automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-02-19 08:10:16 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-02-19 08:10:16 +0000
commit: 2ba3ef4be092ba73b47d3c14c733593bb6370dde (patch)
tree: f98da095d2649f515f905d16190c1a8f326159ae
parent: 6ceb7af86e10e5753cf73a058a9f248b9306bbef (diff)
4 files changed, 68 insertions, 29 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 93733aaf3a..deed7b3209 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -13957,15 +13957,17 @@ CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR wh
 CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upl ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based b ...)
+	{DLA-2567-1}
 	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874060)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
 	NOTE: Crash in CLI tool, no security impact
 CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...)
+	{DLA-2567-1}
 	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874061)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
 	NOTE: Crash in CLI tool, no security impact
 CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory tra ...)
-	{DLA-1091-1}
+	{DLA-2567-1 DLA-1091-1}
 	- unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
 	[jessie] - unrar-free <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 825ff1d541..2f4231fb3d 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,13 @@
+CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...)
+	TODO: check
+CVE-2019-25023
+	RESERVED
+CVE-2019-25022
+	RESERVED
+CVE-2019-25021
+	RESERVED
+CVE-2019-25020
+	RESERVED
 CVE-2019-25019 (LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant m ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2019-XXXX [zstd adds read permissions to files while being compressed or uncompressed]
@@ -1489,6 +1499,7 @@ CVE-2019-20369
 CVE-2019-20368
 	RESERVED
 CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...)
+	{DLA-2566-1}
 	- libbsd 0.10.0-1
 	[buster] - libbsd <no-dsa> (Minor issue)
 	[jessie] - libbsd <no-dsa> (Minor issue)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index b27bd2d558..bd05219c7b 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,17 @@
+CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has one out ...)
+	TODO: check
+CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has received non ...)
+	TODO: check
+CVE-2020-36250 (In the ownCloud application before 2.15 for Android, the lock protecti ...)
+	TODO: check
+CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not properly e ...)
+	TODO: check
+CVE-2020-36248 (The ownCloud application before 2.15 for Android allows attackers to u ...)
+	TODO: check
+CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. ...)
+	TODO: check
+CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain root privil ...)
+	TODO: check
 CVE-2020-36245 (GramAddict through 1.2.3 allows remote attackers to execute arbitrary  ...)
 	NOT-FOR-US: GramAddict
 CVE-2020-36244 (The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.6 has  ...)
@@ -1096,8 +1110,8 @@ CVE-2020-35778 (Certain NETGEAR devices are affected by CSRF. This affects GS716
 	NOT-FOR-US: Netgear
 CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command inj ...)
 	NOT-FOR-US: Netgear
-CVE-2020-35776
-	RESERVED
+CVE-2020-35776 (A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk version ...)
+	TODO: check
 CVE-2020-35775 (CITSmart before 9.1.2.23 allows LDAP Injection. ...)
 	NOT-FOR-US: CITSmart
 CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (a ...)
@@ -1544,10 +1558,10 @@ CVE-2020-35594
 	RESERVED
 CVE-2020-35593
 	RESERVED
-CVE-2020-35592
-	RESERVED
-CVE-2020-35591
-	RESERVED
+CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the a ...)
+	TODO: check
+CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application d ...)
+	TODO: check
 CVE-2020-35590 (LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin bef ...)
 	NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress
 CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress a ...)
@@ -13861,8 +13875,8 @@ CVE-2020-24910
 	RESERVED
 CVE-2020-24909
 	RESERVED
-CVE-2020-24908
-	RESERVED
+CVE-2020-24908 (Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges ...)
+	TODO: check
 CVE-2020-24907
 	RESERVED
 CVE-2020-24906
@@ -24845,8 +24859,8 @@ CVE-2020-19515
 	RESERVED
 CVE-2020-19514
 	RESERVED
-CVE-2020-19513
-	RESERVED
+CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows atta ...)
+	TODO: check
 CVE-2020-19512
 	RESERVED
 CVE-2020-19511
@@ -36877,7 +36891,7 @@ CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14
 CVE-2020-14211
 	RESERVED
-CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected  ...)
+CVE-2020-14210 (Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF i ...)
 	NOT-FOR-US: MONITORAPP
 CVE-2020-14209 (Dolibarr before 11.0.5 allows low-privilege users to upload files of d ...)
 	- dolibarr <removed>
@@ -47077,12 +47091,12 @@ CVE-2020-10256 (An issue was discovered in beta versions of the 1Password comman
 	NOT-FOR-US: 1Password
 CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...)
 	NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips
-CVE-2020-10254
-	RESERVED
+CVE-2020-10254 (An issue was discovered in ownCloud before 10.4. An attacker can bypas ...)
+	TODO: check
 CVE-2020-10253
 	RESERVED
-CVE-2020-10252
-	RESERVED
+CVE-2020-10252 (An issue was discovered in ownCloud before 10.4. Because of an SSRF is ...)
+	TODO: check
 CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...)
 	- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #953741)
 	[buster] - imagemagick <ignored> (Minor issue)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index ddd5bd1d5d..ad33e9c5b3 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,15 @@
+CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...)
+	TODO: check
+CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...)
+	TODO: check
+CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-b ...)
+	TODO: check
+CVE-2021-27402
+	RESERVED
+CVE-2021-27401
+	RESERVED
+CVE-2021-27400
+	RESERVED
 CVE-2021-3413
 	RESERVED
 CVE-2021-3412
@@ -53,7 +65,7 @@ CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Ru
 	NOT-FOR-US: Rust crate yottadb
 CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3 for Rust. ...)
 	NOT-FOR-US: Rust crate nb-connect
-CVE-2021-27375 (Traefik 2.4.3 allows the loading of IFRAME elements from other domains ...)
+CVE-2021-27375 (Traefik before 2.4.5 allows the loading of IFRAME elements from other  ...)
 	NOT-FOR-US: Traefik
 CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before p ...)
 	NOT-FOR-US: VertiGIS WebOffice
@@ -1056,8 +1068,8 @@ CVE-2021-26908
 	RESERVED
 CVE-2021-26907
 	RESERVED
-CVE-2021-26906
-	RESERVED
+CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...)
+	TODO: check
 CVE-2021-3402
 	RESERVED
 CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...)
@@ -1400,10 +1412,10 @@ CVE-2021-26749
 	RESERVED
 CVE-2021-26748
 	RESERVED
-CVE-2021-26747
-	RESERVED
-CVE-2021-26746
-	RESERVED
+CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metach ...)
+	TODO: check
+CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= U ...)
+	TODO: check
 CVE-2021-26745
 	RESERVED
 CVE-2021-26744
@@ -1464,8 +1476,8 @@ CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-ente
 	NOT-FOR-US: gradle-enterprise-test-distribution-agent
 CVE-2021-26718
 	RESERVED
-CVE-2021-26717
-	RESERVED
+CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x  ...)
+	TODO: check
 CVE-2021-26716
 	RESERVED
 CVE-2021-26715
@@ -1474,8 +1486,8 @@ CVE-2021-26714
 	RESERVED
 CVE-2021-26713
 	RESERVED
-CVE-2021-26712
-	RESERVED
+CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 1 ...)
+	TODO: check
 CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web 4.3.4 ...)
 	NOT-FOR-US: Redwood Report2Web
 CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...)
@@ -2441,8 +2453,8 @@ CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH
 	NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows
 CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of Wikindx be ...)
 	NOT-FOR-US: Wikindx
-CVE-2021-3339
-	RESERVED
+CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access to mem ...)
+	TODO: check
 CVE-2021-3338
 	RESERVED
 CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...)
author	security tracker role <sectracker@soriano.debian.org>	2021-02-19 08:10:16 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-02-19 08:10:16 +0000
commit	2ba3ef4be092ba73b47d3c14c733593bb6370dde (patch)
tree	f98da095d2649f515f905d16190c1a8f326159ae
parent	6ceb7af86e10e5753cf73a058a9f248b9306bbef (diff)