[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 8 21:10:28 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
49e27f49 by security tracker role at 2021-04-08T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2021-30475
+ RESERVED
+CVE-2021-30474
+ RESERVED
+CVE-2021-30473
+ RESERVED
+CVE-2021-30472
+ RESERVED
+CVE-2021-30471
+ RESERVED
+CVE-2021-30470
+ RESERVED
+CVE-2021-30469
+ RESERVED
+CVE-2021-30468
+ RESERVED
+CVE-2021-30467
+ RESERVED
+CVE-2021-30466
+ RESERVED
+CVE-2021-30465
+ RESERVED
+CVE-2021-30464
+ RESERVED
+CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges by creati ...)
+ TODO: check
+CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate privileges ...)
+ TODO: check
+CVE-2021-30461
+ RESERVED
+CVE-2021-30460
+ RESERVED
+CVE-2021-30459
+ RESERVED
CVE-2021-30458
RESERVED
CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...)
@@ -760,14 +794,14 @@ CVE-2021-30116
RESERVED
CVE-2021-30115
RESERVED
-CVE-2021-30114
- RESERVED
-CVE-2021-30113
- RESERVED
-CVE-2021-30112
- RESERVED
-CVE-2021-30111
- RESERVED
+CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...)
+ TODO: check
+CVE-2021-30113 (A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Even ...)
+ TODO: check
+CVE-2021-30112 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...)
+ TODO: check
+CVE-2021-30111 (A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Eve ...)
+ TODO: check
CVE-2021-30110
RESERVED
CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under c ...)
@@ -3387,10 +3421,10 @@ CVE-2021-28927 (The text-to-speech engine in libretro RetroArch for Windows 0.11
TODO: check
CVE-2021-28926
RESERVED
-CVE-2021-28925
- RESERVED
-CVE-2021-28924
- RESERVED
+CVE-2021-28925 (SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 vi ...)
+ TODO: check
+CVE-2021-28924 (Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the ...)
+ TODO: check
CVE-2021-28923
RESERVED
CVE-2021-28922
@@ -3878,10 +3912,10 @@ CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such tha
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-371.html
NOTE: https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432
-CVE-2021-28686
- RESERVED
-CVE-2021-28685
- RESERVED
+CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...)
+ TODO: check
+CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...)
+ TODO: check
CVE-2021-28684
RESERVED
CVE-2021-28683
@@ -5632,8 +5666,8 @@ CVE-2021-27947 (SQL Injection vulnerability in MyBB before 1.8.26 via the Copy F
NOT-FOR-US: MyBB
CVE-2021-27946 (SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. ...)
NOT-FOR-US: MyBB
-CVE-2021-27945
- RESERVED
+CVE-2021-27945 (The Squirro Insights Engine was affected by a Reflected Cross-Site Scr ...)
+ TODO: check
CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as u ...)
- linux 5.10.24-1 (unimportant)
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -6595,8 +6629,8 @@ CVE-2021-27524
RESERVED
CVE-2021-27523
RESERVED
-CVE-2021-27522
- RESERVED
+CVE-2021-27522 (Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability ...)
+ TODO: check
CVE-2021-27521
RESERVED
CVE-2021-27520 (A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote att ...)
@@ -9520,8 +9554,8 @@ CVE-2021-3330
RESERVED
CVE-2021-3329
RESERVED
-CVE-2021-3328
- RESERVED
+CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...)
+ TODO: check
CVE-2021-3327 (Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_t ...)
NOT-FOR-US: Ovation Dynamic Content
CVE-2021-26294 (An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail ...)
@@ -18171,8 +18205,8 @@ CVE-2021-22509
RESERVED
CVE-2021-22508
RESERVED
-CVE-2021-22507
- RESERVED
+CVE-2021-22507 (Authentication bypass vulnerability in Micro Focus Operations Bridge M ...)
+ TODO: check
CVE-2021-22506 (Advance configuration exposing Information Leakage vulnerability in Mi ...)
NOT-FOR-US: Micro Focus
CVE-2021-22505
@@ -18562,8 +18596,8 @@ CVE-2021-22314 (There is a local privilege escalation vulnerability in some vers
NOT-FOR-US: Huawei
CVE-2021-22313
RESERVED
-CVE-2021-22312
- RESERVED
+CVE-2021-22312 (There is a memory leak vulnerability in some Huawei products. An authe ...)
+ TODO: check
CVE-2021-22311 (There is an improper permission assignment vulnerability in Huawei Man ...)
NOT-FOR-US: Huawei
CVE-2021-22310 (There is an information leakage vulnerability in some huawei products. ...)
@@ -18997,8 +19031,8 @@ CVE-2021-22117
RESERVED
CVE-2021-22116
RESERVED
-CVE-2021-22115
- RESERVED
+CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service broker cre ...)
+ TODO: check
CVE-2021-22114 (Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versio ...)
TODO: check
CVE-2021-22113 (Applications using the “Sensitive Headers” functionality i ...)
@@ -19290,8 +19324,8 @@ CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page i
NOT-FOR-US: MikroTik RouterOS
CVE-2021-3013
RESERVED
-CVE-2021-3012
- RESERVED
+CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...)
+ TODO: check
CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...)
NOT-FOR-US: NXP
CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS) vulnerabiliti ...)
@@ -19699,6 +19733,7 @@ CVE-2021-21774
CVE-2021-21773 (An out-of-bounds write vulnerability exists in the TIFF header count-p ...)
NOT-FOR-US: ImageGear
CVE-2021-21772 (A use-after-free vulnerability exists in the NMR::COpcPackageReader::r ...)
+ {DSA-4887-1}
- lib3mf 1.8.1+ds-4 (bug #985092)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226
CVE-2021-21771
@@ -24036,8 +24071,8 @@ CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnera
NOT-FOR-US: IBM
CVE-2021-20481
RESERVED
-CVE-2021-20480
- RESERVED
+CVE-2021-20480 (IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to se ...)
+ TODO: check
CVE-2021-20479
RESERVED
CVE-2021-20478
@@ -29959,7 +29994,7 @@ CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may enc
CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...)
NOT-FOR-US: installer of Kaspersky Anti-Ransomware Tool (KART)
CVE-2020-36193 (Tar.php in Archive_Tar through 1.4.11 allows write operations with Dir ...)
- {DLA-2530-1}
+ {DLA-2621-1 DLA-2530-1}
- drupal7 <removed>
- php-pear 1:1.10.12+submodules+notgz+20210212-1 (bug #980428)
NOTE: https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
@@ -45855,8 +45890,8 @@ CVE-2020-23541
RESERVED
CVE-2020-23540
RESERVED
-CVE-2020-23539
- RESERVED
+CVE-2020-23539 (An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that ...)
+ TODO: check
CVE-2020-23538
RESERVED
CVE-2020-23537
@@ -46081,8 +46116,8 @@ CVE-2020-23428
RESERVED
CVE-2020-23427
RESERVED
-CVE-2020-23426
- RESERVED
+CVE-2020-23426 (zzcms 201910 contains an access control vulnerability through escalati ...)
+ TODO: check
CVE-2020-23425
RESERVED
CVE-2020-23424
@@ -66649,8 +66684,8 @@ CVE-2020-14106
RESERVED
CVE-2020-14105
RESERVED
-CVE-2020-14104
- RESERVED
+CVE-2020-14104 (A RACE CONDITION on XQBACKUP causes a decompression path error on Xiao ...)
+ TODO: check
CVE-2020-14103
RESERVED
CVE-2020-14102 (There is command injection when ddns processes the hostname, which cau ...)
@@ -66659,8 +66694,8 @@ CVE-2020-14101 (The data collection SDK of the router web management interface c
NOT-FOR-US: Xiaomi
CVE-2020-14100 (In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 ...)
NOT-FOR-US: Xiaomi
-CVE-2020-14099
- RESERVED
+CVE-2020-14099 (On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root versi ...)
+ TODO: check
CVE-2020-14098 (The login verification can be bypassed by using the problem that the t ...)
NOT-FOR-US: Xiaomi
CVE-2020-14097 (Wrong nginx configuration, causing specific paths to be downloaded wit ...)
@@ -82298,15 +82333,15 @@ CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random p
NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
NOTE: https://github.com/canonical/cloud-init/pull/204
CVE-2020-8630
- RESERVED
+ REJECTED
CVE-2020-8629
- RESERVED
+ REJECTED
CVE-2020-8628
- RESERVED
+ REJECTED
CVE-2020-8627
- RESERVED
+ REJECTED
CVE-2020-8626
- RESERVED
+ REJECTED
CVE-2020-8625 (BIND servers are vulnerable if they are running an affected version an ...)
{DSA-4857-1 DLA-2568-1}
- bind9 1:9.16.12-1 (bug #983004)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49e27f49ada5f931d5cddb85176f4088c3ae7670
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49e27f49ada5f931d5cddb85176f4088c3ae7670
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210408/2e765244/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list