Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
542f604a by security tracker role at 2021-02-03T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,169 @@
+CVE-2021-3399
+ RESERVED
+CVE-2021-3398
+ RESERVED
+CVE-2021-3397
+ RESERVED
+CVE-2021-3396
+ RESERVED
+CVE-2021-26676
+ RESERVED
+CVE-2021-26675
+ RESERVED
+CVE-2021-26674
+ RESERVED
+CVE-2021-26673
+ RESERVED
+CVE-2021-26672
+ RESERVED
+CVE-2021-26671
+ RESERVED
+CVE-2021-26670
+ RESERVED
+CVE-2021-26669
+ RESERVED
+CVE-2021-26668
+ RESERVED
+CVE-2021-26667
+ RESERVED
+CVE-2021-26666
+ RESERVED
+CVE-2021-26665
+ RESERVED
+CVE-2021-26664
+ RESERVED
+CVE-2021-26663
+ RESERVED
+CVE-2021-26662
+ RESERVED
+CVE-2021-26661
+ RESERVED
+CVE-2021-26660
+ RESERVED
+CVE-2021-26659
+ RESERVED
+CVE-2021-26658
+ RESERVED
+CVE-2021-26657
+ RESERVED
+CVE-2021-26656
+ RESERVED
+CVE-2021-26655
+ RESERVED
+CVE-2021-26654
+ RESERVED
+CVE-2021-26653
+ RESERVED
+CVE-2021-26652
+ RESERVED
+CVE-2021-26651
+ RESERVED
+CVE-2021-26650
+ RESERVED
+CVE-2021-26649
+ RESERVED
+CVE-2021-26648
+ RESERVED
+CVE-2021-26647
+ RESERVED
+CVE-2021-26646
+ RESERVED
+CVE-2021-26645
+ RESERVED
+CVE-2021-26644
+ RESERVED
+CVE-2021-26643
+ RESERVED
+CVE-2021-26642
+ RESERVED
+CVE-2021-26641
+ RESERVED
+CVE-2021-26640
+ RESERVED
+CVE-2021-26639
+ RESERVED
+CVE-2021-26638
+ RESERVED
+CVE-2021-26637
+ RESERVED
+CVE-2021-26636
+ RESERVED
+CVE-2021-26635
+ RESERVED
+CVE-2021-26634
+ RESERVED
+CVE-2021-26633
+ RESERVED
+CVE-2021-26632
+ RESERVED
+CVE-2021-26631
+ RESERVED
+CVE-2021-26630
+ RESERVED
+CVE-2021-26629
+ RESERVED
+CVE-2021-26628
+ RESERVED
+CVE-2021-26627
+ RESERVED
+CVE-2021-26626
+ RESERVED
+CVE-2021-26625
+ RESERVED
+CVE-2021-26624
+ RESERVED
+CVE-2021-26623
+ RESERVED
+CVE-2021-26622
+ RESERVED
+CVE-2021-26621
+ RESERVED
+CVE-2021-26620
+ RESERVED
+CVE-2021-26619
+ RESERVED
+CVE-2021-26618
+ RESERVED
+CVE-2021-26617
+ RESERVED
+CVE-2021-26616
+ RESERVED
+CVE-2021-26615
+ RESERVED
+CVE-2021-26614
+ RESERVED
+CVE-2021-26613
+ RESERVED
+CVE-2021-26612
+ RESERVED
+CVE-2021-26611
+ RESERVED
+CVE-2021-26610
+ RESERVED
+CVE-2021-26609
+ RESERVED
+CVE-2021-26608
+ RESERVED
+CVE-2021-26607
+ RESERVED
+CVE-2021-26606
+ RESERVED
+CVE-2021-26605
+ RESERVED
+CVE-2021-26604
+ RESERVED
+CVE-2021-26603
+ RESERVED
+CVE-2021-26602
+ RESERVED
+CVE-2021-26601
+ RESERVED
+CVE-2021-26600
+ RESERVED
+CVE-2021-26599
+ RESERVED
+CVE-2021-26598
+ RESERVED
CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3
allows r ...)
NOT-FOR-US: Pryaniki
CVE-2021-3394
@@ -1690,22 +1856,27 @@ CVE-2021-25902 (An issue was discovered in the
glsl-layout crate before 0.4.0 fo
CVE-2021-25901 (An issue was discovered in the lazy-init crate through
2021-01-17 for ...)
NOT-FOR-US: Rust crate lazy-init
CVE-2020-36230 (A flaw was discovered in OpenLDAP before 2.4.57 leading in an
assertio ...)
+ {DSA-4845-1 DLA-2544-1}
- openldap 2.4.57+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9423
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793
(OPENLDAP_REL_ENG_2_4_57)
CVE-2020-36229 (A flaw was discovered in ldap_X509dn2bv in OpenLDAP before
2.4.57 lead ...)
+ {DSA-4845-1 DLA-2544-1}
- openldap 2.4.57+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9425
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0
(OPENLDAP_REL_ENG_2_4_57)
CVE-2020-36228 (An integer underflow was discovered in OpenLDAP before 2.4.57
leading ...)
+ {DSA-4845-1 DLA-2544-1}
- openldap 2.4.57+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9427
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad
(OPENLDAP_REL_ENG_2_4_57)
CVE-2020-36227 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an
infinite ...)
+ {DSA-4845-1 DLA-2544-1}
- openldap 2.4.57+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9428
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5
(OPENLDAP_REL_ENG_2_4_57)
CVE-2020-36226 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a
memch-> ...)
+ {DSA-4845-1 DLA-2544-1}
- openldap 2.4.57+dfsg-1
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
(OPENLDAP_REL_ENG_2_4_57)
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
(OPENLDAP_REL_ENG_2_4_57)
@@ -1714,6 +1885,7 @@ CVE-2020-36226 (A flaw was discovered in OpenLDAP before
2.4.57 leading to a mem
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
(OPENLDAP_REL_ENG_2_4_57)
NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but
differend ids
CVE-2020-36225 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a
double fr ...)
+ {DSA-4845-1 DLA-2544-1}
- openldap 2.4.57+dfsg-1
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
(OPENLDAP_REL_ENG_2_4_57)
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
(OPENLDAP_REL_ENG_2_4_57)
@@ -1722,6 +1894,7 @@ CVE-2020-36225 (A flaw was discovered in OpenLDAP before
2.4.57 leading to a dou
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
(OPENLDAP_REL_ENG_2_4_57)
NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but
differend ids
CVE-2020-36224 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an
invalid ...)
+ {DSA-4845-1 DLA-2544-1}
- openldap 2.4.57+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9409
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
(OPENLDAP_REL_ENG_2_4_57)
@@ -1730,10 +1903,12 @@ CVE-2020-36224 (A flaw was discovered in OpenLDAP
before 2.4.57 leading to an in
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
(OPENLDAP_REL_ENG_2_4_57)
NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but
differend ids
CVE-2020-36223 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a
slapd cra ...)
+ {DSA-4845-1 DLA-2544-1}
- openldap 2.4.57+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9408
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/21981053a1195ae1555e23df4d9ac68d34ede9dd
(OPENLDAP_REL_ENG_2_4_57)
CVE-2020-36222 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an
assertio ...)
+ {DSA-4845-1 DLA-2544-1}
- openldap 2.4.57+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9406
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed
(OPENLDAP_REL_ENG_2_4_57)
@@ -1741,6 +1916,7 @@ CVE-2020-36222 (A flaw was discovered in OpenLDAP before
2.4.57 leading to an as
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9407
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed
(OPENLDAP_REL_ENG_2_4_57)
CVE-2020-36221 (An integer underflow was discovered in OpenLDAP before 2.4.57
leading ...)
+ {DSA-4845-1 DLA-2544-1}
- openldap 2.4.57+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9404
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31
(OPENLDAP_REL_ENG_2_4_57)
@@ -2194,54 +2370,54 @@ CVE-2021-25780
RESERVED
CVE-2021-25779
RESERVED
-CVE-2021-25778
- RESERVED
-CVE-2021-25777
- RESERVED
-CVE-2021-25776
- RESERVED
-CVE-2021-25775
- RESERVED
-CVE-2021-25774
- RESERVED
-CVE-2021-25773
- RESERVED
-CVE-2021-25772
- RESERVED
-CVE-2021-25771
- RESERVED
-CVE-2021-25770
- RESERVED
-CVE-2021-25769
- RESERVED
-CVE-2021-25768
- RESERVED
-CVE-2021-25767
- RESERVED
-CVE-2021-25766
- RESERVED
-CVE-2021-25765
- RESERVED
+CVE-2021-25778 (In JetBrains TeamCity before 2020.2.1, permissions during user
deletio ...)
+ TODO: check
+CVE-2021-25777 (In JetBrains TeamCity before 2020.2.1, permissions during
token remova ...)
+ TODO: check
+CVE-2021-25776 (In JetBrains TeamCity before 2020.2, an ECR token could be
exposed in ...)
+ TODO: check
+CVE-2021-25775 (In JetBrains TeamCity before 2020.2.1, the server admin could
create a ...)
+ TODO: check
+CVE-2021-25774 (In JetBrains TeamCity before 2020.2.1, a user could get access
to the ...)
+ TODO: check
+CVE-2021-25773 (JetBrains TeamCity before 2020.2 was vulnerable to reflected
XSS on se ...)
+ TODO: check
+CVE-2021-25772 (In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was
possibl ...)
+ TODO: check
+CVE-2021-25771 (In JetBrains YouTrack before 2020.6.1099, project information
could be ...)
+ TODO: check
+CVE-2021-25770 (In JetBrains YouTrack before 2020.5.3123, server-side template
injecti ...)
+ TODO: check
+CVE-2021-25769 (In JetBrains YouTrack before 2020.4.6808, the YouTrack
administrator w ...)
+ TODO: check
+CVE-2021-25768 (In JetBrains YouTrack before 2020.4.4701, permissions for
attachments ...)
+ TODO: check
+CVE-2021-25767 (In JetBrains YouTrack before 2020.6.1767, an issue's existence
could b ...)
+ TODO: check
+CVE-2021-25766 (In JetBrains YouTrack before 2020.4.4701, improper resource
access che ...)
+ TODO: check
+CVE-2021-25765 (In JetBrains YouTrack before 2020.4.4701, CSRF via attachment
upload w ...)
+ TODO: check
CVE-2021-25764
RESERVED
-CVE-2021-25763
- RESERVED
-CVE-2021-25762
- RESERVED
-CVE-2021-25761
- RESERVED
-CVE-2021-25760
- RESERVED
-CVE-2021-25759
- RESERVED
-CVE-2021-25758
- RESERVED
-CVE-2021-25757
- RESERVED
-CVE-2021-25756
- RESERVED
-CVE-2021-25755
- RESERVED
+CVE-2021-25763 (In JetBrains Ktor before 1.4.2, weak cipher suites were
enabled by def ...)
+ TODO: check
+CVE-2021-25762 (In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was
possible. ...)
+ TODO: check
+CVE-2021-25761 (In JetBrains Ktor before 1.5.0, a birthday attack on
SessionStorage ke ...)
+ TODO: check
+CVE-2021-25760 (In JetBrains Hub before 2020.1.12669, information disclosure
via the p ...)
+ TODO: check
+CVE-2021-25759 (In JetBrains Hub before 2020.1.12629, an authenticated user
can delete ...)
+ TODO: check
+CVE-2021-25758 (In JetBrains IntelliJ IDEA before 2020.3, potentially insecure
deseria ...)
+ TODO: check
+CVE-2021-25757 (In JetBrains Hub before 2020.1.12629, an open redirect was
possible. ...)
+ TODO: check
+CVE-2021-25756 (In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used
for sev ...)
+ TODO: check
+CVE-2021-25755 (In JetBrains Code With Me before 2020.3, an attacker on the
local netw ...)
+ TODO: check
CVE-2021-25754
RESERVED
CVE-2021-25753
@@ -3350,12 +3526,12 @@ CVE-2021-25278
RESERVED
CVE-2021-25277
RESERVED
-CVE-2021-25276
- RESERVED
-CVE-2021-25275
- RESERVED
-CVE-2021-25274
- RESERVED
+CVE-2021-25276 (In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a
directory cont ...)
+ TODO: check
+CVE-2021-25275 (SolarWinds Orion Platform before 2020.2.4, as used by various
SolarWin ...)
+ TODO: check
+CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before
2020.2.4 use ...)
+ TODO: check
CVE-2021-3159
RESERVED
CVE-2021-25273
@@ -7441,8 +7617,8 @@ CVE-2021-23333
RESERVED
CVE-2021-23332
RESERVED
-CVE-2021-23331
- RESERVED
+CVE-2021-23331 (This affects all versions of package com.squareup:connect. The
method ...)
+ TODO: check
CVE-2021-23330 (All versions of package launchpad are vulnerable to Command
Injection ...)
NOT-FOR-US: Node launchpad
CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable
to Protot ...)
@@ -12529,8 +12705,8 @@ CVE-2020-35669 (An issue was discovered in the http
package through 0.12.2 for D
NOT-FOR-US: Dart http
CVE-2020-35668 (RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference
that lead ...)
NOT-FOR-US: RedisGraph
-CVE-2020-35667
- RESERVED
+CVE-2020-35667 (JetBrains TeamCity Plugin before 2020.2.85695 SSRF.
Vulnerability that ...)
+ TODO: check
CVE-2020-35666 (Steedos Platform through 1.21.24 allows NoSQL injection
because the /a ...)
NOT-FOR-US: Steedos Platform
CVE-2020-35665 (An unauthenticated command-execution vulnerability exists in
TerraMast ...)
@@ -16095,10 +16271,10 @@ CVE-2020-35484
RESERVED
CVE-2020-35483 (AnyDesk before 6.1.0 on Windows, when run in portable mode on
a system ...)
NOT-FOR-US: AnyDesk
-CVE-2020-35482
- RESERVED
-CVE-2020-35481
- RESERVED
+CVE-2020-35482 (SolarWinds Serv-U before 15.2.2 allows authenticated reflected
XSS. ...)
+ TODO: check
+CVE-2020-35481 (SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro
Injection ...)
+ TODO: check
CVE-2020-35480 (An issue was discovered in MediaWiki before 1.35.1. Missing
users (acc ...)
{DSA-4816-1 DLA-2504-1}
- mediawiki 1:1.35.1-1
@@ -18687,8 +18863,8 @@ CVE-2020-29584
RESERVED
CVE-2020-29583 (Firmware version 4.60 of Zyxel USG devices contains an
undocumented ac ...)
NOT-FOR-US: Zyxel
-CVE-2020-29582
- RESERVED
+CVE-2020-29582 (In JetBrains Kotlin before 1.4.21, a vulnerable Java API was
used for ...)
+ TODO: check
CVE-2020-29581 (The official spiped docker images before 1.5-alpine contain a
blank pa ...)
NOT-FOR-US: spiped Docker images
CVE-2020-29580 (The official storm Docker images before 1.2.1 contain a blank
password ...)
@@ -19889,14 +20065,14 @@ CVE-2020-29168
RESERVED
CVE-2020-29167
RESERVED
-CVE-2020-29166
- RESERVED
-CVE-2020-29165
- RESERVED
-CVE-2020-29164
- RESERVED
-CVE-2020-29163
- RESERVED
+CVE-2020-29166 (PacsOne Server (PACS Server In One Box) below 7.1.1 is
affected by fil ...)
+ TODO: check
+CVE-2020-29165 (PacsOne Server (PACS Server In One Box) below 7.1.1 is
affected by inc ...)
+ TODO: check
+CVE-2020-29164 (PacsOne Server (PACS Server In One Box) below 7.1.1 is
affected by cro ...)
+ TODO: check
+CVE-2020-29163 (PacsOne Server (PACS Server In One Box) below 7.1.1 is
affected by SQL ...)
+ TODO: check
CVE-2020-29162
RESERVED
CVE-2020-29161
@@ -20548,8 +20724,8 @@ CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before
2020-11-20 did not ensure t
[buster] - neomutt 20180716+dfsg.1-1+deb10u2
NOTE:
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
NOTE:
https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06
-CVE-2020-28895
- RESERVED
+CVE-2020-28895 (In Wind River VxWorks, memory allocator has a possible
overflow in cal ...)
+ TODO: check
CVE-2020-28894
RESERVED
CVE-2020-28893
@@ -21039,8 +21215,8 @@ CVE-2020-28655
RESERVED
CVE-2020-28654
RESERVED
-CVE-2020-28653
- RESERVED
+CVE-2020-28653 (Zoho ManageEngine OpManager Stable build before 125203 (and
Released b ...)
+ TODO: check
CVE-2020-28652
RESERVED
CVE-2020-28651
@@ -22528,7 +22704,7 @@ CVE-2020-28500
RESERVED
CVE-2020-28499
RESERVED
-CVE-2020-28498 (All versions of package elliptic are vulnerable to
Cryptographic Issue ...)
+CVE-2020-28498 (The package elliptic before 6.5.4 are vulnerable to
Cryptographic Issu ...)
TODO: check
CVE-2020-28497
RESERVED
@@ -24826,8 +25002,8 @@ CVE-2020-28146
RESERVED
CVE-2020-28145
RESERVED
-CVE-2020-28144
- RESERVED
+CVE-2020-28144 (Certain Moxa Inc products are affected by an improper
restriction of o ...)
+ TODO: check
CVE-2020-28143
RESERVED
CVE-2020-28142
@@ -25173,8 +25349,8 @@ CVE-2020-28003
RESERVED
CVE-2020-28002 (In SonarQube 8.4.2.36762, an external attacker can achieve
authenticat ...)
NOT-FOR-US: SonarQube
-CVE-2020-28001
- RESERVED
+CVE-2020-28001 (SolarWinds Serv-U before 15.2.2 allows Authenticated Stored
XSS. ...)
+ TODO: check
CVE-2020-28000
RESERVED
CVE-2020-27999
@@ -25187,8 +25363,8 @@ CVE-2020-27996 (An issue was discovered in
SmartStoreNET before 4.0.1. It does n
NOT-FOR-US: SmartStoreNET
CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14
before 1456 ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2020-27994
- RESERVED
+CVE-2020-27994 (SolarWinds Serv-U before 15.2.2 allows Authenticated Directory
Travers ...)
+ TODO: check
CVE-2020-27993 (Hrsale 2.0.0 allows download?type=files&filename=../
directory tra ...)
NOT-FOR-US: Hrsale
CVE-2020-27992 (Dr.Fone 3.0.0 allows local users to gain privileges via a
Trojan horse ...)
@@ -27670,8 +27846,8 @@ CVE-2020-27224
RESERVED
CVE-2020-27223
RESERVED
-CVE-2020-27222
- RESERVED
+CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate
based ( ...)
+ TODO: check
CVE-2020-27221 (In Eclipse OpenJ9 up to version 0.23, there is potential for a
stack-b ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check
whether ...)
@@ -30819,16 +30995,16 @@ CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm
QCMAP software suite prior
NOT-FOR-US: Qualcomm QCMAP
CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software
suite prior ...)
NOT-FOR-US: Qualcomm QCMAP
-CVE-2020-25857
- RESERVED
-CVE-2020-25856
- RESERVED
-CVE-2020-25855
- RESERVED
-CVE-2020-25854
- RESERVED
-CVE-2020-25853
- RESERVED
+CVE-2020-25857 (The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A
Wi-Fi Modul ...)
+ TODO: check
+CVE-2020-25856 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi
Module pri ...)
+ TODO: check
+CVE-2020-25855 (The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module
prior t ...)
+ TODO: check
+CVE-2020-25854 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi
Module pri ...)
+ TODO: check
+CVE-2020-25853 (The function CheckMic() in the Realtek RTL8195A Wi-Fi Module
prior to ...)
+ TODO: check
CVE-2020-25852
RESERVED
CVE-2020-25851
@@ -32507,8 +32683,8 @@ CVE-2020-25210 (In JetBrains YouTrack before
2020.3.7955, an attacker could acce
NOT-FOR-US: JetBrains
CVE-2020-25209 (In JetBrains YouTrack before 2020.3.6638, improper access
control for ...)
NOT-FOR-US: JetBrains
-CVE-2020-25208
- RESERVED
+CVE-2020-25208 (In JetBrains YouTrack before 2020.4.4701, an attacker could
enumerate ...)
+ TODO: check
CVE-2020-25207 (JetBrains ToolBox before version 1.18 is vulnerable to Remote
Code Exe ...)
NOT-FOR-US: JetBrains
CVE-2020-25206
@@ -45734,10 +45910,10 @@ CVE-2020-18726
RESERVED
CVE-2020-18725
RESERVED
-CVE-2020-18724
- RESERVED
-CVE-2020-18723
- RESERVED
+CVE-2020-18724 (Authenticated stored cross-site scripting (XSS) in the contact
name fi ...)
+ TODO: check
+CVE-2020-18723 (Stored cross-site scripting (XSS) in file attachment field in
MDaemon ...)
+ TODO: check
CVE-2020-18722
RESERVED
CVE-2020-18721
@@ -48151,8 +48327,7 @@ CVE-2020-17525
RESERVED
CVE-2020-17524
REJECTED
-CVE-2020-17523
- RESERVED
+CVE-2020-17523 (Apache Shiro before 1.7.1, when using Apache Shiro with
Spring, a spec ...)
- shiro <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/02/01/3
NOTE: https://issues.apache.org/jira/browse/SHIRO-797
@@ -48173,8 +48348,7 @@ CVE-2020-17518 (Apache Flink 1.5.1 introduced a REST
handler that allows you to
NOT-FOR-US: Apache Flink
CVE-2020-17517
RESERVED
-CVE-2020-17516
- RESERVED
+CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19,
3.0.0 to 3 ...)
- cassandra <itp> (bug #585905)
CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like
'/trigger' ...)
- airflow <itp> (bug #819700)
@@ -70586,12 +70760,12 @@ CVE-2020-9393 (An issue was discovered in the
pricing-table-by-supsystic plugin
NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic
plugin befor ...)
NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
-CVE-2020-9390
- RESERVED
-CVE-2020-9389
- RESERVED
-CVE-2020-9388
- RESERVED
+CVE-2020-9390 (SquaredUp allowed Stored XSS before version 4.6.0. A user was
able to ...)
+ TODO: check
+CVE-2020-9389 (A username enumeration issue was discovered in SquaredUp before
versio ...)
+ TODO: check
+CVE-2020-9388 (CSRF protection was not present in SquaredUp before version
4.6.0. A C ...)
+ TODO: check
CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3,
account detai ...)
- mahara <removed>
CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10
before ...)
@@ -72574,10 +72748,10 @@ CVE-2020-8591 (eG Manager 7.1.2 allows authentication
bypass via a com.egurkha.E
NOT-FOR-US: eG Manager
CVE-2020-8590
RESERVED
-CVE-2020-8589
- RESERVED
-CVE-2020-8588
- RESERVED
+CVE-2020-8589 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are
susceptib ...)
+ TODO: check
+CVE-2020-8588 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are
susceptib ...)
+ TODO: check
CVE-2020-8587
RESERVED
CVE-2020-8586
@@ -73262,8 +73436,8 @@ CVE-2020-8296
RESERVED
CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to
perform a de ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2020-8294
- RESERVED
+CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2,
19.0.5, 1 ...)
+ TODO: check
CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2,
19.0.5, ...)
TODO: check
CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self
cross-site scr ...)
@@ -74001,10 +74175,12 @@ CVE-2020-8023 (A acceptance of Extraneous Untrusted
Data With Trusted Data vulne
CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging
of tomc ...)
NOT-FOR-US: SAP
CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build
Service allow ...)
+ {DLA-2545-1}
- open-build-service <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649
NOTE:
https://github.com/openSUSE/open-build-service/commit/7323c904f86ba9e04065c23422d06c03647589fb
CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation
vulnerab ...)
+ {DLA-2545-1}
- open-build-service <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439
NOTE:
https://github.com/openSUSE/open-build-service/commit/7cc32c8e2ff7290698e101d9a80a9dc29a5500fb
@@ -88668,10 +88844,10 @@ CVE-2020-2509
RESERVED
CVE-2020-2508 (A command injection vulnerability has been reported to affect
QTS and ...)
NOT-FOR-US: QNAP
-CVE-2020-2507
- RESERVED
-CVE-2020-2506
- RESERVED
+CVE-2020-2507 (The vulnerability have been reported to affect earlier versions
of QTS ...)
+ TODO: check
+CVE-2020-2506 (The vulnerability have been reported to affect earlier versions
of QTS ...)
+ TODO: check
CVE-2020-2505 (If exploited, this vulnerability could allow attackers to gain
sensiti ...)
NOT-FOR-US: QNAP
CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could
allow a ...)
@@ -103233,8 +103409,8 @@ CVE-2019-16270
RESERVED
CVE-2019-16269
RESERVED
-CVE-2019-16268
- RESERVED
+CVE-2019-16268 (Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML
injection vi ...)
+ TODO: check
CVE-2019-16267
RESERVED
CVE-2019-16266
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/542f604abc4efd180991004371edb11e9f070747
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/542f604abc4efd180991004371edb11e9f070747
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
