Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b756a367 by security tracker role at 2021-01-29T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-3343
+ RESERVED
+CVE-2021-3342
+ RESERVED
+CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of
DH2i Dx ...)
+ TODO: check
+CVE-2021-3340
+ RESERVED
+CVE-2021-3339
+ RESERVED
+CVE-2021-3338
+ RESERVED
+CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB
allows remo ...)
+ TODO: check
+CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0
does not ...)
+ TODO: check
+CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for
Rust. A use ...)
+ TODO: check
+CVE-2021-26307 (An issue was discovered in the raw-cpuid crate before 9.0.0
for Rust. ...)
+ TODO: check
+CVE-2021-26306 (An issue was discovered in the raw-cpuid crate before 9.0.0
for Rust. ...)
+ TODO: check
+CVE-2021-26305 (An issue was discovered in Deserializer::read_vec in the cdr
crate bef ...)
+ TODO: check
+CVE-2021-26304 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to
stored XS ...)
+ TODO: check
+CVE-2021-26303 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to
stored XS ...)
+ TODO: check
+CVE-2021-26302
+ RESERVED
+CVE-2021-26301
+ RESERVED
+CVE-2021-26300
+ RESERVED
+CVE-2021-26299
+ RESERVED
+CVE-2019-25016 (There is an unsafe incomplete reset of PATH in OpenDoas 6.6
through 6. ...)
+ TODO: check
CVE-2021-3335
RESERVED
CVE-2021-3334
@@ -155,8 +193,8 @@ CVE-2021-3300
RESERVED
CVE-2021-3299
RESERVED
-CVE-2021-3298
- RESERVED
+CVE-2021-3298 (Collabtive 3.1 allows XSS when an authenticated user enters an
XSS pay ...)
+ TODO: check
CVE-2021-3297 (On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login
cookie to ...)
NOT-FOR-US: Zyxel
CVE-2021-3296
@@ -1727,8 +1765,7 @@ CVE-2021-25647 (Mobile application "Testes de Codigo"
v11.3 and prior allows sto
NOT-FOR-US: Mobile application "Testes de Codigo"
CVE-2021-25646
RESERVED
-CVE-2019-25014
- RESERVED
+CVE-2019-25014 (A NULL pointer dereference was found in
pkg/proxy/envoy/v2/debug.go ge ...)
NOT-FOR-US: Istio
CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1
throug ...)
- xen <unfixed> (bug #981052)
@@ -2465,8 +2502,8 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer
overflow in PyCArg_repr in
NOTE:
https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f
(3.8)
NOTE:
https://github.com/python/cpython/commit/d9b8f138b7df3b455b54653ca59f491b4840d6fa
(3.7)
NOTE:
https://github.com/python/cpython/commit/34df10a9a16b38d54421eeeaf73ec89828563be7
(3.6)
-CVE-2021-3176
- RESERVED
+CVE-2021-3176 (The chat window of the Mitel BusinessCTI Enterprise (MBC-E)
Client for ...)
+ TODO: check
CVE-2021-3175
RESERVED
CVE-2021-25312 (HTCondor before 8.9.11 allows a user to submit a job as
another user o ...)
@@ -2579,8 +2616,8 @@ CVE-2021-3162 (Docker Desktop Community before 2.5.0.0 on
macOS mishandles certi
NOT-FOR-US: Docker Desktop on MacOS
CVE-2021-3161
RESERVED
-CVE-2021-3160
- RESERVED
+CVE-2021-3160 (Deserialization of untrusted data in the login page of ASSUWEB
359.3 b ...)
+ TODO: check
CVE-2021-25280
RESERVED
CVE-2021-25279
@@ -10596,8 +10633,8 @@ CVE-2020-36117
RESERVED
CVE-2020-36116
RESERVED
-CVE-2020-36115
- RESERVED
+CVE-2020-36115 (Stored Cross Site Scripting (XSS) vulnerability in EGavilan
Media CRUD ...)
+ TODO: check
CVE-2020-36114
RESERVED
CVE-2020-36113
@@ -11529,8 +11566,8 @@ CVE-2020-35756
RESERVED
CVE-2020-35755
RESERVED
-CVE-2020-35754
- RESERVED
+CVE-2020-35754 (OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow
an authe ...)
+ TODO: check
CVE-2020-35753 (The job posting recommendation form in Persis Human Resource
Managemen ...)
NOT-FOR-US: Persis Human Resource Management Portal
CVE-2020-35752
@@ -14887,8 +14924,8 @@ CVE-2021-20067
RESERVED
CVE-2021-20066
RESERVED
-CVE-2020-35547
- RESERVED
+CVE-2020-35547 (A library index page in NuPoint Messenger in Mitel MiCollab
before 9.2 ...)
+ TODO: check
CVE-2020-35546
RESERVED
CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query
string. ...)
@@ -14962,8 +14999,7 @@ CVE-2020-35518 [Information disclosure during the
binding of a DN]
NOTE:
https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
(master)
NOTE:
https://github.com/389ds/389-ds-base/commit/38b97faef8a6421a7a638ecdbf0b341e2b3f9ab3
(1.4.4.10)
NOTE: Introduced as side-effect of
https://github.com/389ds/389-ds-base/issues/2535
-CVE-2020-35517 [virtiofsd: potential privileged host device access from guest]
- RESERVED
+CVE-2020-35517 (A flaw was found in qemu. A host privilege escalation issue
was found ...)
- qemu <unfixed> (bug #980814)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -15965,8 +16001,8 @@ CVE-2020-35147
RESERVED
CVE-2020-35146
RESERVED
-CVE-2020-35145
- RESERVED
+CVE-2020-35145 (Acronis True Image for Windows prior to 2021 Update 3 allowed
local pr ...)
+ TODO: check
CVE-2020-35144
REJECTED
CVE-2020-35143
@@ -17758,12 +17794,12 @@ CVE-2020-35916 (An issue was discovered in the image
crate before 0.23.12 for Ru
NOTE: https://github.com/image-rs/image/issues/1357
CVE-2020-29606
REJECTED
-CVE-2020-29605
- RESERVED
-CVE-2020-29604
- RESERVED
-CVE-2020-29603
- RESERVED
+CVE-2020-29605 (An issue was discovered in MantisBT before 2.24.4. Due to
insufficient ...)
+ TODO: check
+CVE-2020-29604 (An issue was discovered in MantisBT before 2.24.4. A missing
access ch ...)
+ TODO: check
+CVE-2020-29603 (In manage_proj_edit_page.php in MantisBT before 2.24.4, any
unprivileg ...)
+ TODO: check
CVE-2020-29602 (The official irssi docker images before 1.1-alpine (Alpine
specific) c ...)
NOT-FOR-US: irssi Docker images
CVE-2020-29601 (The official notary docker images before signer-0.6.1-1
contain a blan ...)
@@ -17949,14 +17985,14 @@ CVE-2020-29540 (API calls in the Translation API
feature in Systran Pure Neural
NOT-FOR-US: Systran Pure Neural Server
CVE-2020-29539 (A Cross-Site Scripting (XSS) issue in WebUI Translation in
Systran Pur ...)
NOT-FOR-US: Systran Pure Neural Server
-CVE-2020-29538
- RESERVED
-CVE-2020-29537
- RESERVED
-CVE-2020-29536
- RESERVED
-CVE-2020-29535
- RESERVED
+CVE-2020-29538 (Archer before 6.9 P1 (6.9.0.1) contains an improper access
control vul ...)
+ TODO: check
+CVE-2020-29537 (Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect
vulnera ...)
+ TODO: check
+CVE-2020-29536 (Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure
vulnerab ...)
+ TODO: check
+CVE-2020-29535 (Archer before 6.8 P4 (6.8.0.4) contains a stored XSS
vulnerability. A ...)
+ TODO: check
CVE-2020-29533
RESERVED
CVE-2020-29532
@@ -19374,10 +19410,10 @@ CVE-2020-29007
NOTE:
https://seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/
CVE-2020-29006 (MISP before 2.4.135 lacks an ACL check, related to
app/Controller/Gala ...)
NOT-FOR-US: MISP
-CVE-2020-29005
- RESERVED
-CVE-2020-29004
- RESERVED
+CVE-2020-29005 (The API in the Push extension for MediaWiki through 1.35 used
cleartex ...)
+ TODO: check
+CVE-2020-29004 (The API in the Push extension for MediaWiki through 1.35 did
not requi ...)
+ TODO: check
CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via
an answ ...)
NOT-FOR-US: PollNY MediaWiki extension
CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for
MediaWiki ...)
@@ -21869,18 +21905,18 @@ CVE-2020-28408 (The server in Dundas BI through
8.0.0.1001 allows XSS via an HTM
NOT-FOR-US: Dundas BI
CVE-2020-28407
RESERVED
-CVE-2020-28406
- RESERVED
-CVE-2020-28405
- RESERVED
-CVE-2020-28404
- RESERVED
-CVE-2020-28403
- RESERVED
-CVE-2020-28402
- RESERVED
-CVE-2020-28401
- RESERVED
+CVE-2020-28406 (An improper authorization vulnerability exists in Star
Practice Manage ...)
+ TODO: check
+CVE-2020-28405 (An improper authorization vulnerability exists in Star
Practice Manage ...)
+ TODO: check
+CVE-2020-28404 (An improper authorization vulnerability exists in Star
Practice Manage ...)
+ TODO: check
+CVE-2020-28403 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
Star Pract ...)
+ TODO: check
+CVE-2020-28402 (An improper authorization vulnerability exists in Star
Practice Manage ...)
+ TODO: check
+CVE-2020-28401 (An improper authorization vulnerability exists in Star
Practice Manage ...)
+ TODO: check
CVE-2020-28400
RESERVED
CVE-2020-28399
@@ -71691,8 +71727,8 @@ CVE-2020-8587
RESERVED
CVE-2020-8586
RESERVED
-CVE-2020-8585
- RESERVED
+CVE-2020-8585 (OnCommand Unified Manager Core Package versions prior to 5.2.5
may dis ...)
+ TODO: check
CVE-2020-8584 (Element OS versions prior to 1.8P1 and 12.2 are susceptible to
a vulne ...)
NOT-FOR-US: Element OS
CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior
to 1.8P ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b756a3672bf50068fb43337ecd0d19dfd4a34e33
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b756a3672bf50068fb43337ecd0d19dfd4a34e33
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
