Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0dbf096 by security tracker role at 2021-01-26T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18,8 +18,8 @@ CVE-2021-3299
RESERVED
CVE-2021-3298
RESERVED
-CVE-2021-3297
- RESERVED
+CVE-2021-3297 (On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login
cookie to ...)
+ TODO: check
CVE-2021-3296
RESERVED
CVE-2021-3295
@@ -1124,8 +1124,8 @@ CVE-2021-25866
RESERVED
CVE-2021-25865
RESERVED
-CVE-2021-25864
- RESERVED
+CVE-2021-25864 (node-red-contrib-huemagic 3.0.0 is affected by
hue/assets/..%2F Direct ...)
+ TODO: check
CVE-2021-25863 (Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default
password of 14 ...)
NOT-FOR-US: Open5GS
CVE-2021-25862
@@ -2609,6 +2609,7 @@ CVE-2021-3157
RESERVED
CVE-2021-3156 [Heap-based buffer overflow]
RESERVED
+ {DSA-4839-1 DLA-2534-1}
- sudo 1.9.5p1-1.1
NOTE: https://www.sudo.ws/alerts/unescape_overflow.html
NOTE: https://www.sudo.ws/repos/sudo/rev/9b97f1787804
@@ -6638,8 +6639,8 @@ CVE-2021-23274
RESERVED
CVE-2021-23273
RESERVED
-CVE-2021-23272
- RESERVED
+CVE-2021-23272 (The Application Development Clients component of TIBCO
Software Inc.'s ...)
+ TODO: check
CVE-2021-23271
RESERVED
CVE-2021-3113 (Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote
attackers ...)
@@ -10109,8 +10110,7 @@ CVE-2021-21617
RESERVED
CVE-2021-21616
RESERVED
-CVE-2021-21615
- RESERVED
+CVE-2021-21615 (Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files
using the ...)
NOT-FOR-US: Jenkins
CVE-2021-21614 (Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores
credentials u ...)
NOT-FOR-US: Jenkins plugin
@@ -15558,8 +15558,8 @@ CVE-2020-35265
RESERVED
CVE-2020-35264
RESERVED
-CVE-2020-35263
- RESERVED
+CVE-2020-35263 (EgavilanMedia User Registration & Login System 1.0 is
affected by ...)
+ TODO: check
CVE-2020-35262 (Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400
can be e ...)
NOT-FOR-US: Digisol
CVE-2020-35261
@@ -21516,7 +21516,7 @@ CVE-2020-28494
CVE-2020-28493
RESERVED
CVE-2020-28492
- RESERVED
+ REJECTED
CVE-2020-28491
RESERVED
CVE-2020-28490
@@ -26476,16 +26476,16 @@ CVE-2020-27301
RESERVED
CVE-2020-27300
RESERVED
-CVE-2020-27299
- RESERVED
+CVE-2020-27299 (The affected product is vulnerable to an out-of-bounds read,
which may ...)
+ TODO: check
CVE-2020-27298 (Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1,
1.4.3, 1 ...)
NOT-FOR-US: Philips
-CVE-2020-27297
- RESERVED
+CVE-2020-27297 (The affected product is vulnerable to a heap-based buffer
overflow, wh ...)
+ TODO: check
CVE-2020-27296
RESERVED
-CVE-2020-27295
- RESERVED
+CVE-2020-27295 (The affected product has uncontrolled resource consumption
issues, whi ...)
+ TODO: check
CVE-2020-27294
RESERVED
CVE-2020-27293 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a
type conf ...)
@@ -26498,24 +26498,24 @@ CVE-2020-27290
RESERVED
CVE-2020-27289 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a
null poin ...)
NOT-FOR-US: Delta Electronics CNCSoft-B
-CVE-2020-27288
- RESERVED
+CVE-2020-27288 (An untrusted pointer dereference has been identified in the
way TPEdit ...)
+ TODO: check
CVE-2020-27287 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is
vulnerable t ...)
NOT-FOR-US: Delta Electronics CNCSoft-B
CVE-2020-27286
RESERVED
CVE-2020-27285 (The default configuration of Crimson 3.1 (Build versions prior
to 3119 ...)
NOT-FOR-US: Crimson
-CVE-2020-27284
- RESERVED
+CVE-2020-27284 (TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds
write in ...)
+ TODO: check
CVE-2020-27283 (An attacker could send a specially crafted message to Crimson
3.1 (Bui ...)
NOT-FOR-US: Crimson
CVE-2020-27282
RESERVED
CVE-2020-27281 (A stack-based buffer overflow may exist in Delta Electronics
CNCSoft S ...)
NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
-CVE-2020-27280
- RESERVED
+CVE-2020-27280 (A use after free issue has been identified in the way
ISPSoft(v3.12 an ...)
+ TODO: check
CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in
the prot ...)
NOT-FOR-US: Crimson
CVE-2020-27278
@@ -26526,8 +26526,8 @@ CVE-2020-27276 (SOOIL Developments Co Ltd
DiabecareRS,AnyDana-i & AnyDana-A,
NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27275 (Delta Electronics DOPSoft Version 4.0.8.21 and prior is
vulnerable to ...)
NOT-FOR-US: Delta Electronics DOPSoft
-CVE-2020-27274
- RESERVED
+CVE-2020-27274 (Some parsing functions in the affected product do not check
the return ...)
+ TODO: check
CVE-2020-27273
RESERVED
CVE-2020-27272 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A,
The commun ...)
@@ -31558,16 +31558,16 @@ CVE-2020-25175 (GE Healthcare Imaging and Ultrasound
Products may allow specific
NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
CVE-2020-25174 (A DLL hijacking vulnerability in the B. Braun OnlineSuite
Version AP 3 ...)
NOT-FOR-US: B. Braun OnlineSuite Version AP
-CVE-2020-25173
- RESERVED
+CVE-2020-25173 (An attacker with local network access can obtain a fixed
cryptography ...)
+ TODO: check
CVE-2020-25172 (A relative path traversal attack in the B. Braun OnlineSuite
Version A ...)
NOT-FOR-US: B. Braun OnlineSuite Version AP
CVE-2020-25171
RESERVED
CVE-2020-25170 (An Excel Macro Injection vulnerability exists in the export
feature in ...)
NOT-FOR-US: B. Braun OnlineSuite Version AP
-CVE-2020-25169
- RESERVED
+CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect
data tra ...)
+ TODO: check
CVE-2020-25168
RESERVED
CVE-2020-25167
@@ -35214,12 +35214,12 @@ CVE-2020-23451 (Spiceworks Version <= 7.5.00107 is
affected by CSRF which can
NOT-FOR-US: Spiceworks
CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any
name typed ...)
NOT-FOR-US: Spiceworks
-CVE-2020-23449
- RESERVED
-CVE-2020-23448
- RESERVED
-CVE-2020-23447
- RESERVED
+CVE-2020-23449 (newbee-mall all versions are affected by incorrect access
control to r ...)
+ TODO: check
+CVE-2020-23448 (newbee-mall all versions are affected by incorrect access
control to r ...)
+ TODO: check
+CVE-2020-23447 (newbee-mall 1.0 is affected by cross-site scripting in
shop-cart/settl ...)
+ TODO: check
CVE-2020-23446 (Verint Workforce Optimization suite 15.1 (15.1.0.37634) has
Unauthenti ...)
NOT-FOR-US: Verint Workforce Optimization suite
CVE-2020-23445
@@ -47105,8 +47105,7 @@ CVE-2020-17524
REJECTED
CVE-2020-17523
RESERVED
-CVE-2020-17522
- RESERVED
+CVE-2020-17522 (When ORT (now via atstccfg) generates ip_allow.config files in
Apache ...)
NOT-FOR-US: Apache Traffic Control
CVE-2020-17521 (Apache Groovy provides extension methods to aid with creating
temporar ...)
- groovy 2.4.21-1 (bug #977399)
@@ -57323,8 +57322,8 @@ CVE-2020-13584 (An exploitable use-after-free
vulnerability exists in WebKitGTK
NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
CVE-2020-13583
RESERVED
-CVE-2020-13582
- RESERVED
+CVE-2020-13582 (A denial-of-service vulnerability exists in the HTTP Server
functional ...)
+ TODO: check
CVE-2020-13581
RESERVED
CVE-2020-13580
@@ -69235,8 +69234,7 @@ CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3,
7.0.0 to 7.1.10, and 8.0.0
NOTE: https://github.com/apache/trafficserver/pull/6922
CVE-2020-9493
RESERVED
-CVE-2020-9492
- RESERVED
+CVE-2020-9492 (In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and
2.0.0-alph ...)
- hadoop <itp> (bug #793644)
CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were
protected by ...)
NOT-FOR-US: Apache NiFi
@@ -72196,12 +72194,12 @@ CVE-2020-8297
RESERVED
CVE-2020-8296
RESERVED
-CVE-2020-8295
- RESERVED
+CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to
perform a de ...)
+ TODO: check
CVE-2020-8294
RESERVED
-CVE-2020-8293
- RESERVED
+CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2,
19.0.5, ...)
+ TODO: check
CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self
cross-site scr ...)
NOT-FOR-US: Rocket.Chat
CVE-2020-8291
@@ -78220,7 +78218,7 @@ CVE-2020-6026
RESERVED
CVE-2020-6025
RESERVED
-CVE-2020-6024 (Check Point SmartConsole before R80.20 Build 119, R80.30 before
Build ...)
+CVE-2020-6024 (Check Point SmartConsole before R80.10 Build 185, R80.20 Build
119, R8 ...)
TODO: check
CVE-2020-6023 (Check Point ZoneAlarm before version 15.8.139.18543 allows a
local act ...)
NOT-FOR-US: Check Point ZoneAlarm
@@ -81106,8 +81104,8 @@ CVE-2020-4951
RESERVED
CVE-2020-4950
RESERVED
-CVE-2020-4949
- RESERVED
+CVE-2020-4949 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
+ TODO: check
CVE-2020-4948
RESERVED
CVE-2020-4947
@@ -81226,8 +81224,8 @@ CVE-2020-4891
RESERVED
CVE-2020-4890
RESERVED
-CVE-2020-4889
- RESERVED
+CVE-2020-4889 (IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow
a local ...)
+ TODO: check
CVE-2020-4888
RESERVED
CVE-2020-4887 (IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to
exploit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0dbf0967f524d95181ecfe10431793782e069cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0dbf0967f524d95181ecfe10431793782e069cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
