[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 19 21:10:37 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ec58f2f by security tracker role at 2021-08-19T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2021-39303
+ RESERVED
+CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...)
+ TODO: check
+CVE-2021-39301
+ RESERVED
+CVE-2021-39300
+ RESERVED
+CVE-2021-39299
+ RESERVED
+CVE-2021-39298
+ RESERVED
+CVE-2021-39297
+ RESERVED
+CVE-2021-39296
+ RESERVED
+CVE-2021-39295
+ RESERVED
+CVE-2021-3727
+ RESERVED
+CVE-2021-3726
+ RESERVED
+CVE-2021-3725
+ RESERVED
+CVE-2021-3724
+ RESERVED
+CVE-2021-23161
+ RESERVED
+CVE-2021-23156
+ RESERVED
CVE-2021-39294
RESERVED
CVE-2021-39293
@@ -57,10 +87,10 @@ CVE-2021-39275
CVE-2021-3717
RESERVED
- wildfly <itp> (bug #752018)
-CVE-2021-39274
- RESERVED
-CVE-2021-39273
- RESERVED
+CVE-2021-39274 (In XeroSecurity Sn1per 9.0 (free version), insecure directory permissi ...)
+ TODO: check
+CVE-2021-39273 (In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) ...)
+ TODO: check
CVE-2021-39272
RESERVED
CVE-2021-39271
@@ -3562,8 +3592,8 @@ CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown ob
NOT-FOR-US: Node paste-markdown
CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...)
NOT-FOR-US: next.js
-CVE-2021-37698
- RESERVED
+CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...)
+ TODO: check
CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
NOT-FOR-US: tmerc-cogs
CVE-2021-37696 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
@@ -3789,10 +3819,10 @@ CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can potentially
[stretch] - util-linux <no-dsa> (Minor issue)
NOTE: https://github.com/karelzak/util-linux/issues/1395
NOTE: https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
-CVE-2021-37598
- RESERVED
-CVE-2021-37597
- RESERVED
+CVE-2021-37598 (WP Cerber before 8.9.3 allows bypass of /wp-json access control via a ...)
+ TODO: check
+CVE-2021-37597 (WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash ...)
+ TODO: check
CVE-2021-37596 (Telegram Web K Alpha 0.6.1 allows XSS via a document name. ...)
NOT-FOR-US: Telegram Web K Alpha
CVE-2021-37595 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...)
@@ -5668,8 +5698,8 @@ CVE-2021-36764 (In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer
NOT-FOR-US: CODESYS Gateway
CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories are ac ...)
NOT-FOR-US: CODESYS V3 web server
-CVE-2021-36762
- RESERVED
+CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack through ...)
+ TODO: check
CVE-2021-36761
RESERVED
CVE-2021-36760
@@ -10471,8 +10501,8 @@ CVE-2021-34647
RESERVED
CVE-2021-34646
RESERVED
-CVE-2021-34645
- RESERVED
+CVE-2021-34645 (The Shopping Cart & eCommerce Store WordPress plugin is vulnerable ...)
+ TODO: check
CVE-2021-34644 (The Multiplayer Games WordPress plugin is vulnerable to Reflected Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34643 (The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site ...)
@@ -17153,8 +17183,8 @@ CVE-2021-3520 (There's a flaw in lz4. An attacker who submits a crafted file to
NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injec ...)
NOT-FOR-US: Pimcore
-CVE-2021-31868
- RESERVED
+CVE-2021-31868 (Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users o ...)
+ TODO: check
CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier suffers from ...)
NOT-FOR-US: Pimcore
CVE-2021-3519
@@ -18442,10 +18472,10 @@ CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflo
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #2 / Patch11) (fixed differently)
CVE-2021-31402 (The dio package 4.0.0 for Dart allows CRLF injection if the attacker c ...)
NOT-FOR-US: dio package for Dart
-CVE-2021-31401
- RESERVED
-CVE-2021-31400
- RESERVED
+CVE-2021-31401 (An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterN ...)
+ TODO: check
+CVE-2021-31400 (An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embe ...)
+ TODO: check
CVE-2021-31399 (On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the ...)
NOT-FOR-US: On 2N Access Unit devices
CVE-2021-31398
@@ -18598,8 +18628,8 @@ CVE-2021-31340 (A vulnerability has been identified in SIMATIC RF166C (All versi
NOT-FOR-US: Siemens
CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Module (A ...)
NOT-FOR-US: Mendix Excel Importer Module
-CVE-2021-31338
- RESERVED
+CVE-2021-31338 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
+ TODO: check
CVE-2021-31337 (The Telnet service of the SIMATIC HMI Comfort Panels system component ...)
NOT-FOR-US: Siemens
CVE-2021-31336
@@ -18875,12 +18905,12 @@ CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi
[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
[buster] - netcdf-parallel <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/26/
-CVE-2021-31228
- RESERVED
-CVE-2021-31227
- RESERVED
-CVE-2021-31226
- RESERVED
+CVE-2021-31228 (An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnera ...)
+ TODO: check
+CVE-2021-31227 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...)
+ TODO: check
+CVE-2021-31226 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...)
+ TODO: check
CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not currentl ...)
NOT-FOR-US: SES Evolution
CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing security pol ...)
@@ -23913,8 +23943,8 @@ CVE-2021-29282
RESERVED
CVE-2021-29281
RESERVED
-CVE-2021-29280
- RESERVED
+CVE-2021-29280 (In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause ...)
+ TODO: check
CVE-2021-29279 (There is a integer overflow in function filter_core/filter_props.c:gf_ ...)
- gpac 1.0.1+dfsg1-4 (bug #987323)
[buster] - gpac <not-affected> (Vulnerable code not present)
@@ -25817,8 +25847,8 @@ CVE-2021-28492 (Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017
NOT-FOR-US: Unisys Stealth
CVE-2021-28491
RESERVED
-CVE-2021-28490
- RESERVED
+CVE-2021-28490 (In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cook ...)
+ TODO: check
CVE-2021-28489
RESERVED
CVE-2021-28488
@@ -27041,14 +27071,14 @@ CVE-2021-28004
RESERVED
CVE-2021-28003
RESERVED
-CVE-2021-28002
- RESERVED
-CVE-2021-28001
- RESERVED
-CVE-2021-28000
- RESERVED
-CVE-2021-27999
- RESERVED
+CVE-2021-28002 (A persistent cross-site scripting vulnerability was discovered in the ...)
+ TODO: check
+CVE-2021-28001 (A cross-site scripting vulnerability was discovered in the Comments pa ...)
+ TODO: check
+CVE-2021-28000 (A persistent cross-site scripting vulnerability was discovered in Loca ...)
+ TODO: check
+CVE-2021-27999 (A SQL injection vulnerability was discovered in the editid parameter i ...)
+ TODO: check
CVE-2021-27998
RESERVED
CVE-2021-27997
@@ -27487,8 +27517,8 @@ CVE-2021-27824
RESERVED
CVE-2021-27823 (An information disclosure vulnerability was discovered in /index.class ...)
NOT-FOR-US: NetWave
-CVE-2021-27822
- RESERVED
+CVE-2021-27822 (A persistent cross site scripting (XSS) vulnerability in the Add Categ ...)
+ TODO: check
CVE-2021-27821 (The Web Interface for OpenWRT LuCI version 19.07 and lower has been di ...)
NOT-FOR-US: OpenWRT LuCI
CVE-2021-27820
@@ -28051,8 +28081,8 @@ CVE-2021-27566
CVE-2021-3414
RESERVED
NOT-FOR-US: Red Hat Satellite
-CVE-2021-27565
- RESERVED
+CVE-2021-27565 (The web server in InterNiche NicheStack through 4.0.1 allows remote at ...)
+ TODO: check
CVE-2021-27564 (A stored XSS issue exists in Appspace 6.2.4. After a user is authentic ...)
NOT-FOR-US: Appspace
CVE-2021-27563
@@ -43509,12 +43539,12 @@ CVE-2020-35687 (PHPFusion version 9.03.90 is vulnerable to CSRF attack which lea
NOT-FOR-US: PHP-Fusion
CVE-2020-35686 (The SECOMN service in Sound Research DCHU model software component mod ...)
NOT-FOR-US: Sound Research
-CVE-2020-35685
- RESERVED
-CVE-2020-35684
- RESERVED
-CVE-2020-35683
- RESERVED
+CVE-2020-35685 (An issue was discovered in HCC Nichestack 3.0. The code that generates ...)
+ TODO: check
+CVE-2020-35684 (An issue was discovered in HCC Nichestack 3.0. The code that parses TC ...)
+ TODO: check
+CVE-2020-35683 (An issue was discovered in HCC Nichestack 3.0. The code that parses IC ...)
+ TODO: check
CVE-2020-35682 (Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authenticati ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2020-35681 (Django Channels 3.x before 3.0.3 allows remote attackers to obtain sen ...)
@@ -72709,7 +72739,7 @@ CVE-2020-21566
RESERVED
CVE-2020-21565
RESERVED
-CVE-2020-21564 (An issue was discovered in Pluck CMS v4.7.11. There is a file upload v ...)
+CVE-2020-21564 (An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is ...)
NOT-FOR-US: Pluck CMS
CVE-2020-21563
RESERVED
@@ -74561,14 +74591,14 @@ CVE-2020-20647
RESERVED
CVE-2020-20646
RESERVED
-CVE-2020-20645
- RESERVED
+CVE-2020-20645 (Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the ...)
+ TODO: check
CVE-2020-20644
RESERVED
CVE-2020-20643
RESERVED
-CVE-2020-20642
- RESERVED
+CVE-2020-20642 (Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3. ...)
+ TODO: check
CVE-2020-20641
RESERVED
CVE-2020-20640 (Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security ...)
@@ -78429,8 +78459,8 @@ CVE-2020-18750 (Buffer overflow in pdf2json 0.69 allows local users to execute a
NOT-FOR-US: pdf2json
CVE-2020-18749
RESERVED
-CVE-2020-18748
- RESERVED
+CVE-2020-18748 (Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execu ...)
+ TODO: check
CVE-2020-18747
RESERVED
CVE-2020-18746 (SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbit ...)
@@ -386215,7 +386245,7 @@ CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x
CVE-2013-1838 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) ...)
- nova 2012.1.1-15 (bug #703064)
CVE-2013-1837
- RESERVED
+ REJECTED
CVE-2013-1836 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...)
- moodle 2.5-1 (bug #703870)
[squeeze] - moodle <not-affected> (Vulnerable code not present)
@@ -386360,7 +386390,7 @@ CVE-2013-1792 (Race condition in the install_user_keyrings function in security/
- linux 3.2.41-1
- linux-2.6 <removed>
CVE-2013-1791
- RESERVED
+ REJECTED
CVE-2013-1790 (poppler/Stream.cc in poppler before 0.22.1 allows context-dependent at ...)
{DSA-2719-1}
- poppler 0.18.4-6 (low; bug #702071)
@@ -390859,7 +390889,7 @@ CVE-2013-0346 (** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions
CVE-2013-0345 (varnish 3.0.3 uses world-readable permissions for the /var/log/varnish ...)
- varnish <not-affected> (Logfiles are owned by varnishlog:varnishlog)
CVE-2013-0344
- RESERVED
+ REJECTED
CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux ...)
{DSA-2906-1}
- linux 3.10.11-1 (low)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec58f2f4ae8a82fe1aeb7a7c0988059280a2a34
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec58f2f4ae8a82fe1aeb7a7c0988059280a2a34
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210819/9857351d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list