Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d2aa1522 by security tracker role at 2021-01-06T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2021-3027
+ RESERVED
+CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows
XSS durin ...)
+ TODO: check
+CVE-2021-3025
+ RESERVED
+CVE-2021-22695
+ RESERVED
+CVE-2021-22694
+ RESERVED
+CVE-2021-22693
+ RESERVED
+CVE-2021-22692
+ RESERVED
+CVE-2021-22691
+ RESERVED
+CVE-2021-22690
+ RESERVED
+CVE-2021-22689
+ RESERVED
+CVE-2021-22688
+ RESERVED
+CVE-2021-22687
+ RESERVED
+CVE-2021-22686
+ RESERVED
+CVE-2020-36169 (An issue was discovered in Veritas NetBackup through 8.3.0.1
and OpsCe ...)
+ TODO: check
+CVE-2020-36168 (An issue was discovered in Veritas Resiliency Platform 3.4 and
3.5. It ...)
+ TODO: check
+CVE-2020-36167 (An issue was discovered in the server in Veritas Backup Exec
through 1 ...)
+ TODO: check
+CVE-2020-36166 (An issue was discovered in Veritas InfoScale 7.x through 7.4.2
on Wind ...)
+ TODO: check
+CVE-2020-36165 (An issue was discovered in Veritas Desktop and Laptop Option
(DLO) bef ...)
+ TODO: check
+CVE-2020-36164 (An issue was discovered in Veritas Enterprise Vault through
14.0. On s ...)
+ TODO: check
+CVE-2020-36163 (An issue was discovered in Veritas NetBackup and OpsCenter
through 8.3 ...)
+ TODO: check
+CVE-2020-36162 (An issue was discovered in Veritas CloudPoint before
8.3.0.1+hotfix. T ...)
+ TODO: check
+CVE-2020-36161 (An issue was discovered in Veritas APTARE 10.4 before 10.4P9
and 10.5 ...)
+ TODO: check
+CVE-2020-36160 (An issue was discovered in Veritas System Recovery before
21.2. On sta ...)
+ TODO: check
CVE-2021-3024
RESERVED
CVE-2021-3023
@@ -2597,10 +2643,10 @@ CVE-2020-36069
RESERVED
CVE-2020-36068
RESERVED
-CVE-2020-36067
- RESERVED
-CVE-2020-36066
- RESERVED
+CVE-2020-36067 (GJSON <=v1.6.5 allows attackers to cause a denial of
service (panic ...)
+ TODO: check
+CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service
(remote) ...)
+ TODO: check
CVE-2020-36065
RESERVED
CVE-2020-36064
@@ -2627,10 +2673,10 @@ CVE-2020-36054
RESERVED
CVE-2020-36053
RESERVED
-CVE-2020-36052
- RESERVED
-CVE-2020-36051
- RESERVED
+CVE-2020-36052 (Directory traversal vulnerability in post-edit.php in MiniCMS
V1.10 al ...)
+ TODO: check
+CVE-2020-36051 (Directory traversal vulnerability in page_edit.php in MiniCMS
V1.10 al ...)
+ TODO: check
CVE-2020-36050
RESERVED
CVE-2020-36049
@@ -4104,8 +4150,8 @@ CVE-2021-21237
RESERVED
CVE-2021-21236
RESERVED
-CVE-2021-21235
- RESERVED
+CVE-2021-21235 (kamadak-exif is an exif parsing library written in pure Rust.
In kamad ...)
+ TODO: check
CVE-2021-21234 (spring-boot-actuator-logview in a library that adds a simple
logfile v ...)
TODO: check
CVE-2020-35627 (Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file
upload vul ...)
@@ -7392,7 +7438,7 @@ CVE-2020-35271
RESERVED
CVE-2020-35270
RESERVED
-CVE-2020-35269 (There is a Cross Site Request Forgery (CSRF) vulnerability in
Nagios C ...)
+CVE-2020-35269 (Nagios Core application version 4.2.4 is vulnerable to
Site-Wide Cross ...)
- nagios4 <undetermined>
NOTE: https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc
NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/809
@@ -7594,8 +7640,8 @@ CVE-2020-35172
RESERVED
CVE-2020-35171
RESERVED
-CVE-2020-35170
- RESERVED
+CVE-2020-35170 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9,
Dell EMC Un ...)
+ TODO: check
CVE-2020-35169
RESERVED
CVE-2020-35168
@@ -9718,12 +9764,12 @@ CVE-2020-29504
RESERVED
CVE-2020-29503
RESERVED
-CVE-2020-29502
- RESERVED
-CVE-2020-29501
- RESERVED
-CVE-2020-29500
- RESERVED
+CVE-2020-29502 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a
Plain-Te ...)
+ TODO: check
+CVE-2020-29501 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a
Plain-Te ...)
+ TODO: check
+CVE-2020-29500 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a
Plain-Te ...)
+ TODO: check
CVE-2020-29499
RESERVED
CVE-2020-29498 (Dell Wyse Management Suite versions prior to 3.1 contain an
open redir ...)
@@ -9742,10 +9788,10 @@ CVE-2020-29492 (Dell Wyse ThinOS 8.6 and prior versions
contain an insecure defa
NOT-FOR-US: Dell Wyse ThinOS
CVE-2020-29491 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure
default co ...)
NOT-FOR-US: Dell Wyse ThinOS
-CVE-2020-29490
- RESERVED
-CVE-2020-29489
- RESERVED
+CVE-2020-29490 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to
5.0.4.0.5.012 ...)
+ TODO: check
+CVE-2020-29489 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to
5.0.4.0.5.012 ...)
+ TODO: check
CVE-2021-1735
RESERVED
CVE-2021-1734
@@ -10092,8 +10138,8 @@ CVE-2020-29439 (Tesla Model X vehicles before
2020-11-23 have key fobs that rely
NOT-FOR-US: Tesla Model X vehicles
CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that
accept fir ...)
NOT-FOR-US: Tesla Model X vehicles
-CVE-2020-29437
- RESERVED
+CVE-2020-29437 (SQL injection in the Buzz module of OrangeHRM through 4.6
allows remot ...)
+ TODO: check
CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a
user with ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2020-29435
@@ -20769,8 +20815,8 @@ CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all
prior versions use a wea
NOT-FOR-US: Askey
CVE-2020-26200
RESERVED
-CVE-2020-26199
- RESERVED
+CVE-2020-26199 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to
5.0.4.0.5.012 ...)
+ TODO: check
CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00
contain a ...)
NOT-FOR-US: EMC
CVE-2020-26197
@@ -20805,8 +20851,8 @@ CVE-2020-26183 (Dell EMC NetWorker versions prior to
19.3.0.2 contain an imprope
NOT-FOR-US: EMC
CVE-2020-26182 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an
incorrect pri ...)
NOT-FOR-US: EMC
-CVE-2020-26181
- RESERVED
+CVE-2020-26181 (Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC
PowerScale O ...)
+ TODO: check
CVE-2020-26180
RESERVED
CVE-2020-26179
@@ -27359,10 +27405,10 @@ CVE-2020-23252
RESERVED
CVE-2020-23251
RESERVED
-CVE-2020-23250
- RESERVED
-CVE-2020-23249
- RESERVED
+CVE-2020-23250 (GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash
stored in ...)
+ TODO: check
+CVE-2020-23249 (GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password
in plaint ...)
+ TODO: check
CVE-2020-23248
RESERVED
CVE-2020-23247
@@ -61197,10 +61243,10 @@ CVE-2020-9422
RESERVED
CVE-2020-9421
RESERVED
-CVE-2019-20484
- RESERVED
-CVE-2019-20483
- RESERVED
+CVE-2019-20484 (An issue was discovered in Viki Vera 4.9.1.26180. A user
without acces ...)
+ TODO: check
+CVE-2019-20483 (An issue was discovered in Viki Vera 4.9.1.26180. An attacker
could se ...)
+ TODO: check
CVE-2020-9420
RESERVED
CVE-2020-9419
@@ -66403,8 +66449,8 @@ CVE-2020-7338
RESERVED
CVE-2020-7337 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
NOT-FOR-US: McAfee
-CVE-2020-7336
- RESERVED
+CVE-2020-7336 (Cross Site Request Forgery vulnerability in McAfee Network
Security Ma ...)
+ TODO: check
CVE-2020-7335 (Privilege Escalation vulnerability in Microsoft Windows client
McAfee ...)
NOT-FOR-US: McAfee
CVE-2020-7334 (Improper privilege assignment vulnerability in the installer
McAfee Ap ...)
@@ -72574,17 +72620,17 @@ CVE-2020-5103
CVE-2020-5102
RESERVED
CVE-2020-5101
- RESERVED
+ REJECTED
CVE-2020-5100
- RESERVED
+ REJECTED
CVE-2020-5099
- RESERVED
+ REJECTED
CVE-2020-5098
- RESERVED
+ REJECTED
CVE-2020-5097
- RESERVED
+ REJECTED
CVE-2020-5096
- RESERVED
+ REJECTED
CVE-2020-5095
REJECTED
CVE-2020-5094
@@ -83952,7 +83998,8 @@ CVE-2020-1676 (When SAML authentication is enabled,
Juniper Networks Mist Cloud
NOT-FOR-US: Juniper
CVE-2020-1675 (When Security Assertion Markup Language (SAML) authentication
is enabl ...)
NOT-FOR-US: Juniper
-CVE-2020-1674 (Juniper Networks Junos OS and Junos OS Evolved fail to
drop/discard de ...)
+CVE-2020-1674
+ REJECTED
NOT-FOR-US: Juniper
CVE-2020-1673 (Insufficient Cross-Site Scripting (XSS) protection in Juniper
Networks ...)
NOT-FOR-US: Juniper
@@ -181627,7 +181674,7 @@ CVE-2018-5333 (In the Linux kernel through 4.14.13,
the rds_cmsg_atomic function
- linux 4.14.17-1
[stretch] - linux 4.9.80-1
NOTE: Fixed by:
https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737
-CVE-2018-5332 (In the Linux kernel through 4.14.13, the
rds_message_alloc_sgs() funct ...)
+CVE-2018-5332 (In the Linux kernel through 3.2, the rds_message_alloc_sgs()
function ...)
{DSA-4187-1 DLA-1369-1}
- linux 4.14.17-1
[stretch] - linux 4.9.80-1
@@ -225001,7 +225048,7 @@ CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based
buffer over-read leading t
NOTE: Fixed by:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the
default i ...)
- apcupsd <not-affected> (Only APC UPS Daemon on Windows)
-CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not
properly ...)
+CVE-2017-7889 (The mm subsystem in the Linux kernel through 3.2 does not
properly enf ...)
{DSA-3945-1 DLA-1099-1}
- linux 4.9.25-1
NOTE: Fixed by:
https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94
(v4.11-rc7)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2aa1522403d2272e75d027017bff0c4b75ea442
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2aa1522403d2272e75d027017bff0c4b75ea442
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
