[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 8 21:10:33 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d15a2c1d by security tracker role at 2021-07-08T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3626,18 +3626,18 @@ CVE-2021-34616
RESERVED
CVE-2021-34615
RESERVED
-CVE-2021-34614
- RESERVED
+CVE-2021-34614 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
CVE-2021-34613
RESERVED
CVE-2021-34612
RESERVED
-CVE-2021-34611
- RESERVED
-CVE-2021-34610
- RESERVED
-CVE-2021-34609
- RESERVED
+CVE-2021-34611 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-34610 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-34609 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ TODO: check
CVE-2021-34608
RESERVED
CVE-2021-34607
@@ -4737,8 +4737,8 @@ CVE-2021-34112
RESERVED
CVE-2021-34111
RESERVED
-CVE-2021-34110
- RESERVED
+CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowin ...)
+ TODO: check
CVE-2021-34109
RESERVED
CVE-2021-34108
@@ -8598,10 +8598,10 @@ CVE-2021-32464
RESERVED
CVE-2021-32463
RESERVED
-CVE-2021-32462
- RESERVED
-CVE-2021-32461
- RESERVED
+CVE-2021-32462 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...)
+ TODO: check
+CVE-2021-32461 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...)
+ TODO: check
CVE-2021-32460 (The Trend Micro Maximum Security 2021 (v17) consumer product is vulner ...)
NOT-FOR-US: Trend Micro
CVE-2021-32459 (Trend Micro Home Network Security version 6.6.604 and earlier contains ...)
@@ -10209,10 +10209,10 @@ CVE-2021-31819
RESERVED
CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL ...)
NOT-FOR-US: Octopus Server
-CVE-2021-31817
- RESERVED
-CVE-2021-31816
- RESERVED
+CVE-2021-31817 (When configuring Octopus Server if it is configured with an external S ...)
+ TODO: check
+CVE-2021-31816 (When configuring Octopus Server if it is configured with an external S ...)
+ TODO: check
CVE-2019-25042 (** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via ...)
{DLA-2652-1}
- unbound 1.9.6-1
@@ -10731,6 +10731,7 @@ CVE-2021-31620
CVE-2021-31619
RESERVED
CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ...)
+ {DSA-4937-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-5 (bug #989562)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
@@ -13017,6 +13018,7 @@ CVE-2021-3496 (A heap-based buffer overflow was found in jhead in version 3.06 i
NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0
NOTE: Crash in CLI tool, no security impact
CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behav ...)
+ {DSA-4937-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
@@ -15363,8 +15365,8 @@ CVE-2021-29713
RESERVED
CVE-2021-29712
RESERVED
-CVE-2021-29711
- RESERVED
+CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3. ...)
+ TODO: check
CVE-2021-29710
RESERVED
CVE-2021-29709
@@ -16822,12 +16824,12 @@ CVE-2021-3465
REJECTED
CVE-2021-29153
RESERVED
-CVE-2021-29152
- RESERVED
-CVE-2021-29151
- RESERVED
-CVE-2021-29150
- RESERVED
+CVE-2021-29152 (A remote denial of service (DoS) vulnerability was discovered in Aruba ...)
+ TODO: check
+CVE-2021-29151 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ TODO: check
+CVE-2021-29150 (A remote insecure deserialization vulnerability was discovered in Arub ...)
+ TODO: check
CVE-2021-29149
RESERVED
CVE-2021-29148
@@ -17647,8 +17649,8 @@ CVE-2021-28811 (If exploited, this command injection vulnerability could allow r
NOT-FOR-US: QNAP
CVE-2021-28810 (If exploited, this vulnerability allows an attacker to access resource ...)
NOT-FOR-US: QNAP
-CVE-2021-28809
- RESERVED
+CVE-2021-28809 (An improper access control vulnerability has been reported to affect c ...)
+ TODO: check
CVE-2021-28808
RESERVED
CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been reported to ...)
@@ -22674,11 +22676,13 @@ CVE-2021-26693
CVE-2021-26692
RESERVED
CVE-2021-26691 (In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted Ses ...)
+ {DSA-4937-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
NOTE: https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b
CVE-2021-26690 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie ...)
+ {DSA-4937-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690
@@ -25931,40 +25935,40 @@ CVE-2021-25444
RESERVED
CVE-2021-25443
RESERVED
-CVE-2021-25442
- RESERVED
-CVE-2021-25441
- RESERVED
-CVE-2021-25440
- RESERVED
-CVE-2021-25439
- RESERVED
-CVE-2021-25438
- RESERVED
-CVE-2021-25437
- RESERVED
-CVE-2021-25436
- RESERVED
-CVE-2021-25435
- RESERVED
-CVE-2021-25434
- RESERVED
-CVE-2021-25433
- RESERVED
-CVE-2021-25432
- RESERVED
-CVE-2021-25431
- RESERVED
-CVE-2021-25430
- RESERVED
-CVE-2021-25429
- RESERVED
-CVE-2021-25428
- RESERVED
-CVE-2021-25427
- RESERVED
-CVE-2021-25426
- RESERVED
+CVE-2021-25442 (Improper MDM policy management vulnerability in KME module prior to KC ...)
+ TODO: check
+CVE-2021-25441 (Improper input validation vulnerability in AR Emoji Editor prior to ve ...)
+ TODO: check
+CVE-2021-25440 (Improper access control vulnerability in FactoryCameraFB prior to vers ...)
+ TODO: check
+CVE-2021-25439 (Improper access control vulnerability in Samsung Members prior to vers ...)
+ TODO: check
+CVE-2021-25438 (Improper access control vulnerability in Samsung Members prior to vers ...)
+ TODO: check
+CVE-2021-25437 (Improper access control vulnerability in Tizen FOTA service prior to F ...)
+ TODO: check
+CVE-2021-25436 (Improper input validation vulnerability in Tizen FOTA service prior to ...)
+ TODO: check
+CVE-2021-25435 (Improper input validation vulnerability in Tizen bootloader prior to F ...)
+ TODO: check
+CVE-2021-25434 (Improper input validation vulnerability in Tizen bootloader prior to F ...)
+ TODO: check
+CVE-2021-25433 (Improper authorization vulnerability in Tizen factory reset policy pri ...)
+ TODO: check
+CVE-2021-25432 (Information exposure vulnerability in Samsung Members prior to version ...)
+ TODO: check
+CVE-2021-25431 (Improper access control vulnerability in Cameralyzer prior to versions ...)
+ TODO: check
+CVE-2021-25430 (Improper access control vulnerability in Bluetooth application prior t ...)
+ TODO: check
+CVE-2021-25429 (Improper privilege management vulnerability in Bluetooth application p ...)
+ TODO: check
+CVE-2021-25428 (Improper validation check vulnerability in PackageManager prior to SMR ...)
+ TODO: check
+CVE-2021-25427 (SQL injection vulnerability in Bluetooth prior to SMR July-2021 Releas ...)
+ TODO: check
+CVE-2021-25426 (Improper component protection vulnerability in SmsViewerActivity of Sa ...)
+ TODO: check
CVE-2021-25425 (Improper check vulnerability in Samsung Health prior to version 6.17 a ...)
NOT-FOR-US: Samsung
CVE-2021-25424 (Improper authentication vulnerability in Tizen bluetooth-frwk prior to ...)
@@ -34035,8 +34039,8 @@ CVE-2021-21823
RESERVED
CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
-CVE-2021-21821
- RESERVED
+CVE-2021-21821 (A stack-based buffer overflow vulnerability exists in the PDF process_ ...)
+ TODO: check
CVE-2021-21820
RESERVED
CVE-2021-21819
@@ -34065,8 +34069,8 @@ CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21807 (An integer overflow vulnerability exists in the DICOM parse_dicom_meta ...)
TODO: check
-CVE-2021-21806
- RESERVED
+CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
+ TODO: check
CVE-2021-21805
RESERVED
CVE-2021-21804
@@ -34089,10 +34093,10 @@ CVE-2021-21796
RESERVED
CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...)
NOT-FOR-US: Accusoft ImageGear
-CVE-2021-21794
- RESERVED
-CVE-2021-21793
- RESERVED
+CVE-2021-21794 (An out-of-bounds write vulnerability exists in the TIF bits_per_sample ...)
+ TODO: check
+CVE-2021-21793 (An out-of-bounds write vulnerability exists in the JPG sof_nb_comp hea ...)
+ TODO: check
CVE-2021-21792
RESERVED
CVE-2021-21791
@@ -34121,8 +34125,8 @@ CVE-2021-21781
RESERVED
CVE-2021-21780
RESERVED
-CVE-2021-21779
- RESERVED
+CVE-2021-21779 (A use-after-free vulnerability exists in the way Webkit’s Graphi ...)
+ TODO: check
CVE-2021-21778
RESERVED
CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/IP UDP ...)
@@ -40325,6 +40329,7 @@ CVE-2020-35454 (The Taidii Diibear Android application 2.4.0 and all its derivat
CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorre ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-35452 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest ...)
+ {DSA-4937-1}
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452
@@ -45354,16 +45359,16 @@ CVE-2021-1609
RESERVED
CVE-2021-1608
RESERVED
-CVE-2021-1607
- RESERVED
-CVE-2021-1606
- RESERVED
-CVE-2021-1605
- RESERVED
-CVE-2021-1604
- RESERVED
-CVE-2021-1603
- RESERVED
+CVE-2021-1607 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1606 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1605 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1604 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1603 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2021-1602
RESERVED
CVE-2021-1601
@@ -45372,14 +45377,14 @@ CVE-2021-1600
RESERVED
CVE-2021-1599
RESERVED
-CVE-2021-1598
- RESERVED
-CVE-2021-1597
- RESERVED
-CVE-2021-1596
- RESERVED
-CVE-2021-1595
- RESERVED
+CVE-2021-1598 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ TODO: check
+CVE-2021-1597 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ TODO: check
+CVE-2021-1596 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ TODO: check
+CVE-2021-1595 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ TODO: check
CVE-2021-1594
RESERVED
CVE-2021-1593
@@ -45398,8 +45403,8 @@ CVE-2021-1587
RESERVED
CVE-2021-1586
RESERVED
-CVE-2021-1585
- RESERVED
+CVE-2021-1585 (A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) L ...)
+ TODO: check
CVE-2021-1584
RESERVED
CVE-2021-1583
@@ -45416,12 +45421,12 @@ CVE-2021-1578
RESERVED
CVE-2021-1577
RESERVED
-CVE-2021-1576
- RESERVED
-CVE-2021-1575
- RESERVED
-CVE-2021-1574
- RESERVED
+CVE-2021-1576 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2021-1575 (A vulnerability in the web-based management interface of Cisco Virtual ...)
+ TODO: check
+CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2021-1573
RESERVED
CVE-2021-1572
@@ -45444,8 +45449,8 @@ CVE-2021-1564 (Multiple vulnerabilities in the implementation of the Cisco Disco
NOT-FOR-US: Cisco
CVE-2021-1563 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...)
NOT-FOR-US: Cisco
-CVE-2021-1562
- RESERVED
+CVE-2021-1562 (A vulnerability in the XSI-Actions interface of Cisco BroadWorks Appli ...)
+ TODO: check
CVE-2021-1561
RESERVED
CVE-2021-1560 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...)
@@ -45856,8 +45861,8 @@ CVE-2021-1361 (A vulnerability in the implementation of an internal file managem
NOT-FOR-US: Cisco
CVE-2021-1360 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2021-1359
- RESERVED
+CVE-2021-1359 (A vulnerability in the configuration management of Cisco AsyncOS for C ...)
+ TODO: check
CVE-2021-1358 (A vulnerability in the web-based management interface of Cisco Finesse ...)
NOT-FOR-US: Cisco
CVE-2021-1357 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
@@ -46426,8 +46431,8 @@ CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import
[stretch] - openscad <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1223
NOTE: https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
-CVE-2020-28598
- RESERVED
+CVE-2020-28598 (An out-of-bounds write vulnerability exists in the Admesh stl_fix_norm ...)
+ TODO: check
CVE-2020-28597 (A predictable seed vulnerability exists in the password reset function ...)
NOT-FOR-US: Epignosis EfrontPro
CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...)
@@ -60705,8 +60710,8 @@ CVE-2020-23582
RESERVED
CVE-2020-23581
RESERVED
-CVE-2020-23580
- RESERVED
+CVE-2020-23580 (Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message b ...)
+ TODO: check
CVE-2020-23579
RESERVED
CVE-2020-23578
@@ -66859,16 +66864,16 @@ CVE-2020-20588
RESERVED
CVE-2020-20587
RESERVED
-CVE-2020-20586
- RESERVED
-CVE-2020-20585
- RESERVED
-CVE-2020-20584
- RESERVED
-CVE-2020-20583
- RESERVED
-CVE-2020-20582
- RESERVED
+CVE-2020-20586 (A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s= ...)
+ TODO: check
+CVE-2020-20585 (A blind SQL injection in /admin/?n=logs&c=index&a=dode of Meti ...)
+ TODO: check
+CVE-2020-20584 (A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows a ...)
+ TODO: check
+CVE-2020-20583 (A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R ...)
+ TODO: check
+CVE-2020-20582 (A server side request forgery (SSRF) vulnerability in /ApiAdminDomainS ...)
+ TODO: check
CVE-2020-20581
RESERVED
CVE-2020-20580
@@ -67321,8 +67326,8 @@ CVE-2020-20365
RESERVED
CVE-2020-20364
RESERVED
-CVE-2020-20363
- RESERVED
+CVE-2020-20363 (Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.p ...)
+ TODO: check
CVE-2020-20362
RESERVED
CVE-2020-20361
@@ -67613,8 +67618,8 @@ CVE-2020-20219
RESERVED
CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
NOT-FOR-US: Mikrotik RouterOs
-CVE-2020-20217
- RESERVED
+CVE-2020-20217 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontroll ...)
+ TODO: check
CVE-2020-20216 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
NOT-FOR-US: Mikrotik
CVE-2020-20215 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
@@ -70575,8 +70580,8 @@ CVE-2020-18743
RESERVED
CVE-2020-18742
RESERVED
-CVE-2020-18741
- RESERVED
+CVE-2020-18741 (Improper Authorization in ThinkSAAS v2.7 allows remote attackers to mo ...)
+ TODO: check
CVE-2020-18740
RESERVED
CVE-2020-18739
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d15a2c1d8ab1ef0f09b648572c827bf617b50932
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d15a2c1d8ab1ef0f09b648572c827bf617b50932
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210708/f5bdcb62/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list