[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 29 21:10:32 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
479aab6f by security tracker role at 2021-04-29T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2021-31918
+ RESERVED
+CVE-2021-31917
+ RESERVED
+CVE-2021-31916
+ RESERVED
+CVE-2021-31915
+ RESERVED
+CVE-2021-31914
+ RESERVED
+CVE-2021-31913
+ RESERVED
+CVE-2021-31912
+ RESERVED
+CVE-2021-31911
+ RESERVED
+CVE-2021-31910
+ RESERVED
+CVE-2021-31909
+ RESERVED
+CVE-2021-31908
+ RESERVED
+CVE-2021-31907
+ RESERVED
+CVE-2021-31906
+ RESERVED
+CVE-2021-31905
+ RESERVED
+CVE-2021-31904
+ RESERVED
+CVE-2021-31903
+ RESERVED
+CVE-2021-31902
+ RESERVED
+CVE-2021-31901
+ RESERVED
+CVE-2021-31900
+ RESERVED
+CVE-2021-31899
+ RESERVED
+CVE-2021-31898
+ RESERVED
+CVE-2021-31897
+ RESERVED
+CVE-2021-31896
+ RESERVED
+CVE-2021-31895
+ RESERVED
+CVE-2021-31894
+ RESERVED
+CVE-2021-31893
+ RESERVED
+CVE-2021-31892
+ RESERVED
+CVE-2021-31891
+ RESERVED
+CVE-2021-31890
+ RESERVED
+CVE-2021-31889
+ RESERVED
+CVE-2021-31888
+ RESERVED
+CVE-2021-31887
+ RESERVED
+CVE-2021-31886
+ RESERVED
+CVE-2021-31885
+ RESERVED
+CVE-2021-31884
+ RESERVED
+CVE-2021-31883
+ RESERVED
+CVE-2021-31882
+ RESERVED
+CVE-2021-31881
+ RESERVED
+CVE-2021-31880
+ RESERVED
CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a ...)
- wget <unfixed>
NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
@@ -1020,50 +1098,50 @@ CVE-2021-31440
RESERVED
CVE-2021-31439
RESERVED
-CVE-2021-31438
- RESERVED
-CVE-2021-31437
- RESERVED
-CVE-2021-31436
- RESERVED
-CVE-2021-31435
- RESERVED
-CVE-2021-31434
- RESERVED
-CVE-2021-31433
- RESERVED
-CVE-2021-31432
- RESERVED
-CVE-2021-31431
- RESERVED
-CVE-2021-31430
- RESERVED
-CVE-2021-31429
- RESERVED
-CVE-2021-31428
- RESERVED
-CVE-2021-31427
- RESERVED
-CVE-2021-31426
- RESERVED
-CVE-2021-31425
- RESERVED
-CVE-2021-31424
- RESERVED
-CVE-2021-31423
- RESERVED
-CVE-2021-31422
- RESERVED
-CVE-2021-31421
- RESERVED
-CVE-2021-31420
- RESERVED
-CVE-2021-31419
- RESERVED
-CVE-2021-31418
- RESERVED
-CVE-2021-31417
- RESERVED
+CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-31436 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-31435 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-31434 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-31433 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-31432 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
+CVE-2021-31431 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
+CVE-2021-31430 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
+CVE-2021-31429 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-31428 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-31427 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
+CVE-2021-31426 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-31425 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-31424 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-31423 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
+CVE-2021-31422 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-31421 (This vulnerability allows local attackers to delete arbitrary files on ...)
+ TODO: check
+CVE-2021-31420 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-31419 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
+CVE-2021-31418 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
+CVE-2021-31417 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
CVE-2021-3501 [userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run]
RESERVED
- linux <unfixed>
@@ -3620,28 +3698,28 @@ CVE-2021-30236
RESERVED
CVE-2021-30235
RESERVED
-CVE-2021-30234
- RESERVED
-CVE-2021-30233
- RESERVED
-CVE-2021-30232
- RESERVED
-CVE-2021-30231
- RESERVED
-CVE-2021-30230
- RESERVED
-CVE-2021-30229
- RESERVED
-CVE-2021-30228
- RESERVED
-CVE-2021-30227
- RESERVED
+CVE-2021-30234 (The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 ...)
+ TODO: check
+CVE-2021-30233 (The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 r ...)
+ TODO: check
+CVE-2021-30232 (The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF- ...)
+ TODO: check
+CVE-2021-30231 (The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 rou ...)
+ TODO: check
+CVE-2021-30230 (The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao ...)
+ TODO: check
+CVE-2021-30229 (The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router ...)
+ TODO: check
+CVE-2021-30228 (The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao W ...)
+ TODO: check
+CVE-2021-30227 (Cross Site Scripting (XSS) vulnerability in the article comments featu ...)
+ TODO: check
CVE-2021-30226
RESERVED
CVE-2021-30225
RESERVED
-CVE-2021-30224
- RESERVED
+CVE-2021-30224 (Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attacke ...)
+ TODO: check
CVE-2021-30223
RESERVED
CVE-2021-30222
@@ -3650,10 +3728,10 @@ CVE-2021-30221
RESERVED
CVE-2021-30220
RESERVED
-CVE-2021-30219
- RESERVED
-CVE-2021-30218
- RESERVED
+CVE-2021-30219 (samurai 1.2 has a NULL pointer dereference in printstatus() function i ...)
+ TODO: check
+CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in util.c vi ...)
+ TODO: check
CVE-2021-30217
RESERVED
CVE-2021-30216
@@ -4097,8 +4175,8 @@ CVE-2021-30050
RESERVED
CVE-2021-30049
RESERVED
-CVE-2021-30048
- RESERVED
+CVE-2021-30048 (Directory Traversal in the fileDownload function in com/java2nb/common ...)
+ TODO: check
CVE-2021-30047
RESERVED
CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...)
@@ -4139,8 +4217,8 @@ CVE-2021-30029
RESERVED
CVE-2021-30028
RESERVED
-CVE-2021-30027
- RESERVED
+CVE-2021-30027 (md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger us ...)
+ TODO: check
CVE-2021-30026
RESERVED
CVE-2021-30025
@@ -5409,6 +5487,7 @@ CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write
NOTE: https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b
NOTE: https://github.com/Exiv2/exiv2/commit/f0ff11f044b2c8ddf4792415beb91fd815c633a1
CVE-2021-29472 (Composer is a dependency manager for PHP. URLs for Mercurial repositor ...)
+ {DSA-4907-1}
- composer 2.0.9-2
NOTE: https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx
NOTE: https://github.com/composer/composer/commit/083b73515d1d72bc61c6374440b3f8a37531f8cf
@@ -5749,8 +5828,8 @@ CVE-2021-29352
RESERVED
CVE-2021-29351
RESERVED
-CVE-2021-29350
- RESERVED
+CVE-2021-29350 (SQL injection in the getip function in conn/function.php in 发&# ...)
+ TODO: check
CVE-2021-29349 (Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that all ...)
- mahara <removed>
CVE-2021-29348
@@ -6206,28 +6285,28 @@ CVE-2021-29149
RESERVED
CVE-2021-29148
RESERVED
-CVE-2021-29147
- RESERVED
-CVE-2021-29146
- RESERVED
-CVE-2021-29145
- RESERVED
-CVE-2021-29144
- RESERVED
+CVE-2021-29147 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-29146 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
+ TODO: check
+CVE-2021-29145 (A remote server side request forgery (SSRF) remote code execution vuln ...)
+ TODO: check
+CVE-2021-29144 (A remote disclosure of sensitive information vulnerability was discove ...)
+ TODO: check
CVE-2021-29143
RESERVED
-CVE-2021-29142
- RESERVED
-CVE-2021-29141
- RESERVED
-CVE-2021-29140
- RESERVED
-CVE-2021-29139
- RESERVED
-CVE-2021-29138
- RESERVED
-CVE-2021-29137
- RESERVED
+CVE-2021-29142 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
+ TODO: check
+CVE-2021-29141 (A remote disclosure of sensitive information vulnerability was discove ...)
+ TODO: check
+CVE-2021-29140 (A remote XML external entity (XXE) vulnerability was discovered in Aru ...)
+ TODO: check
+CVE-2021-29139 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
+ TODO: check
+CVE-2021-29138 (A remote disclosure of privileged information vulnerability was discov ...)
+ TODO: check
+CVE-2021-29137 (A remote URL redirection vulnerability was discovered in Aruba AirWave ...)
+ TODO: check
CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers to overw ...)
- umoci 0.4.7+ds-1
[buster] - umoci <no-dsa> (Minor issue)
@@ -6768,8 +6847,8 @@ CVE-2021-28901
RESERVED
CVE-2021-28900
RESERVED
-CVE-2021-28899
- RESERVED
+CVE-2021-28899 (Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileS ...)
+ TODO: check
CVE-2021-28898
RESERVED
CVE-2021-28897
@@ -8122,8 +8201,8 @@ CVE-2021-28282
RESERVED
CVE-2021-28281
RESERVED
-CVE-2021-28280
- RESERVED
+CVE-2021-28280 (CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFu ...)
+ TODO: check
CVE-2021-28279
RESERVED
CVE-2021-28278
@@ -8274,6 +8353,7 @@ CVE-2021-28212
RESERVED
CVE-2021-28211 [possible heap corruption with LzmaUefiDecompressGetInfo]
RESERVED
+ {DLA-2645-1}
- edk2 2020.11-1
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1816
@@ -8281,6 +8361,7 @@ CVE-2021-28211 [possible heap corruption with LzmaUefiDecompressGetInfo]
NOTE: https://github.com/tianocore/edk2/commit/e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0
CVE-2021-28210 [unlimited FV recursion, round 2]
RESERVED
+ {DLA-2645-1}
- edk2 2020.11-1
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1743
@@ -9357,7 +9438,7 @@ CVE-2021-27805
CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. ...)
- jpeg-xl <itp> (bug #948862)
CVE-2021-27802
- RESERVED
+ REJECTED
CVE-2021-27801
RESERVED
CVE-2021-27800
@@ -9688,8 +9769,8 @@ CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega pl
NOT-FOR-US: Pega
CVE-2021-27652
RESERVED
-CVE-2021-27651
- RESERVED
+CVE-2021-27651 (In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset f ...)
+ TODO: check
CVE-2021-3415
RESERVED
CVE-2021-27650
@@ -14276,12 +14357,12 @@ CVE-2021-25814
RESERVED
CVE-2021-25813
RESERVED
-CVE-2021-25812
- RESERVED
-CVE-2021-25811
- RESERVED
-CVE-2021-25810
- RESERVED
+CVE-2021-25812 (Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 v ...)
+ TODO: check
+CVE-2021-25811 (MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a craf ...)
+ TODO: check
+CVE-2021-25810 (Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0. ...)
+ TODO: check
CVE-2021-25809
RESERVED
CVE-2021-25808
@@ -15810,16 +15891,16 @@ CVE-2021-25169 (The Baseboard Management Controller (BMC) firmware in HPE Apollo
NOT-FOR-US: HPE
CVE-2021-25168 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
NOT-FOR-US: HPE
-CVE-2021-25167
- RESERVED
-CVE-2021-25166
- RESERVED
+CVE-2021-25167 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
+ TODO: check
+CVE-2021-25166 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
+ TODO: check
CVE-2021-25165 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
NOT-FOR-US: Aruba
CVE-2021-25164 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
NOT-FOR-US: Aruba
-CVE-2021-25163
- RESERVED
+CVE-2021-25163 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
+ TODO: check
CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was discovered ...)
NOT-FOR-US: Aruba
CVE-2021-25161 (A remote cross-site scripting (xss) vulnerability was discovered in so ...)
@@ -25170,15 +25251,15 @@ CVE-2021-21419
RESERVED
CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...)
NOT-FOR-US: PrestaShop
-CVE-2021-21417
- RESERVED
+CVE-2021-21417 (fluidsynth is a software synthesizer based on the SoundFont 2 specific ...)
+ TODO: check
CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...)
- python-django-registration <unfixed> (bug #987366)
[stretch] - python-django-registration <no-dsa> (Minor issue)
NOTE: https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh
NOTE: https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c
-CVE-2021-21415
- RESERVED
+CVE-2021-21415 (Prisma VS Code a VSCode extension for Prisma schema files. This is a R ...)
+ TODO: check
CVE-2021-21414 (Prisma is an open source ORM for Node.js & TypeScript. As of today ...)
NOT-FOR-US: Prisma
CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...)
@@ -25245,8 +25326,8 @@ CVE-2021-21390 (MinIO is an open-source high performance object storage service
NOT-FOR-US: MinIO
CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...)
NOT-FOR-US: BuddyPress WordPress plugin
-CVE-2021-21388
- RESERVED
+CVE-2021-21388 (systeminformation is an open source system and OS information library ...)
+ TODO: check
CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...)
NOT-FOR-US: Wrongthink
CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for URIs, end ...)
@@ -28037,8 +28118,7 @@ CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A cra
CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3]
RESERVED
- qemu <not-affected> (RHEL 8.3 specific security regression)
-CVE-2021-20294
- RESERVED
+CVE-2021-20294 (A flaw was found in binutils readelf 2.35 program. An attacker who is ...)
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26929
NOTE: binutils not covered by security support
@@ -28373,8 +28453,7 @@ CVE-2021-20230 (A flaw was found in stunnel before 5.57, where it improperly val
CVE-2021-20229 (A flaw was found in PostgreSQL in versions before 13.2, before 12.6, b ...)
- postgresql-13 13.2-1
NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
-CVE-2021-20228 [basic.py no_log with fallback option]
- RESERVED
+CVE-2021-20228 (A flaw was found in the Ansible Engine 2.9.18, where sensitive info is ...)
- ansible 2.10.7+merged+base+2.10.8+dfsg-1
- ansible-base <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002
@@ -28793,18 +28872,18 @@ CVE-2021-20097
RESERVED
CVE-2021-20096
RESERVED
-CVE-2021-20095
- RESERVED
+CVE-2021-20095 (Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbi ...)
+ TODO: check
CVE-2021-20094
RESERVED
CVE-2021-20093
RESERVED
-CVE-2021-20092
- RESERVED
-CVE-2021-20091
- RESERVED
-CVE-2021-20090
- RESERVED
+CVE-2021-20092 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...)
+ TODO: check
+CVE-2021-20091 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...)
+ TODO: check
+CVE-2021-20090 (A path traversal vulnerability in the web interfaces of Buffalo WSR-25 ...)
+ TODO: check
CVE-2021-20089 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
NOT-FOR-US: purl javascript URL parser (different from src:purl)
CVE-2021-20088 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
@@ -29381,8 +29460,8 @@ CVE-2020-35432
RESERVED
CVE-2020-35431
RESERVED
-CVE-2020-35430
- RESERVED
+CVE-2020-35430 (SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemCon ...)
+ TODO: check
CVE-2020-35429
RESERVED
CVE-2020-35428
@@ -34531,14 +34610,14 @@ CVE-2021-1506
RESERVED
CVE-2021-1505
RESERVED
-CVE-2021-1504
- RESERVED
+CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
+ TODO: check
CVE-2021-1503
RESERVED
CVE-2021-1502
RESERVED
-CVE-2021-1501
- RESERVED
+CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive Securit ...)
+ TODO: check
CVE-2021-1500
RESERVED
CVE-2021-1499
@@ -34549,22 +34628,22 @@ CVE-2021-1497
RESERVED
CVE-2021-1496
RESERVED
-CVE-2021-1495
- RESERVED
+CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
+ TODO: check
CVE-2021-1494
RESERVED
-CVE-2021-1493
- RESERVED
+CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ TODO: check
CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...)
NOT-FOR-US: Duo Authentication Proxy
CVE-2021-1491
RESERVED
CVE-2021-1490
RESERVED
-CVE-2021-1489
- RESERVED
-CVE-2021-1488
- RESERVED
+CVE-2021-1489 (A vulnerability in filesystem usage management for Cisco Firepower Dev ...)
+ TODO: check
+CVE-2021-1488 (A vulnerability in the upgrade process of Cisco Adaptive Security Appl ...)
+ TODO: check
CVE-2021-1487
RESERVED
CVE-2021-1486
@@ -34585,10 +34664,10 @@ CVE-2021-1479 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could a
NOT-FOR-US: Cisco
CVE-2021-1478
RESERVED
-CVE-2021-1477
- RESERVED
-CVE-2021-1476
- RESERVED
+CVE-2021-1477 (A vulnerability in an access control mechanism of Cisco Firepower Mana ...)
+ TODO: check
+CVE-2021-1476 (A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
CVE-2021-1475 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...)
NOT-FOR-US: Cisco
CVE-2021-1474 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...)
@@ -34623,14 +34702,14 @@ CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco 8
NOT-FOR-US: Cisco
CVE-2021-1459 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
-CVE-2021-1458
- RESERVED
-CVE-2021-1457
- RESERVED
-CVE-2021-1456
- RESERVED
-CVE-2021-1455
- RESERVED
+CVE-2021-1458 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1457 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1456 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1455 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2021-1454 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...)
NOT-FOR-US: Cisco
CVE-2021-1453 (A vulnerability in the software image verification functionality of Ci ...)
@@ -34643,14 +34722,14 @@ CVE-2021-1450 (A vulnerability in the interprocess communication (IPC) channel o
NOT-FOR-US: Cisco
CVE-2021-1449 (A vulnerability in the boot logic of Cisco Access Points Software coul ...)
NOT-FOR-US: Cisco
-CVE-2021-1448
- RESERVED
+CVE-2021-1448 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
+ TODO: check
CVE-2021-1447
RESERVED
CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG) functionali ...)
NOT-FOR-US: Cisco
-CVE-2021-1445
- RESERVED
+CVE-2021-1445 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
+ TODO: check
CVE-2021-1444
RESERVED
CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
@@ -34741,8 +34820,8 @@ CVE-2021-1404 (A vulnerability in the PDF parsing module in Clam AntiVirus (Clam
NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
NOT-FOR-US: Cisco
-CVE-2021-1402
- RESERVED
+CVE-2021-1402 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...)
+ TODO: check
CVE-2021-1401
RESERVED
CVE-2021-1400
@@ -34807,8 +34886,8 @@ CVE-2021-1371 (A vulnerability in the role-based access control of Cisco IOS XE
NOT-FOR-US: Cisco
CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...)
NOT-FOR-US: Cisco
-CVE-2021-1369
- RESERVED
+CVE-2021-1369 (A vulnerability in the REST API of Cisco Firepower Device Manager (FDM ...)
+ TODO: check
CVE-2021-1368 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...)
NOT-FOR-US: Cisco
CVE-2021-1367 (A vulnerability in the Protocol Independent Multicast (PIM) feature of ...)
@@ -35033,8 +35112,8 @@ CVE-2021-1258 (A vulnerability in the upgrade component of Cisco AnyConnect Secu
NOT-FOR-US: Cisco
CVE-2021-1257 (A vulnerability in the web-based management interface of Cisco DNA Cen ...)
NOT-FOR-US: Cisco
-CVE-2021-1256
- RESERVED
+CVE-2021-1256 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
+ TODO: check
CVE-2021-1255 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
NOT-FOR-US: Cisco
CVE-2021-1254
@@ -35525,22 +35604,22 @@ CVE-2021-1089
RESERVED
CVE-2021-1088
RESERVED
-CVE-2021-1087
- RESERVED
-CVE-2021-1086
- RESERVED
-CVE-2021-1085
- RESERVED
-CVE-2021-1084
- RESERVED
-CVE-2021-1083
- RESERVED
-CVE-2021-1082
- RESERVED
-CVE-2021-1081
- RESERVED
-CVE-2021-1080
- RESERVED
+CVE-2021-1087 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...)
+ TODO: check
+CVE-2021-1086 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...)
+ TODO: check
+CVE-2021-1085 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...)
+ TODO: check
+CVE-2021-1084 (NVIDIA vGPU driver contains a vulnerability in the guest kernel mode d ...)
+ TODO: check
+CVE-2021-1083 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ TODO: check
+CVE-2021-1082 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
+CVE-2021-1081 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ TODO: check
+CVE-2021-1080 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
CVE-2021-1079 (NVIDIA GeForce Experience, all versions prior to 3.22, contains a vuln ...)
NOT-FOR-US: NVIDIA
CVE-2021-1078 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...)
@@ -44916,7 +44995,7 @@ CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux kernel's
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.freedesktop.org/archives/nouveau/2020-August/036682.html
CVE-2020-25638 (A flaw was found in hibernate-core in versions prior to and including ...)
- {DLA-2512-1}
+ {DSA-4908-1 DLA-2512-1}
- libhibernate3-java 3.6.10.Final-11
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1881353
NOTE: Fixed by https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78
@@ -51015,10 +51094,10 @@ CVE-2020-22810
RESERVED
CVE-2020-22809
RESERVED
-CVE-2020-22808
- RESERVED
-CVE-2020-22807
- RESERVED
+CVE-2020-22808 (An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulne ...)
+ TODO: check
+CVE-2020-22807 (An issue was dicovered in vtiger crm 7.2. Union sql injection in the c ...)
+ TODO: check
CVE-2020-22806
RESERVED
CVE-2020-22805
@@ -52629,8 +52708,8 @@ CVE-2020-22004
RESERVED
CVE-2020-22003
RESERVED
-CVE-2020-22002
- RESERVED
+CVE-2020-22002 (An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability ex ...)
+ TODO: check
CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass vulnerabili ...)
NOT-FOR-US: HomeAutomation
CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command executio ...)
@@ -52639,22 +52718,22 @@ CVE-2020-21999
RESERVED
CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter ...)
NOT-FOR-US: HomeAutomation
-CVE-2020-21997
- RESERVED
+CVE-2020-21997 (Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated da ...)
+ TODO: check
CVE-2020-21996 (AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot comm ...)
NOT-FOR-US: AVE DOMINAplus
-CVE-2020-21995
- RESERVED
+CVE-2020-21995 (Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardc ...)
+ TODO: check
CVE-2020-21994 (AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclos ...)
NOT-FOR-US: AVE DOMINAplus
CVE-2020-21993 (In WEMS Limited Enterprise Manager 2.58, input passed to the GET param ...)
NOT-FOR-US: WEMS Limited Enterprise Manager
-CVE-2020-21992
- RESERVED
+CVE-2020-21992 (Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an au ...)
+ TODO: check
CVE-2020-21991 (AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulne ...)
NOT-FOR-US: AVE DOMINAplus
-CVE-2020-21990
- RESERVED
+CVE-2020-21990 (Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0. ...)
+ TODO: check
CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). ...)
NOT-FOR-US: HomeAutomation
CVE-2020-21988
@@ -53732,8 +53811,8 @@ CVE-2020-21454
RESERVED
CVE-2020-21453
RESERVED
-CVE-2020-21452
- RESERVED
+CVE-2020-21452 (An issue was discovered in uniview ISC2500-S. This is an upload vulner ...)
+ TODO: check
CVE-2020-21451
RESERVED
CVE-2020-21450
@@ -54434,8 +54513,8 @@ CVE-2020-21103
RESERVED
CVE-2020-21102
RESERVED
-CVE-2020-21101
- RESERVED
+CVE-2020-21101 (Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versio ...)
+ TODO: check
CVE-2020-21100
RESERVED
CVE-2020-21099
@@ -60595,8 +60674,8 @@ CVE-2020-18034
RESERVED
CVE-2020-18033
RESERVED
-CVE-2020-18032
- RESERVED
+CVE-2020-18032 (Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f ...)
+ TODO: check
CVE-2020-18031
RESERVED
CVE-2020-18030
@@ -122346,10 +122425,12 @@ CVE-2019-14589
CVE-2019-14588
RESERVED
CVE-2019-14587 (Logic issue EDK II may allow an unauthenticated user to potentially en ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
[jessie] - edk2 <end-of-life> (non-free)
CVE-2019-14586 (Use after free vulnerability in EDK II may allow an authenticated user ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
[jessie] - edk2 <end-of-life> (non-free)
@@ -122357,6 +122438,7 @@ CVE-2019-14585
RESERVED
CVE-2019-14584
RESERVED
+ {DLA-2645-1}
- edk2 2020.11-1 (bug #977300)
[buster] - edk2 0~20181115.85588389-3+deb10u3
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1914
@@ -122378,6 +122460,7 @@ CVE-2019-14577
CVE-2019-14576
RESERVED
CVE-2019-14575 (Logic issue in DxeImageVerificationHandler() for EDK II may allow an a ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1 (low; bug #952935)
[buster] - edk2 0~20181115.85588389-3+deb10u1
[jessie] - edk2 <end-of-life> (non-free)
@@ -122405,12 +122488,14 @@ CVE-2019-14565 (Insufficient initialization in Intel(R) SGX SDK Windows versions
CVE-2019-14564
RESERVED
CVE-2019-14563 (Integer truncation in EDK II may allow an authenticated user to potent ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1 (low; bug #952934)
[buster] - edk2 0~20181115.85588389-3+deb10u1
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2001
CVE-2019-14562 (Integer overflow in DxeImageVerificationHandler() EDK II may allow an ...)
+ {DLA-2645-1}
- edk2 2020.05-4 (bug #968819)
[buster] - edk2 0~20181115.85588389-3+deb10u2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869245
@@ -122425,12 +122510,14 @@ CVE-2019-14560 [GetEfiGlobalVariable2() return value not checked]
[stretch] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2167
CVE-2019-14559 (Uncontrolled resource consumption in EDK II may allow an unauthenticat ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1 (bug #952926; low)
[buster] - edk2 0~20181115.85588389-3+deb10u1
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2550
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2031
CVE-2019-14558 (Insufficient control flow management in BIOS firmware for 8th, 9th, 10 ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
[jessie] - edk2 <end-of-life> (non-free)
@@ -165954,6 +166041,7 @@ CVE-2019-0163 (Insufficient input validation in system firmware for Intel(R) Bro
CVE-2019-0162 (Memory access in virtual memory mapping for some microprocessors may a ...)
NOT-FOR-US: F5
CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated user to ...)
+ {DLA-2645-1}
- edk2 0~20180803.dd4cae4d-1 (low)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://github.com/tianocore/edk2/commit/acebdf14c985c5c9f50b37ece0b15ada87767359
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/479aab6f46c8ed1c7de0549193783068a380431a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/479aab6f46c8ed1c7de0549193783068a380431a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210429/a6415b2c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list