Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e2318988 by security tracker role at 2021-02-08T20:10:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,111 @@ +CVE-2021-3402 + RESERVED +CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of requests f ...) + TODO: check +CVE-2021-26904 + RESERVED +CVE-2021-26903 + RESERVED +CVE-2021-26902 + RESERVED +CVE-2021-26901 + RESERVED +CVE-2021-26900 + RESERVED +CVE-2021-26899 + RESERVED +CVE-2021-26898 + RESERVED +CVE-2021-26897 + RESERVED +CVE-2021-26896 + RESERVED +CVE-2021-26895 + RESERVED +CVE-2021-26894 + RESERVED +CVE-2021-26893 + RESERVED +CVE-2021-26892 + RESERVED +CVE-2021-26891 + RESERVED +CVE-2021-26890 + RESERVED +CVE-2021-26889 + RESERVED +CVE-2021-26888 + RESERVED +CVE-2021-26887 + RESERVED +CVE-2021-26886 + RESERVED +CVE-2021-26885 + RESERVED +CVE-2021-26884 + RESERVED +CVE-2021-26883 + RESERVED +CVE-2021-26882 + RESERVED +CVE-2021-26881 + RESERVED +CVE-2021-26880 + RESERVED +CVE-2021-26879 + RESERVED +CVE-2021-26878 + RESERVED +CVE-2021-26877 + RESERVED +CVE-2021-26876 + RESERVED +CVE-2021-26875 + RESERVED +CVE-2021-26874 + RESERVED +CVE-2021-26873 + RESERVED +CVE-2021-26872 + RESERVED +CVE-2021-26871 + RESERVED +CVE-2021-26870 + RESERVED +CVE-2021-26869 + RESERVED +CVE-2021-26868 + RESERVED +CVE-2021-26867 + RESERVED +CVE-2021-26866 + RESERVED +CVE-2021-26865 + RESERVED +CVE-2021-26864 + RESERVED +CVE-2021-26863 + RESERVED +CVE-2021-26862 + RESERVED +CVE-2021-26861 + RESERVED +CVE-2021-26860 + RESERVED +CVE-2021-26859 + RESERVED +CVE-2021-26858 + RESERVED +CVE-2021-26857 + RESERVED +CVE-2021-26856 + RESERVED +CVE-2021-26855 + RESERVED +CVE-2021-26854 + RESERVED +CVE-2021-26853 + RESERVED CVE-2021-XXXX [root privilege escalation in OverlayFS code] - firejail 0.9.64.4-1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/08/5 @@ -75,10 +183,10 @@ CVE-2021-26828 RESERVED CVE-2021-26827 RESERVED -CVE-2021-26826 - RESERVED -CVE-2021-26825 - RESERVED +CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...) + TODO: check +CVE-2021-26825 (An integer overflow issue exists in Godot Engine up to v3.2 that can b ...) + TODO: check CVE-2021-26824 RESERVED CVE-2021-26823 @@ -403,11 +511,13 @@ CVE-2021-3396 RESERVED CVE-2021-26676 RESERVED + {DSA-4847-1} - connman 1.36-2.1 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 CVE-2021-26675 RESERVED + {DSA-4847-1} - connman 1.36-2.1 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb CVE-2021-26674 @@ -623,14 +733,14 @@ CVE-2021-26575 RESERVED CVE-2021-26574 RESERVED -CVE-2021-26573 - RESERVED -CVE-2021-26572 - RESERVED -CVE-2021-26571 - RESERVED -CVE-2021-26570 - RESERVED +CVE-2021-26573 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + TODO: check +CVE-2021-26572 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + TODO: check +CVE-2021-26571 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + TODO: check +CVE-2021-26570 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + TODO: check CVE-2021-26569 RESERVED CVE-2021-26568 @@ -717,12 +827,12 @@ CVE-2021-26543 RESERVED CVE-2021-26542 RESERVED -CVE-2021-26541 - RESERVED -CVE-2021-26540 - RESERVED -CVE-2021-26539 - RESERVED +CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...) + TODO: check +CVE-2021-26540 (Apostrophe Technologies sanitize-html before 2.3.2 does not properly v ...) + TODO: check +CVE-2021-26539 (Apostrophe Technologies sanitize-html before 2.3.1 does not properly h ...) + TODO: check CVE-2021-3379 RESERVED CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a ...) @@ -1481,8 +1591,8 @@ CVE-2021-3295 RESERVED CVE-2021-3294 RESERVED -CVE-2021-3293 - RESERVED +CVE-2021-3293 (emlog v5.3.1 has full path disclosure vulnerability in t/index.php, wh ...) + TODO: check CVE-2021-3292 RESERVED CVE-2021-3291 (Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by insp ...) @@ -2654,14 +2764,14 @@ CVE-2021-25839 RESERVED CVE-2021-25838 RESERVED -CVE-2021-25837 - RESERVED -CVE-2021-25836 - RESERVED -CVE-2021-25835 - RESERVED -CVE-2021-25834 - RESERVED +CVE-2021-25837 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...) + TODO: check +CVE-2021-25836 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...) + TODO: check +CVE-2021-25835 (Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain tra ...) + TODO: check +CVE-2021-25834 (Cosmos Network Ethermint <= v0.4.0 is affected by a transaction rep ...) + TODO: check CVE-2021-25833 RESERVED CVE-2021-25832 @@ -4168,16 +4278,16 @@ CVE-2021-25174 (An issue was discovered in Open Design Alliance Drawings SDK bef NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-25173 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK -CVE-2021-25172 - RESERVED -CVE-2021-25171 - RESERVED -CVE-2021-25170 - RESERVED -CVE-2021-25169 - RESERVED -CVE-2021-25168 - RESERVED +CVE-2021-25172 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + TODO: check +CVE-2021-25171 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + TODO: check +CVE-2021-25170 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + TODO: check +CVE-2021-25169 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + TODO: check +CVE-2021-25168 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + TODO: check CVE-2021-25167 RESERVED CVE-2021-25166 @@ -4228,8 +4338,8 @@ CVE-2021-25144 RESERVED CVE-2021-25143 RESERVED -CVE-2021-25142 - RESERVED +CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + TODO: check CVE-2021-25141 RESERVED CVE-2021-25140 @@ -10593,8 +10703,8 @@ CVE-2021-22124 RESERVED CVE-2021-22123 RESERVED -CVE-2021-22122 - RESERVED +CVE-2021-22122 (An improper neutralization of input during web page generation in Fort ...) + TODO: check CVE-2021-22121 RESERVED CVE-2021-22120 @@ -12688,12 +12798,12 @@ CVE-2021-21438 RESERVED CVE-2021-21437 RESERVED -CVE-2021-21436 - RESERVED -CVE-2021-21435 - RESERVED -CVE-2021-21434 - RESERVED +CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...) + TODO: check +CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...) + TODO: check +CVE-2021-21434 (Survey administrator can craft a survey in such way that malicious cod ...) + TODO: check CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...) - cockpit <unfixed> [bullseye] - cockpit <ignored> (Minor issue) @@ -13032,8 +13142,7 @@ CVE-2020-35701 (An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL inj NOTE: https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/ NOTE: Introduced in: https://github.com/Cacti/cacti/commit/6e1b8431b77efe55ba5115e35fe045e101dd619b (1.2.0) NOTE: Fixed by: https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82 -CVE-2020-35700 - RESERVED +CVE-2020-35700 (A second-order SQL injection issue in Widgets/TopDevicesController.php ...) NOT-FOR-US: LibreNMS NOTE: https://github.com/librenms/librenms/releases/tag/21.1.0 NOTE: https://github.com/librenms/librenms/pull/12422 @@ -13479,8 +13588,8 @@ CVE-2021-21306 RESERVED CVE-2021-21305 RESERVED -CVE-2021-21304 - RESERVED +CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dy ...) + TODO: check CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernetes Pack ...) TODO: check CVE-2021-21302 @@ -15678,10 +15787,10 @@ CVE-2021-20361 RESERVED CVE-2021-20360 RESERVED -CVE-2021-20359 - RESERVED -CVE-2021-20358 - RESERVED +CVE-2021-20359 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automatio ...) + TODO: check +CVE-2021-20358 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially s ...) + TODO: check CVE-2021-20357 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2021-20356 @@ -31093,10 +31202,10 @@ CVE-2020-26054 RESERVED CVE-2020-26053 REJECTED -CVE-2020-26052 - RESERVED -CVE-2020-26051 - RESERVED +CVE-2020-26052 (Online Marriage Registration System 1.0 is affected by stored cross-si ...) + TODO: check +CVE-2020-26051 (College Management System Php 1.0 suffers from SQL injection vulnerabi ...) + TODO: check CVE-2020-26050 (SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local pr ...) NOT-FOR-US: SaferVPN for Windows CVE-2020-26049 (Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is r ...) @@ -50709,8 +50818,8 @@ CVE-2020-16631 RESERVED CVE-2020-16630 RESERVED -CVE-2020-16629 - RESERVED +CVE-2020-16629 (PhpOK 5.4.137 contains a SQL injection vulnerability that can inject a ...) + TODO: check CVE-2020-16628 RESERVED CVE-2020-16627 @@ -59891,9 +60000,9 @@ CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 doe - mariadb-10.1 <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 (v3.1.8) NOTE: Introduced around: https://github.com/mariadb-corporation/mariadb-connector-c/commit/b4efe73c9e725f97b3550371f8a78a10a20bf2fd (v3.0-cc-server-integ-0) -CVE-2020-13248 (BooleBox Secure File Sharing Utility (potentially all versions) allows ...) +CVE-2020-13248 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS ...) NOT-FOR-US: BooleBox Secure File Sharing Utility -CVE-2020-13247 (BooleBox Secure File Sharing Utility (potentially all versions) allows ...) +CVE-2020-13247 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injecti ...) NOT-FOR-US: BooleBox Secure File Sharing Utility CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...) - gitea <removed> @@ -75401,16 +75510,16 @@ CVE-2020-7788 (This affects the package ini before 1.3.6. If an attacker submits NOTE: https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6) CVE-2020-7787 (This affects all versions of package react-adal. It is possible for a ...) NOT-FOR-US: Node react-adal -CVE-2020-7786 - RESERVED -CVE-2020-7785 - RESERVED +CVE-2020-7786 (This affects all versions of package macfromip. The injection point is ...) + TODO: check +CVE-2020-7785 (This affects all versions of package node-ps. The injection point is l ...) + TODO: check CVE-2020-7784 (This affects all versions of package ts-process-promises. The injectio ...) TODO: check CVE-2020-7783 RESERVED -CVE-2020-7782 - RESERVED +CVE-2020-7782 (This affects all versions of package spritesheet-js. It depends on a v ...) + TODO: check CVE-2020-7781 (This affects the package connection-tester before 0.2.1. The injection ...) NOT-FOR-US: Node connection-tester CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13 ...) @@ -78158,8 +78267,8 @@ CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (I NOT-FOR-US: Eaton CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by ‘Eval In ...) NOT-FOR-US: UPS companion software -CVE-2020-6649 - RESERVED +CVE-2020-6649 (An insufficient session expiration vulnerability in FortiNet's FortiIs ...) + TODO: check CVE-2020-6648 (A cleartext storage of sensitive information vulnerability in FortiOS ...) NOT-FOR-US: Fortiguard FortiOS CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of ...) @@ -91777,8 +91886,8 @@ CVE-2020-1781 RESERVED CVE-2020-1780 RESERVED -CVE-2020-1779 - RESERVED +CVE-2020-1779 (When dynamic templates are used (OTRSTicketForms), admin can use OTRS ...) + TODO: check CVE-2020-1778 (When OTRS uses multiple backends for user authentication (with LDAP), ...) - otrs2 <not-affected> (Only affects 8.x) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-16/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e23189888103208f4cbeeed3ccf5bda6dfc17627 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e23189888103208f4cbeeed3ccf5bda6dfc17627 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits