Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d8b91cfa by security tracker role at 2021-01-28T08:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,77 @@ +CVE-2021-3333 + RESERVED +CVE-2021-3332 + RESERVED +CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...) + TODO: check +CVE-2021-3330 + RESERVED +CVE-2021-3329 + RESERVED +CVE-2021-3328 + RESERVED +CVE-2021-3327 + RESERVED +CVE-2021-26294 + RESERVED +CVE-2021-26293 + RESERVED +CVE-2021-26292 + RESERVED +CVE-2021-26291 + RESERVED +CVE-2021-26290 + RESERVED +CVE-2021-26289 + RESERVED +CVE-2021-26288 + RESERVED +CVE-2021-26287 + RESERVED +CVE-2021-26286 + RESERVED +CVE-2021-26285 + RESERVED +CVE-2021-26284 + RESERVED +CVE-2021-26283 + RESERVED +CVE-2021-26282 + RESERVED +CVE-2021-26281 + RESERVED +CVE-2021-26280 + RESERVED +CVE-2021-26279 + RESERVED +CVE-2021-26278 + RESERVED +CVE-2021-26277 + RESERVED +CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka C ...) + TODO: check +CVE-2021-26275 + RESERVED +CVE-2020-36240 + RESERVED +CVE-2020-36239 + RESERVED +CVE-2020-36238 + RESERVED +CVE-2020-36237 + RESERVED +CVE-2020-36236 + RESERVED +CVE-2020-36235 + RESERVED +CVE-2020-36234 + RESERVED +CVE-2020-36233 + RESERVED +CVE-2020-36232 + RESERVED +CVE-2020-36231 + RESERVED CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...) NOT-FOR-US: Monitorix CVE-2021-3324 @@ -18,7 +92,7 @@ CVE-2021-26274 RESERVED CVE-2021-26273 RESERVED -CVE-2021-3326 [glibc: assertion failure in ISO-2022-JP-3 module] +CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...) - glibc <unfixed> (bug #981198) [buster] - glibc <no-dsa> (Minor issue) [stretch] - glibc <no-dsa> (Minor issue) @@ -495,8 +569,8 @@ CVE-2021-26069 RESERVED CVE-2021-26068 RESERVED -CVE-2021-26067 - RESERVED +CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated remote ...) + TODO: check CVE-2021-26066 RESERVED CVE-2021-26065 @@ -2560,8 +2634,8 @@ CVE-2021-25249 RESERVED CVE-2021-25248 RESERVED -CVE-2021-25247 - RESERVED +CVE-2021-25247 (A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks ...) + TODO: check CVE-2021-25246 RESERVED CVE-2021-25245 @@ -2602,12 +2676,12 @@ CVE-2021-25228 RESERVED CVE-2021-25227 RESERVED -CVE-2021-25226 - RESERVED -CVE-2021-25225 - RESERVED -CVE-2021-25224 - RESERVED +CVE-2021-25226 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...) + TODO: check +CVE-2021-25225 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...) + TODO: check +CVE-2021-25224 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...) + TODO: check CVE-2021-25223 RESERVED CVE-2021-25222 @@ -4874,7 +4948,7 @@ CVE-2021-3144 CVE-2021-3143 RESERVED CVE-2021-3142 - RESERVED + REJECTED CVE-2021-3141 RESERVED CVE-2021-24121 @@ -8109,8 +8183,8 @@ CVE-2021-22639 (An uninitialized pointer issue has been identified in the way th TODO: check CVE-2021-22638 RESERVED -CVE-2021-22637 - RESERVED +CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...) + TODO: check CVE-2021-22636 RESERVED CVE-2021-22635 @@ -15922,8 +15996,8 @@ CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to c NOT-FOR-US: Typesetter CMS CVE-2020-35125 RESERVED -CVE-2020-35124 - RESERVED +CVE-2020-35124 (A cross-site scripting (XSS) vulnerability in the assets component of ...) + TODO: check CVE-2020-35123 (In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-35122 (An issue was discovered in the Keysight Database Connector plugin befo ...) @@ -30023,14 +30097,14 @@ CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 202 NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L ...) NOT-FOR-US: D-Link -CVE-2020-25785 - RESERVED -CVE-2020-25784 - RESERVED -CVE-2020-25783 - RESERVED -CVE-2020-25782 - RESERVED +CVE-2020-25785 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...) + TODO: check +CVE-2020-25784 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...) + TODO: check +CVE-2020-25783 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...) + TODO: check +CVE-2020-25782 (An issue was discovered on Accfly Wireless Security IR Camera 720P Sys ...) + TODO: check CVE-2020-25781 (An issue was discovered in file_download.php in MantisBT before 2.24.3 ...) - mantis <removed> CVE-2020-25796 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...) @@ -72280,7 +72354,7 @@ CVE-2020-8297 CVE-2020-8296 RESERVED CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...) - - nextcloud-server <itp> (bug #941708) + - nextcloud-server <itp> (bug #941708) CVE-2020-8294 RESERVED CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, ...) @@ -96659,7 +96733,7 @@ CVE-2020-0239 (In getDocumentMetadata of DocumentsContract.java, there is a poss CVE-2020-0238 (In updatePreferenceIntents of AccountTypePreferenceLoader, there is a ...) NOT-FOR-US: Android CVE-2020-0237 - RESERVED + REJECTED CVE-2020-0236 (In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of- ...) TODO: check CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size ...) @@ -121531,7 +121605,6 @@ CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a NOTE: https://github.com/ansible/ansible/pull/63351 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829 CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...) - {DLA-2535-1} - ansible 2.8.6+dfsg-1 (bug #933005) [buster] - ansible <no-dsa> (Minor issue) [jessie] - ansible <not-affected> (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8b91cfaa06d0273000e62ad5d4b64249aa678e4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8b91cfaa06d0273000e62ad5d4b64249aa678e4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits