Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7f0ced0d by security tracker role at 2021-02-19T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found
in the @ ...)
+ TODO: check
+CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices
allow injec ...)
+ TODO: check
+CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices
allow cgi-b ...)
+ TODO: check
+CVE-2021-27402
+ RESERVED
+CVE-2021-27401
+ RESERVED
+CVE-2021-27400
+ RESERVED
+CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has
one out ...)
+ TODO: check
+CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has
received non ...)
+ TODO: check
+CVE-2020-36250 (In the ownCloud application before 2.15 for Android, the lock
protecti ...)
+ TODO: check
+CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not
properly e ...)
+ TODO: check
+CVE-2020-36248 (The ownCloud application before 2.15 for Android allows
attackers to u ...)
+ TODO: check
+CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows
CSRF. ...)
+ TODO: check
+CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain
root privil ...)
+ TODO: check
+CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command
injection ...)
+ TODO: check
+CVE-2019-25023
+ RESERVED
+CVE-2019-25022
+ RESERVED
+CVE-2019-25021
+ RESERVED
+CVE-2019-25020
+ RESERVED
CVE-2021-3413
RESERVED
CVE-2021-3412
@@ -53,7 +89,7 @@ CVE-2021-27377 (An issue was discovered in the yottadb crate
before 1.2.0 for Ru
NOT-FOR-US: Rust crate yottadb
CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3
for Rust. ...)
NOT-FOR-US: Rust crate nb-connect
-CVE-2021-27375 (Traefik 2.4.3 allows the loading of IFRAME elements from other
domains ...)
+CVE-2021-27375 (Traefik before 2.4.5 allows the loading of IFRAME elements
from other ...)
NOT-FOR-US: Traefik
CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1
before p ...)
NOT-FOR-US: VertiGIS WebOffice
@@ -1067,8 +1103,8 @@ CVE-2021-26908
RESERVED
CVE-2021-26907
RESERVED
-CVE-2021-26906
- RESERVED
+CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium
Asterisk thro ...)
+ TODO: check
CVE-2021-3402
RESERVED
CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of
authentica ...)
@@ -1422,10 +1458,10 @@ CVE-2021-26749
RESERVED
CVE-2021-26748
RESERVED
-CVE-2021-26747
- RESERVED
-CVE-2021-26746
- RESERVED
+CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow
Shell Metach ...)
+ TODO: check
+CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a
main/calendar/agenda_list.php?type= U ...)
+ TODO: check
CVE-2021-26745
RESERVED
CVE-2021-26744
@@ -1486,8 +1522,8 @@ CVE-2021-26719 (A directory traversal issue was
discovered in Gradle gradle-ente
NOT-FOR-US: gradle-enterprise-test-distribution-agent
CVE-2021-26718
RESERVED
-CVE-2021-26717
- RESERVED
+CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before
16.16.1, 17.x ...)
+ TODO: check
CVE-2021-26716
RESERVED
CVE-2021-26715
@@ -1496,8 +1532,8 @@ CVE-2021-26714
RESERVED
CVE-2021-26713
RESERVED
-CVE-2021-26712
- RESERVED
+CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk
13.38.1, 1 ...)
+ TODO: check
CVE-2021-26711 (A frame-injection issue in the online help in Redwood
Report2Web 4.3.4 ...)
NOT-FOR-US: Redwood Report2Web
CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in
Redwood Repor ...)
@@ -2481,8 +2517,8 @@ CVE-2021-3341 (A path traversal vulnerability in the
DxWebEngine component of DH
NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows
CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of
Wikindx be ...)
NOT-FOR-US: Wikindx
-CVE-2021-3339
- RESERVED
+CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access
to mem ...)
+ TODO: check
CVE-2021-3338
RESERVED
CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB
allows remo ...)
@@ -14100,8 +14136,8 @@ CVE-2020-35778 (Certain NETGEAR devices are affected by
CSRF. This affects GS716
NOT-FOR-US: Netgear
CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by
command inj ...)
NOT-FOR-US: Netgear
-CVE-2020-35776
- RESERVED
+CVE-2020-35776 (A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk
version ...)
+ TODO: check
CVE-2020-35775 (CITSmart before 9.1.2.23 allows LDAP Injection. ...)
NOT-FOR-US: CITSmart
CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter
TwitterServer (a ...)
@@ -15351,10 +15387,10 @@ CVE-2020-35594
RESERVED
CVE-2020-35593
RESERVED
-CVE-2020-35592
- RESERVED
-CVE-2020-35591
- RESERVED
+CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header
to the a ...)
+ TODO: check
+CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The
application d ...)
+ TODO: check
CVE-2020-35590 (LimitLoginAttempts.php in the limit-login-attempts-reloaded
plugin bef ...)
NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress
CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for
WordPress a ...)
@@ -35239,8 +35275,8 @@ CVE-2020-24910
RESERVED
CVE-2020-24909
RESERVED
-CVE-2020-24908
- RESERVED
+CVE-2020-24908 (Checkmk before 1.6.0p17 allows local users to obtain SYSTEM
privileges ...)
+ TODO: check
CVE-2020-24907
RESERVED
CVE-2020-24906
@@ -46225,8 +46261,8 @@ CVE-2020-19515
RESERVED
CVE-2020-19514
RESERVED
-CVE-2020-19513
- RESERVED
+CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100
allows atta ...)
+ TODO: check
CVE-2020-19512
RESERVED
CVE-2020-19511
@@ -58668,7 +58704,7 @@ CVE-2020-14212 (FFmpeg through 4.3 has a heap-based
buffer overflow in avio_get_
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14
CVE-2020-14211
RESERVED
-CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow
reflected ...)
+CVE-2020-14210 (Reflected Cross-Site Scripting (XSS) vulnerability in
MONITORAPP WAF i ...)
NOT-FOR-US: MONITORAPP
CVE-2020-14209 (Dolibarr before 11.0.5 allows low-privilege users to upload
files of d ...)
- dolibarr <removed>
@@ -70607,12 +70643,12 @@ CVE-2020-10256 (An issue was discovered in beta
versions of the 1Password comman
NOT-FOR-US: 1Password
CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by
a vulne ...)
NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips
-CVE-2020-10254
- RESERVED
+CVE-2020-10254 (An issue was discovered in ownCloud before 10.4. An attacker
can bypas ...)
+ TODO: check
CVE-2020-10253
RESERVED
-CVE-2020-10252
- RESERVED
+CVE-2020-10252 (An issue was discovered in ownCloud before 10.4. Because of an
SSRF is ...)
+ TODO: check
CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability
exists withi ...)
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #953741)
[buster] - imagemagick <ignored> (Minor issue)
@@ -81009,6 +81045,7 @@ CVE-2020-6178 (SAP Enable Now, before version 1911,
sends the Session ID cookie
CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently
validate an XM ...)
NOT-FOR-US: SAP
CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read
during a com ...)
+ {DLA-2566-1}
- libbsd 0.10.0-1
[buster] - libbsd <no-dsa> (Minor issue)
[jessie] - libbsd <no-dsa> (Minor issue)
@@ -217789,15 +217826,17 @@ CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR
and 5.6.x before 5.6.2 CR wh
CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted
File Upl ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a
stack-based b ...)
+ {DLA-2567-1}
- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874060)
NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
NOTE: Crash in CLI tool, no security impact
CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka
unrar-free ...)
+ {DLA-2567-1}
- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874061)
NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
NOTE: Crash in CLI tool, no security impact
CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a
directory tra ...)
- {DLA-1091-1}
+ {DLA-2567-1 DLA-1091-1}
- unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
[jessie] - unrar-free <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f0ced0d4eef25729899c2fc4e6c76cef2c41bae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f0ced0d4eef25729899c2fc4e6c76cef2c41bae
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
