Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cb7d937a by security tracker role at 2021-01-13T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,139 @@
+CVE-2021-3140
+ RESERVED
+CVE-2021-3139 (In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through
1.5.2, xcopy ...)
+ TODO: check
+CVE-2021-24002
+ RESERVED
+CVE-2021-24001
+ RESERVED
+CVE-2021-24000
+ RESERVED
+CVE-2021-23999
+ RESERVED
+CVE-2021-23998
+ RESERVED
+CVE-2021-23997
+ RESERVED
+CVE-2021-23996
+ RESERVED
+CVE-2021-23995
+ RESERVED
+CVE-2021-23994
+ RESERVED
+CVE-2021-23993
+ RESERVED
+CVE-2021-23992
+ RESERVED
+CVE-2021-23991
+ RESERVED
+CVE-2021-23990
+ RESERVED
+CVE-2021-23989
+ RESERVED
+CVE-2021-23988
+ RESERVED
+CVE-2021-23987
+ RESERVED
+CVE-2021-23986
+ RESERVED
+CVE-2021-23985
+ RESERVED
+CVE-2021-23984
+ RESERVED
+CVE-2021-23983
+ RESERVED
+CVE-2021-23982
+ RESERVED
+CVE-2021-23981
+ RESERVED
+CVE-2021-23980
+ RESERVED
+CVE-2021-23979
+ RESERVED
+CVE-2021-23978
+ RESERVED
+CVE-2021-23977
+ RESERVED
+CVE-2021-23976
+ RESERVED
+CVE-2021-23975
+ RESERVED
+CVE-2021-23974
+ RESERVED
+CVE-2021-23973
+ RESERVED
+CVE-2021-23972
+ RESERVED
+CVE-2021-23971
+ RESERVED
+CVE-2021-23970
+ RESERVED
+CVE-2021-23969
+ RESERVED
+CVE-2021-23968
+ RESERVED
+CVE-2021-23967
+ RESERVED
+CVE-2021-23966
+ RESERVED
+CVE-2021-23965
+ RESERVED
+CVE-2021-23964
+ RESERVED
+CVE-2021-23963
+ RESERVED
+CVE-2021-23962
+ RESERVED
+CVE-2021-23961
+ RESERVED
+CVE-2021-23960
+ RESERVED
+CVE-2021-23959
+ RESERVED
+CVE-2021-23958
+ RESERVED
+CVE-2021-23957
+ RESERVED
+CVE-2021-23956
+ RESERVED
+CVE-2021-23955
+ RESERVED
+CVE-2021-23954
+ RESERVED
+CVE-2021-23953
+ RESERVED
+CVE-2021-23952
+ RESERVED
+CVE-2021-23951
+ RESERVED
+CVE-2021-23950
+ RESERVED
+CVE-2021-23949
+ RESERVED
+CVE-2021-23948
+ RESERVED
+CVE-2021-23947
+ RESERVED
+CVE-2021-23946
+ RESERVED
+CVE-2021-23945
+ RESERVED
+CVE-2021-23944
+ RESERVED
+CVE-2021-23943
+ RESERVED
+CVE-2021-23942
+ RESERVED
+CVE-2021-23941
+ RESERVED
+CVE-2021-23940
+ RESERVED
+CVE-2021-23939
+ RESERVED
+CVE-2021-23938
+ RESERVED
+CVE-2021-23937
+ RESERVED
CVE-2021-3138
RESERVED
CVE-2021-3137
@@ -48,8 +184,8 @@ CVE-2021-3133 (The Elementor Contact Form DB plugin before
1.6 for WordPress all
NOT-FOR-US: Elementor Contact Form DB plugin for WordPress
CVE-2021-3132
RESERVED
-CVE-2021-3131
- RESERVED
+CVE-2021-3131 (The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends
base64 enco ...)
+ TODO: check
CVE-2021-3130
RESERVED
CVE-2021-3129 (Ignition before 2.5.2, as used in Laravel and other products,
allows u ...)
@@ -96,10 +232,10 @@ CVE-2021-23902
RESERVED
CVE-2021-23901
RESERVED
-CVE-2021-23900
- RESERVED
-CVE-2021-23899
- RESERVED
+CVE-2021-23900 (OWASP json-sanitizer before 1.2.2 can output invalid JSON or
throw an ...)
+ TODO: check
+CVE-2021-23899 (OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags
and CDA ...)
+ TODO: check
CVE-2021-23898
RESERVED
CVE-2021-23897
@@ -1625,10 +1761,10 @@ CVE-2021-3034
RESERVED
CVE-2021-3033
RESERVED
-CVE-2021-3032
- RESERVED
-CVE-2021-3031
- RESERVED
+CVE-2021-3032 (An information exposure through log file vulnerability exists
in Palo ...)
+ TODO: check
+CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500,
PA-800, P ...)
+ TODO: check
CVE-2021-3030
RESERVED
CVE-2021-23234
@@ -2592,8 +2728,8 @@ CVE-2020-36178 (oal_ipt_addBridgeIsolationRules on
TP-Link TL-WR840N 6_EU_0.9.1_
NOT-FOR-US: TP-Link
CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS
Imaging) ...)
NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging)
-CVE-2021-3028
- RESERVED
+CVE-2021-3028 (git-big-picture before 1.0.0 mishandles ' characters in a
branch name, ...)
+ TODO: check
CVE-2021-22696
RESERVED
CVE-2020-36177 (RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has
an out-o ...)
@@ -4843,44 +4979,31 @@ CVE-2021-21616
RESERVED
CVE-2021-21615
RESERVED
-CVE-2021-21614
- RESERVED
+CVE-2021-21614 (Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores
credentials u ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21613
- RESERVED
+CVE-2021-21613 (Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape
TICS servic ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21612
- RESERVED
+CVE-2021-21612 (Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores
credenti ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21611
- RESERVED
+CVE-2021-21611 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
escape dis ...)
NOT-FOR-US: Jenkins
-CVE-2021-21610
- RESERVED
+CVE-2021-21610 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
implement ...)
NOT-FOR-US: Jenkins
-CVE-2021-21609
- RESERVED
+CVE-2021-21609 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
correctly ...)
NOT-FOR-US: Jenkins
-CVE-2021-21608
- RESERVED
+CVE-2021-21608 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
escape but ...)
NOT-FOR-US: Jenkins
-CVE-2021-21607
- RESERVED
+CVE-2021-21607 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
limit size ...)
NOT-FOR-US: Jenkins
-CVE-2021-21606
- RESERVED
+CVE-2021-21606 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly
validate ...)
NOT-FOR-US: Jenkins
-CVE-2021-21605
- RESERVED
+CVE-2021-21605 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows
users with A ...)
NOT-FOR-US: Jenkins
-CVE-2021-21604
- RESERVED
+CVE-2021-21604 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows
attackers wi ...)
NOT-FOR-US: Jenkins
-CVE-2021-21603
- RESERVED
+CVE-2021-21603 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
escape not ...)
NOT-FOR-US: Jenkins
-CVE-2021-21602
- RESERVED
+CVE-2021-21602 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows
reading arbi ...)
NOT-FOR-US: Jenkins
CVE-2021-21601
RESERVED
@@ -6264,8 +6387,8 @@ CVE-2020-35689
RESERVED
CVE-2020-35688
RESERVED
-CVE-2020-35687
- RESERVED
+CVE-2020-35687 (PHPFusion version 9.03.90 is vulnerable to CSRF attack which
leads to ...)
+ TODO: check
CVE-2020-35686 (The SECOMN service in Sound Research DCHU model software
component mod ...)
NOT-FOR-US: Sound Research
CVE-2020-35685
@@ -6771,8 +6894,8 @@ CVE-2021-21254
RESERVED
CVE-2021-21253
RESERVED
-CVE-2021-21252
- RESERVED
+CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for
your exis ...)
+ TODO: check
CVE-2021-21251
RESERVED
CVE-2021-21250
@@ -8223,8 +8346,8 @@ CVE-2021-20618
RESERVED
CVE-2021-20617
RESERVED
-CVE-2021-20616
- RESERVED
+CVE-2021-20616 (Untrusted search path vulnerability in the installer of SKYSEA
Client ...)
+ TODO: check
CVE-2021-20615
RESERVED
CVE-2021-20614
@@ -20646,8 +20769,8 @@ CVE-2020-27490
RESERVED
CVE-2020-27489
RESERVED
-CVE-2020-27488
- RESERVED
+CVE-2020-27488 (Loxone Miniserver devices with firmware before 11.1 (aka
11.1.9.3) are ...)
+ TODO: check
CVE-2020-27487
RESERVED
CVE-2020-27486 (Garmin Forerunner 235 before 8.20 is affected by: Buffer
Overflow. The ...)
@@ -23380,8 +23503,7 @@ CVE-2020-26263 (tlslite-ng is an open source python
library that implements SSL
NOTE:
https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368
NOTE: https://github.com/tlsfuzzer/tlslite-ng/pull/438
NOTE: https://github.com/tlsfuzzer/tlslite-ng/pull/439
-CVE-2020-26262
- RESERVED
+CVE-2020-26262 (Coturn is free open source implementation of TURN and STUN
Server. Cot ...)
{DSA-4829-1 DLA-2522-1}
- coturn 4.5.2-1
NOTE:
https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p
@@ -29331,8 +29453,8 @@ CVE-2020-23655 (NavigateCMS 2.9 is affected by Cross
Site Scripting (XSS) on mod
NOT-FOR-US: NavigateCMS
CVE-2020-23654 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via
the modu ...)
NOT-FOR-US: NavigateCMS
-CVE-2020-23653
- RESERVED
+CVE-2020-23653 (An insecure unserialize vulnerability was discovered in
ThinkAdmin ver ...)
+ TODO: check
CVE-2020-23652
RESERVED
CVE-2020-23651
@@ -47155,14 +47277,14 @@ CVE-2020-15223 (In ORY Fosite (the security first
OAuth2 & OpenID Connect fr
NOT-FOR-US: ORY Fosite
CVE-2020-15222 (In ORY Fosite (the security first OAuth2 & OpenID Connect
framewor ...)
NOT-FOR-US: ORY Fosite
-CVE-2020-15221
- RESERVED
-CVE-2020-15220
- RESERVED
-CVE-2020-15219
- RESERVED
-CVE-2020-15218
- RESERVED
+CVE-2020-15221 (Combodo iTop is a web based IT Service Management tool. In
iTop before ...)
+ TODO: check
+CVE-2020-15220 (Combodo iTop is a web based IT Service Management tool. In
iTop before ...)
+ TODO: check
+CVE-2020-15219 (Combodo iTop is a web based IT Service Management tool. In
iTop before ...)
+ TODO: check
+CVE-2020-15218 (Combodo iTop is a web based IT Service Management tool. In
iTop before ...)
+ TODO: check
CVE-2020-15217 (In GLPI before version 9.5.2, there is a leakage of user
information t ...)
- glpi <removed>
CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go)
before ve ...)
@@ -64666,8 +64788,8 @@ CVE-2020-9146
RESERVED
CVE-2020-9145
RESERVED
-CVE-2020-9144
- RESERVED
+CVE-2020-9144 (There is a heap overflow vulnerability in some Huawei
smartphone, atta ...)
+ TODO: check
CVE-2020-9143
RESERVED
CVE-2020-9142
@@ -73468,10 +73590,10 @@ CVE-2020-5688
RESERVED
CVE-2020-5687
RESERVED
-CVE-2020-5686
- RESERVED
-CVE-2020-5685
- RESERVED
+CVE-2020-5686 (Incorrect implementation of authentication algorithm issue in
UNIVERGE ...)
+ TODO: check
+CVE-2020-5685 (UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6
to S8 al ...)
+ TODO: check
CVE-2020-5684 (iSM client versions from V5.1 prior to V12.1 running on NEC
Storage Ma ...)
NOT-FOR-US: iSM client
CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to
v4.2.3 (v ...)
@@ -73574,8 +73696,8 @@ CVE-2020-5635 (Aterm SA3500G firmware versions prior to
Ver. 3.5.9 allows an att
NOT-FOR-US: Aterm SA3500G firmware
CVE-2020-5634 (ELECOM LAN routers (WRC-2533GST2 firmware versions prior to
v1.14, WRC ...)
NOT-FOR-US: ELECOM LAN routers
-CVE-2020-5633
- RESERVED
+CVE-2020-5633 (Multiple NEC products (Express5800/T110j, Express5800/T110j-S,
Express ...)
+ TODO: check
CVE-2020-5632 (InfoCage SiteShell series (Host type SiteShell for IIS V1.4,
V1.5, and ...)
NOT-FOR-US: InfoCage SiteShell
CVE-2020-5631 (Stored cross-site scripting vulnerability in CMONOS.JP
ver2.0.20191009 ...)
@@ -76333,28 +76455,28 @@ CVE-2020-4606 (IBM Security Verify Privilege Manager
10.8 is vulnerable to an XM
NOT-FOR-US: IBM
CVE-2020-4605
RESERVED
-CVE-2020-4604
- RESERVED
+CVE-2020-4604 (IBM Security Guardium Insights 2.0.2 stores user credentials in
plain ...)
+ TODO: check
CVE-2020-4603 (IBM Security Guardium Insights 2.0.1 performs an operation at a
privil ...)
NOT-FOR-US: IBM
-CVE-2020-4602
- RESERVED
+CVE-2020-4602 (IBM Security Guardium Insights 2.0.2 stores user credentials in
plain ...)
+ TODO: check
CVE-2020-4601
RESERVED
-CVE-2020-4600
- RESERVED
-CVE-2020-4599
- RESERVED
+CVE-2020-4600 (IBM Security Guardium Insights 2.0.2 could allow a remote
attacker to ...)
+ TODO: check
+CVE-2020-4599 (IBM Security Guardium Insights 2.0.2 could allow a remote
attacker to ...)
+ TODO: check
CVE-2020-4598 (IBM Security Guardium Insights 2.0.1 could allow a remote
attacker to ...)
NOT-FOR-US: IBM
-CVE-2020-4597
- RESERVED
-CVE-2020-4596
- RESERVED
-CVE-2020-4595
- RESERVED
-CVE-2020-4594
- RESERVED
+CVE-2020-4597 (IBM Security Guardium Insights 2.0.2 does not set the secure
attribute ...)
+ TODO: check
+CVE-2020-4596 (IBM Security Guardium Insights 2.0.2 uses weaker than expected
cryptog ...)
+ TODO: check
+CVE-2020-4595 (IBM Security Guardium Insights 2.0.2 uses weaker than expected
cryptog ...)
+ TODO: check
+CVE-2020-4594 (IBM Security Guardium Insights 2.0.2 uses weaker than expected
cryptog ...)
+ TODO: check
CVE-2020-4593 (IBM Security Guardium Insights 2.0.1 stores user credentials in
plain ...)
NOT-FOR-US: IBM
CVE-2020-4592 (IBM MQ Appliance 9.1.CD and LTS could allow an authenticated
user, und ...)
@@ -131599,8 +131721,8 @@ CVE-2019-4704 (IBM Security Identity Manager Virtual
Appliance 7.0.2 does not se
NOT-FOR-US: IBM
CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting
Microsoft ...)
NOT-FOR-US: IBM
-CVE-2019-4702
- RESERVED
+CVE-2019-4702 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies
permissi ...)
+ TODO: check
CVE-2019-4701 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed
with a ...)
NOT-FOR-US: IBM
CVE-2019-4700
@@ -131629,8 +131751,8 @@ CVE-2019-4689 (IBM Security Guardium Data Encryption
(GDE) 3.0.0.2 could allow a
NOT-FOR-US: IBM
CVE-2019-4688 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not
set the s ...)
NOT-FOR-US: IBM
-CVE-2019-4687
- RESERVED
+CVE-2019-4687 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores
sensitive i ...)
+ TODO: check
CVE-2019-4686 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not
set the s ...)
NOT-FOR-US: IBM
CVE-2019-4685
@@ -132683,8 +132805,8 @@ CVE-2019-4162 (IBM Security Information Queue (ISIQ)
1.0.0, 1.0.1, and 1.0.2 is
NOT-FOR-US: IBM
CVE-2019-4161 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2
disclose ...)
NOT-FOR-US: IBM
-CVE-2019-4160
- RESERVED
+CVE-2019-4160 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker
than e ...)
+ TODO: check
CVE-2019-4159
REJECTED
CVE-2019-4158 (IBM Security Access Manager 9.0.1 through 9.0.6 does not prove
that a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb7d937a358ed9f277b52429ffc481dc80fbf0ff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb7d937a358ed9f277b52429ffc481dc80fbf0ff
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
