Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7cb76b73 by security tracker role at 2021-02-09T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2021-3404
+ RESERVED
+CVE-2021-3403
+ RESERVED
+CVE-2021-26936
+ RESERVED
+CVE-2021-26935
+ RESERVED
+CVE-2021-26934
+ RESERVED
+CVE-2021-26933
+ RESERVED
+CVE-2021-26932
+ RESERVED
+CVE-2021-26931
+ RESERVED
+CVE-2021-26930
+ RESERVED
+CVE-2021-26929
+ RESERVED
+CVE-2021-26928
+ RESERVED
+CVE-2021-26927
+ RESERVED
+CVE-2021-26926
+ RESERVED
+CVE-2021-26925 (Roundcube before 1.4.11 allows XSS via crafted Cascading Style
Sheets ...)
+ TODO: check
+CVE-2021-26924
+ RESERVED
+CVE-2021-26923
+ RESERVED
+CVE-2021-26922
+ RESERVED
+CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4,
tokens cont ...)
+ TODO: check
+CVE-2021-26920
+ RESERVED
+CVE-2021-26919
+ RESERVED
CVE-2021-26918 (The ProBot bot through 2021-02-08 for Discord might allow
attackers to ...)
NOT-FOR-US: ProBot bot
CVE-2021-26917 (** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers
to write ...)
@@ -425,8 +465,8 @@ CVE-2021-26721
RESERVED
CVE-2021-26720
RESERVED
-CVE-2021-26719
- RESERVED
+CVE-2021-26719 (A directory traversal issue was discovered in Gradle
gradle-enterprise ...)
+ TODO: check
CVE-2021-26718
RESERVED
CVE-2021-26717
@@ -537,14 +577,12 @@ CVE-2021-3397
RESERVED
CVE-2021-3396
RESERVED
-CVE-2021-26676
- RESERVED
+CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent
attacke ...)
{DSA-4847-1}
- connman 1.36-2.1
NOTE:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
NOTE:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
-CVE-2021-26675
- RESERVED
+CVE-2021-26675 (A stack-based buffer overflow in dnsproxy in ConnMan before
1.39 could ...)
{DSA-4847-1}
- connman 1.36-2.1
NOTE:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
@@ -704,8 +742,8 @@ CVE-2021-26598
RESERVED
CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3
allows r ...)
NOT-FOR-US: Pryaniki
-CVE-2021-3394
- RESERVED
+CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica")
13.39.028, 13.3 ...)
+ TODO: check
CVE-2021-3393
RESERVED
CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests]
@@ -823,10 +861,10 @@ CVE-2021-26552
RESERVED
CVE-2021-26551
RESERVED
-CVE-2021-26550
- RESERVED
-CVE-2021-26549
- RESERVED
+CVE-2021-26550 (An issue was discovered in SmartFoxServer 2.17.0. Cleartext
password d ...)
+ TODO: check
+CVE-2021-26549 (An XSS issue was discovered in SmartFoxServer 2.17.0. Input
passed to ...)
+ TODO: check
CVE-2021-3386
RESERVED
CVE-2021-3385
@@ -3130,8 +3168,8 @@ CVE-2021-3193 (Improper access and command validation in
the Nagios Docker Confi
NOT-FOR-US: Nagios XI
CVE-2021-3192
RESERVED
-CVE-2021-3191
- RESERVED
+CVE-2021-3191 (Idelji Web ViewPoint Suite, as used in conjunction with HPE
NonStop, a ...)
+ TODO: check
CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS
Command Inje ...)
NOT-FOR-US: Node async-git
CVE-2021-25678
@@ -3158,8 +3196,8 @@ CVE-2021-25668
RESERVED
CVE-2021-25667
RESERVED
-CVE-2021-25666
- RESERVED
+CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740
(IEEE 80 ...)
+ TODO: check
CVE-2021-25665
RESERVED
CVE-2021-25664
@@ -4368,12 +4406,12 @@ CVE-2021-25143
RESERVED
CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE
Apollo 70 Sy ...)
NOT-FOR-US: HPE
-CVE-2021-25141
- RESERVED
-CVE-2021-25140
- RESERVED
-CVE-2021-25139
- RESERVED
+CVE-2021-25141 (A security vulnerability has been identified in in certain HPE
and Aru ...)
+ TODO: check
+CVE-2021-25140 (A potential security vulnerability has been identified in the
HPE Moon ...)
+ TODO: check
+CVE-2021-25139 (A potential security vulnerability has been identified in the
HPE Moon ...)
+ TODO: check
CVE-2021-25138 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
NOT-FOR-US: HPE
CVE-2021-25137 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
@@ -8164,8 +8202,8 @@ CVE-2021-23329 (The package nested-object-assign before
1.0.4 are vulnerable to
TODO: check
CVE-2021-23328 (This affects all versions of package iniparserjs. This
vulnerability r ...)
TODO: check
-CVE-2021-23327
- RESERVED
+CVE-2021-23327 (The package apexcharts before 3.24.0 are vulnerable to
Cross-site Scri ...)
+ TODO: check
CVE-2021-23326 (This affects the package @graphql-tools/git-loader before
6.2.6. The u ...)
NOT-FOR-US: graphql-tools/git-loader
CVE-2021-23325
@@ -9622,8 +9660,8 @@ CVE-2021-22665
RESERVED
CVE-2021-22664
RESERVED
-CVE-2021-22663
- RESERVED
+CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper
validation of u ...)
+ TODO: check
CVE-2021-22662
RESERVED
CVE-2021-22661
@@ -10414,8 +10452,8 @@ CVE-2021-22269
RESERVED
CVE-2021-22268
RESERVED
-CVE-2021-22267
- RESERVED
+CVE-2021-22267 (Idelji Web ViewPoint Suite, as used in conjunction with HPE
NonStop, a ...)
+ TODO: check
CVE-2021-22266
RESERVED
CVE-2021-22265
@@ -12474,10 +12512,10 @@ CVE-2020-35945 (An issue was discovered in the Divi
Builder plugin, Divi theme,
NOT-FOR-US: Divi Builder plugin, Divi theme, and Divi Extra theme for
WordPress
CVE-2020-35944 (An issue was discovered in the PageLayer plugin before 1.1.2
for WordP ...)
NOT-FOR-US: PageLayer plugin for WordPress
-CVE-2020-35943
- RESERVED
-CVE-2020-35942
- RESERVED
+CVE-2020-35943 (A Cross-Site Request Forgery (CSRF) issue in the NextGEN
Gallery plugi ...)
+ TODO: check
+CVE-2020-35942 (A Cross-Site Request Forgery (CSRF) issue in the NextGEN
Gallery plugi ...)
+ TODO: check
CVE-2020-35941
RESERVED
CVE-2020-35940
@@ -13959,162 +13997,130 @@ CVE-2021-21150
RESERVED
CVE-2021-21149
RESERVED
-CVE-2021-21148
- RESERVED
+CVE-2021-21148 (Heap buffer overflow in V8 in Google Chrome prior to
88.0.4324.150 all ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21147
- RESERVED
+CVE-2021-21147 (Inappropriate implementation in Skia in Google Chrome prior to
88.0.43 ...)
{DSA-4846-1}
- chromium 88.0.4324.146-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21146
- RESERVED
+CVE-2021-21146 (Use after free in Navigation in Google Chrome prior to
88.0.4324.146 a ...)
{DSA-4846-1}
- chromium 88.0.4324.146-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21145
- RESERVED
+CVE-2021-21145 (Use after free in Fonts in Google Chrome prior to
88.0.4324.146 allowe ...)
{DSA-4846-1}
- chromium 88.0.4324.146-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21144
- RESERVED
+CVE-2021-21144 (Heap buffer overflow in Tab Groups in Google Chrome prior to
88.0.4324 ...)
{DSA-4846-1}
- chromium 88.0.4324.146-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21143
- RESERVED
+CVE-2021-21143 (Heap buffer overflow in Extensions in Google Chrome prior to
88.0.4324 ...)
{DSA-4846-1}
- chromium 88.0.4324.146-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21142
- RESERVED
+CVE-2021-21142 (Use after free in Payments in Google Chrome on Mac prior to
88.0.4324. ...)
{DSA-4846-1}
- chromium 88.0.4324.146-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21141
- RESERVED
+CVE-2021-21141 (Insufficient policy enforcement in File System API in Google
Chrome pr ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21140
- RESERVED
+CVE-2021-21140 (Uninitialized use in USB in Google Chrome prior to
88.0.4324.96 allowe ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21139
- RESERVED
+CVE-2021-21139 (Inappropriate implementation in iframe sandbox in Google
Chrome prior ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21138
- RESERVED
+CVE-2021-21138 (Use after free in DevTools in Google Chrome prior to
88.0.4324.96 allo ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21137
- RESERVED
+CVE-2021-21137 (Inappropriate implementation in DevTools in Google Chrome
prior to 88. ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21136
- RESERVED
+CVE-2021-21136 (Insufficient policy enforcement in WebView in Google Chrome on
Android ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21135
- RESERVED
+CVE-2021-21135 (Inappropriate implementation in Performance API in Google
Chrome prior ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21134
- RESERVED
+CVE-2021-21134 (Incorrect security UI in Page Info in Google Chrome on iOS
prior to 88 ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21133
- RESERVED
+CVE-2021-21133 (Insufficient policy enforcement in Downloads in Google Chrome
prior to ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21132
- RESERVED
+CVE-2021-21132 (Inappropriate implementation in DevTools in Google Chrome
prior to 88. ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21131
- RESERVED
+CVE-2021-21131 (Insufficient policy enforcement in File System API in Google
Chrome pr ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21130
- RESERVED
+CVE-2021-21130 (Insufficient policy enforcement in File System API in Google
Chrome pr ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21129
- RESERVED
+CVE-2021-21129 (Insufficient policy enforcement in File System API in Google
Chrome pr ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21128
- RESERVED
+CVE-2021-21128 (Heap buffer overflow in Blink in Google Chrome prior to
88.0.4324.96 a ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21127
- RESERVED
+CVE-2021-21127 (Insufficient policy enforcement in extensions in Google Chrome
prior t ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21126
- RESERVED
+CVE-2021-21126 (Insufficient policy enforcement in extensions in Google Chrome
prior t ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21125
- RESERVED
+CVE-2021-21125 (Insufficient policy enforcement in File System API in Google
Chrome on ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21124
- RESERVED
+CVE-2021-21124 (Potential user after free in Speech Recognizer in Google
Chrome on And ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21123
- RESERVED
+CVE-2021-21123 (Insufficient data validation in File System API in Google
Chrome prior ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21122
- RESERVED
+CVE-2021-21122 (Use after free in Blink in Google Chrome prior to 88.0.4324.96
allowed ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21121
- RESERVED
+CVE-2021-21121 (Use after free in Omnibox in Google Chrome on Linux prior to
88.0.4324 ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21120
- RESERVED
+CVE-2021-21120 (Use after free in WebSQL in Google Chrome prior to
88.0.4324.96 allowe ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21119
- RESERVED
+CVE-2021-21119 (Use after free in Media in Google Chrome prior to 88.0.4324.96
allowed ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21118
- RESERVED
+CVE-2021-21118 (Insufficient data validation in V8 in Google Chrome prior to
88.0.4324 ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21117
- RESERVED
+CVE-2021-21117 (Insufficient policy enforcement in Cryptohome in Google Chrome
prior t ...)
{DSA-4846-1}
- chromium 88.0.4324.96-0.1 (bug #980564)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -14271,8 +14277,8 @@ CVE-2020-35575 (A password-disclosure issue in the web
interface on certain TP-L
NOT-FOR-US: TP-Link
CVE-2020-35574
RESERVED
-CVE-2020-35572
- RESERVED
+CVE-2020-35572 (Adminer through 4.7.8 allows XSS via the history parameter to
the defa ...)
+ TODO: check
CVE-2020-35571
RESERVED
CVE-2021-21105
@@ -21856,10 +21862,10 @@ CVE-2020-28647 (In Progress MOVEit Transfer before
2020.1, a malicious user coul
NOT-FOR-US: Progress MOVEit Transfer
CVE-2020-28646
RESERVED
-CVE-2020-28645
- RESERVED
-CVE-2020-28644
- RESERVED
+CVE-2020-28645 (Deleting users with certain names caused system files to be
deleted. R ...)
+ TODO: check
+CVE-2020-28644 (The CSRF (Cross Site Request Forgery) token check was
improperly imple ...)
+ TODO: check
CVE-2020-28643
RESERVED
CVE-2020-28642 (In InfiniteWP Admin Panel before 3.1.12.3,
resetPasswordSendMail gener ...)
@@ -23555,33 +23561,33 @@ CVE-2020-28396 (A vulnerability has been identified
in SICAM A8000 CP-8000 (All
NOT-FOR-US: Siemens
CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch
family (i ...)
NOT-FOR-US: Siemens
-CVE-2020-28394
- RESERVED
+CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
CVE-2020-28393
RESERVED
-CVE-2020-28392
- RESERVED
+CVE-2020-28392 (A vulnerability has been identified in SIMARIS configuration
(All vers ...)
+ TODO: check
CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch
family (i ...)
NOT-FOR-US: Siemens
CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core
(V8.2), ...)
NOT-FOR-US: Siemens
CVE-2020-28389
RESERVED
-CVE-2020-28388
- RESERVED
+CVE-2020-28388 (A vulnerability has been identified in Nucleus NET (All
versions < ...)
+ TODO: check
CVE-2020-28387
RESERVED
-CVE-2020-28386 (A vulnerability has been identified in Solid Edge (All
Versions < S ...)
+CVE-2020-28386 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
NOT-FOR-US: Siemens
CVE-2020-28385
RESERVED
-CVE-2020-28384 (A vulnerability has been identified in Solid Edge (All
Versions < S ...)
+CVE-2020-28384 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
NOT-FOR-US: Siemens
CVE-2020-28383 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
NOT-FOR-US: Siemens
-CVE-2020-28382 (A vulnerability has been identified in Solid Edge (All
Versions < S ...)
+CVE-2020-28382 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
NOT-FOR-US: Siemens
-CVE-2020-28381 (A vulnerability has been identified in Solid Edge (All
Versions < S ...)
+CVE-2020-28381 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
NOT-FOR-US: Siemens
CVE-2020-28380
RESERVED
@@ -26483,12 +26489,12 @@ CVE-2020-27859 (This vulnerability allows remote
attackers to disclose sensitive
NOT-FOR-US: NEC ESMPRO Manager
CVE-2020-27858 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
NOT-FOR-US: CA Arcserve
-CVE-2020-27857
- RESERVED
-CVE-2020-27856
- RESERVED
-CVE-2020-27855
- RESERVED
+CVE-2020-27857 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-27856 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-27855 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
CVE-2020-27854
RESERVED
CVE-2020-27853 (Wire before 2020-10-16 allows remote attackers to cause a
denial of se ...)
@@ -28423,16 +28429,16 @@ CVE-2020-27263 (KEPServerEX: v6.0 to v6.9, ThingWorx
Kepware Server: v6.8 and v6
NOT-FOR-US: KEPServerEX
CVE-2020-27262 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to
Version 1.7. ...)
NOT-FOR-US: Innokas Yhtyma Oy
-CVE-2020-27261
- RESERVED
+CVE-2020-27261 (The Omron CX-One Version 4.60 and prior is vulnerable to a
stack-based ...)
+ TODO: check
CVE-2020-27260 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to
Version 1.7. ...)
NOT-FOR-US: Innokas Yhtyma Oy
-CVE-2020-27259
- RESERVED
+CVE-2020-27259 (The Omron CX-One Version 4.60 and prior may allow an attacker
to suppl ...)
+ TODO: check
CVE-2020-27258 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and
AnyDana-A, ...)
NOT-FOR-US: SOOIL Developments Co., Ltd.
-CVE-2020-27257
- RESERVED
+CVE-2020-27257 (This vulnerability allows local attackers to execute arbitrary
code du ...)
+ TODO: check
CVE-2020-27256 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and
AnyDana-A, ...)
NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx
Version 6 ...)
@@ -28964,63 +28970,63 @@ CVE-2020-27010 (A cross-site scripting (XSS)
vulnerability in Trend Micro InterS
NOT-FOR-US: Trend Micro
CVE-2020-27009
RESERVED
-CVE-2020-27008
- RESERVED
-CVE-2020-27007
- RESERVED
-CVE-2020-27006
- RESERVED
-CVE-2020-27005
- RESERVED
-CVE-2020-27004
- RESERVED
-CVE-2020-27003
- RESERVED
-CVE-2020-27002
- RESERVED
-CVE-2020-27001
- RESERVED
-CVE-2020-27000
- RESERVED
-CVE-2020-26999
- RESERVED
-CVE-2020-26998
- RESERVED
+CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
+CVE-2020-27007 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
+CVE-2020-27006 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
+CVE-2020-27005 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
+CVE-2020-27004 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
+CVE-2020-27003 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
+CVE-2020-27002 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
+CVE-2020-27001 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
+CVE-2020-27000 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
+CVE-2020-26999 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
+CVE-2020-26998 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
+ TODO: check
CVE-2020-26997
RESERVED
-CVE-2020-26996 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26996 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26995 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26995 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26994 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26994 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26993 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26993 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26992 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26992 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26991 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26991 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26990 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26990 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
CVE-2020-26989 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26988 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26988 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26987 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26987 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26986 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26986 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26985 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26985 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26984 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26984 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26983 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26983 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26982 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26982 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26981 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26981 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26980 (A vulnerability has been identified in JT2Go (All Versions
< V13.1. ...)
+CVE-2020-26980 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
CVE-2020-26979 (When a user typed a URL in the address bar or the search bar
and quick ...)
- firefox 84.0-1
@@ -33234,8 +33240,8 @@ CVE-2020-25247 (An issue was discovered in Hyland
OnBase through 18.0.0.32 and 1
NOT-FOR-US: Hyland OnBase
CVE-2020-25246
RESERVED
-CVE-2020-25245
- RESERVED
+CVE-2020-25245 (A vulnerability has been identified in DIGSI 4 (All versions
< V4.9 ...)
+ TODO: check
CVE-2020-25244
RESERVED
CVE-2020-25243
@@ -33248,10 +33254,10 @@ CVE-2020-25240
RESERVED
CVE-2020-25239
RESERVED
-CVE-2020-25238
- RESERVED
-CVE-2020-25237
- RESERVED
+CVE-2020-25238 (A vulnerability has been identified in PCS neo (Administration
Console ...)
+ TODO: check
+CVE-2020-25237 (A vulnerability has been identified in SINEC NMS (All versions
< V1 ...)
+ TODO: check
CVE-2020-25236
RESERVED
CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
@@ -38313,10 +38319,10 @@ CVE-2020-22843
RESERVED
CVE-2020-22842 (CMS Made Simple before 2.2.15 allows XSS via the m1_mod
parameter in a ...)
NOT-FOR-US: CMS Made Simple
-CVE-2020-22841
- RESERVED
-CVE-2020-22840
- RESERVED
+CVE-2020-22841 (Stored XSS in b2evolution CMS version 6.11.6 and prior allows
an attac ...)
+ TODO: check
+CVE-2020-22840 (Open redirect vulnerability in b2evolution CMS version prior
to 6.11.6 ...)
+ TODO: check
CVE-2020-22839
RESERVED
CVE-2020-22838
@@ -47587,8 +47593,8 @@ CVE-2020-18217
RESERVED
CVE-2020-18216
RESERVED
-CVE-2020-18215
- RESERVED
+CVE-2020-18215 (Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in
phpshe/admin.p ...)
+ TODO: check
CVE-2020-18214
RESERVED
CVE-2020-18213
@@ -49216,44 +49222,44 @@ CVE-2020-17437 (An issue was discovered in uIP 1.0,
as used in Contiki 3.0 and o
[stretch] - open-iscsi <no-dsa> (Minor issue)
NOTE:
https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
NOTE: Adressed upstream in 2.1.3 release
-CVE-2020-17436
- RESERVED
-CVE-2020-17435
- RESERVED
-CVE-2020-17434
- RESERVED
-CVE-2020-17433
- RESERVED
-CVE-2020-17432
- RESERVED
-CVE-2020-17431
- RESERVED
-CVE-2020-17430
- RESERVED
-CVE-2020-17429
- RESERVED
-CVE-2020-17428
- RESERVED
-CVE-2020-17427
- RESERVED
-CVE-2020-17426
- RESERVED
-CVE-2020-17425
- RESERVED
-CVE-2020-17424
- RESERVED
-CVE-2020-17423
- RESERVED
-CVE-2020-17422
- RESERVED
-CVE-2020-17421
- RESERVED
-CVE-2020-17420
- RESERVED
-CVE-2020-17419
- RESERVED
-CVE-2020-17418
- RESERVED
+CVE-2020-17436 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-17435 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-17434 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-17433 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-17432 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-17431 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-17430 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-17429 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-17428 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-17427 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-17426 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-17425 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-17424 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-17423 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-17422 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-17421 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-17420 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2020-17419 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-17418 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
CVE-2020-17417 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Foxit Reader
CVE-2020-17416 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
@@ -51953,8 +51959,8 @@ CVE-2020-16145 (Roundcube Webmail before 1.3.15 and
1.4.8 allows stored XSS in H
NOTE:
https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4
(1.4.8)
NOTE:
https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b
(1.3.15)
NOTE:
https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e
(1.2.12)
-CVE-2020-16144
- RESERVED
+CVE-2020-16144 (When using an object storage like S3 as the file store, when a
user cr ...)
+ TODO: check
CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to
DLL hijac ...)
- seafile-client <not-affected> (Windows-specific)
CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec
vehicles, the B ...)
@@ -52201,8 +52207,7 @@ CVE-2020-16046 (Script injection in iOSWeb in Google
Chrome on iOS prior to 84.0
TODO: check
CVE-2020-16045 (Use after Free in Payments in Google Chrome on Android prior
to 87.0.4 ...)
TODO: check
-CVE-2020-16044
- RESERVED
+CVE-2020-16044 (Use after free in WebRTC in Google Chrome prior to
88.0.4324.96 allowe ...)
{DSA-4846-1 DSA-4842-1 DSA-4827-1 DLA-2541-1 DLA-2521-1}
- firefox 84.0.2-1
- firefox-esr 78.6.1esr-1
@@ -52990,8 +52995,8 @@ CVE-2020-15800 (A vulnerability has been identified in
SCALANCE X-200 switch fam
NOT-FOR-US: Siemens
CVE-2020-15799 (A vulnerability has been identified in SCALANCE X-200 switch
family (i ...)
NOT-FOR-US: Siemens
-CVE-2020-15798
- RESERVED
+CVE-2020-15798 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels (inc ...)
+ TODO: check
CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer
(All versi ...)
NOT-FOR-US: DCA Vantage Analyzer
CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open
Controlle ...)
@@ -60351,8 +60356,8 @@ CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to
clickjacking. ...)
NOT-FOR-US: ismartgate PRO
CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System
through 2 ...)
NOT-FOR-US: Mikrotik-Router-Monitoring-System
-CVE-2020-13117
- RESERVED
+CVE-2020-13117 (Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow
unauthent ...)
+ TODO: check
CVE-2020-13116 (OpenText Carbonite Server Backup Portal before 8.8.7 allows
XSS by an ...)
NOT-FOR-US: OpenText Carbonite Server Backup Portal
CVE-2020-13115
@@ -69893,8 +69898,8 @@ CVE-2020-10050 (A vulnerability has been identified in
SIMATIC RTLS Locating Man
NOT-FOR-US: Siemens
CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
NOT-FOR-US: Siemens
-CVE-2020-10048
- RESERVED
+CVE-2020-10048 (A vulnerability has been identified in SIMATIC PCS 7 (All
versions), S ...)
+ TODO: check
CVE-2020-10047
RESERVED
CVE-2020-10046
@@ -82941,10 +82946,10 @@ CVE-2020-4998
RESERVED
CVE-2020-4997
RESERVED
-CVE-2020-4996
- RESERVED
-CVE-2020-4995
- RESERVED
+CVE-2020-4996 (IBM Security Identity Governance and Intelligence 5.2.6 could
allow a ...)
+ TODO: check
+CVE-2020-4995 (IBM Security Identity Governance and Intelligence 5.2.6 does
not inval ...)
+ TODO: check
CVE-2020-4994
RESERVED
CVE-2020-4993
@@ -83343,18 +83348,18 @@ CVE-2020-4797
RESERVED
CVE-2020-4796
RESERVED
-CVE-2020-4795
- RESERVED
+CVE-2020-4795 (IBM Security Identity Governance and Intelligence 5.2.6 could
disclose ...)
+ TODO: check
CVE-2020-4794 (IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM
Busines ...)
NOT-FOR-US: IBM
CVE-2020-4793
RESERVED
CVE-2020-4792
RESERVED
-CVE-2020-4791
- RESERVED
-CVE-2020-4790
- RESERVED
+CVE-2020-4791 (IBM Security Identity Governance and Intelligence 5.2.6 could
allow an ...)
+ TODO: check
+CVE-2020-4790 (IBM Security Identity Governance and Intelligence 5.2.6 could
allow a ...)
+ TODO: check
CVE-2020-4789 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch
1, and ...)
NOT-FOR-US: IBM
CVE-2020-4788 (IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow
a local ...)
@@ -92526,7 +92531,7 @@ CVE-2019-19321
RESERVED
CVE-2019-19320
RESERVED
-CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a
mount of a c ...)
+CVE-2019-19319 (In the Linux kernel before 5.2, a setxattr operation, after a
mount of ...)
{DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.2.6-1
[buster] - linux 4.19.87-1
@@ -100360,8 +100365,8 @@ CVE-2019-17584 (The Meinberg SyncBox/PTP/PTPv2
devices have default SSH keys whi
NOT-FOR-US: Meinberg SyncBox/PTP/PTPv2 devices
CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a
denial of se ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2019-17582
- RESERVED
+CVE-2019-17582 (A use-after-free in the _zip_dirent_read function of
zip_dirent.c in l ...)
+ TODO: check
CVE-2019-17581 (tonyy dormsystem through 1.3 allows DOM XSS. ...)
NOT-FOR-US: tonyy dormsystem
CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL Injection in
admin.php. ...)
@@ -121471,7 +121476,7 @@ CVE-2019-10944
RESERVED
CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open
Controlle ...)
NOT-FOR-US: Siemens
-CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All
versions), ...)
+CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 switch
family (i ...)
NOT-FOR-US: Siemens
CVE-2019-10941
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cb76b7364284a66569856cc577fa8ff03529ce5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cb76b7364284a66569856cc577fa8ff03529ce5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
