Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8c0f93b4 by security tracker role at 2021-01-11T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-3125
+ RESERVED
+CVE-2021-3124
+ RESERVED
CVE-2021-3123
RESERVED
CVE-2021-3122
@@ -1182,8 +1186,8 @@ CVE-2021-23255
RESERVED
CVE-2021-23254
RESERVED
-CVE-2021-23253
- RESERVED
+CVE-2021-23253 (Opera Mini for Android below 53.1 displays URL left-aligned in
the add ...)
+ TODO: check
CVE-2021-23252
RESERVED
CVE-2021-23251
@@ -5977,8 +5981,8 @@ CVE-2020-35702 (** DISPUTED ** DCTStream::getChars in
DCTStream.cc in Poppler 20
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011
NOTE: Introduced by:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1c3ded779582aef5f2cbaf29bc5da7a8eae6f69
NOTE: Fixed by:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639
-CVE-2020-35701
- RESERVED
+CVE-2020-35701 (An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL
injection ...)
+ TODO: check
CVE-2020-35700
RESERVED
CVE-2020-35699
@@ -9391,8 +9395,8 @@ CVE-2020-35485
RESERVED
CVE-2020-35484
RESERVED
-CVE-2020-35483
- RESERVED
+CVE-2020-35483 (AnyDesk before 6.1.0 on Windows, when run in portable mode on
a system ...)
+ TODO: check
CVE-2020-35482
RESERVED
CVE-2020-35481
@@ -20764,20 +20768,20 @@ CVE-2020-27295
RESERVED
CVE-2020-27294
RESERVED
-CVE-2020-27293
- RESERVED
+CVE-2020-27293 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a
type conf ...)
+ TODO: check
CVE-2020-27292
RESERVED
-CVE-2020-27291
- RESERVED
+CVE-2020-27291 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is
vulnerable t ...)
+ TODO: check
CVE-2020-27290
RESERVED
-CVE-2020-27289
- RESERVED
+CVE-2020-27289 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a
null poin ...)
+ TODO: check
CVE-2020-27288
RESERVED
-CVE-2020-27287
- RESERVED
+CVE-2020-27287 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is
vulnerable t ...)
+ TODO: check
CVE-2020-27286
RESERVED
CVE-2020-27285 (The default configuration of Crimson 3.1 (Build versions prior
to 3119 ...)
@@ -20788,20 +20792,20 @@ CVE-2020-27283 (An attacker could send a specially
crafted message to Crimson 3.
NOT-FOR-US: Crimson
CVE-2020-27282
RESERVED
-CVE-2020-27281
- RESERVED
+CVE-2020-27281 (A stack-based buffer overflow may exist in Delta Electronics
CNCSoft S ...)
+ TODO: check
CVE-2020-27280
RESERVED
CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in
the prot ...)
NOT-FOR-US: Crimson
CVE-2020-27278
RESERVED
-CVE-2020-27277
- RESERVED
+CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a
null pointe ...)
+ TODO: check
CVE-2020-27276
RESERVED
-CVE-2020-27275
- RESERVED
+CVE-2020-27275 (Delta Electronics DOPSoft Version 4.0.8.21 and prior is
vulnerable to ...)
+ TODO: check
CVE-2020-27274
RESERVED
CVE-2020-27273
@@ -21912,8 +21916,8 @@ CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross
Site Request Forgery (CSR
NOT-FOR-US: forma.lms
CVE-2020-26801
RESERVED
-CVE-2020-26800
- RESERVED
+CVE-2020-26800 (A stack overflow vulnerability in Aleth Ethereum C++ client
version &l ...)
+ TODO: check
CVE-2020-26799
RESERVED
CVE-2020-26798
@@ -23106,6 +23110,7 @@ CVE-2020-26263 (tlslite-ng is an open source python
library that implements SSL
NOTE: https://github.com/tlsfuzzer/tlslite-ng/pull/439
CVE-2020-26262
RESERVED
+ {DSA-4829-1}
- coturn <unfixed>
NOTE:
https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p
NOTE:
https://github.com/coturn/coturn/commit/ff5e5478a3e1b426bad053828099403cfc5c1f5f
@@ -23479,8 +23484,8 @@ CVE-2020-26120 (XSS exists in the MobileFrontend
extension for MediaWiki before
NOT-FOR-US: MobileFrontend MediaWiki extension
CVE-2020-26119
RESERVED
-CVE-2020-26118
- RESERVED
+CVE-2020-26118 (In SmartBear Collaborator Server through 13.3.13302, use of
the Google ...)
+ TODO: check
CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC
before 1 ...)
{DLA-2396-1}
- tigervnc 1.10.1+dfsg-9 (bug #971272)
@@ -24618,8 +24623,7 @@ CVE-2020-25660 (A flaw was found in the Cephx
authentication protocol in version
NOTE: Fixed by:
https://github.com/ceph/ceph/commit/2927fd91d41e505237cc73f9700e5c6a63e5cb4f
(14.2.14)
NOTE: Fixed by:
https://github.com/ceph/ceph/commit/4c11203122d729c832a645c9e3f5092db4963840
(14.2.14)
NOTE: Fixed by:
https://github.com/ceph/ceph/commit/bb5d3d58bfcae96d2e5f796eaa74fc0987f79e77
(14.2.14)
-CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption]
- RESERVED
+CVE-2020-25659 (python-cryptography 3.2 is vulnerable to Bleichenbacher timing
attacks ...)
- python-cryptography 3.2.1-1 (bug #973247)
[buster] - python-cryptography <no-dsa> (Minor issue)
[stretch] - python-cryptography <no-dsa> (Minor issue; risk of
regression & marginal benefit)
@@ -28306,8 +28310,8 @@ CVE-2020-24027
RESERVED
CVE-2020-24026
RESERVED
-CVE-2020-24025
- RESERVED
+CVE-2020-24025 (Certificate validation in node-sass 2.0.0 to 4.14.1 is
disabled when r ...)
+ TODO: check
CVE-2020-24024
RESERVED
CVE-2020-24023
@@ -28350,8 +28354,8 @@ CVE-2020-24005
RESERVED
CVE-2020-24004
RESERVED
-CVE-2020-24003
- RESERVED
+CVE-2020-24003 (Microsoft Skype through 8.59.0.77 on macOS has the
disable-library-val ...)
+ TODO: check
CVE-2020-24002
RESERVED
CVE-2020-24001
@@ -28436,8 +28440,8 @@ CVE-2020-23962
RESERVED
CVE-2020-23961
RESERVED
-CVE-2020-23960
- RESERVED
+CVE-2020-23960 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Admi ...)
+ TODO: check
CVE-2020-23959
RESERVED
CVE-2020-23958
@@ -28658,8 +28662,8 @@ CVE-2020-23851
RESERVED
CVE-2020-23850
RESERVED
-CVE-2020-23849
- RESERVED
+CVE-2020-23849 (Stored XSS was discovered in the tree mode of jsoneditor
before 9.0.2 ...)
+ TODO: check
CVE-2020-23848
RESERVED
CVE-2020-23847
@@ -29068,10 +29072,10 @@ CVE-2020-23646
RESERVED
CVE-2020-23645
RESERVED
-CVE-2020-23644
- RESERVED
-CVE-2020-23643
- RESERVED
+CVE-2020-23644 (XSS exists in JIZHICMS 1.7.1 via
index.php/Error/index?msg={XSS] to Ho ...)
+ TODO: check
+CVE-2020-23643 (XSS exists in JIZHICMS 1.7.1 via
index.php/Wechat/checkWeixin?signatur ...)
+ TODO: check
CVE-2020-23642
RESERVED
CVE-2020-23641
@@ -29096,8 +29100,8 @@ CVE-2020-23632
RESERVED
CVE-2020-23631
RESERVED
-CVE-2020-23630
- RESERVED
+CVE-2020-23630 (A blind SQL injection vulnerability exists in zzcms ver201910
based on ...)
+ TODO: check
CVE-2020-23629
RESERVED
CVE-2020-23628
@@ -41320,8 +41324,8 @@ CVE-2020-17536
REJECTED
CVE-2020-17535
REJECTED
-CVE-2020-17534
- RESERVED
+CVE-2020-17534 (There exists a race condition between the deletion of the
temporary fi ...)
+ TODO: check
CVE-2020-17533 (Apache Accumulo versions 1.5.0 through 1.10.0 and version
2.0.0 do not ...)
NOT-FOR-US: Apache Accumulo
CVE-2020-17532
@@ -41383,14 +41387,12 @@ CVE-2020-17510 (Apache Shiro before 1.7.0, when using
Apache Shiro with Spring,
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7
NOTE:
https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E
NOTE:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12349284&styleName=Text&projectId=12310950
-CVE-2020-17509 [ATS negative cache option is vulnerable to a cache poisoning
attack]
- RESERVED
+CVE-2020-17509 (ATS negative cache option is vulnerable to a cache poisoning
attack. I ...)
{DSA-4805-1}
- trafficserver 8.1.1+ds-1
NOTE: https://github.com/apache/trafficserver/pull/7359
NOTE:
https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E
-CVE-2020-17508 [The ATS ESI plugin has a memory disclosure vulnerability]
- RESERVED
+CVE-2020-17508 (The ATS ESI plugin has a memory disclosure vulnerability. If
you are r ...)
{DSA-4805-1}
- trafficserver 8.1.1+ds-1
NOTE: https://github.com/apache/trafficserver/pull/7358
@@ -50554,8 +50556,8 @@ CVE-2020-13924
RESERVED
CVE-2020-13923 (IDOR vulnerability in the order processing feature from
ecommerce comp ...)
NOT-FOR-US: Apache OFBiz
-CVE-2020-13922
- RESERVED
+CVE-2020-13922 (Versions of Apache DolphinScheduler prior to 1.3.2 allowed an
ordinary ...)
+ TODO: check
CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache
SkyWalking storag ...)
NOT-FOR-US: Apache SkyWalking
CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create
the JMX ...)
@@ -51599,8 +51601,8 @@ CVE-2020-13561
RESERVED
CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine
of Foxi ...)
NOT-FOR-US: Foxit
-CVE-2020-13559
- RESERVED
+CVE-2020-13559 (A denial-of-service vulnerability exists in the
traffic-logging functi ...)
+ TODO: check
CVE-2020-13558
RESERVED
CVE-2020-13557 (A use after free vulnerability exists in the JavaScript engine
of Foxi ...)
@@ -55592,8 +55594,8 @@ CVE-2020-11996 (A specially crafted sequence of HTTP/2
requests sent to Apache T
NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6
NOTE:
https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976
(9.0.36)
NOTE:
https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552
(8.5.56)
-CVE-2020-11995
- RESERVED
+CVE-2020-11995 (A deserialization vulnerability existed in dubbo 2.7.5 and its
earlier ...)
+ TODO: check
CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure
on Camel ...)
NOT-FOR-US: Apache Camel
CVE-2020-11993 (Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug
was enab ...)
@@ -75520,8 +75522,8 @@ CVE-2020-4871
RESERVED
CVE-2020-4870 (IBM MQ 9.2 CD and LTS are vulnerable to a denial of service
attack cau ...)
NOT-FOR-US: IBM
-CVE-2020-4869
- RESERVED
+CVE-2020-4869 (IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial
of servi ...)
+ TODO: check
CVE-2020-4868
RESERVED
CVE-2020-4867
@@ -81859,8 +81861,8 @@ CVE-2018-21032 (A vulnerability in Hitachi Command
Suite prior to 8.7.1-00 and H
NOT-FOR-US: Hitachi
CVE-2020-2509
RESERVED
-CVE-2020-2508
- RESERVED
+CVE-2020-2508 (A command injection vulnerability has been reported to affect
QTS and ...)
+ TODO: check
CVE-2020-2507
RESERVED
CVE-2020-2506
@@ -135562,8 +135564,8 @@ CVE-2019-3407
RESERVED
CVE-2019-3406
RESERVED
-CVE-2019-3405
- RESERVED
+CVE-2019-3405 (In the 3.1.3.64296 and lower version of 360F5, the third party
can tri ...)
+ TODO: check
CVE-2019-3404 (By adding some special fields to the uri ofrouter app function,
the us ...)
NOT-FOR-US: ofrouter
CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before
version 7.13. ...)
@@ -167103,8 +167105,8 @@ CVE-2018-11248 (util/FileDownloadUtils.java in
FileDownloader 1.7.3 does not che
NOT-FOR-US: FileDownloader
CVE-2018-11247 (The JMX/RMI interface in Nasdaq BWise 5.0 does not require
authenticat ...)
NOT-FOR-US: SAP
-CVE-2018-11246
- RESERVED
+CVE-2018-11246 (K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has
a Memory ...)
+ TODO: check
CVE-2018-11245 (app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with
cortex ...)
NOT-FOR-US: MISP
CVE-2018-11244 (The BBE theme before 1.53 for WordPress allows a direct launch
of an H ...)
@@ -167710,18 +167712,18 @@ CVE-2018-11012 (ruibaby Halo 0.0.2 has stored XSS
via the loginName and loginPwd
NOT-FOR-US: ruibaby Halo
CVE-2018-11011 (ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field
to Front ...)
NOT-FOR-US: ruibaby Halo
-CVE-2018-11010
- RESERVED
-CVE-2018-11009
- RESERVED
-CVE-2018-11008
- RESERVED
-CVE-2018-11007
- RESERVED
-CVE-2018-11006
- RESERVED
-CVE-2018-11005
- RESERVED
+CVE-2018-11010 (A Buffer Overflow issue was discovered in K7Computing
K7AntiVirus Prem ...)
+ TODO: check
+CVE-2018-11009 (A Buffer Overflow issue was discovered in K7Computing
K7AntiVirus Prem ...)
+ TODO: check
+CVE-2018-11008 (An Incorrect Access Control issue was discovered in
K7Computing K7Anti ...)
+ TODO: check
+CVE-2018-11007 (A Memory Leak issue was discovered in K7Computing K7AntiVirus
Premium ...)
+ TODO: check
+CVE-2018-11006 (An Incorrect Access Control issue was discovered in
K7Computing K7Anti ...)
+ TODO: check
+CVE-2018-11005 (A Memory Leak issue was discovered in K7Computing K7AntiVirus
Premium ...)
+ TODO: check
CVE-2018-11004 (An issue was discovered in SDcms v1.5. Cross-site request
forgery (CSR ...)
NOT-FOR-US: SDcms
CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request
forgery (CS ...)
@@ -172129,10 +172131,10 @@ CVE-2018-9335 (The PAN-OS session browser in PAN-OS
6.1.20 and earlier, PAN-OS 7
NOT-FOR-US: PAN-OS
CVE-2018-9334 (The PAN-OS management web interface page in PAN-OS 6.1.20 and
earlier, ...)
NOT-FOR-US: PAN-OS
-CVE-2018-9333
- RESERVED
-CVE-2018-9332
- RESERVED
+CVE-2018-9333 (K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected
by: Buff ...)
+ TODO: check
+CVE-2018-9332 (K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected
by: In ...)
+ TODO: check
CVE-2018-9331 (An issue was discovered in zzcms 8.2. user/adv.php allows
remote attac ...)
NOT-FOR-US: zzcms
CVE-2016-10720
@@ -173974,12 +173976,12 @@ CVE-2017-18233 (An issue was discovered in Exempi
before 2.4.4. Integer overflow
[jessie] - exempi <no-dsa> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102151
NOTE:
https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260
-CVE-2018-8726
- RESERVED
-CVE-2018-8725
- RESERVED
-CVE-2018-8724
- RESERVED
+CVE-2018-8726 (K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected
by: Buff ...)
+ TODO: check
+CVE-2018-8725 (K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected
by: Bu ...)
+ TODO: check
+CVE-2018-8724 (K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected
by: Inco ...)
+ TODO: check
CVE-2018-8723
RESERVED
CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has
multip ...)
@@ -175468,8 +175470,8 @@ CVE-2018-8046 (The getTip() method of Action Columns
of Sencha Ext JS 4 to 6 bef
NOT-FOR-US: Sencha
CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a
variable ...)
NOT-FOR-US: Joomla!
-CVE-2018-8044
- RESERVED
+CVE-2018-8044 (K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected
by: Inco ...)
+ TODO: check
CVE-2017-18223 (BMC Remedy AR System before 9.1 SP3, when Remedy AR
Authentication is ...)
NOT-FOR-US: BMC Remedy AR System
CVE-2018-8043 (The unimac_mdio_probe function in
drivers/net/phy/mdio-bcm-unimac.c in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c0f93b4fa20a98f1999b484badf04d59a87ec76
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c0f93b4fa20a98f1999b484badf04d59a87ec76
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
