[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 19 21:10:33 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7fe52363 by security tracker role at 2021-04-19T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-3508
+ RESERVED
+CVE-2021-3507
+ RESERVED
+CVE-2021-3506
+ RESERVED
CVE-2021-XXXX [xscreensaver allows starting external programs with cap_net_raw]
- xscreensaver <unfixed> (bug #987149)
[buster] - xscreensaver <no-dsa> (Minor issue)
@@ -533,24 +539,24 @@ CVE-2021-31264
RESERVED
CVE-2021-31263
RESERVED
-CVE-2021-31262
- RESERVED
-CVE-2021-31261
- RESERVED
-CVE-2021-31260
- RESERVED
-CVE-2021-31259
- RESERVED
-CVE-2021-31258
- RESERVED
-CVE-2021-31257
- RESERVED
-CVE-2021-31256
- RESERVED
-CVE-2021-31255
- RESERVED
-CVE-2021-31254
- RESERVED
+CVE-2021-31262 (The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cau ...)
+ TODO: check
+CVE-2021-31261 (The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to rea ...)
+ TODO: check
+CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to cause a deni ...)
+ TODO: check
+CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allo ...)
+ TODO: check
+CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers ...)
+ TODO: check
+CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause a denial ...)
+ TODO: check
+CVE-2021-31256 (Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0. ...)
+ TODO: check
+CVE-2021-31255 (Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 ...)
+ TODO: check
+CVE-2021-31254 (Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 ...)
+ TODO: check
CVE-2021-31253
RESERVED
CVE-2021-31252
@@ -4495,18 +4501,18 @@ CVE-2021-29460
RESERVED
CVE-2021-29459
RESERVED
-CVE-2021-29458
- RESERVED
-CVE-2021-29457
- RESERVED
+CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ TODO: check
+CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ TODO: check
CVE-2021-29456
RESERVED
-CVE-2021-29455
- RESERVED
+CVE-2021-29455 (Grassroot Platform is an application to make it faster, cheaper and ea ...)
+ TODO: check
CVE-2021-29454
RESERVED
-CVE-2021-29453
- RESERVED
+CVE-2021-29453 (matrix-media-repo is an open-source multi-domain media repository for ...)
+ TODO: check
CVE-2021-29452 (a12n-server is an npm package which aims to provide a simple authentic ...)
NOT-FOR-US: Node a12n-server
CVE-2021-29451 (Portofino is an open source web development framework. Portofino befor ...)
@@ -4547,8 +4553,8 @@ CVE-2021-29436 (Anuko Time Tracker is an open source, web-based time tracking ap
NOT-FOR-US: Anuko Time Tracker
CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin framewo ...)
NOT-FOR-US: trestle-auth
-CVE-2021-29434
- RESERVED
+CVE-2021-29434 (Wagtail is a Django content management system. In affected versions of ...)
+ TODO: check
CVE-2021-29433 (### Impact Missing input validation of some parameters on the endpoint ...)
NOT-FOR-US: Matrix Sydent
CVE-2021-29432 (Sydent is a reference matrix identity server. A malicious user could a ...)
@@ -4615,7 +4621,7 @@ CVE-2021-3473 (An internal product security audit of Lenovo XClarity Controller
NOT-FOR-US: Lenovo XClarity Controller (XCC)
CVE-2021-3472 [Fix XChangeFeedbackControl() request underflow]
RESERVED
- {DLA-2627-1}
+ {DSA-4893-1 DLA-2627-1}
- xorg-server 2:1.20.11-1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
NOTE: https://lists.x.org/archives/xorg-announce/2021-April/003080.html
@@ -4667,8 +4673,8 @@ CVE-2021-29401
RESERVED
CVE-2021-29400
RESERVED
-CVE-2021-29399
- RESERVED
+CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...)
+ TODO: check
CVE-2021-29398
RESERVED
CVE-2021-29397
@@ -10084,16 +10090,16 @@ CVE-2021-27033
RESERVED
CVE-2021-27032
RESERVED
-CVE-2021-27031
- RESERVED
-CVE-2021-27030
- RESERVED
-CVE-2021-27029
- RESERVED
-CVE-2021-27028
- RESERVED
-CVE-2021-27027
- RESERVED
+CVE-2021-27031 (A user may be tricked into opening a malicious FBX file which may expl ...)
+ TODO: check
+CVE-2021-27030 (A user may be tricked into opening a malicious FBX file which may expl ...)
+ TODO: check
+CVE-2021-27029 (The user may be tricked into opening a malicious FBX file which may ex ...)
+ TODO: check
+CVE-2021-27028 (A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 ...)
+ TODO: check
+CVE-2021-27027 (A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review versio ...)
+ TODO: check
CVE-2021-27026
RESERVED
CVE-2021-27025
@@ -17395,7 +17401,7 @@ CVE-2021-23962 (Incorrect use of the '<RowCountChanged>' method could have
CVE-2021-23961 (Further techniques that built on the slipstream research combined with ...)
- firefox 85.0-1
- firefox-esr <unfixed>
- - thunderbird <unfixed>
+ - thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23961
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23961
@@ -21718,8 +21724,8 @@ CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manage
NOT-FOR-US: vRealize Operations Manager API (Vmware)
CVE-2021-21982 (VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an aut ...)
NOT-FOR-US: VMware Carbon Black Cloud Workload appliance
-CVE-2021-21981
- RESERVED
+CVE-2021-21981 (VMware NSX-T contains a privilege escalation vulnerability due to an i ...)
+ TODO: check
CVE-2021-21980
RESERVED
CVE-2021-21979 (In Bitnami Containers, all Laravel container versions prior to: 6.20.0 ...)
@@ -25318,8 +25324,8 @@ CVE-2021-21072 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out
NOT-FOR-US: Adobe
CVE-2021-21071 (Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Cor ...)
NOT-FOR-US: Adobe
-CVE-2021-21070
- RESERVED
+CVE-2021-21070 (Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncont ...)
+ TODO: check
CVE-2021-21069 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...)
NOT-FOR-US: Adobe
CVE-2021-21068 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...)
@@ -25525,14 +25531,14 @@ CVE-2021-20994
RESERVED
CVE-2021-20993
RESERVED
-CVE-2021-20992
- RESERVED
-CVE-2021-20991
- RESERVED
-CVE-2021-20990
- RESERVED
-CVE-2021-20989
- RESERVED
+CVE-2021-20992 (In Fibaro Home Center 2 and Lite devices in all versions provide a web ...)
+ TODO: check
+CVE-2021-20991 (In Fibaro Home Center 2 and Lite devices with firmware version 4.540 a ...)
+ TODO: check
+CVE-2021-20990 (In Fibaro Home Center 2 and Lite devices with firmware version 4.600 a ...)
+ TODO: check
+CVE-2021-20989 (Fibaro Home Center 2 and Lite devices with firmware version 4.600 and ...)
+ TODO: check
CVE-2021-20988
RESERVED
CVE-2021-20987 (A denial of service and memory corruption vulnerability was found in H ...)
@@ -26455,8 +26461,8 @@ CVE-2021-20529
RESERVED
CVE-2021-20528
RESERVED
-CVE-2021-20527
- RESERVED
+CVE-2021-20527 (IBM Resilient SOAR V38.0 could allow a privileged user to create creat ...)
+ TODO: check
CVE-2021-20526
RESERVED
CVE-2021-20525
@@ -37017,8 +37023,8 @@ CVE-2020-28143
RESERVED
CVE-2020-28142
RESERVED
-CVE-2020-28141
- RESERVED
+CVE-2020-28141 (The messaging subsystem in the Online Discussion Forum 1.0 is vulnerab ...)
+ TODO: check
CVE-2020-28140 (SourceCodester Online Clothing Store 1.0 is affected by an arbitrary f ...)
NOT-FOR-US: SourceCodester Online Clothing Store
CVE-2020-28139 (SourceCodester Online Clothing Store 1.0 is affected by a cross-site s ...)
@@ -87033,8 +87039,8 @@ CVE-2020-7853 (An outbound read/write vulnerability exists in XPLATFORM that doe
NOT-FOR-US: XPLATFORM
CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...)
NOT-FOR-US: DaviewIndy
-CVE-2020-7851
- RESERVED
+CVE-2020-7851 (Innorix Web-Based File Transfer Solution versuibs prior to and includi ...)
+ TODO: check
CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerabilit ...)
NOT-FOR-US: NBBDownloader.ocx ActiveX Control in Groupware
CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...)
@@ -87710,9 +87716,9 @@ CVE-2020-7554 (A CWE-119 Improper Restriction of Operations within the Bounds of
NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7553 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition ...)
NOT-FOR-US: IGSS Definition (Def.exe)
-CVE-2020-7552 (A CWE-119 Improper Restriction of Operations within the Bounds of a Me ...)
+CVE-2020-7552 (A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition ...)
NOT-FOR-US: IGSS Definition (Def.exe)
-CVE-2020-7551 (A CWE-119 Improper Restriction of Operations within the Bounds of a Me ...)
+CVE-2020-7551 (A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition ...)
NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7550 (A CWE-119 Improper Restriction of Operations within the Bounds of a Me ...)
NOT-FOR-US: IGSS Definition (Def.exe)
@@ -87816,7 +87822,7 @@ CVE-2020-7501 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in
NOT-FOR-US: Schneider
CVE-2020-7500 (A CWE-89:Improper Neutralization of Special Elements used in an SQL Co ...)
NOT-FOR-US: Schneider
-CVE-2020-7499 (A CWE-284:Improper Access Control vulnerability exists in U.motion Ser ...)
+CVE-2020-7499 (A CWE-863: Incorrect Authorization vulnerability exists in U.motion Se ...)
NOT-FOR-US: Schneider
CVE-2020-7498 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in the U ...)
NOT-FOR-US: Schneider
@@ -145219,9 +145225,9 @@ CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions v
NOT-FOR-US: Modicon
CVE-2019-6856 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: Modicon
-CVE-2019-6855 (An Improper Authorization - CWE-285 vulnerability exists in EcoStruxur ...)
+CVE-2019-6855 (ÊA CWE-863: Incorrect Authorization vulnerability exists in EcoSt ...)
NOT-FOR-US: EcoStruxure Control Expert
-CVE-2019-6854 (A CWE-264 Permissions, Privileges, and Access Controls vulnerability e ...)
+CVE-2019-6854 (A CWE-287: Improper Authentication vulnerability exists in a folder wi ...)
NOT-FOR-US: EcoStruxure Geo SCADA Expert
CVE-2019-6853 (A CWE-79: Failure to Preserve Web Page Structure vulnerability exists ...)
NOT-FOR-US: Andover Continuum
@@ -145233,25 +145239,25 @@ CVE-2019-6850 (A CWE-200: Information Exposure vulnerability exists in Modicon M
NOT-FOR-US: Modicon
CVE-2019-6849 (A CWE-200: Information Exposure vulnerability exists in Modicon M580, ...)
NOT-FOR-US: Modicon
-CVE-2019-6848 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6848 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
-CVE-2019-6847 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6847 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
CVE-2019-6846 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...)
NOT-FOR-US: Modicon
CVE-2019-6845 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...)
NOT-FOR-US: Modicon
-CVE-2019-6844 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6844 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
-CVE-2019-6843 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6843 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
-CVE-2019-6842 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6842 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
-CVE-2019-6841 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6841 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
CVE-2019-6840 (A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6 ...)
NOT-FOR-US: Schneider
-CVE-2019-6839 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
+CVE-2019-6839 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
NOT-FOR-US: Schneider
CVE-2019-6838 (A CWE-863: Incorrect Authorization vulnerability exists in U.motion Se ...)
NOT-FOR-US: Schneider
@@ -145301,7 +145307,7 @@ CVE-2019-6816 (In Modicon Quantum all firmware versions, a CWE-94: Code Injectio
NOT-FOR-US: Schneider Electric
CVE-2019-6815 (In Modicon Quantum all firmware versions, CWE-264: Permissions, Privil ...)
NOT-FOR-US: Schneider Electric
-CVE-2019-6814 (An Improper Access Control: CWE-284 vulnerability exists in the NET55X ...)
+CVE-2019-6814 (A CWE-287: Improper Authentication vulnerability exists in the NET55XX ...)
NOT-FOR-US: Schneider Electric
CVE-2019-6813 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: Schneider
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fe5236320d8c9cec64cefaf24d666864c445e05
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fe5236320d8c9cec64cefaf24d666864c445e05
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210419/ce6fd3c0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list