Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1dc92906 by Moritz Muehlenhoff at 2021-03-16T14:22:40+01:00 NFUs - - - - - 2326b6c9 by Moritz Muehlenhoff at 2021-03-16T14:23:39+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1577,7 +1577,7 @@ CVE-2021-27819 CVE-2021-27818 RESERVED CVE-2021-27817 (A remote command execution vulnerability in shopxo 1.9.3 allows an att ...) - TODO: check + NOT-FOR-US: shopxo CVE-2021-27816 RESERVED CVE-2021-27815 @@ -2520,9 +2520,9 @@ CVE-2021-27383 CVE-2021-27382 RESERVED CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) - TODO: check + NOT-FOR-US: Solid Edge SE2020 CVE-2021-27380 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) - TODO: check + NOT-FOR-US: Solid Edge SE2020 CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM ...) - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen <not-affected> (Incomplete fix for CVE-2020-15565 not applied) @@ -2840,7 +2840,7 @@ CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Serv CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting environment, s ...) NOT-FOR-US: Hestia Control Panel CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Inj ...) - TODO: check + NOT-FOR-US: ExpressionEngine CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim navigates ...) {DLA-2562-1} - mumble 1.3.4-1 (bug #982904) @@ -3380,7 +3380,7 @@ CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9 CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...) NOT-FOR-US: Clustered Data ONTAP CVE-2021-26987 (Element Plug-in for vCenter Server incorporates SpringBoot Framework. ...) - TODO: check + NOT-FOR-US: Element Plug-in for vCenter Server CVE-2021-26986 RESERVED CVE-2021-26985 @@ -3560,9 +3560,9 @@ CVE-2021-26925 (Roundcube before 1.4.11 allows XSS via crafted Cascading Style S NOTE: https://roundcube.net/news/2021/02/08/security-update-1.4.11 NOTE: https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596 CVE-2021-26924 (An issue was discovered in Argo CD before 1.8.4. Browser XSS protectio ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2021-26923 (An issue was discovered in Argo CD before 1.8.4. Accessing the endpoin ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2021-26922 RESERVED CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens cont ...) @@ -6767,13 +6767,13 @@ CVE-2021-25678 CVE-2021-25677 RESERVED CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALAN ...) - TODO: check + NOT-FOR-US: Siemens CVE-2021-25675 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) - TODO: check + NOT-FOR-US: Siemens CVE-2021-25674 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) - TODO: check + NOT-FOR-US: Siemens CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) - TODO: check + NOT-FOR-US: Siemens CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password Appstore ...) NOT-FOR-US: Mendix Forgot Password Appstore module CVE-2021-25671 @@ -6785,7 +6785,7 @@ CVE-2021-25669 CVE-2021-25668 RESERVED CVE-2021-25667 (A vulnerability has been identified in RUGGEDCOM RM1224 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 80 ...) NOT-FOR-US: Siemens CVE-2021-25665 @@ -7915,7 +7915,7 @@ CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a pro CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) ...) NOT-FOR-US: i-doit CVE-2021-3150 (A cross-site scripting (XSS) vulnerability on the Delete Personal Data ...) - TODO: check + NOT-FOR-US: Cryptshare Server CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ ...) NOT-FOR-US: Netshield NANO devices CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...) @@ -10299,7 +10299,7 @@ CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessF CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook Gameroom d ...) NOT-FOR-US: Facebook Gameroom CVE-2021-24029 (A packet of death scenario is possible in mvfst via a specially crafte ...) - TODO: check + NOT-FOR-US: mvfst CVE-2021-24028 RESERVED CVE-2021-24027 @@ -10675,6 +10675,7 @@ CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 and NOTE: https://github.com/servo/rust-smallvec/issues/252 CVE-2021-3127 RESERVED + NOT-FOR-US: nats-server CVE-2021-3126 RESERVED CVE-2021-23896 @@ -11811,11 +11812,11 @@ CVE-2021-23359 CVE-2021-23358 RESERVED CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...) - TODO: check + NOT-FOR-US: tyk/gateway CVE-2021-23356 (This affects all versions of package kill-process-by-name. If (attacke ...) - TODO: check + NOT-FOR-US: Node kill-process-by-name CVE-2021-23355 (This affects all versions of package ps-kill. If (attacker-controlled) ...) - TODO: check + NOT-FOR-US: Node ps-kill CVE-2021-23354 (The package printf before 0.6.1 are vulnerable to Regular Expression D ...) NOT-FOR-US: Node printf CVE-2021-23353 (This affects the package jspdf before 2.3.1. ReDoS is possible via the ...) @@ -17295,11 +17296,11 @@ CVE-2021-21364 (swagger-codegen is an open-source project which contains a templ CVE-2021-21363 (swagger-codegen is an open-source project which contains a template-dr ...) - swagger-codegen <itp> (bug #950318) CVE-2021-21362 (MinIO is an open-source high performance object storage service and it ...) - TODO: check + NOT-FOR-US: MinIO CVE-2021-21361 (The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an inf ...) - TODO: check + NOT-FOR-US: gradle-vagrant-plugin CVE-2021-21360 (Products.GenericSetup is a mini-framework for expressing the configure ...) - TODO: check + NOT-FOR-US: Products.GenericSetup CVE-2021-21359 RESERVED CVE-2021-21358 @@ -20583,7 +20584,7 @@ CVE-2021-20078 CVE-2021-20077 RESERVED CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were fou ...) - TODO: check + NOT-FOR-US: Tenable CVE-2021-20075 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for pr ...) NOT-FOR-US: Racom's MIDGE Firmware CVE-2021-20074 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users ...) @@ -27713,11 +27714,11 @@ CVE-2020-28389 CVE-2020-28388 (A vulnerability has been identified in Nucleus NET (All versions < ...) NOT-FOR-US: Siemens CVE-2020-28387 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2020-28386 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens CVE-2020-28385 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2020-28384 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens CVE-2020-28383 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) @@ -32003,7 +32004,7 @@ CVE-2020-27545 CVE-2020-27544 RESERVED CVE-2020-27543 (The restify-paginate package 0.0.5 for Node.js allows remote attackers ...) - TODO: check + NOT-FOR-US: Node restify-paginate CVE-2020-27542 (Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. ...) NOT-FOR-US: Rostelecom CS-C2SHW CVE-2020-27541 (Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. Agen ...) @@ -32518,7 +32519,7 @@ CVE-2020-27292 CVE-2020-27291 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable t ...) NOT-FOR-US: Delta Electronics CNCSoft-B CVE-2020-27290 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an inf ...) - TODO: check + NOT-FOR-US: Hamilton Medical CVE-2020-27289 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null poin ...) NOT-FOR-US: Delta Electronics CNCSoft-B CVE-2020-27288 (An untrusted pointer dereference has been identified in the way TPEdit ...) @@ -32534,7 +32535,7 @@ CVE-2020-27284 (TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds wr CVE-2020-27283 (An attacker could send a specially crafted message to Crimson 3.1 (Bui ...) NOT-FOR-US: Crimson CVE-2020-27282 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML ...) - TODO: check + NOT-FOR-US: Hamilton Medical CVE-2020-27281 (A stack-based buffer overflow may exist in Delta Electronics CNCSoft S ...) NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor CVE-2020-27280 (A use after free issue has been identified in the way ISPSoft(v3.12 an ...) @@ -32542,7 +32543,7 @@ CVE-2020-27280 (A use after free issue has been identified in the way ISPSoft(v3 CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in the prot ...) NOT-FOR-US: Crimson CVE-2020-27278 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-c ...) - TODO: check + NOT-FOR-US: Hamilton Medical CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointe ...) NOT-FOR-US: Delta Electronics DOPSoft CVE-2020-27276 (SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the c ...) @@ -32648,7 +32649,7 @@ CVE-2020-27227 CVE-2020-27226 RESERVED CVE-2020-27225 (In versions 4.18 and earlier of the Eclipse Platform, the Help Subsyst ...) - TODO: check + - eclipse <removed> CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdown Prev ...) NOT-FOR-US: Eclipse Theia CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0 ...) @@ -37412,17 +37413,17 @@ CVE-2020-25243 CVE-2020-25242 RESERVED CVE-2020-25241 (A vulnerability has been identified in SIMATIC MV400 family (All Versi ...) - TODO: check + NOT-FOR-US: Siemens CVE-2020-25240 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) - TODO: check + NOT-FOR-US: Siemens CVE-2020-25239 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) - TODO: check + NOT-FOR-US: Siemens CVE-2020-25238 (A vulnerability has been identified in PCS neo (Administration Console ...) NOT-FOR-US: Siemens CVE-2020-25237 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2020-25236 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) - TODO: check + NOT-FOR-US: Siemens CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-25234 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) @@ -38026,13 +38027,13 @@ CVE-2020-24987 (Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05. CVE-2020-24986 (Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File ...) NOT-FOR-US: Concrete5 CVE-2020-24985 (An issue was discovered in Quadbase EspressReports ES 7 Update 9. An a ...) - TODO: check + NOT-FOR-US: Quadbase EspressReports CVE-2020-24984 (An issue was discovered in Quadbase EspressReports ES 7 Update 9. It a ...) NOT-FOR-US: Quadbase EspressReports CVE-2020-24983 (An issue was discovered in Quadbase EspressReports ES 7 Update 9. An u ...) NOT-FOR-US: Quadbase EspressReports CVE-2020-24982 (An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9 ...) - TODO: check + NOT-FOR-US: Quadbase EspressDashboard CVE-2020-24981 (An Incorrect Access Control vulnerability exists in /ucms/chk.php in U ...) NOT-FOR-US: UCMS CVE-2020-24980 @@ -38188,11 +38189,11 @@ CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is CVE-2020-24915 RESERVED CVE-2020-24914 (A PHP object injection bug in profile.php in qcubed (all versions incl ...) - TODO: check + NOT-FOR-US: qcubed CVE-2020-24913 (A SQL injection vulnerability in qcubed (all versions including 3.1.1) ...) - TODO: check + NOT-FOR-US: qcubed CVE-2020-24912 (A reflected cross-site scripting (XSS) vulnerability in qcubed (all ve ...) - TODO: check + NOT-FOR-US: qcubed CVE-2020-24911 RESERVED CVE-2020-24910 @@ -73046,7 +73047,7 @@ CVE-2020-10521 CVE-2020-10520 RESERVED CVE-2020-10519 (A remote code execution vulnerability was identified in GitHub Enterpr ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server CVE-2020-10518 (A remote code execution vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: GitHub Enterprise Server CVE-2020-10517 (An improper access control vulnerability was identified in GitHub Ente ...) @@ -78374,7 +78375,7 @@ CVE-2020-8300 CVE-2020-8299 RESERVED CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command injection b ...) - TODO: check + NOT-FOR-US: Node fs-path CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...) @@ -95626,17 +95627,17 @@ CVE-2020-1923 CVE-2020-1922 RESERVED CVE-2020-1921 (In the crypt function, we attempt to null terminate a buffer using the ...) - TODO: check + - hhvm <removed> CVE-2020-1920 RESERVED CVE-2020-1919 (Incorrect bounds calculations in substr_compare could lead to an out-o ...) - TODO: check + - hhvm <removed> CVE-2020-1918 (In-memory file operations (ie: using fopen on a data URI) did not prop ...) - TODO: check + - hhvm <removed> CVE-2020-1917 (xbuf_format_converter, used as part of exif_read_data, was appending a ...) - TODO: check + - hhvm <removed> CVE-2020-1916 (An incorrect size calculation in ldap_escape may lead to an integer ov ...) - TODO: check + - hhvm <removed> CVE-2020-1915 (An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes ...) NOT-FOR-US: Facebook Hermes CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong instruction ...) @@ -95668,11 +95669,11 @@ CVE-2020-1902 (A user running a quick search on a highly forwarded message on Wh CVE-2020-1901 (Receiving a large text message containing URLs in WhatsApp for iOS pri ...) NOT-FOR-US: WhatsApp CVE-2020-1900 (When unserializing an object with dynamic properties HHVM needs to pre ...) - TODO: check + - hhvm <removed> CVE-2020-1899 (The unserialize() function supported a type code, "S", which was meant ...) - TODO: check + - hhvm <removed> CVE-2020-1898 (The fb_unserialize function did not impose a depth limit for nested de ...) - TODO: check + - hhvm <removed> CVE-2020-1897 (A use-after-free is possible due to an error in lifetime management in ...) NOT-FOR-US: Facebook Proxygen CVE-2020-1896 (A stack overflow vulnerability in Facebook Hermes 'builtin apply' prio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7ac5d178b243580aea3f6c91637511aa235d057d...2326b6c9b5a7b53e9bbe9f44e1307075c46fc3d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7ac5d178b243580aea3f6c91637511aa235d057d...2326b6c9b5a7b53e9bbe9f44e1307075c46fc3d0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits