[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Apr 6 09:10:39 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ddbe70f8 by security tracker role at 2021-04-06T08:10:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2021-30160
+	RESERVED
+CVE-2021-30159
+	RESERVED
+CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+	TODO: check
+CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+	TODO: check
+CVE-2021-30156
+	RESERVED
+CVE-2021-30155
+	RESERVED
+CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+	TODO: check
+CVE-2021-30153
+	RESERVED
+CVE-2021-30152
+	RESERVED
+CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...)
+	TODO: check
+CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...)
+	TODO: check
+CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...)
+	TODO: check
+CVE-2021-30148
+	RESERVED
+CVE-2021-30147
+	RESERVED
+CVE-2021-30146
+	RESERVED
+CVE-2021-30145
+	RESERVED
+CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...)
+	TODO: check
+CVE-2021-30143
+	RESERVED
+CVE-2021-30142
+	RESERVED
+CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...)
+	TODO: check
+CVE-2021-30140
+	RESERVED
+CVE-2021-30139
+	RESERVED
+CVE-2021-30138
+	RESERVED
+CVE-2021-30137
+	RESERVED
+CVE-2021-30136
+	RESERVED
+CVE-2021-30135
+	RESERVED
+CVE-2021-30134
+	RESERVED
+CVE-2021-30133
+	RESERVED
+CVE-2021-30132
+	RESERVED
+CVE-2021-30131
+	RESERVED
+CVE-2021-30130
+	RESERVED
 CVE-2021-30129
 	RESERVED
 CVE-2021-30128
@@ -374,6 +436,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a
 	[buster] - linux 4.19.181-1
 	NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
 CVE-2021-3482 [heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp]
+	RESERVED
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/issues/1522
 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file]
@@ -4190,76 +4253,76 @@ CVE-2021-28210 [unlimited FV recursion, round 2]
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1743
 	NOTE: https://github.com/tianocore/edk2/pull/1137
 	NOTE: https://github.com/tianocore/edk2/commit/47343af30435302c087027177613412a1a83e919
-CVE-2021-28209
-	RESERVED
-CVE-2021-28208
-	RESERVED
-CVE-2021-28207
-	RESERVED
-CVE-2021-28206
-	RESERVED
-CVE-2021-28205
-	RESERVED
-CVE-2021-28204
-	RESERVED
-CVE-2021-28203
-	RESERVED
-CVE-2021-28202
-	RESERVED
-CVE-2021-28201
-	RESERVED
-CVE-2021-28200
-	RESERVED
-CVE-2021-28199
-	RESERVED
-CVE-2021-28198
-	RESERVED
-CVE-2021-28197
-	RESERVED
-CVE-2021-28196
-	RESERVED
-CVE-2021-28195
-	RESERVED
-CVE-2021-28194
-	RESERVED
-CVE-2021-28193
-	RESERVED
-CVE-2021-28192
-	RESERVED
-CVE-2021-28191
-	RESERVED
-CVE-2021-28190
-	RESERVED
-CVE-2021-28189
-	RESERVED
-CVE-2021-28188
-	RESERVED
-CVE-2021-28187
-	RESERVED
-CVE-2021-28186
-	RESERVED
-CVE-2021-28185
-	RESERVED
-CVE-2021-28184
-	RESERVED
-CVE-2021-28183
-	RESERVED
-CVE-2021-28182
-	RESERVED
-CVE-2021-28181
-	RESERVED
-CVE-2021-28180
-	RESERVED
-CVE-2021-28179
-	RESERVED
-CVE-2021-28178
-	RESERVED
-CVE-2021-28177
-	RESERVED
-CVE-2021-28176
-	RESERVED
-CVE-2021-28175
-	RESERVED
+CVE-2021-28209 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28208 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28207 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28206 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28205 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28204 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28203 (The Web Set Media Image function in ASUS BMC’s firmware Web mana ...)
+	TODO: check
+CVE-2021-28202 (The Service configuration-2 function in ASUS BMC’s firmware Web  ...)
+	TODO: check
+CVE-2021-28201 (The Service configuration-1 function in ASUS BMC’s firmware Web  ...)
+	TODO: check
+CVE-2021-28200 (The CD media configuration function in ASUS BMC’s firmware Web m ...)
+	TODO: check
+CVE-2021-28199 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28198 (The Firmware protocol configuration function in ASUS BMC’s firmw ...)
+	TODO: check
+CVE-2021-28197 (The Active Directory configuration function in ASUS BMC’s firmwa ...)
+	TODO: check
+CVE-2021-28196 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28195 (The Radius configuration function in ASUS BMC’s firmware Web man ...)
+	TODO: check
+CVE-2021-28194 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28193 (The SMTP configuration function in ASUS BMC’s firmware Web manag ...)
+	TODO: check
+CVE-2021-28192 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28191 (The Firmware update function in ASUS BMC’s firmware Web manageme ...)
+	TODO: check
+CVE-2021-28190 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28189 (The SMTP configuration function in ASUS BMC’s firmware Web manag ...)
+	TODO: check
+CVE-2021-28188 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28187 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28186 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28185 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28184 (The Active Directory configuration function in ASUS BMC’s firmwa ...)
+	TODO: check
+CVE-2021-28183 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28182 (The Web Service configuration function in ASUS BMC’s firmware We ...)
+	TODO: check
+CVE-2021-28181 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28180 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28179 (The specific function in ASUS BMC’s firmware Web management page ...)
+	TODO: check
+CVE-2021-28178 (The UEFI configuration function in ASUS BMC’s firmware Web manag ...)
+	TODO: check
+CVE-2021-28177 (The LDAP configuration function in ASUS BMC’s firmware Web manag ...)
+	TODO: check
+CVE-2021-28176 (The DNS configuration function in ASUS BMC’s firmware Web manage ...)
+	TODO: check
+CVE-2021-28175 (The Radius configuration function in ASUS BMC’s firmware Web man ...)
+	TODO: check
 CVE-2021-28174
 	RESERVED
 CVE-2021-28173
@@ -23580,19 +23643,16 @@ CVE-2021-20310
 	RESERVED
 CVE-2021-20309
 	RESERVED
-CVE-2021-20308
-	RESERVED
+CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers  ...)
 	- htmldoc <unfixed>
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/423
-CVE-2021-20307
-	RESERVED
+CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...)
 	- libpano13 2.9.20~rc3+dfsg-1 (bug #985249)
 	[buster] - libpano13 2.9.19+dfsg-3+deb10u1
 	NOTE: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/
 CVE-2021-20306
 	RESERVED
-CVE-2021-20305 [Out of Bound memory access in signature verification]
-	RESERVED
+CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...)
 	- nettle 3.7.2-1 (bug #985652)
 	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
 	NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical:
@@ -52939,10 +52999,10 @@ CVE-2020-19598
 	RESERVED
 CVE-2020-19597
 	RESERVED
-CVE-2020-19596
-	RESERVED
-CVE-2020-19595
-	RESERVED
+CVE-2020-19596 (Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a ...)
+	TODO: check
+CVE-2020-19595 (Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a c ...)
+	TODO: check
 CVE-2020-19594
 	RESERVED
 CVE-2020-19593
@@ -57292,8 +57352,8 @@ CVE-2020-17455
 	RESERVED
 CVE-2020-17454 (WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher ...)
 	NOT-FOR-US: WSO2 API Manager
-CVE-2020-17453
-	RESERVED
+CVE-2020-17453 (WSO2 Management Console through 5.10 allows XSS via the carbon/admin/l ...)
+	TODO: check
 CVE-2020-17452 (flatCore before 1.5.7 allows upload and execution of a .php file by an ...)
 	NOT-FOR-US: flatCore CMS
 CVE-2020-17451 (flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddbe70f860d956dff118117c3085bd5b0726354b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddbe70f860d956dff118117c3085bd5b0726354b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210406/873812c0/attachment.htm>

More information about the debian-security-tracker-commits mailing list