A use ...)
+	TODO: check
+CVE-2021-26307 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust.  ...)
+	TODO: check
+CVE-2021-26306 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust.  ...)
+	TODO: check
+CVE-2021-26305 (An issue was discovered in Deserializer::read_vec in the cdr crate bef ...)
+	TODO: check
+CVE-2021-26304 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
+	TODO: check
+CVE-2021-26303 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
+	TODO: check
+CVE-2021-26302
+	RESERVED
+CVE-2021-26301
+	RESERVED
+CVE-2021-26300
+	RESERVED
+CVE-2021-26299
+	RESERVED
+CVE-2019-25016 (There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6. ...)
+	TODO: check
 CVE-2021-3335
 	RESERVED
 CVE-2021-3334
@@ -155,8 +193,8 @@ CVE-2021-3300
 	RESERVED
 CVE-2021-3299
 	RESERVED
-CVE-2021-3298
-	RESERVED
+CVE-2021-3298 (Collabtive 3.1 allows XSS when an authenticated user enters an XSS pay ...)
+	TODO: check
 CVE-2021-3297 (On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to  ...)
 	NOT-FOR-US: Zyxel
 CVE-2021-3296
@@ -1727,8 +1765,7 @@ CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows sto
 	NOT-FOR-US: Mobile application "Testes de Codigo"
 CVE-2021-25646
 	RESERVED
-CVE-2019-25014
-	RESERVED
+CVE-2019-25014 (A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go ge ...)
 	NOT-FOR-US: Istio
 CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 throug ...)
 	- xen <unfixed> (bug #981052)
@@ -2465,8 +2502,8 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in
 	NOTE: https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f (3.8)
 	NOTE: https://github.com/python/cpython/commit/d9b8f138b7df3b455b54653ca59f491b4840d6fa (3.7)
 	NOTE: https://github.com/python/cpython/commit/34df10a9a16b38d54421eeeaf73ec89828563be7 (3.6)
-CVE-2021-3176
-	RESERVED
+CVE-2021-3176 (The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for ...)
+	TODO: check
 CVE-2021-3175
 	RESERVED
 CVE-2021-25312 (HTCondor before 8.9.11 allows a user to submit a job as another user o ...)
@@ -2579,8 +2616,8 @@ CVE-2021-3162 (Docker Desktop Community before 2.5.0.0 on macOS mishandles certi
 	NOT-FOR-US: Docker Desktop on MacOS
 CVE-2021-3161
 	RESERVED
-CVE-2021-3160
-	RESERVED
+CVE-2021-3160 (Deserialization of untrusted data in the login page of ASSUWEB 359.3 b ...)
+	TODO: check
 CVE-2021-25280
 	RESERVED
 CVE-2021-25279
@@ -10596,8 +10633,8 @@ CVE-2020-36117
 	RESERVED
 CVE-2020-36116
 	RESERVED
-CVE-2020-36115
-	RESERVED
+CVE-2020-36115 (Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD ...)
+	TODO: check
 CVE-2020-36114
 	RESERVED
 CVE-2020-36113
@@ -11529,8 +11566,8 @@ CVE-2020-35756
 	RESERVED
 CVE-2020-35755
 	RESERVED
-CVE-2020-35754
-	RESERVED
+CVE-2020-35754 (OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authe ...)
+	TODO: check
 CVE-2020-35753 (The job posting recommendation form in Persis Human Resource Managemen ...)
 	NOT-FOR-US: Persis Human Resource Management Portal
 CVE-2020-35752
@@ -14887,8 +14924,8 @@ CVE-2021-20067
 	RESERVED
 CVE-2021-20066
 	RESERVED
-CVE-2020-35547
-	RESERVED
+CVE-2020-35547 (A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 ...)
+	TODO: check
 CVE-2020-35546
 	RESERVED
 CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query string. ...)
@@ -14962,8 +14999,7 @@ CVE-2020-35518 [Information disclosure during the binding of a DN]
 	NOTE: https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc (master)
 	NOTE: https://github.com/389ds/389-ds-base/commit/38b97faef8a6421a7a638ecdbf0b341e2b3f9ab3 (1.4.4.10)
 	NOTE: Introduced as side-effect of https://github.com/389ds/389-ds-base/issues/2535
-CVE-2020-35517 [virtiofsd: potential privileged host device access from guest]
-	RESERVED
+CVE-2020-35517 (A flaw was found in qemu. A host privilege escalation issue was found  ...)
 	- qemu <unfixed> (bug #980814)
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -15965,8 +16001,8 @@ CVE-2020-35147
 	RESERVED
 CVE-2020-35146
 	RESERVED
-CVE-2020-35145
-	RESERVED
+CVE-2020-35145 (Acronis True Image for Windows prior to 2021 Update 3 allowed local pr ...)
+	TODO: check
 CVE-2020-35144
 	REJECTED
 CVE-2020-35143
@@ -17758,12 +17794,12 @@ CVE-2020-35916 (An issue was discovered in the image crate before 0.23.12 for Ru
 	NOTE: https://github.com/image-rs/image/issues/1357
 CVE-2020-29606
 	REJECTED
-CVE-2020-29605
-	RESERVED
-CVE-2020-29604
-	RESERVED
-CVE-2020-29603
-	RESERVED
+CVE-2020-29605 (An issue was discovered in MantisBT before 2.24.4. Due to insufficient ...)
+	TODO: check
+CVE-2020-29604 (An issue was discovered in MantisBT before 2.24.4. A missing access ch ...)
+	TODO: check
+CVE-2020-29603 (In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileg ...)
+	TODO: check
 CVE-2020-29602 (The official irssi docker images before 1.1-alpine (Alpine specific) c ...)
 	NOT-FOR-US: irssi Docker images
 CVE-2020-29601 (The official notary docker images before signer-0.6.1-1 contain a blan ...)
@@ -17949,14 +17985,14 @@ CVE-2020-29540 (API calls in the Translation API feature in Systran Pure Neural
 	NOT-FOR-US: Systran Pure Neural Server
 CVE-2020-29539 (A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pur ...)
 	NOT-FOR-US: Systran Pure Neural Server
-CVE-2020-29538
-	RESERVED
-CVE-2020-29537
-	RESERVED
-CVE-2020-29536
-	RESERVED
-CVE-2020-29535
-	RESERVED
+CVE-2020-29538 (Archer before 6.9 P1 (6.9.0.1) contains an improper access control vul ...)
+	TODO: check
+CVE-2020-29537 (Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnera ...)
+	TODO: check
+CVE-2020-29536 (Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerab ...)
+	TODO: check
+CVE-2020-29535 (Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A  ...)
+	TODO: check
 CVE-2020-29533
 	RESERVED
 CVE-2020-29532
@@ -19374,10 +19410,10 @@ CVE-2020-29007
 	NOTE: https://seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/
 CVE-2020-29006 (MISP before 2.4.135 lacks an ACL check, related to app/Controller/Gala ...)
 	NOT-FOR-US: MISP
-CVE-2020-29005
-	RESERVED
-CVE-2020-29004
-	RESERVED
+CVE-2020-29005 (The API in the Push extension for MediaWiki through 1.35 used cleartex ...)
+	TODO: check
+CVE-2020-29004 (The API in the Push extension for MediaWiki through 1.35 did not requi ...)
+	TODO: check
 CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via an answ ...)
 	NOT-FOR-US: PollNY MediaWiki extension
 CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki ...)
@@ -21869,18 +21905,18 @@ CVE-2020-28408 (The server in Dundas BI through 8.0.0.1001 allows XSS via an HTM
 	NOT-FOR-US: Dundas BI
 CVE-2020-28407
 	RESERVED
-CVE-2020-28406
-	RESERVED
-CVE-2020-28405
-	RESERVED
-CVE-2020-28404
-	RESERVED
-CVE-2020-28403
-	RESERVED
-CVE-2020-28402
-	RESERVED
-CVE-2020-28401
-	RESERVED
+CVE-2020-28406 (An improper authorization vulnerability exists in Star Practice Manage ...)
+	TODO: check
+CVE-2020-28405 (An improper authorization vulnerability exists in Star Practice Manage ...)
+	TODO: check
+CVE-2020-28404 (An improper authorization vulnerability exists in Star Practice Manage ...)
+	TODO: check
+CVE-2020-28403 (A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Pract ...)
+	TODO: check
+CVE-2020-28402 (An improper authorization vulnerability exists in Star Practice Manage ...)
+	TODO: check
+CVE-2020-28401 (An improper authorization vulnerability exists in Star Practice Manage ...)
+	TODO: check
 CVE-2020-28400
 	RESERVED
 CVE-2020-28399
@@ -71691,8 +71727,8 @@ CVE-2020-8587
 	RESERVED
 CVE-2020-8586
 	RESERVED
-CVE-2020-8585
-	RESERVED
+CVE-2020-8585 (OnCommand Unified Manager Core Package versions prior to 5.2.5 may dis ...)
+	TODO: check
 CVE-2020-8584 (Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulne ...)
 	NOT-FOR-US: Element OS
 CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b756a3672bf50068fb43337ecd0d19dfd4a34e33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b756a3672bf50068fb43337ecd0d19dfd4a34e33
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210129/82208c33/attachment.html>

More information about the debian-security-tracker-commits mailing list