Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b756a367 by security tracker role at 2021-01-29T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,41 @@ +CVE-2021-3343 + RESERVED +CVE-2021-3342 + RESERVED +CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH2i Dx ...) + TODO: check +CVE-2021-3340 + RESERVED +CVE-2021-3339 + RESERVED +CVE-2021-3338 + RESERVED +CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...) + TODO: check +CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not ...) + TODO: check +CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for Rust. A use ...) + TODO: check +CVE-2021-26307 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. ...) + TODO: check +CVE-2021-26306 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. ...) + TODO: check +CVE-2021-26305 (An issue was discovered in Deserializer::read_vec in the cdr crate bef ...) + TODO: check +CVE-2021-26304 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) + TODO: check +CVE-2021-26303 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) + TODO: check +CVE-2021-26302 + RESERVED +CVE-2021-26301 + RESERVED +CVE-2021-26300 + RESERVED +CVE-2021-26299 + RESERVED +CVE-2019-25016 (There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6. ...) + TODO: check CVE-2021-3335 RESERVED CVE-2021-3334 @@ -155,8 +193,8 @@ CVE-2021-3300 RESERVED CVE-2021-3299 RESERVED -CVE-2021-3298 - RESERVED +CVE-2021-3298 (Collabtive 3.1 allows XSS when an authenticated user enters an XSS pay ...) + TODO: check CVE-2021-3297 (On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to ...) NOT-FOR-US: Zyxel CVE-2021-3296 @@ -1727,8 +1765,7 @@ CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows sto NOT-FOR-US: Mobile application "Testes de Codigo" CVE-2021-25646 RESERVED -CVE-2019-25014 - RESERVED +CVE-2019-25014 (A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go ge ...) NOT-FOR-US: Istio CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 throug ...) - xen <unfixed> (bug #981052) @@ -2465,8 +2502,8 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in NOTE: https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f (3.8) NOTE: https://github.com/python/cpython/commit/d9b8f138b7df3b455b54653ca59f491b4840d6fa (3.7) NOTE: https://github.com/python/cpython/commit/34df10a9a16b38d54421eeeaf73ec89828563be7 (3.6) -CVE-2021-3176 - RESERVED +CVE-2021-3176 (The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for ...) + TODO: check CVE-2021-3175 RESERVED CVE-2021-25312 (HTCondor before 8.9.11 allows a user to submit a job as another user o ...) @@ -2579,8 +2616,8 @@ CVE-2021-3162 (Docker Desktop Community before 2.5.0.0 on macOS mishandles certi NOT-FOR-US: Docker Desktop on MacOS CVE-2021-3161 RESERVED -CVE-2021-3160 - RESERVED +CVE-2021-3160 (Deserialization of untrusted data in the login page of ASSUWEB 359.3 b ...) + TODO: check CVE-2021-25280 RESERVED CVE-2021-25279 @@ -10596,8 +10633,8 @@ CVE-2020-36117 RESERVED CVE-2020-36116 RESERVED -CVE-2020-36115 - RESERVED +CVE-2020-36115 (Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD ...) + TODO: check CVE-2020-36114 RESERVED CVE-2020-36113 @@ -11529,8 +11566,8 @@ CVE-2020-35756 RESERVED CVE-2020-35755 RESERVED -CVE-2020-35754 - RESERVED +CVE-2020-35754 (OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authe ...) + TODO: check CVE-2020-35753 (The job posting recommendation form in Persis Human Resource Managemen ...) NOT-FOR-US: Persis Human Resource Management Portal CVE-2020-35752 @@ -14887,8 +14924,8 @@ CVE-2021-20067 RESERVED CVE-2021-20066 RESERVED -CVE-2020-35547 - RESERVED +CVE-2020-35547 (A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 ...) + TODO: check CVE-2020-35546 RESERVED CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query string. ...) @@ -14962,8 +14999,7 @@ CVE-2020-35518 [Information disclosure during the binding of a DN] NOTE: https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc (master) NOTE: https://github.com/389ds/389-ds-base/commit/38b97faef8a6421a7a638ecdbf0b341e2b3f9ab3 (1.4.4.10) NOTE: Introduced as side-effect of https://github.com/389ds/389-ds-base/issues/2535 -CVE-2020-35517 [virtiofsd: potential privileged host device access from guest] - RESERVED +CVE-2020-35517 (A flaw was found in qemu. A host privilege escalation issue was found ...) - qemu <unfixed> (bug #980814) [buster] - qemu <not-affected> (Vulnerable code introduced later) [stretch] - qemu <not-affected> (Vulnerable code introduced later) @@ -15965,8 +16001,8 @@ CVE-2020-35147 RESERVED CVE-2020-35146 RESERVED -CVE-2020-35145 - RESERVED +CVE-2020-35145 (Acronis True Image for Windows prior to 2021 Update 3 allowed local pr ...) + TODO: check CVE-2020-35144 REJECTED CVE-2020-35143 @@ -17758,12 +17794,12 @@ CVE-2020-35916 (An issue was discovered in the image crate before 0.23.12 for Ru NOTE: https://github.com/image-rs/image/issues/1357 CVE-2020-29606 REJECTED -CVE-2020-29605 - RESERVED -CVE-2020-29604 - RESERVED -CVE-2020-29603 - RESERVED +CVE-2020-29605 (An issue was discovered in MantisBT before 2.24.4. Due to insufficient ...) + TODO: check +CVE-2020-29604 (An issue was discovered in MantisBT before 2.24.4. A missing access ch ...) + TODO: check +CVE-2020-29603 (In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileg ...) + TODO: check CVE-2020-29602 (The official irssi docker images before 1.1-alpine (Alpine specific) c ...) NOT-FOR-US: irssi Docker images CVE-2020-29601 (The official notary docker images before signer-0.6.1-1 contain a blan ...) @@ -17949,14 +17985,14 @@ CVE-2020-29540 (API calls in the Translation API feature in Systran Pure Neural NOT-FOR-US: Systran Pure Neural Server CVE-2020-29539 (A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pur ...) NOT-FOR-US: Systran Pure Neural Server -CVE-2020-29538 - RESERVED -CVE-2020-29537 - RESERVED -CVE-2020-29536 - RESERVED -CVE-2020-29535 - RESERVED +CVE-2020-29538 (Archer before 6.9 P1 (6.9.0.1) contains an improper access control vul ...) + TODO: check +CVE-2020-29537 (Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnera ...) + TODO: check +CVE-2020-29536 (Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerab ...) + TODO: check +CVE-2020-29535 (Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A ...) + TODO: check CVE-2020-29533 RESERVED CVE-2020-29532 @@ -19374,10 +19410,10 @@ CVE-2020-29007 NOTE: https://seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/ CVE-2020-29006 (MISP before 2.4.135 lacks an ACL check, related to app/Controller/Gala ...) NOT-FOR-US: MISP -CVE-2020-29005 - RESERVED -CVE-2020-29004 - RESERVED +CVE-2020-29005 (The API in the Push extension for MediaWiki through 1.35 used cleartex ...) + TODO: check +CVE-2020-29004 (The API in the Push extension for MediaWiki through 1.35 did not requi ...) + TODO: check CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via an answ ...) NOT-FOR-US: PollNY MediaWiki extension CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki ...) @@ -21869,18 +21905,18 @@ CVE-2020-28408 (The server in Dundas BI through 8.0.0.1001 allows XSS via an HTM NOT-FOR-US: Dundas BI CVE-2020-28407 RESERVED -CVE-2020-28406 - RESERVED -CVE-2020-28405 - RESERVED -CVE-2020-28404 - RESERVED -CVE-2020-28403 - RESERVED -CVE-2020-28402 - RESERVED -CVE-2020-28401 - RESERVED +CVE-2020-28406 (An improper authorization vulnerability exists in Star Practice Manage ...) + TODO: check +CVE-2020-28405 (An improper authorization vulnerability exists in Star Practice Manage ...) + TODO: check +CVE-2020-28404 (An improper authorization vulnerability exists in Star Practice Manage ...) + TODO: check +CVE-2020-28403 (A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Pract ...) + TODO: check +CVE-2020-28402 (An improper authorization vulnerability exists in Star Practice Manage ...) + TODO: check +CVE-2020-28401 (An improper authorization vulnerability exists in Star Practice Manage ...) + TODO: check CVE-2020-28400 RESERVED CVE-2020-28399 @@ -71691,8 +71727,8 @@ CVE-2020-8587 RESERVED CVE-2020-8586 RESERVED -CVE-2020-8585 - RESERVED +CVE-2020-8585 (OnCommand Unified Manager Core Package versions prior to 5.2.5 may dis ...) + TODO: check CVE-2020-8584 (Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulne ...) NOT-FOR-US: Element OS CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b756a3672bf50068fb43337ecd0d19dfd4a34e33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b756a3672bf50068fb43337ecd0d19dfd4a34e33 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits