[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Apr 30 21:10:36 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
732909f4 by security tracker role at 2021-04-30T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3528
+	RESERVED
+CVE-2021-3527
+	RESERVED
+CVE-2021-3526
+	RESERVED
+CVE-2021-3525
+	RESERVED
+CVE-2021-3524
+	RESERVED
 CVE-2021-3523
 	RESERVED
 CVE-2021-31921
@@ -1568,10 +1578,10 @@ CVE-2021-31234
 	RESERVED
 CVE-2021-31233
 	RESERVED
-CVE-2021-31232
-	RESERVED
-CVE-2021-31231
-	RESERVED
+CVE-2021-31232 (The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosu ...)
+	TODO: check
+CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metric ...)
+	TODO: check
 CVE-2021-31230
 	RESERVED
 CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
@@ -4317,7 +4327,7 @@ CVE-2021-29999 (An issue was discovered in Wind River VxWorks through 6.8. There
 	NOT-FOR-US: Wind River VxWorks
 CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5. There is a p ...)
 	NOT-FOR-US: Wind River VxWorks
-CVE-2021-29997 (XML External Entity Resolution (XXE) in Helix ALM. The XML Import func ...)
+CVE-2021-29997 (An issue was discovered in Wind River VxWorks 7 before 21.03. A specia ...)
 	NOT-FOR-US: Helix ALM
 CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...)
 	NOT-FOR-US: marktext
@@ -5471,8 +5481,8 @@ CVE-2021-29488
 	RESERVED
 CVE-2021-29487
 	RESERVED
-CVE-2021-29486
-	RESERVED
+CVE-2021-29486 (cumulative-distribution-function is an open source npm library used wh ...)
+	TODO: check
 CVE-2021-29485
 	RESERVED
 CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the developmen ...)
@@ -5544,10 +5554,10 @@ CVE-2021-29466 (Discord-Recon is a bot for the Discord chat service. In versions
 	NOT-FOR-US: Discord-Recon
 CVE-2021-29465 (Discord-Recon is a bot for the Discord chat service. Versions of Disco ...)
 	NOT-FOR-US: Discord-Recon
-CVE-2021-29464
-	RESERVED
-CVE-2021-29463
-	RESERVED
+CVE-2021-29464 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
+	TODO: check
+CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
+	TODO: check
 CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of UPnP de ...)
 	- pupnp-1.8 <unfixed> (bug #987326)
 	- libupnp <removed>
@@ -6726,8 +6736,8 @@ CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in t
 	NOT-FOR-US: DDNS package for OpenWrt
 CVE-2021-28960
 	RESERVED
-CVE-2021-28959
-	RESERVED
+CVE-2021-28959 (Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to una ...)
+	TODO: check
 CVE-2021-28958
 	RESERVED
 CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka S ...)
@@ -11746,8 +11756,8 @@ CVE-2021-26809 (PHPGurukul Car Rental Project version 2.0 suffers from a remote
 	NOT-FOR-US: PHPGurukul Car Rental Project
 CVE-2021-26808
 	RESERVED
-CVE-2021-26807
-	RESERVED
+CVE-2021-26807 (GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, l ...)
+	TODO: check
 CVE-2021-26806
 	RESERVED
 CVE-2021-26805 (Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial o ...)
@@ -23773,14 +23783,14 @@ CVE-2021-21539
 	RESERVED
 CVE-2021-21538
 	RESERVED
-CVE-2021-21537
-	RESERVED
-CVE-2021-21536
-	RESERVED
-CVE-2021-21535
-	RESERVED
-CVE-2021-21534
-	RESERVED
+CVE-2021-21537 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
+	TODO: check
+CVE-2021-21536 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
+	TODO: check
+CVE-2021-21535 (Dell Hybrid Client versions prior to 1.5 contain a missing authenticat ...)
+	TODO: check
+CVE-2021-21534 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
+	TODO: check
 CVE-2021-21533 (Wyse Management Suite versions up to 3.2 contains a vulnerability wher ...)
 	NOT-FOR-US: Wyse Management Suite
 CVE-2021-21532 (Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper manageme ...)
@@ -27658,8 +27668,8 @@ CVE-2021-20517
 	RESERVED
 CVE-2021-20516
 	RESERVED
-CVE-2021-20515
-	RESERVED
+CVE-2021-20515 (IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffe ...)
+	TODO: check
 CVE-2021-20514
 	RESERVED
 CVE-2021-20513
@@ -28038,8 +28048,8 @@ CVE-2021-20328 (Specific versions of the Java driver that support client-side fi
 	NOTE: Fixed by: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
 CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...)
 	NOT-FOR-US: Node mongodb-client-encryption
-CVE-2021-20326
-	RESERVED
+CVE-2021-20326 (A user authorized to performing a specific type of find query may trig ...)
+	TODO: check
 CVE-2021-20325
 	RESERVED
 CVE-2021-20324
@@ -28283,8 +28293,7 @@ CVE-2021-20267
 	[stretch] - neutron <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/neutron/+bug/1902917
 	NOTE: https://review.opendev.org/c/openstack/neutron/+/776599
-CVE-2021-20266
-	RESERVED
+CVE-2021-20266 (A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ...)
 	- rpm <unfixed> (bug #985308)
 	[bullseye] - rpm <no-dsa> (Minor issue)
 	[buster] - rpm <no-dsa> (Minor issue)
@@ -40531,8 +40540,8 @@ CVE-2020-27521
 	RESERVED
 CVE-2020-27520
 	RESERVED
-CVE-2020-27519
-	RESERVED
+CVE-2020-27519 (Pritunl Client v1.2.2550.20 contains a local privilege escalation vuln ...)
+	TODO: check
 CVE-2020-27518
 	RESERVED
 CVE-2020-27517
@@ -46719,8 +46728,8 @@ CVE-2020-24920
 	RESERVED
 CVE-2020-24919
 	RESERVED
-CVE-2020-24918
-	RESERVED
+CVE-2020-24918 (A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Serve ...)
+	TODO: check
 CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxA ...)
 	NOT-FOR-US: osTicket
 CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulner ...)
@@ -67471,8 +67480,8 @@ CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (
 	NOT-FOR-US: baserCMS
 CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...)
 	NOT-FOR-US: baserCMS
-CVE-2020-15153
-	RESERVED
+CVE-2020-15153 (Ampache before version 4.2.2 allows unauthenticated users to perform S ...)
+	TODO: check
 CVE-2020-15152 (ftp-srv is an npm package which is a modern and extensible FTP server  ...)
 	NOT-FOR-US: Node ftp-srv
 CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...)
@@ -88531,8 +88540,7 @@ CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to Regular
 	NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226
 CVE-2020-7732
 	RESERVED
-CVE-2020-7731
-	RESERVED
+CVE-2020-7731 (This affects all versions of package github.com/russellhaering/gosaml2 ...)
 	- golang-github-russellhaering-gosaml2 <itp> (bug #948190)
 	NOTE: https://github.com/russellhaering/gosaml2/issues/59
 	NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302
@@ -97728,8 +97736,8 @@ CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files
 	NOT-FOR-US: Bolt CMS
 CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the preview ge ...)
 	NOT-FOR-US: Bolt CMS
-CVE-2020-4039
-	RESERVED
+CVE-2020-4039 (SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Serv ...)
+	TODO: check
 CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...)
 	NOT-FOR-US: Node graphql-playground-html
 CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users  ...)
@@ -105167,8 +105175,7 @@ CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When se
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793071
 	NOTE: https://pagure.io/freeipa/c/dbf5df4a66b68f62a9e063c43a30b46e539c603b (master)
 	NOTE: https://pagure.io/freeipa/c/089a393581aa249ddec66ce1455fff4951cdb827 (ipa-4-8)
-CVE-2020-1721
-	RESERVED
+CVE-2020-1721 (A flaw was found in the Key Recovery Authority (KRA) Agent Service in  ...)
 	- dogtag-pki 10.9.1-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579
 	NOTE: https://github.com/dogtagpki/pki/commit/b3514113c867c9394dd84e313c55dc66f3e846b6 (v10.9.0-a2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732909f4d69c7b1cf82474d1afbf9ce73e147863

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732909f4d69c7b1cf82474d1afbf9ce73e147863
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210430/c9097549/attachment.htm>

More information about the debian-security-tracker-commits mailing list