Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5d158baa by Moritz Muehlenhoff at 2021-04-12T13:32:47+02:00
new gsoap issues
new nim issues
filed bugs for pjproject/ring
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19157,7 +19157,7 @@ CVE-2021-22116
CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service
broker cre ...)
NOT-FOR-US: Cloud Controller API
CVE-2021-22114 (Addresses partial fix in CVE-2018-1263.
Spring-integration-zip, versio ...)
- TODO: check
+ NOT-FOR-US: Spring-integration-zip
CVE-2021-22113 (Applications using the “Sensitive Headers”
functionality i ...)
NOT-FOR-US: Spring Cloud Netflix Zuul
CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to
5.3.8.RELEASE, 5. ...)
@@ -19834,7 +19834,8 @@ CVE-2021-21785
CVE-2021-21784
RESERVED
CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing
plugin func ...)
- TODO: check
+ - gsoap <unfixed>
+ NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245
CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format
buffer s ...)
NOT-FOR-US: ImageGear
CVE-2021-21781
@@ -21869,7 +21870,7 @@ CVE-2021-21404 (Syncthing is a continuous file
synchronization program. In Synct
NOTE:
https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h
NOTE:
https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97
CVE-2021-21403 (In github.com/kongchuanhujiao/server before version 1.3.21
there is an ...)
- TODO: check
+ NOT-FOR-US: kongchuanhujiao
CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before
version 1 ...)
NOT-FOR-US: Jellyfin
CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in
ansi C. ...)
@@ -21877,7 +21878,7 @@ CVE-2021-21401 (Nanopb is a small code-size Protocol
Buffers implementation in a
NOTE:
https://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88
NOTE:
https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261
CVE-2021-21400 (wire-webapp is an open-source front end for Wire, a secure
collaborati ...)
- TODO: check
+ NOT-FOR-US: wire-webapp
CVE-2021-21399
RESERVED
CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce
solution. In Pre ...)
@@ -21885,7 +21886,7 @@ CVE-2021-21398 (PrestaShop is a fully scalable open
source e-commerce solution.
CVE-2021-21397
RESERVED
CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure
collaboratio ...)
- TODO: check
+ NOT-FOR-US: wire-server
CVE-2021-21395
RESERVED
CVE-2021-21394
@@ -21926,15 +21927,18 @@ CVE-2021-21376 (OMERO.web is open source Django-based
software for managing micr
NOT-FOR-US: OMERO.web
CVE-2021-21375 (PJSIP is a free and open source multimedia communication
library writt ...)
- pjproject <removed>
+ - ring <unfixed> (bug #986815)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
NOTE:
https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
- TODO: check, might affect sc:ring
CVE-2021-21374 (Nimble is a package manager for the Nim programming language.
In Nim r ...)
- TODO: check
+ - nim <unfixed>
+ NOTE:
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
CVE-2021-21373 (Nimble is a package manager for the Nim programming language.
In Nim r ...)
- TODO: check
+ - nim <unfixed>
+ NOTE:
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
CVE-2021-21372 (Nimble is a package manager for the Nim programming language.
In Nim r ...)
- TODO: check
+ - nim <unfixed>
+ NOTE:
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to
pull Tena ...)
NOT-FOR-US: Tenable for Jira Cloud
CVE-2021-21370 (TYPO3 is an open source PHP based web content management
system. In TY ...)
@@ -23765,7 +23769,7 @@ CVE-2021-20694
CVE-2021-20693
RESERVED
CVE-2021-20692 (Directory traversal vulnerability in Archive collectively
operation ut ...)
- TODO: check
+ NOT-FOR-US: Enkisoft
CVE-2021-20691 (Cross-site scripting vulnerability in Yomi-Search Ver4.22
allows remot ...)
NOT-FOR-US: Yomi-Search
CVE-2021-20690 (Cross-site scripting vulnerability in Yomi-Search Ver4.22
allows remot ...)
@@ -25742,7 +25746,7 @@ CVE-2021-20022 (SonicWall Email Security version
10.0.9.x contains a vulnerabili
CVE-2021-20021 (A vulnerability in the SonicWall Email Security version
10.0.9.x allow ...)
NOT-FOR-US: SonicWall
CVE-2021-20020 (A command execution vulnerability in SonicWall GMS 9.3 allows
a remote ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2021-20019
RESERVED
CVE-2021-20018 (A post-authenticated vulnerability in SonicWall SMA100 allows
an attac ...)
@@ -27886,7 +27890,7 @@ CVE-2021-1894
CVE-2021-1893
RESERVED
CVE-2021-1892 (Memory corruption due to improper input validation while
processing IO ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-1891
RESERVED
CVE-2021-1890
@@ -41580,7 +41584,7 @@ CVE-2020-25586
CVE-2020-25585
RESERVED
CVE-2020-25584 (In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before
r369552, 11. ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2020-25583 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before
r368253, 12. ...)
NOT-FOR-US: FreeBSD
CVE-2020-25582 (In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before
r369335, 12. ...)
@@ -44807,17 +44811,17 @@ CVE-2020-24142
CVE-2020-24141
RESERVED
CVE-2020-24140 (Server-side request forgery in Wcms 0.3.2 let an attacker send
crafted ...)
- TODO: check
+ NOT-FOR-US: wmcs
CVE-2020-24139 (Server-side request forgery in Wcms 0.3.2 lets an attacker
send crafte ...)
- TODO: check
+ NOT-FOR-US: wmcs
CVE-2020-24138 (Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows
remote a ...)
- TODO: check
+ NOT-FOR-US: wmcs
CVE-2020-24137 (Directory traversal vulnerability in Wcms 0.3.2 allows an
attacker to ...)
- TODO: check
+ NOT-FOR-US: wmcs
CVE-2020-24136 (Directory traversal in Wcms 0.3.2 allows an attacker to read
arbitrary ...)
- TODO: check
+ NOT-FOR-US: wmcs
CVE-2020-24135 (A Reflected Cross Site Scripting (XSS) Vulnerability was
discovered in ...)
- TODO: check
+ NOT-FOR-US: wmcs
CVE-2020-24134
RESERVED
CVE-2020-24133
@@ -45568,11 +45572,11 @@ CVE-2020-23765
CVE-2020-23764
RESERVED
CVE-2020-23763 (SQL injection in admin.php in Online Book Store 1.0 allows
remote atta ...)
- TODO: check
+ NOT-FOR-US: Online Book Store
CVE-2020-23762 (Cross Site Scripting (XSS) vulnerability in the Larsens
Calender plugi ...)
- TODO: check
+ NOT-FOR-US: Larsens calendar
CVE-2020-23761 (Cross Site Scripting (XSS) vulnerability in subrion CMS
Version <= ...)
- TODO: check
+ NOT-FOR-US: subrion CMS
CVE-2020-23760
RESERVED
CVE-2020-23759
@@ -46016,7 +46020,7 @@ CVE-2020-23541
CVE-2020-23540
RESERVED
CVE-2020-23539 (An issue was discovered in Realtek rtl8723de BLE Stack <=
4.1 that ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2020-23538
RESERVED
CVE-2020-23537
@@ -46242,7 +46246,7 @@ CVE-2020-23428
CVE-2020-23427
RESERVED
CVE-2020-23426 (zzcms 201910 contains an access control vulnerability through
escalati ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2020-23425
RESERVED
CVE-2020-23424
@@ -49328,9 +49332,9 @@ CVE-2020-21886
CVE-2020-21885
RESERVED
CVE-2020-21884 (Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox
Campus Seri ...)
- TODO: check
+ NOT-FOR-US: UniBox
CVE-2020-21883 (Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox
Campus Ser ...)
- TODO: check
+ NOT-FOR-US: UniBox
CVE-2020-21882
RESERVED
CVE-2020-21881
@@ -63533,10 +63537,10 @@ CVE-2020-15261 (On Windows the Veyon Service before
version 4.4.2 contains an un
NOTE:
https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp
CVE-2020-15260 (PJSIP is a free and open source multimedia communication
library writt ...)
- pjproject <removed>
+ - ring <unfixed> (bug #986815)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-8hcp-hm38-mfph
NOTE:
https://github.com/pjsip/pjproject/commit/67e46c1ac45ad784db5b9080f5ed8b133c122872
NOTE: https://github.com/pjsip/pjproject/pull/2663
- TODO: check, might affect sc:ring
CVE-2020-15259 (ad-ldap-connector's admin panel before version 5.0.13 does not
provide ...)
NOT-FOR-US: ad-ldap-connector
CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without
checking ...)
@@ -66806,13 +66810,13 @@ CVE-2020-14108
CVE-2020-14107
RESERVED
CVE-2020-14106 (The application in the mobile phone can unauthorized access to
the lis ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14105
RESERVED
CVE-2020-14104 (A RACE CONDITION on XQBACKUP causes a decompression path error
on Xiao ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14103 (The application in the mobile phone can read the SNO
information of th ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14102 (There is command injection when ddns processes the hostname,
which cau ...)
NOT-FOR-US: Xiaomi
CVE-2020-14101 (The data collection SDK of the router web management interface
caused ...)
@@ -66820,7 +66824,7 @@ CVE-2020-14101 (The data collection SDK of the router
web management interface c
CVE-2020-14100 (In Xiaomi router R3600 ROM version<1.0.66, filters in the
set_WAN6 ...)
NOT-FOR-US: Xiaomi
CVE-2020-14099 (On Xiaomi router AX1800 rom version < 1.0.336 and RM1800
root versi ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14098 (The login verification can be bypassed by using the problem
that the t ...)
NOT-FOR-US: Xiaomi
CVE-2020-14097 (Wrong nginx configuration, causing specific paths to be
downloaded wit ...)
@@ -68320,9 +68324,9 @@ CVE-2020-13662 [Drupal SA 2020-003]
NOTE: https://www.drupal.org/sa-core-2020-003
NOTE:
https://git.drupalcode.org/project/drupal/-/commit/905ff00a44160adee3f266cdcc87d3350a64a072
CVE-2020-13592 (An exploitable SQL injection vulnerability exists in
"global_lists/cho ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel Project Management App
CVE-2020-13591 (An exploitable SQL injection vulnerability exists in the
"access_rules ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel Project Management App
CVE-2020-13590
RESERVED
CVE-2020-13589
@@ -68330,7 +68334,7 @@ CVE-2020-13589
CVE-2020-13588
RESERVED
CVE-2020-13587 (An exploitable SQL injection vulnerability exists in the
"forms_fields ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel Project Management App
CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document
SST Rec ...)
NOT-FOR-US: SoftMaker
CVE-2020-13585 (An out-of-bounds write vulnerability exists in the PSD Header
processi ...)
@@ -68454,11 +68458,11 @@ CVE-2020-13536 (An exploitable local privilege
elevation vulnerability exists in
CVE-2020-13535 (A privilege escalation vulnerability exists in Kepware
LinkMaster 3.0. ...)
NOT-FOR-US: Kepware LinkMaster
CVE-2020-13534 (A privilege escalation vulnerability exists in Dream Report 5
R20-2. C ...)
- TODO: check
+ NOT-FOR-US: Dream Report
CVE-2020-13533 (A privilege escalation vulnerability exists in Dream Report 5
R20-2. I ...)
- TODO: check
+ NOT-FOR-US: Dream Report
CVE-2020-13532 (A privilege escalation vulnerability exists in Dream Report 5
R20-2. I ...)
- TODO: check
+ NOT-FOR-US: Dream Report
CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD
20.08 pro ...)
NOT-FOR-US: Pixar OpenUSD
CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP
server fun ...)
@@ -75462,7 +75466,7 @@ CVE-2020-11257
CVE-2020-11256
RESERVED
CVE-2020-11255 (Denial of service while processing RTCP packets containing
multiple SD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11254
RESERVED
CVE-2020-11253 (Arbitrary memory write issue in video driver while setting the
interna ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d158baabf950e725956961b1fd70e29af4fa192
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d158baabf950e725956961b1fd70e29af4fa192
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
