Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c62258bd by security tracker role at 2021-02-16T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2021-27238
+ RESERVED
+CVE-2021-27237
+ RESERVED
+CVE-2021-27236 (An issue was discovered in Mutare Voice (EVM) 3.x before
3.3.8. getfil ...)
+ TODO: check
+CVE-2021-27235 (An issue was discovered in Mutare Voice (EVM) 3.x before
3.3.8. On the ...)
+ TODO: check
+CVE-2021-27234 (An issue was discovered in Mutare Voice (EVM) 3.x before
3.3.8. The we ...)
+ TODO: check
+CVE-2021-27233 (An issue was discovered in Mutare Voice (EVM) 3.x before
3.3.8. On the ...)
+ TODO: check
+CVE-2021-27232
+ RESERVED
+CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting
environment, s ...)
+ TODO: check
+CVE-2021-27230
+ RESERVED
+CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim
navigates ...)
+ TODO: check
+CVE-2021-27228
+ RESERVED
+CVE-2021-27227
+ RESERVED
+CVE-2021-27226
+ RESERVED
+CVE-2021-27225
+ RESERVED
+CVE-2021-27224
+ RESERVED
CVE-2021-27223
RESERVED
CVE-2021-27222
@@ -890,8 +920,8 @@ CVE-2021-26824
RESERVED
CVE-2021-26823
RESERVED
-CVE-2021-26822
- RESERVED
+CVE-2021-26822 (Teachers Record Management System 1.0 is affected by a SQL
injection v ...)
+ TODO: check
CVE-2021-26821
RESERVED
CVE-2021-26820
@@ -2415,10 +2445,10 @@ CVE-2021-26203
RESERVED
CVE-2021-26202
RESERVED
-CVE-2021-26201
- RESERVED
-CVE-2021-26200
- RESERVED
+CVE-2021-26201 (The Login Panel of CASAP Automated Enrollment System 1.0 is
vulnerable ...)
+ TODO: check
+CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL
injection wh ...)
+ TODO: check
CVE-2021-26199
RESERVED
CVE-2021-26198
@@ -3270,8 +3300,8 @@ CVE-2021-3241
RESERVED
CVE-2021-3240
RESERVED
-CVE-2021-3239
- RESERVED
+CVE-2021-3239 (E-Learning System 1.0 suffers from an unauthenticated SQL
injection vu ...)
+ TODO: check
CVE-2021-3238
RESERVED
CVE-2021-3237
@@ -12669,8 +12699,8 @@ CVE-2021-21513
RESERVED
CVE-2021-21512
RESERVED
-CVE-2021-21511
- RESERVED
+CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an
Improper Aut ...)
+ TODO: check
CVE-2021-21510
RESERVED
CVE-2021-21509
@@ -13787,8 +13817,8 @@ CVE-2020-35736 (GateOne 1.1 allows arbitrary file
download without authenticatio
NOT-FOR-US: GateOne
CVE-2020-35735 (Vidyo 02-09-/D allows clickjacking via the portal/ URI. ...)
NOT-FOR-US: Vidyo
-CVE-2020-35734
- RESERVED
+CVE-2020-35734 (** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6
allows an aut ...)
+ TODO: check
CVE-2020-35733 (An issue was discovered in Erlang/OTP before 23.2.2. The ssl
applicati ...)
- erlang 1:23.2.2+dfsg-1 (bug #980199)
[buster] - erlang <not-affected> (Vulnerable code introduced later)
@@ -14869,15 +14899,15 @@ CVE-2020-35623 (An issue was discovered in the
CasAuth extension for MediaWiki t
CVE-2020-35622 (An issue was discovered in the GlobalUsage extension for
MediaWiki thr ...)
NOT-FOR-US: GlobalUsage MediaWiki extension
CVE-2020-35621
- RESERVED
+ REJECTED
CVE-2020-35620
- RESERVED
+ REJECTED
CVE-2020-35619
- RESERVED
+ REJECTED
CVE-2020-35618
- RESERVED
+ REJECTED
CVE-2020-35617
- RESERVED
+ REJECTED
CVE-2020-35616 (An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack
of input ...)
NOT-FOR-US: Joomla!
CVE-2020-35615 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. A
missing tok ...)
@@ -17447,7 +17477,7 @@ CVE-2020-35502
CVE-2020-35501
RESERVED
CVE-2020-35500
- RESERVED
+ REJECTED
CVE-2020-35499
RESERVED
- linux 5.10.4-1
@@ -21494,16 +21524,16 @@ CVE-2020-29145 (In Ericsson BSCS iX R18 Billing &
Rating iX R18, ADMX is a w
NOT-FOR-US: Ericsson
CVE-2020-29144 (In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a
web base ...)
NOT-FOR-US: Ericsson
-CVE-2020-29143
- RESERVED
-CVE-2020-29142
- RESERVED
+CVE-2020-29143 (A SQL injection vulnerability in
interface/reports/non_reported.php in ...)
+ TODO: check
+CVE-2020-29142 (A SQL injection vulnerability in
interface/usergroup/usergroup_admin.p ...)
+ TODO: check
CVE-2020-29141
RESERVED
-CVE-2020-29140
- RESERVED
-CVE-2020-29139
- RESERVED
+CVE-2020-29140 (A SQL injection vulnerability in
interface/reports/immunization_report ...)
+ TODO: check
+CVE-2020-29139 (A SQL injection vulnerability in
interface/main/finder/patient_select. ...)
+ TODO: check
CVE-2020-29138 (Incorrect Access Control in the configuration backup path in
SAGEMCOM ...)
NOT-FOR-US: SAGEMCOM
CVE-2020-29137 (cPanel before 90.0.17 allows self-XSS via the WHM Transfer
Tool interf ...)
@@ -24475,8 +24505,8 @@ CVE-2020-28339 (The usc-e-shop (aka Collne Welcart
e-Commerce) plugin before 1.9
NOT-FOR-US: usc-e-shop (aka Collne Welcart e-Commerce) plugin for
WordPress
CVE-2020-28338
RESERVED
-CVE-2020-28337
- RESERVED
+CVE-2020-28337 (A directory traversal issue in the Utils/Unzip module in
Microweber th ...)
+ TODO: check
CVE-2020-28336
RESERVED
CVE-2021-1050
@@ -87016,29 +87046,29 @@ CVE-2019-19866 (Atos Unify OpenScape UC Web Client V9
before version V9 R4.31.0
CVE-2019-19865 (Atos Unify OpenScape UC Application V9 before version V9
R4.31.0 and V ...)
NOT-FOR-US: Atos Unify OpenScape UC Web Client
CVE-2020-3824
- RESERVED
+ REJECTED
CVE-2020-3823
- RESERVED
+ REJECTED
CVE-2020-3822
- RESERVED
+ REJECTED
CVE-2020-3821
- RESERVED
+ REJECTED
CVE-2020-3820
- RESERVED
+ REJECTED
CVE-2020-3819
- RESERVED
+ REJECTED
CVE-2020-3818
- RESERVED
+ REJECTED
CVE-2020-3817
- RESERVED
+ REJECTED
CVE-2020-3816
- RESERVED
+ REJECTED
CVE-2020-3815
- RESERVED
+ REJECTED
CVE-2020-3814
- RESERVED
+ REJECTED
CVE-2020-3813
- RESERVED
+ REJECTED
CVE-2020-3812 (qmail-verify as used in netqmail 1.06 is prone to an
information discl ...)
{DSA-4692-1 DLA-2234-1}
- netqmail 1.06-6.2 (bug #961060)
@@ -91843,11 +91873,11 @@ CVE-2019-19552 (In userman 13.0.76.43 through 15.0.20
in Sangoma FreePBX, XSS ex
CVE-2019-19551 (In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS
exists i ...)
NOT-FOR-US: FreePBX
CVE-2020-1974
- RESERVED
+ REJECTED
CVE-2020-1973
- RESERVED
+ REJECTED
CVE-2020-1972
- RESERVED
+ REJECTED
CVE-2020-1971 (The X.509 GeneralName type is a generic type for representing
differen ...)
{DSA-4807-1 DLA-2493-1 DLA-2492-1}
- openssl 1.1.1i-1
@@ -91860,9 +91890,9 @@ CVE-2020-1971 (The X.509 GeneralName type is a generic
type for representing dif
NOTE: Test:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94ece6af0c89d596f9c5221b7df7d6582168c8ba
(OpenSSL_1_1_1-stable)
NOTE: Test:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=433974af7b188d55b1da049b84f3fdeca320cb6a
(OpenSSL_1_1_1-stable)
CVE-2020-1970
- RESERVED
+ REJECTED
CVE-2020-1969
- RESERVED
+ REJECTED
CVE-2020-1968 (The Raccoon attack exploits a flaw in the TLS specification
which can ...)
{DLA-2378-1}
- openssl 1.1.0c-1
@@ -91879,7 +91909,7 @@ CVE-2020-1967 (Server or client applications that call
the SSL_check_chain() fun
- openssl1.0 <not-affected> (Only affects 1.1.1d to 1.1.1f)
NOTE: https://www.openssl.org/news/secadv/20200421.txt
CVE-2020-1966
- RESERVED
+ REJECTED
CVE-2020-1965
RESERVED
CVE-2019-19550 (Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and
6.2.34.37 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c62258bddd2dbaa701755e6f40dff38f57f2af3e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c62258bddd2dbaa701755e6f40dff38f57f2af3e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
