[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Apr 7 09:10:37 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cbb522a1 by security tracker role at 2021-04-07T08:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,7 +2,7 @@ CVE-2021-3484
 	RESERVED
 CVE-2021-3483
 	RESERVED
-CVE-2021-30178 [KVM: x86: hyper-v: Fix Hyper-V context null-ptr-deref]
+CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918
 CVE-2021-30177
@@ -57,18 +57,18 @@ CVE-2021-23165
 	RESERVED
 CVE-2021-23158
 	RESERVED
-CVE-2020-36313
+CVE-2020-36313 (An issue was discovered in the Linux kernel before 5.7. The KVM subsys ...)
 	- linux 5.7.6-1
 	NOTE: https://git.kernel.org/linus/0774a964ef561b7170d8d1b1bfe6f88002b6d219
-CVE-2020-36312
+CVE-2020-36312 (An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kv ...)
 	- linux 5.8.10-1
 	[buster] - linux 4.19.152-1
 	[stretch] - linux 4.9.240-1
 	NOTE: https://git.kernel.org/linus/f65886606c2d3b562716de030706dfe1bea4ed5e
-CVE-2020-36311
+CVE-2020-36311 (An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/s ...)
 	- linux 5.9.1-1
 	NOTE: https://git.kernel.org/linus/7be74942f184fdfba34ddd19a0d995deb34d4a03
-CVE-2020-36310
+CVE-2020-36310 (An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/s ...)
 	- linux 5.8.7-1
 	NOTE: https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e
 CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...)
@@ -118,8 +118,8 @@ CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...)
 	NOT-FOR-US: Composr
 CVE-2021-30148
 	RESERVED
-CVE-2021-30147
-	RESERVED
+CVE-2021-30147 (DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as addi ...)
+	TODO: check
 CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...)
 	- seafile-client <undetermined>
 	NOTE: https://github.com/Security-AVS/CVE-2021-30146
@@ -5207,10 +5207,10 @@ CVE-2021-27902
 	RESERVED
 CVE-2021-27901 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...)
 	NOT-FOR-US: LG mobile devices
-CVE-2021-27900
-	RESERVED
-CVE-2021-27899
-	RESERVED
+CVE-2021-27900 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+	TODO: check
+CVE-2021-27899 (The Proofpoint Insider Threat Management Agents (formerly ObserveIT Ag ...)
+	TODO: check
 CVE-2021-27898
 	RESERVED
 CVE-2021-27897
@@ -10555,8 +10555,8 @@ CVE-2021-25694
 	RESERVED
 CVE-2021-25693
 	RESERVED
-CVE-2021-25692
-	RESERVED
+CVE-2021-25692 (Sensitive smart card data is logged in default INFO logs by Teradici's ...)
+	TODO: check
 CVE-2021-25691
 	RESERVED
 CVE-2021-25690 (A null pointer dereference in Teradici PCoIP Soft Client versions prio ...)
@@ -18318,10 +18318,10 @@ CVE-2021-3015
 	RESERVED
 CVE-2021-22159 (Insider Threat Management Windows Agent Local Privilege Escalation Vul ...)
 	NOT-FOR-US: The Proofpoint Insider Threat Management
-CVE-2021-22158
-	RESERVED
-CVE-2021-22157
-	RESERVED
+CVE-2021-22158 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+	TODO: check
+CVE-2021-22157 (Proofpoint Insider Threat Management Server (formerly ObserveIT Server ...)
+	TODO: check
 CVE-2021-22156
 	RESERVED
 CVE-2021-22155
@@ -21116,8 +21116,8 @@ CVE-2021-21406
 	RESERVED
 CVE-2021-21405
 	RESERVED
-CVE-2021-21404
-	RESERVED
+CVE-2021-21404 (Syncthing is a continuous file synchronization program. In Syncthing b ...)
+	TODO: check
 CVE-2021-21403 (In github.com/kongchuanhujiao/server before version 1.3.21 there is an ...)
 	TODO: check
 CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before version 1 ...)
@@ -67927,16 +67927,16 @@ CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authentica
 	NOT-FOR-US: Joomla addon
 CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that can be exp ...)
 	NOT-FOR-US: Form Builder for Magento
-CVE-2020-13422
-	RESERVED
-CVE-2020-13421
-	RESERVED
-CVE-2020-13420
-	RESERVED
-CVE-2020-13419
-	RESERVED
-CVE-2020-13418
-	RESERVED
+CVE-2020-13422 (OpenIAM before 4.2.0.3 does not verify if a user has permissions to pe ...)
+	TODO: check
+CVE-2020-13421 (OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create Use ...)
+	TODO: check
+CVE-2020-13420 (OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary co ...)
+	TODO: check
+CVE-2020-13419 (OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. ...)
+	TODO: check
+CVE-2020-13418 (OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. ...)
+	TODO: check
 CVE-2020-13417 (An Elevation of Privilege issue was discovered in Aviatrix VPN Client  ...)
 	NOT-FOR-US: Aviatrix
 CVE-2020-13416 (An issue was discovered in Aviatrix Controller before 5.4.1066. A Cont ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbb522a15ebdf78906be2c3f38a11b3f4c9397a7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbb522a15ebdf78906be2c3f38a11b3f4c9397a7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210407/07bb66f5/attachment.htm>

More information about the debian-security-tracker-commits mailing list