[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 26 09:10:30 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
655d5777 by security tracker role at 2021-08-26T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-40145 (** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (a ...)
+	TODO: check
+CVE-2021-40144
+	RESERVED
+CVE-2021-40143
+	RESERVED
+CVE-2021-40142
+	RESERVED
 CVE-2021-40141
 	RESERVED
 CVE-2021-40140
@@ -4381,7 +4389,7 @@ CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI
 	NOTE: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
 	NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
 	NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
-CVE-2021-38160 (In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, da ...)
+CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
 CVE-2021-38154
@@ -6180,8 +6188,8 @@ CVE-2021-37336
 	RESERVED
 CVE-2021-37335
 	RESERVED
-CVE-2021-37334
-	RESERVED
+CVE-2021-37334 (A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could l ...)
+	TODO: check
 CVE-2021-37333
 	RESERVED
 CVE-2021-37332
@@ -6567,10 +6575,10 @@ CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a fail
 	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/3990
 	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
-CVE-2021-37154
-	RESERVED
-CVE-2021-37153
-	RESERVED
+CVE-2021-37154 (In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementa ...)
+	TODO: check
+CVE-2021-37153 (ForgeRock Access Management (AM) before 7.0.2, when configured with Ac ...)
+	TODO: check
 CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 befor ...)
 	NOT-FOR-US: Sonatype
 CVE-2021-37151
@@ -7684,7 +7692,7 @@ CVE-2021-36692
 	RESERVED
 CVE-2021-36691
 	RESERVED
-CVE-2021-36690 (Segmentation fault vulnerability in SQLite sqlite3 3.36.0 via the idxG ...)
+CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...)
 	- sqlite3 3.36.0-2
 	[bullseye] - sqlite3 <no-dsa> (Minor issue)
 	[buster] - sqlite3 <no-dsa> (Minor issue)
@@ -28784,8 +28792,8 @@ CVE-2021-28072
 	RESERVED
 CVE-2021-28071
 	RESERVED
-CVE-2021-28070
-	RESERVED
+CVE-2021-28070 (Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0 ...)
+	TODO: check
 CVE-2021-28069
 	RESERVED
 CVE-2021-28068
@@ -47501,22 +47509,22 @@ CVE-2021-20817
 	RESERVED
 CVE-2021-20816
 	RESERVED
-CVE-2021-20815
-	RESERVED
-CVE-2021-20814
-	RESERVED
-CVE-2021-20813
-	RESERVED
-CVE-2021-20812
-	RESERVED
-CVE-2021-20811
-	RESERVED
-CVE-2021-20810
-	RESERVED
-CVE-2021-20809
-	RESERVED
-CVE-2021-20808
-	RESERVED
+CVE-2021-20815 (Cross-site scripting vulnerability in Edit Boilerplate screen of Movab ...)
+	TODO: check
+CVE-2021-20814 (Cross-site scripting vulnerability in Setting screen of ContentType In ...)
+	TODO: check
+CVE-2021-20813 (Cross-site scripting vulnerability in Edit screen of Content Data of M ...)
+	TODO: check
+CVE-2021-20812 (Cross-site scripting vulnerability in Setting screen of Server Sync of ...)
+	TODO: check
+CVE-2021-20811 (Cross-site scripting vulnerability in List of Assets screen of Movable ...)
+	TODO: check
+CVE-2021-20810 (Cross-site scripting vulnerability in Website Management screen of Mov ...)
+	TODO: check
+CVE-2021-20809 (Cross-site scripting vulnerability in Create screens of Entry, Page, a ...)
+	TODO: check
+CVE-2021-20808 (Cross-site scripting vulnerability in Search screen of Movable Type (M ...)
+	TODO: check
 CVE-2021-20807
 	RESERVED
 CVE-2021-20806
@@ -47545,8 +47553,8 @@ CVE-2021-20795
 	RESERVED
 CVE-2021-20794
 	RESERVED
-CVE-2021-20793
-	RESERVED
+CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Audio USB ...)
+	TODO: check
 CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions  ...)
 	NOT-FOR-US: Quiz And Survey Master
 CVE-2021-20791
@@ -55045,38 +55053,38 @@ CVE-2021-1594
 	RESERVED
 CVE-2021-1593 (A vulnerability in Cisco Packet Tracer for Windows could allow an auth ...)
 	NOT-FOR-US: Cisco
-CVE-2021-1592
-	RESERVED
-CVE-2021-1591
-	RESERVED
-CVE-2021-1590
-	RESERVED
+CVE-2021-1592 (A vulnerability in the way Cisco UCS Manager software handles SSH sess ...)
+	TODO: check
+CVE-2021-1591 (A vulnerability in the EtherChannel port subscription logic of Cisco N ...)
+	TODO: check
+CVE-2021-1590 (A vulnerability in the implementation of the system login block-for co ...)
+	TODO: check
 CVE-2021-1589
 	RESERVED
-CVE-2021-1588
-	RESERVED
-CVE-2021-1587
-	RESERVED
-CVE-2021-1586
-	RESERVED
+CVE-2021-1588 (A vulnerability in the MPLS Operation, Administration, and Maintenance ...)
+	TODO: check
+CVE-2021-1587 (A vulnerability in the VXLAN Operation, Administration, and Maintenanc ...)
+	TODO: check
+CVE-2021-1586 (A vulnerability in the Multi-Pod or Multi-Site network configurations  ...)
+	TODO: check
 CVE-2021-1585 (A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) L ...)
 	NOT-FOR-US: Cisco
-CVE-2021-1584
-	RESERVED
-CVE-2021-1583
-	RESERVED
-CVE-2021-1582
-	RESERVED
-CVE-2021-1581
-	RESERVED
-CVE-2021-1580
-	RESERVED
-CVE-2021-1579
-	RESERVED
-CVE-2021-1578
-	RESERVED
-CVE-2021-1577
-	RESERVED
+CVE-2021-1584 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...)
+	TODO: check
+CVE-2021-1583 (A vulnerability in the fabric infrastructure file system access contro ...)
+	TODO: check
+CVE-2021-1582 (A vulnerability in the web UI of Cisco Application Policy Infrastructu ...)
+	TODO: check
+CVE-2021-1581 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...)
+	TODO: check
+CVE-2021-1580 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...)
+	TODO: check
+CVE-2021-1579 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
+	TODO: check
+CVE-2021-1578 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
+	TODO: check
+CVE-2021-1577 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
+	TODO: check
 CVE-2021-1576 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1575 (A vulnerability in the web-based management interface of Cisco Virtual ...)
@@ -55183,8 +55191,8 @@ CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings
 	NOT-FOR-US: Cisco
 CVE-2021-1524 (A vulnerability in the API of Cisco Meeting Server could allow an auth ...)
 	NOT-FOR-US: Cisco
-CVE-2021-1523
-	RESERVED
+CVE-2021-1523 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...)
+	TODO: check
 CVE-2021-1522 (A vulnerability in the change password API of Cisco Connected Mobile E ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1521 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
@@ -78224,10 +78232,10 @@ CVE-2020-19824
 	RESERVED
 CVE-2020-19823
 	RESERVED
-CVE-2020-19822
-	RESERVED
-CVE-2020-19821
-	RESERVED
+CVE-2020-19822 (A remote code execution (RCE) vulnerability in template_user.php of ZZ ...)
+	TODO: check
+CVE-2020-19821 (A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attac ...)
+	TODO: check
 CVE-2020-19820
 	RESERVED
 CVE-2020-19819
@@ -78452,20 +78460,20 @@ CVE-2020-19711
 	RESERVED
 CVE-2020-19710
 	RESERVED
-CVE-2020-19709
-	RESERVED
+CVE-2020-19709 (Insufficient filtering of the tag parameters in feehicms 0.1.3 allows  ...)
+	TODO: check
 CVE-2020-19708
 	RESERVED
 CVE-2020-19707
 	RESERVED
 CVE-2020-19706
 	RESERVED
-CVE-2020-19705
-	RESERVED
-CVE-2020-19704
-	RESERVED
-CVE-2020-19703
-	RESERVED
+CVE-2020-19705 (thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home ...)
+	TODO: check
+CVE-2020-19704 (A stored cross-site scripting (XSS) vulnerability via ResourceControll ...)
+	TODO: check
+CVE-2020-19703 (A cross-site scripting (XSS) vulnerability in the referer parameter of ...)
+	TODO: check
 CVE-2020-19702
 	RESERVED
 CVE-2020-19701
@@ -78790,8 +78798,8 @@ CVE-2020-19549
 	RESERVED
 CVE-2020-19548
 	RESERVED
-CVE-2020-19547
-	RESERVED
+CVE-2020-19547 (Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id ...)
+	TODO: check
 CVE-2020-19546
 	RESERVED
 CVE-2020-19545
@@ -81841,8 +81849,8 @@ CVE-2020-18067
 	RESERVED
 CVE-2020-18066 (Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName ...)
 	NOT-FOR-US: Zrlog
-CVE-2020-18065
-	RESERVED
+CVE-2020-18065 (Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in  ...)
+	TODO: check
 CVE-2020-18064
 	RESERVED
 CVE-2020-18063



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/655d5777641375a8c5c23e06bd6ca3600c4985d2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/655d5777641375a8c5c23e06bd6ca3600c4985d2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210826/3c55cca4/attachment.htm>

More information about the debian-security-tracker-commits mailing list