[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 28 Jan 2021 12:10:40 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
431ac4d3 by security tracker role at 2021-01-28T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-3335
+       RESERVED
+CVE-2021-3334
+       RESERVED
+CVE-2021-26298
+       RESERVED
+CVE-2021-26297
+       RESERVED
+CVE-2021-26296
+       RESERVED
+CVE-2021-26295
+       RESERVED
 CVE-2021-3333
        RESERVED
 CVE-2021-3332
@@ -1711,8 +1723,8 @@ CVE-2021-25649
        RESERVED
 CVE-2021-25648
        RESERVED
-CVE-2021-25647
-       RESERVED
+CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows 
stored XS ...)
+       TODO: check
 CVE-2021-25646
        RESERVED
 CVE-2019-25014
@@ -7556,10 +7568,10 @@ CVE-2021-22877
        RESERVED
 CVE-2021-22876
        RESERVED
-CVE-2021-22875
-       RESERVED
-CVE-2021-22874
-       RESERVED
+CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS 
vulnerab ...)
+       TODO: check
+CVE-2021-22874 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS 
vulnerab ...)
+       TODO: check
 CVE-2021-22873 (Revive Adserver before 5.1.0 is vulnerable to open redirects 
via the ` ...)
        NOT-FOR-US: Revive Adserver
 CVE-2021-22872 (Revive Adserver before 5.1.0 is vulnerable to a reflected 
cross-site s ...)
@@ -13725,12 +13737,12 @@ CVE-2021-20624
        RESERVED
 CVE-2021-20623
        RESERVED
-CVE-2021-20622
-       RESERVED
-CVE-2021-20621
-       RESERVED
-CVE-2021-20620
-       RESERVED
+CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware 
Ver1.0.2 ...)
+       TODO: check
+CVE-2021-20621 (Cross-site request forgery (CSRF) vulnerability in Aterm 
WG2600HP firm ...)
+       TODO: check
+CVE-2021-20620 (Cross-site scripting vulnerability in Aterm WF800HP firmware 
Ver1.0.9  ...)
+       TODO: check
 CVE-2021-20619 (Cross-site scripting vulnerability in GROWI (v4.2 Series) 
versions pri ...)
        NOT-FOR-US: GROWI
 CVE-2021-20618 (Privilege chaining vulnerability in acmailer ver. 4.0.2 and 
earlier, a ...)
@@ -14621,16 +14633,16 @@ CVE-2021-20189
        REJECTED
 CVE-2021-20188
        RESERVED
-CVE-2021-20187
-       RESERVED
-CVE-2021-20186
-       RESERVED
-CVE-2021-20185
-       RESERVED
-CVE-2021-20184
-       RESERVED
-CVE-2021-20183
-       RESERVED
+CVE-2021-20187 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 
3.5.16  ...)
+       TODO: check
+CVE-2021-20186 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 
3.5.16  ...)
+       TODO: check
+CVE-2021-20185 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 
3.5.16  ...)
+       TODO: check
+CVE-2021-20184 (It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 
that a i ...)
+       TODO: check
+CVE-2021-20183 (It was found in Moodle before version 3.10.1 that some search 
inputs w ...)
+       TODO: check
 CVE-2021-20182
        RESERVED
 CVE-2021-20181
@@ -28966,8 +28978,8 @@ CVE-2020-26274 (In systeminformation (npm package) 
before version 4.31.1 there i
        NOT-FOR-US: Node systeminformation
 CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, 
monitoring, ...)
        - osquery <itp> (bug #803502)
-CVE-2020-26272
-       RESERVED
+CVE-2020-26272 (The Electron framework lets you write cross-platform desktop 
applicati ...)
+       TODO: check
 CVE-2020-26271 (In affected versions of TensorFlow under certain cases, 
loading a save ...)
        - tensorflow <itp> (bug #804612)
 CVE-2020-26270 (In affected versions of TensorFlow running an LSTM/GRU model 
where the ...)
@@ -34619,7 +34631,7 @@ CVE-2020-23828 (A File Upload vulnerability in 
SourceCodester Online Course Regi
        NOT-FOR-US: SourceCodester Online Course Registration
 CVE-2020-23827
        RESERVED
-CVE-2020-23826 (The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to 
remote co ...)
+CVE-2020-23826 (** DISPUTED ** The Yale WIPC-303W 2.21 through 2.31 camera is 
vulnerab ...)
        NOT-FOR-US: Yale WIPC-303W camera
 CVE-2020-23825
        RESERVED
@@ -57509,8 +57521,8 @@ CVE-2020-13571
        RESERVED
 CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine 
of Foxi ...)
        NOT-FOR-US: Foxit
-CVE-2020-13569
-       RESERVED
+CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL 
function ...)
+       TODO: check
 CVE-2020-13568
        RESERVED
 CVE-2020-13567
@@ -79214,8 +79226,8 @@ CVE-2020-5628 (UNIQLO App for Android versions 7.3.3 
and earlier allows remote a
        NOT-FOR-US: UNIQLO App for Android
 CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows 
remote att ...)
        NOT-FOR-US: Yodobashi App for Android
-CVE-2020-5626
-       RESERVED
+CVE-2020-5626 (Logstorage version 8.0.0 and earlier, and ELC Analytics version 
3.0.0  ...)
+       TODO: check
 CVE-2020-5625 (Cross-site scripting vulnerability in XooNIps 3.48 and earlier 
allows  ...)
        NOT-FOR-US: XooNIps
 CVE-2020-5624 (SQL injection vulnerability in the XooNIps 3.48 and earlier 
allows rem ...)
@@ -81388,8 +81400,8 @@ CVE-2020-4890
        RESERVED
 CVE-2020-4889 (IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow 
a local ...)
        NOT-FOR-US: IBM
-CVE-2020-4888
-       RESERVED
+CVE-2020-4888 (IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 
7 coul ...)
+       TODO: check
 CVE-2020-4887 (IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to 
exploit  ...)
        NOT-FOR-US: IBM
 CVE-2020-4886 (IBM InfoSphere Information Server 11.7 stores sensitive 
information in ...)
@@ -81803,8 +81815,8 @@ CVE-2020-4684
        RESERVED
 CVE-2020-4683
        RESERVED
-CVE-2020-4682
-       RESERVED
+CVE-2020-4682 (IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a 
remote at ...)
+       TODO: check
 CVE-2020-4681 (IBM Security Guardium 11.2 is vulnerable to cross-site 
scripting. This ...)
        NOT-FOR-US: IBM
 CVE-2020-4680 (IBM Security Guardium 11.2 is vulnerable to cross-site 
scripting. This ...)
@@ -90511,13 +90523,12 @@ CVE-2020-1726 (A flaw was discovered in Podman where 
it incorrectly allows conta
        NOTE: Introduced in: 
https://github.com/containers/libpod/commit/997c4b56ed2121726e966afe9a102ed16ba78f93
 (v1.6.0-rc1)
        NOTE: https://github.com/containers/libpod/pull/5168
        NOTE: Fixed by: 
https://github.com/containers/libpod/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42
 (v1.8.1-rc1)
-CVE-2020-1725
-       RESERVED
+CVE-2020-1725 (A flaw was found in keycloak before version 13.0.0. In some 
scenarios  ...)
        NOT-FOR-US: Keycloak
 CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This 
flaw allow ...)
        NOT-FOR-US: Keycloak
-CVE-2020-1723
-       RESERVED
+CVE-2020-1723 (The logout endpoint /oauth/logout?redirect=url can be abused to 
redire ...)
+       TODO: check
 CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When 
sending ...)
        - freeipa 4.8.8-2 (bug #966200)
        [buster] - freeipa <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/431ac4d3c1b57f138a3058c6472a5a3920e15c7a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/431ac4d3c1b57f138a3058c6472a5a3920e15c7a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to