[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 27 21:10:45 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6824b56 by security tracker role at 2021-04-27T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3518
+ RESERVED
+CVE-2021-3517
+ RESERVED
+CVE-2021-3516
+ RESERVED
+CVE-2021-3515
+ RESERVED
+CVE-2021-3514
+ RESERVED
CVE-2021-31829
RESERVED
CVE-2021-31828
@@ -88,6 +98,7 @@ CVE-2020-36325 (An issue was discovered in Jansson through 2.13.1. Due to a pars
- jansson <unfixed>
NOTE: https://github.com/akheron/jansson/issues/548
CVE-2021-31826 (Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointe ...)
+ {DSA-4905-1}
- shibboleth-sp <unfixed> (bug #987608)
NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt
NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927
@@ -155,6 +166,8 @@ CVE-2019-25030
CVE-2019-25029
RESERVED
CVE-2020-13672 [SA-CORE-2021-002]
+ RESERVED
+ {DLA-2637-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2021-002
CVE-2021-31776
@@ -2499,8 +2512,8 @@ CVE-2021-30644
RESERVED
CVE-2021-30643
RESERVED
-CVE-2021-30642
- RESERVED
+CVE-2021-30642 (An input validation flaw in the Symantec Security Analytics web UI 7.2 ...)
+ TODO: check
CVE-2020-36323 (In the standard library in Rust before 1.52.0, there is an optimizatio ...)
- rustc <unfixed>
NOTE: https://github.com/rust-lang/rust/issues/80335
@@ -2584,8 +2597,8 @@ CVE-2018-25007 (Missing check in UIDL request handler in com.vaadin:flow-server
NOT-FOR-US: Vaadin
CVE-2017-20003
REJECTED
-CVE-2021-30638
- RESERVED
+CVE-2021-30638 (Information Exposure vulnerability in context asset handling of Apache ...)
+ TODO: check
CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...)
NOT-FOR-US: htmly
CVE-2021-30636
@@ -4771,10 +4784,10 @@ CVE-2021-29669
RESERVED
CVE-2021-29668
RESERVED
-CVE-2021-29667
- RESERVED
-CVE-2021-29666
- RESERVED
+CVE-2021-29667 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is ...)
+ TODO: check
+CVE-2021-29666 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is ...)
+ TODO: check
CVE-2021-29665
RESERVED
CVE-2021-29664
@@ -6060,8 +6073,8 @@ CVE-2021-29135
RESERVED
CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when ...)
NOT-FOR-US: HID OMNIKEY 5427 and OMNIKEY 5127 readers
-CVE-2021-3464
- RESERVED
+CVE-2021-3464 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...)
+ TODO: check
CVE-2021-3463 (A null pointer dereference vulnerability in Lenovo Power Management Dr ...)
NOT-FOR-US: Lenovo
CVE-2021-3462 (A privilege escalation vulnerability in Lenovo Power Management Driver ...)
@@ -6461,8 +6474,8 @@ CVE-2021-3453
RESERVED
CVE-2021-3452
RESERVED
-CVE-2021-3451
- RESERVED
+CVE-2021-3451 (A denial of service vulnerability was reported in Lenovo PCManager, pr ...)
+ TODO: check
CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security checks of ...)
- openssl 1.1.1k-1
[buster] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h)
@@ -7963,12 +7976,12 @@ CVE-2021-28273
RESERVED
CVE-2021-28272
RESERVED
-CVE-2021-28271
- RESERVED
+CVE-2021-28271 (Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of ...)
+ TODO: check
CVE-2021-28270
RESERVED
-CVE-2021-28269
- RESERVED
+CVE-2021-28269 (Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions ...)
+ TODO: check
CVE-2021-28268
RESERVED
CVE-2021-28267
@@ -8350,8 +8363,7 @@ CVE-2021-28127
RESERVED
CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1 ...)
NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
-CVE-2021-28125
- RESERVED
+CVE-2021-28125 (Apache Superset up to and including 1.0.1 allowed for the creation of ...)
NOT-FOR-US: Apache Superset
CVE-2021-28124 (A man-in-the-middle vulnerability in Cohesity DataPlatform support cha ...)
NOT-FOR-US: Cohesity DataPlatform support channel
@@ -9877,8 +9889,8 @@ CVE-2021-27482
RESERVED
CVE-2021-27481
RESERVED
-CVE-2021-27480
- RESERVED
+CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnera ...)
+ TODO: check
CVE-2021-27479
RESERVED
CVE-2021-27478
@@ -21133,16 +21145,16 @@ CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a sta
NOT-FOR-US: Fatek FvDesigner
CVE-2021-22665 (Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 ...)
NOT-FOR-US: Rockwell Automation
-CVE-2021-22664
- RESERVED
+CVE-2021-22664 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds ...)
+ TODO: check
CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...)
NOT-FOR-US: Cscape
CVE-2021-22662 (A use after free issue has been identified in Fatek FvDesigner Version ...)
NOT-FOR-US: Fatek FvDesigner
CVE-2021-22661 (Changing the password on the module webpage does not require the user ...)
NOT-FOR-US: ProSoft Technology
-CVE-2021-22660
- RESERVED
+CVE-2021-22660 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds ...)
+ TODO: check
CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a ...)
NOT-FOR-US: Rockwell Automation
CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
@@ -27231,10 +27243,10 @@ CVE-2021-20552
RESERVED
CVE-2021-20551
RESERVED
-CVE-2021-20550
- RESERVED
-CVE-2021-20549
- RESERVED
+CVE-2021-20550 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
+ TODO: check
+CVE-2021-20549 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
+ TODO: check
CVE-2021-20548
RESERVED
CVE-2021-20547
@@ -27435,8 +27447,8 @@ CVE-2021-20450
RESERVED
CVE-2021-20449
RESERVED
-CVE-2021-20448
- RESERVED
+CVE-2021-20448 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
+ TODO: check
CVE-2021-20447 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
NOT-FOR-US: IBM
CVE-2021-20446 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...)
@@ -28628,8 +28640,8 @@ CVE-2020-35544
RESERVED
CVE-2020-35543
RESERVED
-CVE-2020-35542
- RESERVED
+CVE-2020-35542 (Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize ...)
+ TODO: check
CVE-2020-35541
RESERVED
CVE-2020-35540
@@ -52386,14 +52398,14 @@ CVE-2020-22003
RESERVED
CVE-2020-22002
RESERVED
-CVE-2020-22001
- RESERVED
-CVE-2020-22000
- RESERVED
+CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass vulnerabili ...)
+ TODO: check
+CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command executio ...)
+ TODO: check
CVE-2020-21999
RESERVED
-CVE-2020-21998
- RESERVED
+CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter ...)
+ TODO: check
CVE-2020-21997
RESERVED
CVE-2020-21996
@@ -52410,12 +52422,12 @@ CVE-2020-21991
RESERVED
CVE-2020-21990
RESERVED
-CVE-2020-21989
- RESERVED
+CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). ...)
+ TODO: check
CVE-2020-21988
RESERVED
-CVE-2020-21987
- RESERVED
+CVE-2020-21987 (HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (X ...)
+ TODO: check
CVE-2020-21986
RESERVED
CVE-2020-21985
@@ -61399,8 +61411,7 @@ CVE-2020-17519 (A change introduced in Apache Flink 1.11.0 (and released in 1.11
NOT-FOR-US: Apache Flink
CVE-2020-17518 (Apache Flink 1.5.1 introduced a REST handler that allows you to write ...)
NOT-FOR-US: Apache Flink
-CVE-2020-17517
- RESERVED
+CVE-2020-17517 (The S3 buckets and keys in a secure Apache Ozone Cluster must be inacc ...)
NOT-FOR-US: Apache Ozone
CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3 ...)
- cassandra <itp> (bug #585905)
@@ -95456,8 +95467,8 @@ CVE-2020-4983 (IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow
NOT-FOR-US: IBM
CVE-2020-4982
RESERVED
-CVE-2020-4981
- RESERVED
+CVE-2020-4981 (IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privile ...)
+ TODO: check
CVE-2020-4980
RESERVED
CVE-2020-4979
@@ -293509,7 +293520,7 @@ CVE-2016-2393 (Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint b
NOT-FOR-US: Lenovo
CVE-2016-2389 (Directory traversal vulnerability in the GetFileList function in the S ...)
NOT-FOR-US: SAP
-CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4 allows remot ...)
+CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allo ...)
NOT-FOR-US: SAP
CVE-2016-2387 (Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy ...)
NOT-FOR-US: SAP
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6824b56e45a683bccaf9a10debf033c00f37196
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6824b56e45a683bccaf9a10debf033c00f37196
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210427/16856e22/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list