[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 12 21:10:29 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4e4cf313 by security tracker role at 2021-04-12T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-3495
+ RESERVED
+CVE-2021-3494
+ RESERVED
+CVE-2021-3493
+ RESERVED
+CVE-2021-30501
+ RESERVED
+CVE-2021-30500
+ RESERVED
+CVE-2021-30499
+ RESERVED
+CVE-2021-30498
+ RESERVED
CVE-2021-30497
RESERVED
CVE-2021-30496
@@ -2570,8 +2584,8 @@ CVE-2021-29359
RESERVED
CVE-2021-29358
RESERVED
-CVE-2021-29357
- RESERVED
+CVE-2021-29357 (The ECT Provider component in OutSystems Platform Server 10 before 10. ...)
+ TODO: check
CVE-2021-29356
RESERVED
CVE-2021-29355
@@ -2680,8 +2694,8 @@ CVE-2021-29304
RESERVED
CVE-2021-29303
RESERVED
-CVE-2021-29302
- RESERVED
+CVE-2021-29302 (TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a ...)
+ TODO: check
CVE-2021-29301
RESERVED
CVE-2021-29300
@@ -3021,7 +3035,7 @@ CVE-2021-3466 (A flaw was found in libmicrohttpd in versions before 0.9.71. A mi
NOTE: Patch: https://git.gnunet.org/libmicrohttpd.git/commit/?id=a110ae6276660bee3caab30e9ff3f12f85cf3241
NOTE: Introduced in https://git.gnunet.org/libmicrohttpd.git/commit/?id=55f715e15e3ce66babc939b5a670bee02d4d9571
CVE-2021-3465
- RESERVED
+ REJECTED
- p7zip <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942677
NOTE: https://github.com/jinfeihan57/p7zip/issues/130
@@ -6808,7 +6822,7 @@ CVE-2021-27508
RESERVED
CVE-2021-27507
RESERVED
-CVE-2021-27506 (The ClamAV Engine (Version 0.103.1 and below) embedded in Storsmshield ...)
+CVE-2021-27506 (The ClamAV Engine (version 0.103.1 and below) component embedded in St ...)
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-27505
RESERVED
@@ -6848,8 +6862,8 @@ CVE-2021-27488
RESERVED
CVE-2021-27487
RESERVED
-CVE-2021-27486
- RESERVED
+CVE-2021-27486 (The Fatek Automation WinProladder Versions 3.3 and prior are vulnerabl ...)
+ TODO: check
CVE-2021-27485
RESERVED
CVE-2021-27484
@@ -10574,10 +10588,10 @@ CVE-2021-25928
RESERVED
CVE-2021-25927
RESERVED
-CVE-2021-25926
- RESERVED
-CVE-2021-25925
- RESERVED
+CVE-2021-25926 (In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Re ...)
+ TODO: check
+CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored C ...)
+ TODO: check
CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Reques ...)
NOT-FOR-US: GoCD
CVE-2021-25923
@@ -10911,9 +10925,9 @@ CVE-2021-25896
RESERVED
CVE-2021-25895
RESERVED
-CVE-2021-25894 (Magnolia CMS contains a stored cross-site scripting (XSS) vulnerabilit ...)
+CVE-2021-25894 (Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scriptin ...)
NOT-FOR-US: Magnolia CMS
-CVE-2021-25893 (Magnolia CMS From 6.1.3 to 6.2.3 contains a stored cross-site scriptin ...)
+CVE-2021-25893 (Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scriptin ...)
NOT-FOR-US: Magnolia CMS
CVE-2021-25892
RESERVED
@@ -14467,44 +14481,44 @@ CVE-2021-24233
RESERVED
CVE-2021-24232
RESERVED
-CVE-2021-24231
- RESERVED
-CVE-2021-24230
- RESERVED
-CVE-2021-24229
- RESERVED
-CVE-2021-24228
- RESERVED
-CVE-2021-24227
- RESERVED
-CVE-2021-24226
- RESERVED
-CVE-2021-24225
- RESERVED
-CVE-2021-24224
- RESERVED
-CVE-2021-24223
- RESERVED
-CVE-2021-24222
- RESERVED
-CVE-2021-24221
- RESERVED
-CVE-2021-24220
- RESERVED
-CVE-2021-24219
- RESERVED
-CVE-2021-24218
- RESERVED
-CVE-2021-24217
- RESERVED
+CVE-2021-24231 (The Jetpack Scan team identified a Cross-Site Request Forgery vulnerab ...)
+ TODO: check
+CVE-2021-24230 (The Jetpack Scan team identified a Cross-Site Request Forgery vulnerab ...)
+ TODO: check
+CVE-2021-24229 (The Jetpack Scan team identified a Reflected Cross-Site Scripting via ...)
+ TODO: check
+CVE-2021-24228 (The Jetpack Scan team identified a Reflected Cross-Site Scripting in t ...)
+ TODO: check
+CVE-2021-24227 (The Jetpack Scan team identified a Local File Disclosure vulnerability ...)
+ TODO: check
+CVE-2021-24226 (In the AccessAlly WordPress plugin before 3.5.7, the file "resource/fr ...)
+ TODO: check
+CVE-2021-24225 (The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sa ...)
+ TODO: check
+CVE-2021-24224 (The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordP ...)
+ TODO: check
+CVE-2021-24223 (The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitr ...)
+ TODO: check
+CVE-2021-24222 (The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from ...)
+ TODO: check
+CVE-2021-24221 (The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin f ...)
+ TODO: check
+CVE-2021-24220 (Thrive “Legacy” Rise by Thrive Themes WordPress theme befo ...)
+ TODO: check
+CVE-2021-24219 (The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments ...)
+ TODO: check
+CVE-2021-24218 (The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX act ...)
+ TODO: check
+CVE-2021-24217 (The run_action function of the Facebook for WordPress plugin before 3. ...)
+ TODO: check
CVE-2021-24216
RESERVED
-CVE-2021-24215
- RESERVED
+CVE-2021-24215 (An Improper Access Control vulnerability was discovered in the Control ...)
+ TODO: check
CVE-2021-24214
RESERVED
-CVE-2021-24213
- RESERVED
+CVE-2021-24213 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...)
+ TODO: check
CVE-2021-24212 (The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://wooc ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24211 (The WordPress Related Posts plugin through 3.6.4 contains an authentic ...)
@@ -14529,14 +14543,14 @@ CVE-2021-24202 (In the Elementor Website Builder WordPress plugin before 3.1.4,
NOT-FOR-US: Wordpress plugin
CVE-2021-24201 (In the Elementor Website Builder WordPress plugin before 3.1.4, the co ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24200
- RESERVED
-CVE-2021-24199
- RESERVED
-CVE-2021-24198
- RESERVED
-CVE-2021-24197
- RESERVED
+CVE-2021-24200 (The wpDataTables – Tables & Table Charts premium WordPress p ...)
+ TODO: check
+CVE-2021-24199 (The wpDataTables – Tables & Table Charts premium WordPress p ...)
+ TODO: check
+CVE-2021-24198 (The wpDataTables – Tables & Table Charts premium WordPress p ...)
+ TODO: check
+CVE-2021-24197 (The wpDataTables – Tables & Table Charts premium WordPress p ...)
+ TODO: check
CVE-2021-24196 (The Social Slider Widget WordPress plugin before 1.8.5 allowed Authent ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24195
@@ -14915,8 +14929,8 @@ CVE-2021-24026 (A missing bounds check within the audio decoding pipeline for Wh
NOT-FOR-US: WhatsApp
CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote functi ...)
- hhvm <removed>
-CVE-2021-24024
- RESERVED
+CVE-2021-24024 (A clear text storage of sensitive information into log file vulnerabil ...)
+ TODO: check
CVE-2021-24023
RESERVED
CVE-2021-24022
@@ -15260,8 +15274,8 @@ CVE-2021-3130 (Within the Open-AudIT up to version 3.5.3 application, the web in
NOT-FOR-US: Open-AudIT
CVE-2021-3129 (Ignition before 2.5.2, as used in Laravel and other products, allows u ...)
NOT-FOR-US: Ignition
-CVE-2021-3128
- RESERVED
+CVE-2021-3128 (In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers ...)
+ TODO: check
CVE-2021-23920
RESERVED
CVE-2021-23919
@@ -15455,8 +15469,8 @@ CVE-2021-23836 (An issue was discovered in flatCore before 2.0.0 build 139. A st
NOT-FOR-US: flatCore CMS
CVE-2021-23835 (An issue was discovered in flatCore before 2.0.0 build 139. A local fi ...)
NOT-FOR-US: flatCore CMS
-CVE-2021-3125
- RESERVED
+CVE-2021-3125 (In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 & ...)
+ TODO: check
CVE-2021-3124 (Stored cross-site scripting (XSS) in form field in robust.systems prod ...)
NOT-FOR-US: WordPress Plugin Custom Global Variables
CVE-2021-3123
@@ -16426,14 +16440,14 @@ CVE-2021-23373
RESERVED
CVE-2021-23372
RESERVED
-CVE-2021-23371
- RESERVED
-CVE-2021-23370
- RESERVED
-CVE-2021-23369
- RESERVED
-CVE-2021-23368
- RESERVED
+CVE-2021-23371 (This affects the package chrono-node before 2.2.4. It hangs on a date- ...)
+ TODO: check
+CVE-2021-23370 (This affects the package swiper before 6.5.1. ...)
+ TODO: check
+CVE-2021-23369 (The package handlebars before 4.7.7 are vulnerable to Remote Code Exec ...)
+ TODO: check
+CVE-2021-23368 (The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Reg ...)
+ TODO: check
CVE-2021-23367
RESERVED
CVE-2021-23366
@@ -16664,8 +16678,8 @@ CVE-2021-23271 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBC
NOT-FOR-US: TIBCO
CVE-2021-3113 (Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers ...)
NOT-FOR-US: Netsia SEBA+
-CVE-2021-23270
- RESERVED
+CVE-2021-23270 (In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur tha ...)
+ TODO: check
CVE-2021-23269
RESERVED
CVE-2021-23268
@@ -18980,8 +18994,8 @@ CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3
[stretch] - wireshark <postponed> (Minor issue, can be fixed along in future update)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17232
-CVE-2021-22190
- RESERVED
+CVE-2021-22190 (A path traversal vulnerability via the GitLab Workhorse in all version ...)
+ TODO: check
CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by ...)
[experimental] - gitlab 13.6.7-1
- gitlab <unfixed>
@@ -24133,8 +24147,8 @@ CVE-2021-20521
RESERVED
CVE-2021-20520 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
NOT-FOR-US: IBM
-CVE-2021-20519
- RESERVED
+CVE-2021-20519 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2021-20518 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
NOT-FOR-US: IBM
CVE-2021-20517
@@ -24573,6 +24587,7 @@ CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow atta
NOTE: https://github.com/michaelrsweet/htmldoc/issues/423
NOTE: Crash in CLI tool, no security impact
CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...)
+ {DLA-2624-1}
- libpano13 2.9.20~rc3+dfsg-1 (bug #985249)
[buster] - libpano13 2.9.19+dfsg-3+deb10u1
NOTE: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/
@@ -30363,8 +30378,8 @@ CVE-2020-28874 (reset-password.php in ProjectSend before r1295 allows remote att
NOT-FOR-US: ProjectSend
CVE-2020-28873 (Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability b ...)
NOT-FOR-US: Fluxbb
-CVE-2020-28872
- RESERVED
+CVE-2020-28872 (An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/ ...)
+ TODO: check
CVE-2020-28871 (Remote code execution in Monitorr v1.7.6m in upload.php allows an unau ...)
NOT-FOR-US: Monitorr
CVE-2020-28870 (In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code o ...)
@@ -44531,8 +44546,8 @@ CVE-2020-24287
RESERVED
CVE-2020-24286
RESERVED
-CVE-2020-24285
- RESERVED
+CVE-2020-24285 (INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to ...)
+ TODO: check
CVE-2020-24284
RESERVED
CVE-2020-24283
@@ -61746,8 +61761,8 @@ CVE-2020-15944 (An issue was discovered in the Gantt-Chart module before 5.5.5 f
NOT-FOR-US: Gantt-Chart module for Jira
CVE-2020-15943 (An issue was discovered in the Gantt-Chart module before 5.5.4 for Jir ...)
NOT-FOR-US: Gantt-Chart module for Jira
-CVE-2020-15942
- RESERVED
+CVE-2020-15942 (An information disclosure vulnerability in Web Vulnerability Scan prof ...)
+ TODO: check
CVE-2020-15941
RESERVED
CVE-2020-15940
@@ -62169,7 +62184,7 @@ CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the L
[stretch] - linux <ignored> (securelevel included but not supported)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/3
NOTE: Fixed by: https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354
-CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in the scp.c tor ...)
+CVE-2020-15778 (** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection i ...)
- openssh <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860487
NOTE: https://github.com/cpandya2909/CVE-2020-15778
@@ -62261,8 +62276,8 @@ CVE-2020-15736
REJECTED
CVE-2020-15735
RESERVED
-CVE-2020-15734
- RESERVED
+CVE-2020-15734 (An Origin Validation Error vulnerability in Bitdefender Safepay allows ...)
+ TODO: check
CVE-2020-15733 (An Origin Validation Error vulnerability in the SafePay component of B ...)
NOT-FOR-US: Bitdefender Antivirus Plus
CVE-2020-15732
@@ -63260,8 +63275,8 @@ CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki Supravi
NOT-FOR-US: Venki
CVE-2020-15391 (The UI in DevSpace 4.13.0 allows web sites to execute actions on pods ...)
NOT-FOR-US: DevSpace
-CVE-2020-15390
- RESERVED
+CVE-2020-15390 (pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration ...)
+ TODO: check
CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...)
{DSA-4882-1 DLA-2277-1}
- openjpeg2 2.4.0-1 (bug #965220)
@@ -84352,8 +84367,8 @@ CVE-2020-7925 (Incorrect validation of user input in the role name parser may le
NOTE: https://jira.mongodb.org/browse/SERVER-49142
NOTE: https://github.com/mongodb/mongo/commit/8fbd1af03310704de68c22163900636f58f7eba8 (v3.6.19)
NOTE: Introduced by: https://github.com/mongodb/mongo/commit/3ca76fd569c94de72c4daf6eef27fbf9bf51233b (v3.6.18)
-CVE-2020-7924
- RESERVED
+CVE-2020-7924 (Usage of specific command line parameter in MongoDB Tools which was or ...)
+ TODO: check
CVE-2020-7923 (A user authorized to perform database queries may cause denial of serv ...)
{DLA-2344-1}
- mongodb <removed>
@@ -92202,10 +92217,10 @@ CVE-2020-4967 (IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitiv
NOT-FOR-US: IBM
CVE-2020-4966 (IBM Security Identity Governance and Intelligence 5.2.6 does not set t ...)
NOT-FOR-US: IBM
-CVE-2020-4965
- RESERVED
-CVE-2020-4964
- RESERVED
+CVE-2020-4965 (IBM Jazz Team Server products use weaker than expected cryptographic a ...)
+ TODO: check
+CVE-2020-4964 (IBM Jazz Team Server products contain an undisclosed vulnerability tha ...)
+ TODO: check
CVE-2020-4963
RESERVED
CVE-2020-4962
@@ -92292,8 +92307,8 @@ CVE-2020-4922
RESERVED
CVE-2020-4921 (IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A ...)
NOT-FOR-US: IBM
-CVE-2020-4920
- RESERVED
+CVE-2020-4920 (IBM Jazz Team Server products are vulnerable to stored cross-site scri ...)
+ TODO: check
CVE-2020-4919 (IBM Cloud Pak System 2.3 has insufficient logout controls which could ...)
NOT-FOR-US: IBM
CVE-2020-4918 (IBM Cloud Pak System 2.3 could allow l local privileged user to disclo ...)
@@ -109310,8 +109325,8 @@ CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient FortiT
NOT-FOR-US: Fortiguard
CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSw ...)
NOT-FOR-US: Fortiguard
-CVE-2019-17656
- RESERVED
+CVE-2019-17656 (A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of For ...)
+ TODO: check
CVE-2019-17655 (A cleartext storage in a file or on disk (CWE-313) vulnerability in Fo ...)
NOT-FOR-US: Fortiguard
CVE-2019-17654 (An Insufficient Verification of Data Authenticity vulnerability in For ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e4cf313c066a03d7ebbc43362008d8818c41563
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e4cf313c066a03d7ebbc43362008d8818c41563
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210412/3a3a38bf/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list