Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bb649141 by security tracker role at 2021-02-19T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,205 @@
+CVE-2021-27506
+ RESERVED
+CVE-2021-27505
+ RESERVED
+CVE-2021-27504
+ RESERVED
+CVE-2021-27503
+ RESERVED
+CVE-2021-27502
+ RESERVED
+CVE-2021-27501
+ RESERVED
+CVE-2021-27500
+ RESERVED
+CVE-2021-27499
+ RESERVED
+CVE-2021-27498
+ RESERVED
+CVE-2021-27497
+ RESERVED
+CVE-2021-27496
+ RESERVED
+CVE-2021-27495
+ RESERVED
+CVE-2021-27494
+ RESERVED
+CVE-2021-27493
+ RESERVED
+CVE-2021-27492
+ RESERVED
+CVE-2021-27491
+ RESERVED
+CVE-2021-27490
+ RESERVED
+CVE-2021-27489
+ RESERVED
+CVE-2021-27488
+ RESERVED
+CVE-2021-27487
+ RESERVED
+CVE-2021-27486
+ RESERVED
+CVE-2021-27485
+ RESERVED
+CVE-2021-27484
+ RESERVED
+CVE-2021-27483
+ RESERVED
+CVE-2021-27482
+ RESERVED
+CVE-2021-27481
+ RESERVED
+CVE-2021-27480
+ RESERVED
+CVE-2021-27479
+ RESERVED
+CVE-2021-27478
+ RESERVED
+CVE-2021-27477
+ RESERVED
+CVE-2021-27476
+ RESERVED
+CVE-2021-27475
+ RESERVED
+CVE-2021-27474
+ RESERVED
+CVE-2021-27473
+ RESERVED
+CVE-2021-27472
+ RESERVED
+CVE-2021-27471
+ RESERVED
+CVE-2021-27470
+ RESERVED
+CVE-2021-27469
+ RESERVED
+CVE-2021-27468
+ RESERVED
+CVE-2021-27467
+ RESERVED
+CVE-2021-27466
+ RESERVED
+CVE-2021-27465
+ RESERVED
+CVE-2021-27464
+ RESERVED
+CVE-2021-27463
+ RESERVED
+CVE-2021-27462
+ RESERVED
+CVE-2021-27461
+ RESERVED
+CVE-2021-27460
+ RESERVED
+CVE-2021-27459
+ RESERVED
+CVE-2021-27458
+ RESERVED
+CVE-2021-27457
+ RESERVED
+CVE-2021-27456
+ RESERVED
+CVE-2021-27455
+ RESERVED
+CVE-2021-27454
+ RESERVED
+CVE-2021-27453
+ RESERVED
+CVE-2021-27452
+ RESERVED
+CVE-2021-27451
+ RESERVED
+CVE-2021-27450
+ RESERVED
+CVE-2021-27449
+ RESERVED
+CVE-2021-27448
+ RESERVED
+CVE-2021-27447
+ RESERVED
+CVE-2021-27446
+ RESERVED
+CVE-2021-27445
+ RESERVED
+CVE-2021-27444
+ RESERVED
+CVE-2021-27443
+ RESERVED
+CVE-2021-27442
+ RESERVED
+CVE-2021-27441
+ RESERVED
+CVE-2021-27440
+ RESERVED
+CVE-2021-27439
+ RESERVED
+CVE-2021-27438
+ RESERVED
+CVE-2021-27437
+ RESERVED
+CVE-2021-27436
+ RESERVED
+CVE-2021-27435
+ RESERVED
+CVE-2021-27434
+ RESERVED
+CVE-2021-27433
+ RESERVED
+CVE-2021-27432
+ RESERVED
+CVE-2021-27431
+ RESERVED
+CVE-2021-27430
+ RESERVED
+CVE-2021-27429
+ RESERVED
+CVE-2021-27428
+ RESERVED
+CVE-2021-27427
+ RESERVED
+CVE-2021-27426
+ RESERVED
+CVE-2021-27425
+ RESERVED
+CVE-2021-27424
+ RESERVED
+CVE-2021-27423
+ RESERVED
+CVE-2021-27422
+ RESERVED
+CVE-2021-27421
+ RESERVED
+CVE-2021-27420
+ RESERVED
+CVE-2021-27419
+ RESERVED
+CVE-2021-27418
+ RESERVED
+CVE-2021-27417
+ RESERVED
+CVE-2021-27416
+ RESERVED
+CVE-2021-27415
+ RESERVED
+CVE-2021-27414
+ RESERVED
+CVE-2021-27413
+ RESERVED
+CVE-2021-27412
+ RESERVED
+CVE-2021-27411
+ RESERVED
+CVE-2021-27410
+ RESERVED
+CVE-2021-27409
+ RESERVED
+CVE-2021-27408
+ RESERVED
+CVE-2021-27407
+ RESERVED
+CVE-2021-27406
+ RESERVED
CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found
in the @ ...)
TODO: check
CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices
allow injec ...)
@@ -141,8 +343,8 @@ CVE-2021-27353
RESERVED
CVE-2021-27352
RESERVED
-CVE-2021-27351
- RESERVED
+CVE-2021-27351 (The Terminate Session feature in the Telegram application
through 7.2. ...)
+ TODO: check
CVE-2021-27350
RESERVED
CVE-2021-27349
@@ -187,8 +389,8 @@ CVE-2021-27330
RESERVED
CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS
lookups or ...)
NOT-FOR-US: Friendica
-CVE-2021-27328
- RESERVED
+CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by
Directory Trave ...)
+ TODO: check
CVE-2021-27327
RESERVED
CVE-2021-27326
@@ -414,8 +616,8 @@ CVE-2021-27216
RESERVED
CVE-2021-27215
RESERVED
-CVE-2021-27214
- RESERVED
+CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the
ProductConfi ...)
+ TODO: check
CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution
via YAML ...)
NOT-FOR-US: pystemon
CVE-2019-25019 (LimeSurvey before 4.0.0-RC4 allows SQL injection via the
participant m ...)
@@ -999,6 +1201,7 @@ CVE-2021-27135 (xterm through Patch #365 allows remote
attackers to cause a deni
NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366
NOTE:
https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
CVE-2021-26937 (encoding.c in GNU Screen through 4.8.0 allows remote attackers
to caus ...)
+ {DLA-2570-1}
- screen 4.8.0-5 (bug #982435)
NOTE:
https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/3
@@ -2567,8 +2770,7 @@ CVE-2021-26298
RESERVED
CVE-2021-26297
RESERVED
-CVE-2021-26296
- RESERVED
+CVE-2021-26296 (In the default configuration, Apache MyFaces Core versions
2.2.0 to 2. ...)
- kibana <itp> (bug #700337)
NOTE:
https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915
CVE-2021-26295
@@ -3753,8 +3955,8 @@ CVE-2021-3212
RESERVED
CVE-2021-3211
RESERVED
-CVE-2021-3210
- RESERVED
+CVE-2021-3210 (components/Modals/HelpTexts/GenericAll/GenericAll.jsx in
Bloodhound &l ...)
+ TODO: check
CVE-2021-3209
RESERVED
CVE-2021-3208
@@ -3765,8 +3967,8 @@ CVE-2021-3206
RESERVED
CVE-2021-3205
RESERVED
-CVE-2021-3204
- RESERVED
+CVE-2021-3204 (SSRF in the document conversion component of Webware Webdesktop
5.1.15 ...)
+ TODO: check
CVE-2021-3203
RESERVED
CVE-2021-3202
@@ -9258,8 +9460,8 @@ CVE-2021-23344
RESERVED
CVE-2021-23343
RESERVED
-CVE-2021-23342
- RESERVED
+CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible
to bypa ...)
+ TODO: check
CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular
Expression ...)
- node-prismjs <unfixed>
NOTE:
https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609
@@ -9275,6 +9477,7 @@ CVE-2021-23337 (All versions of package lodash; all
versions of package org.fuji
- node-lodash <unfixed>
NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724
CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from
3.7.0 and be ...)
+ {DLA-2569-1}
- python-django 2:2.2.19-1 (bug #983090)
- python3.9 <unfixed>
- python3.8 <removed>
@@ -10535,12 +10738,12 @@ CVE-2021-22705
RESERVED
CVE-2021-22704
RESERVED
-CVE-2021-22703
- RESERVED
-CVE-2021-22702
- RESERVED
-CVE-2021-22701
- RESERVED
+CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information
vulnerabili ...)
+ TODO: check
+CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information
vulnerabili ...)
+ TODO: check
+CVE-2021-22701 (A CWE-352: Cross-Site Request Forgery vulnerability exists in
PowerLog ...)
+ TODO: check
CVE-2021-22700
RESERVED
CVE-2021-22699
@@ -13119,8 +13322,8 @@ CVE-2021-21514
RESERVED
CVE-2021-21513
RESERVED
-CVE-2021-21512
- RESERVED
+CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1,
contains an In ...)
+ TODO: check
CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an
Improper Aut ...)
NOT-FOR-US: EMC Avamar Server
CVE-2021-21510
@@ -29774,7 +29977,7 @@ CVE-2020-27223
RESERVED
CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate
based ( ...)
NOT-FOR-US: Eclipse Californium
-CVE-2020-27221 (In Eclipse OpenJ9 up to version 0.23, there is potential for a
stack-b ...)
+CVE-2020-27221 (In Eclipse OpenJ9 up to and including version 0.23, there is
potential ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check
whether ...)
NOT-FOR-US: Eclipse Hono
@@ -34710,8 +34913,8 @@ CVE-2020-25173 (An attacker with local network access
can obtain a fixed cryptog
NOT-FOR-US: Reolink P2P cameras
CVE-2020-25172 (A relative path traversal attack in the B. Braun OnlineSuite
Version A ...)
NOT-FOR-US: B. Braun OnlineSuite Version AP
-CVE-2020-25171
- RESERVED
+CVE-2020-25171 (The affected Fuji Electric V-Server Lite versions prior to
3.3.24.0 ar ...)
+ TODO: check
CVE-2020-25170 (An Excel Macro Injection vulnerability exists in the export
feature in ...)
NOT-FOR-US: B. Braun OnlineSuite Version AP
CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect
data tra ...)
@@ -60587,8 +60790,8 @@ CVE-2020-13551 (An exploitable local privilege
elevation vulnerability exists in
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2020-13550 (A local file inclusion vulnerability exists in the
installation functi ...)
NOT-FOR-US: Advantech WebAccess/SCADA
-CVE-2020-13549
- RESERVED
+CVE-2020-13549 (An exploitable local privilege elevation vulnerability exists
in the f ...)
+ TODO: check
CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document
can tri ...)
NOT-FOR-US: Foxit Reader
CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine
of Foxi ...)
@@ -63615,9 +63818,9 @@ CVE-2020-12376 (Use of hard-coded key in the BMC
firmware for some Intel(R) Serv
NOT-FOR-US: Intel
CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server
Boards, Ser ...)
NOT-FOR-US: Intel
-CVE-2020-12374
- RESERVED
-CVE-2020-12373 (Buffer overflow in the BMC firmware for some Intel(R) Server
Boards, S ...)
+CVE-2020-12374 (Buffer overflow in the BMC firmware for some Intel(R) Server
Boards, S ...)
+ TODO: check
+CVE-2020-12373 (Expired pointer dereference in some Intel(R) Graphics Drivers
before v ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers
before versio ...)
NOT-FOR-US: Intel graphics drivers for Windows
@@ -73558,8 +73761,8 @@ CVE-2020-9052
RESERVED
CVE-2020-9051
RESERVED
-CVE-2020-9050
- RESERVED
+CVE-2020-9050 (Path Traversal vulnerability exists in Metasys Reporting Engine
(MRE) ...)
+ TODO: check
CVE-2020-9049 (A vulnerability in specified versions of American Dynamics
victor Web ...)
NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson
Controls
CVE-2020-9048 (A vulnerability in specified versions of American Dynamics
victor Web ...)
@@ -74622,7 +74825,7 @@ CVE-2020-8627
CVE-2020-8626
RESERVED
CVE-2020-8625 (BIND servers are vulnerable if they are running an affected
version an ...)
- {DSA-4857-1}
+ {DSA-4857-1 DLA-2568-1}
- bind9 1:9.16.12-1 (bug #983004)
NOTE: https://kb.isc.org/v1/docs/cve-2020-8625
NOTE: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.28/patches
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb649141d3410656ad3e49ac753fc9e8d87f9ff2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb649141d3410656ad3e49ac753fc9e8d87f9ff2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
