[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37bc4fd5 by security tracker role at 2021-07-01T20:10:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3632
+	RESERVED
+CVE-2021-36090
+	RESERVED
+CVE-2020-36416
+	RESERVED
+CVE-2020-36415
+	RESERVED
+CVE-2020-36414
+	RESERVED
+CVE-2020-36413
+	RESERVED
+CVE-2020-36412
+	RESERVED
+CVE-2020-36411
+	RESERVED
+CVE-2020-36410
+	RESERVED
+CVE-2020-36409
+	RESERVED
+CVE-2020-36408
+	RESERVED
 CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...)
 	- libgrokj2k <unfixed> (bug #990525)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
@@ -82,9 +104,9 @@ CVE-2020-36396
 CVE-2020-36395
 	RESERVED
 CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_pr ...)
-	 - libressl <itp> (bug #754513)
+	- libressl <itp> (bug #754513)
 CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_p ...)
-	 - libressl <itp> (bug #754513)
+	- libressl <itp> (bug #754513)
 CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...)
 	- unrar-nonfree <unfixed> (bug #990541)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
@@ -1662,10 +1684,10 @@ CVE-2021-35339
 	RESERVED
 CVE-2021-35338
 	RESERVED
-CVE-2021-35337
-	RESERVED
-CVE-2021-35336
-	RESERVED
+CVE-2021-35337 (Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable t ...)
+	TODO: check
+CVE-2021-35336 (Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Ac ...)
+	TODO: check
 CVE-2021-35335
 	RESERVED
 CVE-2021-35334
@@ -7509,12 +7531,12 @@ CVE-2021-32733
 	RESERVED
 CVE-2021-32732
 	RESERVED
-CVE-2021-32731
-	RESERVED
-CVE-2021-32730
-	RESERVED
-CVE-2021-32729
-	RESERVED
+CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
 CVE-2021-32728
 	RESERVED
 CVE-2021-32727
@@ -9851,8 +9873,8 @@ CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-2
 	NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications)
 CVE-2021-31814
 	RESERVED
-CVE-2021-31813
-	RESERVED
+CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is vulnerable to S ...)
+	TODO: check
 CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an infinite ...)
 	- libpdfbox2-java <unfixed>
 	- libpdfbox-java <undetermined>
@@ -18081,10 +18103,10 @@ CVE-2021-28426
 	RESERVED
 CVE-2021-28425
 	RESERVED
-CVE-2021-28424
-	RESERVED
-CVE-2021-28423
-	RESERVED
+CVE-2021-28424 (A stored cross-site scripting (XSS) vulnerability in Teachers Record M ...)
+	TODO: check
+CVE-2021-28423 (Multiple SQL Injection vulnerabilities in Teachers Record Management S ...)
+	TODO: check
 CVE-2021-28422
 	RESERVED
 CVE-2021-28421 (FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/f ...)
@@ -18809,8 +18831,8 @@ CVE-2021-28129
 	RESERVED
 CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing of one's  ...)
 	NOT-FOR-US: Strapi
-CVE-2021-28127
-	RESERVED
+CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A brute-forc ...)
+	TODO: check
 CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1 ...)
 	NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
 CVE-2021-28125 (Apache Superset up to and including 1.0.1 allowed for the creation of  ...)
@@ -19958,10 +19980,10 @@ CVE-2021-27663
 	RESERVED
 CVE-2021-27662
 	RESERVED
-CVE-2021-27661
-	RESERVED
-CVE-2021-27660
-	RESERVED
+CVE-2021-27661 (Successful exploitation of this vulnerability could give an authentica ...)
+	TODO: check
+CVE-2021-27660 (An insecure client auto update feature in C-CURE 9000 can allow remote ...)
+	TODO: check
 CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate, filter,  ...)
 	NOT-FOR-US: exacqVision Web Service
 CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently validate, f ...)
@@ -20353,8 +20375,8 @@ CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected produc
 	NOT-FOR-US: ZOLL Defibrillator Dashboard
 CVE-2021-27478
 	RESERVED
-CVE-2021-27477
-	RESERVED
+CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus ...)
+	TODO: check
 CVE-2021-27476
 	RESERVED
 CVE-2021-27475
@@ -32416,16 +32438,16 @@ CVE-2021-22349 (There is an Input Verification Vulnerability in Huawei Smartphon
 	NOT-FOR-US: Huawei
 CVE-2021-22348 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
 	NOT-FOR-US: Huawei
-CVE-2021-22347
-	RESERVED
+CVE-2021-22347 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
+	TODO: check
 CVE-2021-22346 (There is an Improper Permission Management Vulnerability in Huawei Sma ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22345 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...)
 	NOT-FOR-US: Huawei
-CVE-2021-22344
-	RESERVED
-CVE-2021-22343
-	RESERVED
+CVE-2021-22344 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
+	TODO: check
+CVE-2021-22343 (There is a Configuration Defect vulnerability in Huawei Smartphone. Su ...)
+	TODO: check
 CVE-2021-22342 (There is an information leak vulnerability in Huawei products. A modul ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22341 (There is a memory leak vulnerability in Huawei products. A resource ma ...)
@@ -51314,10 +51336,10 @@ CVE-2020-27364
 	RESERVED
 CVE-2020-27363
 	RESERVED
-CVE-2020-27362
-	RESERVED
-CVE-2020-27361
-	RESERVED
+CVE-2020-27362 (An issue exists within the SSH console of Akkadian Provisioning Manage ...)
+	TODO: check
+CVE-2020-27361 (An issue exists within Akkadian Provisioning Manager 4.50.02 which all ...)
+	TODO: check
 CVE-2020-27360
 	RESERVED
 CVE-2020-27359 (A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before ...)
@@ -95637,8 +95659,8 @@ CVE-2020-9160
 	RESERVED
 CVE-2020-9159
 	RESERVED
-CVE-2020-9158
-	RESERVED
+CVE-2020-9158 (There is a Missing Cryptographic Step vulnerability in Huawei Smartpho ...)
+	TODO: check
 CVE-2020-9157
 	RESERVED
 CVE-2020-9156
@@ -106765,8 +106787,8 @@ CVE-2020-4937 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.
 	NOT-FOR-US: IBM
 CVE-2020-4936
 	RESERVED
-CVE-2020-4935
-	RESERVED
+CVE-2020-4935 (IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerab ...)
+	TODO: check
 CVE-2020-4934 (IBM Content Navigator 3.0.CD could allow a remote attacker to traverse ...)
 	NOT-FOR-US: IBM
 CVE-2020-4933 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...)
@@ -106831,8 +106853,8 @@ CVE-2020-4904 (IBM Financial Transaction Manager for SWIFT Services for Multipla
 	NOT-FOR-US: IBM
 CVE-2020-4903 (IBM API Connect V10 and V2018 could allow an attacker who has intercep ...)
 	NOT-FOR-US: IBM
-CVE-2020-4902
-	RESERVED
+CVE-2020-4902 (IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulner ...)
+	TODO: check
 CVE-2020-4901 (IBM Robotic Process Automation with Automation Anywhere 11.0 could all ...)
 	NOT-FOR-US: IBM
 CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37bc4fd5ef6f8621d62283d43ee805beb7eb7000

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37bc4fd5ef6f8621d62283d43ee805beb7eb7000
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210701/4cfc44c2/attachment.htm>