Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: bb649141 by security tracker role at 2021-02-19T20:10:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,205 @@ +CVE-2021-27506 + RESERVED +CVE-2021-27505 + RESERVED +CVE-2021-27504 + RESERVED +CVE-2021-27503 + RESERVED +CVE-2021-27502 + RESERVED +CVE-2021-27501 + RESERVED +CVE-2021-27500 + RESERVED +CVE-2021-27499 + RESERVED +CVE-2021-27498 + RESERVED +CVE-2021-27497 + RESERVED +CVE-2021-27496 + RESERVED +CVE-2021-27495 + RESERVED +CVE-2021-27494 + RESERVED +CVE-2021-27493 + RESERVED +CVE-2021-27492 + RESERVED +CVE-2021-27491 + RESERVED +CVE-2021-27490 + RESERVED +CVE-2021-27489 + RESERVED +CVE-2021-27488 + RESERVED +CVE-2021-27487 + RESERVED +CVE-2021-27486 + RESERVED +CVE-2021-27485 + RESERVED +CVE-2021-27484 + RESERVED +CVE-2021-27483 + RESERVED +CVE-2021-27482 + RESERVED +CVE-2021-27481 + RESERVED +CVE-2021-27480 + RESERVED +CVE-2021-27479 + RESERVED +CVE-2021-27478 + RESERVED +CVE-2021-27477 + RESERVED +CVE-2021-27476 + RESERVED +CVE-2021-27475 + RESERVED +CVE-2021-27474 + RESERVED +CVE-2021-27473 + RESERVED +CVE-2021-27472 + RESERVED +CVE-2021-27471 + RESERVED +CVE-2021-27470 + RESERVED +CVE-2021-27469 + RESERVED +CVE-2021-27468 + RESERVED +CVE-2021-27467 + RESERVED +CVE-2021-27466 + RESERVED +CVE-2021-27465 + RESERVED +CVE-2021-27464 + RESERVED +CVE-2021-27463 + RESERVED +CVE-2021-27462 + RESERVED +CVE-2021-27461 + RESERVED +CVE-2021-27460 + RESERVED +CVE-2021-27459 + RESERVED +CVE-2021-27458 + RESERVED +CVE-2021-27457 + RESERVED +CVE-2021-27456 + RESERVED +CVE-2021-27455 + RESERVED +CVE-2021-27454 + RESERVED +CVE-2021-27453 + RESERVED +CVE-2021-27452 + RESERVED +CVE-2021-27451 + RESERVED +CVE-2021-27450 + RESERVED +CVE-2021-27449 + RESERVED +CVE-2021-27448 + RESERVED +CVE-2021-27447 + RESERVED +CVE-2021-27446 + RESERVED +CVE-2021-27445 + RESERVED +CVE-2021-27444 + RESERVED +CVE-2021-27443 + RESERVED +CVE-2021-27442 + RESERVED +CVE-2021-27441 + RESERVED +CVE-2021-27440 + RESERVED +CVE-2021-27439 + RESERVED +CVE-2021-27438 + RESERVED +CVE-2021-27437 + RESERVED +CVE-2021-27436 + RESERVED +CVE-2021-27435 + RESERVED +CVE-2021-27434 + RESERVED +CVE-2021-27433 + RESERVED +CVE-2021-27432 + RESERVED +CVE-2021-27431 + RESERVED +CVE-2021-27430 + RESERVED +CVE-2021-27429 + RESERVED +CVE-2021-27428 + RESERVED +CVE-2021-27427 + RESERVED +CVE-2021-27426 + RESERVED +CVE-2021-27425 + RESERVED +CVE-2021-27424 + RESERVED +CVE-2021-27423 + RESERVED +CVE-2021-27422 + RESERVED +CVE-2021-27421 + RESERVED +CVE-2021-27420 + RESERVED +CVE-2021-27419 + RESERVED +CVE-2021-27418 + RESERVED +CVE-2021-27417 + RESERVED +CVE-2021-27416 + RESERVED +CVE-2021-27415 + RESERVED +CVE-2021-27414 + RESERVED +CVE-2021-27413 + RESERVED +CVE-2021-27412 + RESERVED +CVE-2021-27411 + RESERVED +CVE-2021-27410 + RESERVED +CVE-2021-27409 + RESERVED +CVE-2021-27408 + RESERVED +CVE-2021-27407 + RESERVED +CVE-2021-27406 + RESERVED CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...) TODO: check CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...) @@ -141,8 +343,8 @@ CVE-2021-27353 RESERVED CVE-2021-27352 RESERVED -CVE-2021-27351 - RESERVED +CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...) + TODO: check CVE-2021-27350 RESERVED CVE-2021-27349 @@ -187,8 +389,8 @@ CVE-2021-27330 RESERVED CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...) NOT-FOR-US: Friendica -CVE-2021-27328 - RESERVED +CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Trave ...) + TODO: check CVE-2021-27327 RESERVED CVE-2021-27326 @@ -414,8 +616,8 @@ CVE-2021-27216 RESERVED CVE-2021-27215 RESERVED -CVE-2021-27214 - RESERVED +CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...) + TODO: check CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution via YAML ...) NOT-FOR-US: pystemon CVE-2019-25019 (LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant m ...) @@ -999,6 +1201,7 @@ CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a deni NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366 NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c CVE-2021-26937 (encoding.c in GNU Screen through 4.8.0 allows remote attackers to caus ...) + {DLA-2570-1} - screen 4.8.0-5 (bug #982435) NOTE: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/3 @@ -2567,8 +2770,7 @@ CVE-2021-26298 RESERVED CVE-2021-26297 RESERVED -CVE-2021-26296 - RESERVED +CVE-2021-26296 (In the default configuration, Apache MyFaces Core versions 2.2.0 to 2. ...) - kibana <itp> (bug #700337) NOTE: https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915 CVE-2021-26295 @@ -3753,8 +3955,8 @@ CVE-2021-3212 RESERVED CVE-2021-3211 RESERVED -CVE-2021-3210 - RESERVED +CVE-2021-3210 (components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound &l ...) + TODO: check CVE-2021-3209 RESERVED CVE-2021-3208 @@ -3765,8 +3967,8 @@ CVE-2021-3206 RESERVED CVE-2021-3205 RESERVED -CVE-2021-3204 - RESERVED +CVE-2021-3204 (SSRF in the document conversion component of Webware Webdesktop 5.1.15 ...) + TODO: check CVE-2021-3203 RESERVED CVE-2021-3202 @@ -9258,8 +9460,8 @@ CVE-2021-23344 RESERVED CVE-2021-23343 RESERVED -CVE-2021-23342 - RESERVED +CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...) + TODO: check CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expression ...) - node-prismjs <unfixed> NOTE: https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609 @@ -9275,6 +9477,7 @@ CVE-2021-23337 (All versions of package lodash; all versions of package org.fuji - node-lodash <unfixed> NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724 CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...) + {DLA-2569-1} - python-django 2:2.2.19-1 (bug #983090) - python3.9 <unfixed> - python3.8 <removed> @@ -10535,12 +10738,12 @@ CVE-2021-22705 RESERVED CVE-2021-22704 RESERVED -CVE-2021-22703 - RESERVED -CVE-2021-22702 - RESERVED -CVE-2021-22701 - RESERVED +CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...) + TODO: check +CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...) + TODO: check +CVE-2021-22701 (A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLog ...) + TODO: check CVE-2021-22700 RESERVED CVE-2021-22699 @@ -13119,8 +13322,8 @@ CVE-2021-21514 RESERVED CVE-2021-21513 RESERVED -CVE-2021-21512 - RESERVED +CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an In ...) + TODO: check CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Aut ...) NOT-FOR-US: EMC Avamar Server CVE-2021-21510 @@ -29774,7 +29977,7 @@ CVE-2020-27223 RESERVED CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...) NOT-FOR-US: Eclipse Californium -CVE-2020-27221 (In Eclipse OpenJ9 up to version 0.23, there is potential for a stack-b ...) +CVE-2020-27221 (In Eclipse OpenJ9 up to and including version 0.23, there is potential ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check whether ...) NOT-FOR-US: Eclipse Hono @@ -34710,8 +34913,8 @@ CVE-2020-25173 (An attacker with local network access can obtain a fixed cryptog NOT-FOR-US: Reolink P2P cameras CVE-2020-25172 (A relative path traversal attack in the B. Braun OnlineSuite Version A ...) NOT-FOR-US: B. Braun OnlineSuite Version AP -CVE-2020-25171 - RESERVED +CVE-2020-25171 (The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 ar ...) + TODO: check CVE-2020-25170 (An Excel Macro Injection vulnerability exists in the export feature in ...) NOT-FOR-US: B. Braun OnlineSuite Version AP CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect data tra ...) @@ -60587,8 +60790,8 @@ CVE-2020-13551 (An exploitable local privilege elevation vulnerability exists in NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13550 (A local file inclusion vulnerability exists in the installation functi ...) NOT-FOR-US: Advantech WebAccess/SCADA -CVE-2020-13549 - RESERVED +CVE-2020-13549 (An exploitable local privilege elevation vulnerability exists in the f ...) + TODO: check CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...) NOT-FOR-US: Foxit Reader CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...) @@ -63615,9 +63818,9 @@ CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Serv NOT-FOR-US: Intel CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server Boards, Ser ...) NOT-FOR-US: Intel -CVE-2020-12374 - RESERVED -CVE-2020-12373 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...) +CVE-2020-12374 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...) + TODO: check +CVE-2020-12373 (Expired pointer dereference in some Intel(R) Graphics Drivers before v ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers before versio ...) NOT-FOR-US: Intel graphics drivers for Windows @@ -73558,8 +73761,8 @@ CVE-2020-9052 RESERVED CVE-2020-9051 RESERVED -CVE-2020-9050 - RESERVED +CVE-2020-9050 (Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) ...) + TODO: check CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web ...) NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls CVE-2020-9048 (A vulnerability in specified versions of American Dynamics victor Web ...) @@ -74622,7 +74825,7 @@ CVE-2020-8627 CVE-2020-8626 RESERVED CVE-2020-8625 (BIND servers are vulnerable if they are running an affected version an ...) - {DSA-4857-1} + {DSA-4857-1 DLA-2568-1} - bind9 1:9.16.12-1 (bug #983004) NOTE: https://kb.isc.org/v1/docs/cve-2020-8625 NOTE: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.28/patches View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb649141d3410656ad3e49ac753fc9e8d87f9ff2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb649141d3410656ad3e49ac753fc9e8d87f9ff2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits