[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 15 21:11:27 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c3fea326 by security tracker role at 2021-04-15T20:10:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,137 @@
+CVE-2021-3500
+ RESERVED
+CVE-2021-31402 (The dio package 4.0.0 for Dart allows CRLF injection if the attacker c ...)
+ TODO: check
+CVE-2021-31401
+ RESERVED
+CVE-2021-31400
+ RESERVED
+CVE-2021-31399
+ RESERVED
+CVE-2021-31398
+ RESERVED
+CVE-2021-31397
+ RESERVED
+CVE-2021-31396
+ RESERVED
+CVE-2021-31395
+ RESERVED
+CVE-2021-31394
+ RESERVED
+CVE-2021-31393
+ RESERVED
+CVE-2021-31392
+ RESERVED
+CVE-2021-31391
+ RESERVED
+CVE-2021-31390
+ RESERVED
+CVE-2021-31389
+ RESERVED
+CVE-2021-31388
+ RESERVED
+CVE-2021-31387
+ RESERVED
+CVE-2021-31386
+ RESERVED
+CVE-2021-31385
+ RESERVED
+CVE-2021-31384
+ RESERVED
+CVE-2021-31383
+ RESERVED
+CVE-2021-31382
+ RESERVED
+CVE-2021-31381
+ RESERVED
+CVE-2021-31380
+ RESERVED
+CVE-2021-31379
+ RESERVED
+CVE-2021-31378
+ RESERVED
+CVE-2021-31377
+ RESERVED
+CVE-2021-31376
+ RESERVED
+CVE-2021-31375
+ RESERVED
+CVE-2021-31374
+ RESERVED
+CVE-2021-31373
+ RESERVED
+CVE-2021-31372
+ RESERVED
+CVE-2021-31371
+ RESERVED
+CVE-2021-31370
+ RESERVED
+CVE-2021-31369
+ RESERVED
+CVE-2021-31368
+ RESERVED
+CVE-2021-31367
+ RESERVED
+CVE-2021-31366
+ RESERVED
+CVE-2021-31365
+ RESERVED
+CVE-2021-31364
+ RESERVED
+CVE-2021-31363
+ RESERVED
+CVE-2021-31362
+ RESERVED
+CVE-2021-31361
+ RESERVED
+CVE-2021-31360
+ RESERVED
+CVE-2021-31359
+ RESERVED
+CVE-2021-31358
+ RESERVED
+CVE-2021-31357
+ RESERVED
+CVE-2021-31356
+ RESERVED
+CVE-2021-31355
+ RESERVED
+CVE-2021-31354
+ RESERVED
+CVE-2021-31353
+ RESERVED
+CVE-2021-31352
+ RESERVED
+CVE-2021-31351
+ RESERVED
+CVE-2021-31350
+ RESERVED
+CVE-2021-31349
+ RESERVED
+CVE-2021-31348
+ RESERVED
+CVE-2021-31347
+ RESERVED
+CVE-2021-31346
+ RESERVED
+CVE-2021-31345
+ RESERVED
+CVE-2021-31344
+ RESERVED
+CVE-2021-31343
+ RESERVED
+CVE-2021-31342
+ RESERVED
+CVE-2021-31341
+ RESERVED
+CVE-2021-31340
+ RESERVED
+CVE-2021-31339
+ RESERVED
+CVE-2021-31338
+ RESERVED
+CVE-2021-31337
+ RESERVED
CVE-2021-31336
RESERVED
CVE-2021-31335
@@ -212,8 +346,8 @@ CVE-2021-31231
RESERVED
CVE-2021-31230
RESERVED
-CVE-2021-31229
- RESERVED
+CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+ TODO: check
CVE-2021-31228
RESERVED
CVE-2021-31227
@@ -1816,8 +1950,7 @@ CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in the
- zulip-server <itp> (bug #800052)
CVE-2021-30476
RESERVED
-CVE-2021-3487
- RESERVED
+CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before 2.36. ...)
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
@@ -2383,8 +2516,8 @@ CVE-2021-30211
RESERVED
CVE-2021-30210
RESERVED
-CVE-2021-30209
- RESERVED
+CVE-2021-30209 (Textpattern V4.8.4 contains an arbitrary file upload vulnerability whe ...)
+ TODO: check
CVE-2021-30208
RESERVED
CVE-2021-30207
@@ -2616,7 +2749,7 @@ CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" funct
CVE-2021-30139
RESERVED
CVE-2021-30138
- RESERVED
+ REJECTED
CVE-2021-30137
RESERVED
CVE-2021-30136
@@ -4107,8 +4240,8 @@ CVE-2021-29450
RESERVED
CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
NOT-FOR-US: Pi-hole
-CVE-2021-29448
- RESERVED
+CVE-2021-29448 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
+ TODO: check
CVE-2021-29447
RESERVED
CVE-2021-29446
@@ -4137,8 +4270,8 @@ CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin f
NOT-FOR-US: trestle-auth
CVE-2021-29434
RESERVED
-CVE-2021-29433
- RESERVED
+CVE-2021-29433 (### Impact Missing input validation of some parameters on the endpoint ...)
+ TODO: check
CVE-2021-29432
RESERVED
CVE-2021-29431
@@ -4201,6 +4334,7 @@ CVE-2021-3473 (An internal product security audit of Lenovo XClarity Controller
NOT-FOR-US: Lenovo XClarity Controller (XCC)
CVE-2021-3472 [Fix XChangeFeedbackControl() request underflow]
RESERVED
+ {DLA-2627-1}
- xorg-server 2:1.20.11-1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
NOTE: https://lists.x.org/archives/xorg-announce/2021-April/003080.html
@@ -6154,10 +6288,10 @@ CVE-2021-28551
RESERVED
CVE-2021-28550
RESERVED
-CVE-2021-28549
- RESERVED
-CVE-2021-28548
- RESERVED
+CVE-2021-28549 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...)
+ TODO: check
+CVE-2021-28548 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...)
+ TODO: check
CVE-2021-28547
RESERVED
CVE-2021-28546 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
@@ -6797,8 +6931,8 @@ CVE-2021-28244
RESERVED
CVE-2021-28243
RESERVED
-CVE-2021-28242
- RESERVED
+CVE-2021-28242 (SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stab ...)
+ TODO: check
CVE-2021-28241
RESERVED
CVE-2021-28240
@@ -7352,8 +7486,8 @@ CVE-2021-28057
RESERVED
CVE-2021-28056
RESERVED
-CVE-2021-28055
- RESERVED
+CVE-2021-28055 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...)
+ TODO: check
CVE-2021-28054
RESERVED
CVE-2021-28053
@@ -7846,8 +7980,8 @@ CVE-2021-27853
RESERVED
CVE-2021-27852
RESERVED
-CVE-2021-27850
- RESERVED
+CVE-2021-27850 (A critical unauthenticated remote code execution vulnerability was fou ...)
+ TODO: check
CVE-2021-27849
RESERVED
CVE-2021-27848
@@ -7916,7 +8050,7 @@ CVE-2021-27817 (A remote command execution vulnerability in shopxo 1.9.3 allows
NOT-FOR-US: shopxo
CVE-2021-27816
RESERVED
-CVE-2021-27815 (NULL Pointer Deference in the "actions.c" library of libexif exif v0.6 ...)
+CVE-2021-27815 (NULL Pointer Deference in the exif command line tool, when printing ou ...)
- exif <unfixed> (unimportant)
NOTE: https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c
NOTE: https://github.com/libexif/exif/issues/4
@@ -8236,10 +8370,10 @@ CVE-2021-27675
RESERVED
CVE-2021-27674
RESERVED
-CVE-2021-27673
- RESERVED
-CVE-2021-27672
- RESERVED
+CVE-2021-27673 (Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of ...)
+ TODO: check
+CVE-2021-27672 (SQL Injection in the "admin_boxes.ajax.php" component of Tribal System ...)
+ TODO: check
CVE-2021-27671 (An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS ...)
NOT-FOR-US: comrak rust crate
CVE-2021-27670 (Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url ...)
@@ -8504,10 +8638,10 @@ CVE-2021-27547
RESERVED
CVE-2021-27546
RESERVED
-CVE-2021-27545
- RESERVED
-CVE-2021-27544
- RESERVED
+CVE-2021-27545 (SQL Injection in the "add-services.php" component of PHPGurukul Beauty ...)
+ TODO: check
+CVE-2021-27544 (Cross Site Scripting (XSS) in the "add-services.php" component of PHPG ...)
+ TODO: check
CVE-2021-27543
RESERVED
CVE-2021-27542
@@ -9444,8 +9578,8 @@ CVE-2021-27131
RESERVED
CVE-2021-27130 (Online Reviewer System 1.0 contains a SQL injection vulnerability thro ...)
NOT-FOR-US: Online Reviewer System
-CVE-2021-27129
- RESERVED
+CVE-2021-27129 (CASAP Automated Enrollment System version 1.0 contains a cross-site sc ...)
+ TODO: check
CVE-2021-27128
RESERVED
CVE-2021-27127
@@ -9478,8 +9612,8 @@ CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. W
NOT-FOR-US: D-Link
CVE-2021-27113 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
NOT-FOR-US: D-Link
-CVE-2021-27112
- RESERVED
+CVE-2021-27112 (LightCMS v1.3.5 contains a remote code execution vulnerability in /app ...)
+ TODO: check
CVE-2021-27111
RESERVED
CVE-2021-27110
@@ -10736,8 +10870,8 @@ CVE-2021-26584
RESERVED
CVE-2021-26583
RESERVED
-CVE-2021-26582
- RESERVED
+CVE-2021-26582 (A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgf ...)
+ TODO: check
CVE-2021-26581 (A potential security vulnerability has been identified in HPE Superdom ...)
NOT-FOR-US: HPE
CVE-2021-26580 (A potential security vulnerability has been identified in HPE iLO Ampl ...)
@@ -12594,8 +12728,8 @@ CVE-2021-3245
RESERVED
CVE-2021-3244
RESERVED
-CVE-2021-3243
- RESERVED
+CVE-2021-3243 (Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerabilit ...)
+ TODO: check
CVE-2021-3242
RESERVED
CVE-2021-3241
@@ -17137,14 +17271,14 @@ CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrato
NOT-FOR-US: McAfee
CVE-2021-23888 (Unvalidated client-side URL redirect vulnerability in McAfee ePolicy O ...)
NOT-FOR-US: McAfee
-CVE-2021-23887
- RESERVED
-CVE-2021-23886
- RESERVED
+CVE-2021-23887 (Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP ...)
+ TODO: check
+CVE-2021-23886 (Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) E ...)
+ TODO: check
CVE-2021-23885 (Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
NOT-FOR-US: McAfee
-CVE-2021-23884
- RESERVED
+CVE-2021-23884 (Cleartext Transmission of Sensitive Information vulnerability in the e ...)
+ TODO: check
CVE-2021-23883 (A Null Pointer Dereference vulnerability in McAfee Endpoint Security ( ...)
NOT-FOR-US: McAfee
CVE-2021-23882 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...)
@@ -24782,34 +24916,34 @@ CVE-2021-21102
RESERVED
CVE-2021-21101
RESERVED
-CVE-2021-21100
- RESERVED
+CVE-2021-21100 (Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected ...)
+ TODO: check
CVE-2021-21099
RESERVED
CVE-2021-21098
RESERVED
CVE-2021-21097
RESERVED
-CVE-2021-21096
- RESERVED
-CVE-2021-21095
- RESERVED
-CVE-2021-21094
- RESERVED
-CVE-2021-21093
- RESERVED
-CVE-2021-21092
- RESERVED
-CVE-2021-21091
- RESERVED
+CVE-2021-21096 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ TODO: check
+CVE-2021-21095 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ TODO: check
+CVE-2021-21094 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ TODO: check
+CVE-2021-21093 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ TODO: check
+CVE-2021-21092 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ TODO: check
+CVE-2021-21091 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ TODO: check
CVE-2021-21090
RESERVED
CVE-2021-21089
RESERVED
CVE-2021-21088
RESERVED
-CVE-2021-21087
- RESERVED
+CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier) and 2018 (updat ...)
+ TODO: check
CVE-2021-21086
RESERVED
CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an Input Val ...)
@@ -26524,8 +26658,7 @@ CVE-2021-20290
- foreman <itp> (bug #663101)
CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.F ...)
NOT-FOR-US: Keycloak
-CVE-2021-20288 [Unauthorized global_id reuse in cephx]
- RESERVED
+CVE-2021-20288 (An authentication flaw was found in ceph in versions before 14.2.20. W ...)
- ceph <unfixed> (bug #986974)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/2
NOTE: https://github.com/ceph/ceph/commit/059eabcc0ada81078a898cdc25cf72bf3d506ad0
@@ -32181,8 +32314,8 @@ CVE-2020-28900
RESERVED
CVE-2020-28899 (The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does ...)
NOT-FOR-US: ZyXEL
-CVE-2020-28898
- RESERVED
+CVE-2020-28898 (In QED ResourceXpress through 4.9k, a large numeric or alphanumeric va ...)
+ TODO: check
CVE-2020-28897
RESERVED
CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $s ...)
@@ -33828,10 +33961,10 @@ CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_
NOT-FOR-US: PrusaSlicer
CVE-2020-28594
RESERVED
-CVE-2020-28593
- RESERVED
-CVE-2020-28592
- RESERVED
+CVE-2020-28593 (A unauthenticated backdoor exists in the configuration server function ...)
+ TODO: check
+CVE-2020-28592 (A heap-based buffer overflow vulnerability exists in the configuration ...)
+ TODO: check
CVE-2020-28591 (An out-of-bounds read vulnerability exists in the AMF File AMFParserCo ...)
- slic3r 1.3.0+dfsg1-4 (bug #985620)
[stretch] - slic3r <not-affected> (Vulnerable code not present)
@@ -35736,8 +35869,8 @@ CVE-2021-0490
RESERVED
CVE-2021-0489
RESERVED
-CVE-2021-0488
- RESERVED
+CVE-2021-0488 (In pb_write of pb_encode.c, there is a possible out of bounds write du ...)
+ TODO: check
CVE-2021-0487
RESERVED
CVE-2021-0486
@@ -39437,12 +39570,12 @@ CVE-2020-27241
RESERVED
CVE-2020-27240
RESERVED
-CVE-2020-27239
- RESERVED
-CVE-2020-27238
- RESERVED
-CVE-2020-27237
- RESERVED
+CVE-2020-27239 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
+ TODO: check
+CVE-2020-27238 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
+ TODO: check
+CVE-2020-27237 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
+ TODO: check
CVE-2020-27236 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
NOT-FOR-US: OpenClinic
CVE-2020-27235 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
@@ -87746,8 +87879,8 @@ CVE-2020-7310 (Privilege Escalation vulnerability in the installer in McAfee McA
NOT-FOR-US: McAfee
CVE-2020-7309 (Cross Site Scripting vulnerability in ePO extension in McAfee Applicat ...)
NOT-FOR-US: McAfee
-CVE-2020-7308
- RESERVED
+CVE-2020-7308 (Cleartext Transmission of Sensitive Information between McAfee Endpoin ...)
+ TODO: check
CVE-2020-7307 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...)
NOT-FOR-US: McAfee
CVE-2020-7306 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...)
@@ -87822,10 +87955,10 @@ CVE-2020-7272
RESERVED
CVE-2020-7271
RESERVED
-CVE-2020-7270
- RESERVED
-CVE-2020-7269
- RESERVED
+CVE-2020-7270 (Exposure of Sensitive Information in the web interface in McAfee Advan ...)
+ TODO: check
+CVE-2020-7269 (Exposure of Sensitive Information in the web interface in McAfee Advan ...)
+ TODO: check
CVE-2020-7268 (Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prio ...)
NOT-FOR-US: McAfee
CVE-2020-7267 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3fea32615669069a50f37a3919f8816bc5611c7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3fea32615669069a50f37a3919f8816bc5611c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210415/b004b5e5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list