[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Mar 6 08:10:28 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7259640d by security tracker role at 2021-03-06T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-28049
+	RESERVED
+CVE-2021-28048
+	RESERVED
+CVE-2021-28047
+	RESERVED
+CVE-2021-28046
+	RESERVED
+CVE-2021-28045
+	RESERVED
+CVE-2021-28044
+	RESERVED
+CVE-2021-28043
+	RESERVED
+CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...)
+	TODO: check
 CVE-2021-3423
 	RESERVED
 CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...)
@@ -268,8 +284,7 @@ CVE-2021-27919
 	RESERVED
 CVE-2021-27918
 	RESERVED
-CVE-2021-3420
-	RESERVED
+CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...)
 	- newlib <unfixed> (bug #984446)
 	[buster] - newlib <no-dsa> (Minor issue)
 	- picolibc 1.5-1
@@ -982,8 +997,8 @@ CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, a
 	NOT-FOR-US: Directus
 CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Co ...)
 	NOT-FOR-US: OpenID Connect server implementation for MITREid Connect
-CVE-2021-27581
-	RESERVED
+CVE-2021-27581 (The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL inject ...)
+	TODO: check
 CVE-2021-27580
 	RESERVED
 CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on  ...)
@@ -1681,14 +1696,14 @@ CVE-2021-27259
 	RESERVED
 CVE-2021-27258
 	RESERVED
-CVE-2021-27257
-	RESERVED
-CVE-2021-27256
-	RESERVED
-CVE-2021-27255
-	RESERVED
-CVE-2021-27254
-	RESERVED
+CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...)
+	TODO: check
+CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+	TODO: check
 CVE-2021-27253
 	RESERVED
 CVE-2021-27252
@@ -2708,8 +2723,8 @@ CVE-2021-26816
 	RESERVED
 CVE-2021-26815
 	RESERVED
-CVE-2021-26814
-	RESERVED
+CVE-2021-26814 (Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to e ...)
+	TODO: check
 CVE-2021-26813 (markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expr ...)
 	- python-markdown2 <unfixed>
 	NOTE: https://github.com/trentm/python-markdown2/pull/387
@@ -23857,12 +23872,12 @@ CVE-2020-29032 (Upload of Code Without Integrity Check vulnerability in firmware
 	NOT-FOR-US: Secomea GateManager
 CVE-2020-29031 (An Insecure Direct Object Reference vulnerability exists in the web UI ...)
 	NOT-FOR-US: GateManager
-CVE-2020-29030
-	RESERVED
-CVE-2020-29029
-	RESERVED
-CVE-2020-29028
-	RESERVED
+CVE-2020-29030 (Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea  ...)
+	TODO: check
+CVE-2020-29029 (Improper Input Validation, Cross-site Scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2020-29028 (Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateMan ...)
+	TODO: check
 CVE-2020-29027 (Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager ...)
 	NOT-FOR-US: Secomea
 CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...)
@@ -23877,8 +23892,8 @@ CVE-2020-29022 (Failure to Sanitize host header value on output in the GateManag
 	NOT-FOR-US: Secomea
 CVE-2020-29021 (A vulnerability in web UI input field of GateManager allows authentica ...)
 	NOT-FOR-US: GateManager
-CVE-2020-29020
-	RESERVED
+CVE-2020-29020 (Improper Access Control vulnerability in web service of Secomea SiteMa ...)
+	TODO: check
 CVE-2020-29019 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through  ...)
 	NOT-FOR-US: Fortiguard
 CVE-2020-29018 (A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7259640dbefd36cd07714c8adfb886f7438a4f62

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7259640dbefd36cd07714c8adfb886f7438a4f62
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210306/ee36b33d/attachment.htm>

More information about the debian-security-tracker-commits mailing list