[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Apr 28 21:10:39 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a60e246f by security tracker role at 2021-04-28T20:10:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-3522
+	RESERVED
+CVE-2021-3521
+	RESERVED
+CVE-2021-3520
+	RESERVED
+CVE-2021-31869
+	RESERVED
+CVE-2021-31868
+	RESERVED
+CVE-2021-31867
+	RESERVED
 CVE-2021-3519
 	RESERVED
 CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...)
@@ -794,8 +806,7 @@ CVE-2021-31518
 	RESERVED
 CVE-2021-31517
 	RESERVED
-CVE-2021-3508 [infinite loop in get_xref_linear_skipped() in pdf.c]
-	RESERVED
+CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an infinit ...)
 	- pdfresurrect <unfixed> (unimportant)
 	NOTE: https://github.com/enferex/pdfresurrect/issues/17
 	NOTE: https://github.com/enferex/pdfresurrect/commit/7e35d1806e111fd28610ccc86bb33f54792ac370
@@ -3732,14 +3743,14 @@ CVE-2021-30171
 	RESERVED
 CVE-2021-30170
 	RESERVED
-CVE-2021-30169
-	RESERVED
-CVE-2021-30168
-	RESERVED
-CVE-2021-30167
-	RESERVED
-CVE-2021-30166
-	RESERVED
+CVE-2021-30169 (The sensitive information of webcam device is not properly protected.  ...)
+	TODO: check
+CVE-2021-30168 (The sensitive information of webcam device is not properly protected.  ...)
+	TODO: check
+CVE-2021-30167 (The manage users profile services of the network camera device allows  ...)
+	TODO: check
+CVE-2021-30166 (The NTP Server configuration function of the IP camera device is not v ...)
+	TODO: check
 CVE-2021-30165 (The default administrator account & password of the EDIMAX wireles ...)
 	NOT-FOR-US: EDIMAX
 CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...)
@@ -5334,8 +5345,8 @@ CVE-2021-29484
 	RESERVED
 CVE-2021-29483
 	RESERVED
-CVE-2021-29482
-	RESERVED
+CVE-2021-29482 (xz is a compression and decompression library focusing on the xz forma ...)
+	TODO: check
 CVE-2021-29481
 	RESERVED
 CVE-2021-29480
@@ -5616,10 +5627,10 @@ CVE-2021-29390
 	RESERVED
 CVE-2021-29389
 	RESERVED
-CVE-2021-29388
-	RESERVED
-CVE-2021-29387
-	RESERVED
+CVE-2021-29388 (A stored cross-site scripting (XSS) vulnerability in SourceCodester Bu ...)
+	TODO: check
+CVE-2021-29387 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sourceco ...)
+	TODO: check
 CVE-2021-29386
 	RESERVED
 CVE-2021-29385
@@ -6119,8 +6130,8 @@ CVE-2021-29161
 	RESERVED
 CVE-2021-29160
 	RESERVED
-CVE-2021-29159
-	RESERVED
+CVE-2021-29159 (A cross-site scripting (XSS) vulnerability has been discovered in Nexu ...)
+	TODO: check
 CVE-2021-29158 (Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has ...)
 	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2021-29157
@@ -9647,8 +9658,8 @@ CVE-2021-27650
 	RESERVED
 CVE-2021-27649
 	RESERVED
-CVE-2021-27648
-	RESERVED
+CVE-2021-27648 (Externally controlled reference to a resource in another sphere in qua ...)
+	TODO: check
 CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synolo ...)
 	NOT-FOR-US: Synology
 CVE-2021-27646 (Use After Free vulnerability in iscsi_snapshot_comm_core in Synology D ...)
@@ -15771,22 +15782,22 @@ CVE-2021-25156 (A remote arbitrary directory create vulnerability was discovered
 	NOT-FOR-US: Aruba
 CVE-2021-25155 (A remote arbitrary file modification vulnerability was discovered in s ...)
 	NOT-FOR-US: Aruba
-CVE-2021-25154
-	RESERVED
-CVE-2021-25153
-	RESERVED
+CVE-2021-25154 (A remote escalation of privilege vulnerability was discovered in Aruba ...)
+	TODO: check
+CVE-2021-25153 (A remote SQL injection vulnerability was discovered in Aruba AirWave M ...)
+	TODO: check
 CVE-2021-25152
 	RESERVED
-CVE-2021-25151
-	RESERVED
+CVE-2021-25151 (A remote insecure deserialization vulnerability was discovered in Arub ...)
+	TODO: check
 CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was discovered  ...)
 	NOT-FOR-US: Aruba
 CVE-2021-25149 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
 	NOT-FOR-US: Aruba
 CVE-2021-25148 (A remote arbitrary file modification vulnerability was discovered in s ...)
 	NOT-FOR-US: Aruba
-CVE-2021-25147
-	RESERVED
+CVE-2021-25147 (A remote authentication restriction bypass vulnerability was discovere ...)
+	TODO: check
 CVE-2021-25146 (A remote execution of arbitrary commands vulnerability was discovered  ...)
 	NOT-FOR-US: Aruba
 CVE-2021-25145 (A remote unauthorized disclosure of information vulnerability was disc ...)
@@ -19665,8 +19676,8 @@ CVE-2021-23366
 	RESERVED
 CVE-2021-23365 (The package github.com/tyktechnologies/tyk-identity-broker before 1.1. ...)
 	TODO: check
-CVE-2021-23364
-	RESERVED
+CVE-2021-23364 (The package browserslist from 4.0.0 and before 4.16.5 are vulnerable t ...)
+	TODO: check
 CVE-2021-23363 (This affects the package kill-by-port before 0.0.2. If (attacker-contr ...)
 	NOT-FOR-US: Node kill-by-port
 CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to Regular Exp ...)
@@ -21560,8 +21571,8 @@ CVE-2021-22516
 	RESERVED
 CVE-2021-22515
 	RESERVED
-CVE-2021-22514
-	RESERVED
+CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro Focus Applic ...)
+	TODO: check
 CVE-2021-22513 (Missing Authorization vulnerability in Micro Focus Application Automat ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2021-22512 (Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Applica ...)
@@ -21803,8 +21814,8 @@ CVE-2021-22395
 	RESERVED
 CVE-2021-22394
 	RESERVED
-CVE-2021-22393
-	RESERVED
+CVE-2021-22393 (There is a denial of service vulnerability in some versions of CloudEn ...)
+	TODO: check
 CVE-2021-22392
 	RESERVED
 CVE-2021-22391
@@ -21925,18 +21936,18 @@ CVE-2021-22334
 	RESERVED
 CVE-2021-22333
 	RESERVED
-CVE-2021-22332
-	RESERVED
-CVE-2021-22331
-	RESERVED
-CVE-2021-22330
-	RESERVED
+CVE-2021-22332 (There is a pointer double free vulnerability in some versions of Cloud ...)
+	TODO: check
+CVE-2021-22331 (There is a JavaScript injection vulnerability in certain Huawei smartp ...)
+	TODO: check
+CVE-2021-22330 (There is an out of bounds write vulnerability in Huawei Smartphone HUA ...)
+	TODO: check
 CVE-2021-22329
 	RESERVED
 CVE-2021-22328
 	RESERVED
-CVE-2021-22327
-	RESERVED
+CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei smart phone ...)
+	TODO: check
 CVE-2021-22326
 	RESERVED
 CVE-2021-22325
@@ -52561,18 +52572,18 @@ CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET para
 	NOT-FOR-US: HomeAutomation
 CVE-2020-21997
 	RESERVED
-CVE-2020-21996
-	RESERVED
+CVE-2020-21996 (AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot comm ...)
+	TODO: check
 CVE-2020-21995
 	RESERVED
-CVE-2020-21994
-	RESERVED
-CVE-2020-21993
-	RESERVED
+CVE-2020-21994 (AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclos ...)
+	TODO: check
+CVE-2020-21993 (In WEMS Limited Enterprise Manager 2.58, input passed to the GET param ...)
+	TODO: check
 CVE-2020-21992
 	RESERVED
-CVE-2020-21991
-	RESERVED
+CVE-2020-21991 (AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulne ...)
+	TODO: check
 CVE-2020-21990
 	RESERVED
 CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). ...)
@@ -60535,14 +60546,14 @@ CVE-2020-18024
 	RESERVED
 CVE-2020-18023
 	RESERVED
-CVE-2020-18022
-	RESERVED
+CVE-2020-18022 (Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows r ...)
+	TODO: check
 CVE-2020-18021
 	RESERVED
-CVE-2020-18020
-	RESERVED
-CVE-2020-18019
-	RESERVED
+CVE-2020-18020 (SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to ex ...)
+	TODO: check
+CVE-2020-18019 (SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obt ...)
+	TODO: check
 CVE-2020-18018
 	RESERVED
 CVE-2020-18017
@@ -60581,8 +60592,8 @@ CVE-2020-18001
 	RESERVED
 CVE-2020-18000
 	RESERVED
-CVE-2020-17999
-	RESERVED
+CVE-2020-17999 (Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to ...)
+	TODO: check
 CVE-2020-17998
 	RESERVED
 CVE-2020-17997
@@ -89682,8 +89693,8 @@ CVE-2020-7125 (A remote escalation of privilege vulnerability was discovered in
 	NOT-FOR-US: Aruba
 CVE-2020-7124 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
 	NOT-FOR-US: Aruba
-CVE-2020-7123
-	RESERVED
+CVE-2020-7123 (A local escalation of privilege vulnerability was discovered in Aruba  ...)
+	TODO: check
 CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Series  ...)
 	NOT-FOR-US: Aruba
 CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches Series  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a60e246fe00d1b78afa609941fc7ac10af7fbea7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a60e246fe00d1b78afa609941fc7ac10af7fbea7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210428/00c8ace1/attachment.htm>

More information about the debian-security-tracker-commits mailing list