[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 13 21:10:34 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cf4dcf3d by security tracker role at 2021-07-13T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2021-36736
+ RESERVED
+CVE-2021-36735
+ RESERVED
+CVE-2021-36734
+ RESERVED
+CVE-2021-36733
+ RESERVED
+CVE-2021-36732
+ RESERVED
+CVE-2021-36731
+ RESERVED
+CVE-2021-36730
+ RESERVED
+CVE-2021-36729
+ RESERVED
+CVE-2021-36728
+ RESERVED
+CVE-2021-36727
+ RESERVED
CVE-2021-XXXX [Varnish VSV00007]
- varnish <unfixed> (bug #991040)
NOTE: https://varnish-cache.org/security/VSV00007.html
@@ -720,8 +740,8 @@ CVE-2021-36378
CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ...)
- fossil 1:2.15.2-1
NOTE: https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036
-CVE-2021-36376
- RESERVED
+CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an executable's path ...)
+ TODO: check
CVE-2021-36375
RESERVED
CVE-2021-36374
@@ -1072,8 +1092,8 @@ CVE-2021-36216
RESERVED
CVE-2021-36215
RESERVED
-CVE-2021-36214
- RESERVED
+CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...)
+ TODO: check
CVE-2021-36213
RESERVED
CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...)
@@ -1268,14 +1288,14 @@ CVE-2021-36126 (An issue was discovered in the AbuseFilter extension in MediaWik
CVE-2021-36125 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...)
NOT-FOR-US: CentralAuth MediaWiki extension
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
-CVE-2021-36124
- RESERVED
-CVE-2021-36123
- RESERVED
-CVE-2021-36122
- RESERVED
-CVE-2021-36121
- RESERVED
+CVE-2021-36124 (An issue was discovered in Echo ShareCare 8.15.5. It does not perform ...)
+ TODO: check
+CVE-2021-36123 (An issue was discovered in Echo ShareCare 8.15.5. The TextReader featu ...)
+ TODO: check
+CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile featur ...)
+ TODO: check
+CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...)
+ TODO: check
CVE-2021-3633
RESERVED
CVE-2021-36120
@@ -1341,8 +1361,7 @@ CVE-2021-36091
CVE-2021-3632
RESERVED
NOT-FOR-US: Keycloak
-CVE-2021-36090
- RESERVED
+CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be made to ...)
- libcommons-compress-java <unfixed> (bug #991041)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4
CVE-2020-36416 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
@@ -1739,8 +1758,8 @@ CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the
NOT-FOR-US: Plone
CVE-2021-35958 (** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite ...)
- tensorflow <itp> (bug #804612)
-CVE-2021-35957
- RESERVED
+CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not a ...)
+ TODO: check
CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of AKCP se ...)
NOT-FOR-US: AKCP sensorProbe
CVE-2021-35955
@@ -2673,16 +2692,13 @@ CVE-2021-35519
RESERVED
CVE-2021-35518
RESERVED
-CVE-2021-35517
- RESERVED
+CVE-2021-35517 (When reading a specially crafted TAR archive, Compress can be made to ...)
- libcommons-compress-java <unfixed> (bug #991041)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3
-CVE-2021-35516
- RESERVED
+CVE-2021-35516 (When reading a specially crafted 7Z archive, Compress can be made to a ...)
- libcommons-compress-java <unfixed> (bug #991041)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2
-CVE-2021-35515
- RESERVED
+CVE-2021-35515 (When reading a specially crafted 7Z archive, the construction of the l ...)
- libcommons-compress-java <unfixed> (bug #991041)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1
CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...)
@@ -4833,8 +4849,8 @@ CVE-2021-34554
RESERVED
CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote au ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
-CVE-2021-34552
- RESERVED
+CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...)
+ TODO: check
CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution if lang ...)
- libphp-phpmailer <not-affected> (Windows-specific)
CVE-2021-34550 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The ...)
@@ -5319,92 +5335,92 @@ CVE-2021-34335
RESERVED
CVE-2021-34334
RESERVED
-CVE-2021-34333
- RESERVED
-CVE-2021-34332
- RESERVED
-CVE-2021-34331
- RESERVED
-CVE-2021-34330
- RESERVED
-CVE-2021-34329
- RESERVED
-CVE-2021-34328
- RESERVED
-CVE-2021-34327
- RESERVED
-CVE-2021-34326
- RESERVED
-CVE-2021-34325
- RESERVED
-CVE-2021-34324
- RESERVED
-CVE-2021-34323
- RESERVED
-CVE-2021-34322
- RESERVED
-CVE-2021-34321
- RESERVED
-CVE-2021-34320
- RESERVED
-CVE-2021-34319
- RESERVED
-CVE-2021-34318
- RESERVED
-CVE-2021-34317
- RESERVED
-CVE-2021-34316
- RESERVED
-CVE-2021-34315
- RESERVED
-CVE-2021-34314
- RESERVED
-CVE-2021-34313
- RESERVED
-CVE-2021-34312
- RESERVED
-CVE-2021-34311
- RESERVED
-CVE-2021-34310
- RESERVED
-CVE-2021-34309
- RESERVED
-CVE-2021-34308
- RESERVED
-CVE-2021-34307
- RESERVED
-CVE-2021-34306
- RESERVED
-CVE-2021-34305
- RESERVED
-CVE-2021-34304
- RESERVED
-CVE-2021-34303
- RESERVED
-CVE-2021-34302
- RESERVED
-CVE-2021-34301
- RESERVED
-CVE-2021-34300
- RESERVED
-CVE-2021-34299
- RESERVED
-CVE-2021-34298
- RESERVED
-CVE-2021-34297
- RESERVED
-CVE-2021-34296
- RESERVED
-CVE-2021-34295
- RESERVED
-CVE-2021-34294
- RESERVED
-CVE-2021-34293
- RESERVED
-CVE-2021-34292
- RESERVED
-CVE-2021-34291
- RESERVED
+CVE-2021-34333 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34332 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34331 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34330 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34329 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34328 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34327 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34326 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34325 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34324 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34323 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34322 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34321 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34320 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34319 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34318 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34317 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34316 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34315 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34314 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34313 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34312 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34311 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34310 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34309 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34308 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34307 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34306 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34305 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34304 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34303 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34302 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34301 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34300 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34299 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34298 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34297 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34296 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34295 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34294 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34293 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34292 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
+CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
+ TODO: check
CVE-2021-3586
RESERVED
NOT-FOR-US: Maistra
@@ -6536,6 +6552,7 @@ CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. Wh
NOTE: https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20 (v3.1.1)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1
CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package. A missi ...)
+ {DSA-4938-1}
- linuxptp 3.1-2.1 (bug #990748)
NOTE: https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab (master)
NOTE: https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca (v3.1.1)
@@ -6737,26 +6754,26 @@ CVE-2021-33720
RESERVED
CVE-2021-33719
RESERVED
-CVE-2021-33718
- RESERVED
+CVE-2021-33718 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ TODO: check
CVE-2021-33717
RESERVED
CVE-2021-33716
RESERVED
-CVE-2021-33715
- RESERVED
-CVE-2021-33714
- RESERVED
-CVE-2021-33713
- RESERVED
+CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-33714 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
+CVE-2021-33713 (A vulnerability has been identified in JT Utilities (All versions < ...)
+ TODO: check
CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All version ...)
NOT-FOR-US: Mendix SAML Module
-CVE-2021-33711
- RESERVED
-CVE-2021-33710
- RESERVED
-CVE-2021-33709
- RESERVED
+CVE-2021-33711 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
+ TODO: check
+CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
+ TODO: check
+CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
+ TODO: check
CVE-2021-33708
RESERVED
CVE-2021-33707
@@ -7034,8 +7051,8 @@ CVE-2021-3566
RESERVED
CVE-2021-33579
RESERVED
-CVE-2021-33578
- RESERVED
+CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities ...)
+ TODO: check
CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...)
NOT-FOR-US: Cleo LexiCom
CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...)
@@ -10990,14 +11007,14 @@ CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without user
NOT-FOR-US: JetBrains
CVE-2021-31896
RESERVED
-CVE-2021-31895
- RESERVED
-CVE-2021-31894
- RESERVED
-CVE-2021-31893
- RESERVED
-CVE-2021-31892
- RESERVED
+CVE-2021-31895 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
+ TODO: check
+CVE-2021-31894 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ TODO: check
+CVE-2021-31893 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ TODO: check
+CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondition ( ...)
+ TODO: check
CVE-2021-31891
RESERVED
CVE-2021-31890
@@ -11344,8 +11361,7 @@ CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an Ou
- libpdfbox2-java <unfixed>
- libpdfbox-java <undetermined>
NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2
-CVE-2021-31810 [Trusting FTP PASV responses vulnerability in Net::FTP]
- RESERVED
+CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
@@ -12799,24 +12815,24 @@ CVE-2021-31227
RESERVED
CVE-2021-31226
RESERVED
-CVE-2021-31225
- RESERVED
-CVE-2021-31224
- RESERVED
-CVE-2021-31223
- RESERVED
-CVE-2021-31222
- RESERVED
-CVE-2021-31221
- RESERVED
-CVE-2021-31220
- RESERVED
+CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not currentl ...)
+ TODO: check
+CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing security pol ...)
+ TODO: check
+CVE-2021-31223 (SES Evolution before 2.1.0 allows reading some parts of a security pol ...)
+ TODO: check
+CVE-2021-31222 (SES Evolution before 2.1.0 allows updating some parts of a security po ...)
+ TODO: check
+CVE-2021-31221 (SES Evolution before 2.1.0 allows deleting some parts of a security po ...)
+ TODO: check
+CVE-2021-31220 (SES Evolution before 2.1.0 allows modifying security policies by lever ...)
+ TODO: check
CVE-2021-31219
RESERVED
CVE-2021-31218
RESERVED
-CVE-2021-31217
- RESERVED
+CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...)
+ TODO: check
CVE-2021-31216
RESERVED
CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...)
@@ -18028,9 +18044,9 @@ CVE-2021-29108
RESERVED
CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...)
NOT-FOR-US: ArcGIS Server Manager
-CVE-2021-29106 (A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server ...)
+CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Se ...)
NOT-FOR-US: ArcGIS Server
-CVE-2021-29105 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Ser ...)
+CVE-2021-29105 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...)
NOT-FOR-US: ArcGIS Server Services Directory
CVE-2021-29104 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...)
NOT-FOR-US: ArcGIS Server Manager
@@ -26551,8 +26567,8 @@ CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (A
NOT-FOR-US: Siemens
CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password Appstore ...)
NOT-FOR-US: Mendix Forgot Password Appstore module
-CVE-2021-25671
- RESERVED
+CVE-2021-25671 (A vulnerability has been identified in RWG1.M12 (All versions < V1. ...)
+ TODO: check
CVE-2021-25670 (A vulnerability has been identified in Tecnomatix RobotExpert (All ver ...)
NOT-FOR-US: Tecnomatix RobotExpert (Siemens)
CVE-2021-25669 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
@@ -33815,8 +33831,8 @@ CVE-2021-22442
RESERVED
CVE-2021-22441
RESERVED
-CVE-2021-22440
- RESERVED
+CVE-2021-22440 (There is a path traversal vulnerability in some Huawei products. The v ...)
+ TODO: check
CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V200R006C ...)
NOT-FOR-US: Huawei
CVE-2021-22438
@@ -33897,8 +33913,8 @@ CVE-2021-22401
RESERVED
CVE-2021-22400
RESERVED
-CVE-2021-22399
- RESERVED
+CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...)
+ TODO: check
CVE-2021-22398
RESERVED
CVE-2021-22397
@@ -34327,7 +34343,7 @@ CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all versi
- gitlab <unfixed>
CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...)
NOT-FOR-US: gitlab-vscode-extension
-CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled session keys ...)
+CVE-2021-22194 (In all versions of GitLab, marshalled session keys were being stored i ...)
- gitlab <unfixed>
CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
@@ -34760,8 +34776,7 @@ CVE-2021-22002
RESERVED
CVE-2021-22001
RESERVED
-CVE-2021-22000
- RESERVED
+CVE-2021-22000 (VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vul ...)
NOT-FOR-US: VMware
CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Conso ...)
NOT-FOR-US: VMware
@@ -34771,11 +34786,9 @@ CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a den
NOT-FOR-US: VMware
CVE-2021-21996
RESERVED
-CVE-2021-21995
- RESERVED
+CVE-2021-21995 (OpenSLP as used in ESXi has a denial-of-service vulnerability due a he ...)
NOT-FOR-US: VMware
-CVE-2021-21994
- RESERVED
+CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an authenticatio ...)
NOT-FOR-US: VMware
CVE-2021-21993
RESERVED
@@ -35168,6 +35181,7 @@ CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_
CVE-2021-21807 (An integer overflow vulnerability exists in the DICOM parse_dicom_meta ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
+ {DSA-4877-1}
- webkit2gtk 2.30.6-1
- wpewebkit 2.30.6-1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
@@ -39509,12 +39523,12 @@ CVE-2021-20597
RESERVED
CVE-2021-20596
RESERVED
-CVE-2021-20595
- RESERVED
+CVE-2021-20595 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ TODO: check
CVE-2021-20594
RESERVED
-CVE-2021-20593
- RESERVED
+CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in Mitsubishi Ele ...)
+ TODO: check
CVE-2021-20592
RESERVED
CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...)
@@ -39851,12 +39865,12 @@ CVE-2021-20426 (IBM Security Guardium 11.2 contains hard-coded credentials, such
NOT-FOR-US: IBM
CVE-2021-20425
RESERVED
-CVE-2021-20424
- RESERVED
-CVE-2021-20423
- RESERVED
-CVE-2021-20422
- RESERVED
+CVE-2021-20424 (IBM Cloud Pak for Applications 4.3 could allow a remote attacker to ob ...)
+ TODO: check
+CVE-2021-20423 (IBM Cloud Pak for Applications 4.3 could allow an authenticated user g ...)
+ TODO: check
+CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive informatio ...)
+ TODO: check
CVE-2021-20421
RESERVED
CVE-2021-20420
@@ -39961,26 +39975,26 @@ CVE-2021-20371 (IBM Jazz Foundation and IBM Engineering products could allow a r
NOT-FOR-US: IBM
CVE-2021-20370
RESERVED
-CVE-2021-20369
- RESERVED
-CVE-2021-20368
- RESERVED
+CVE-2021-20369 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...)
+ TODO: check
+CVE-2021-20368 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ TODO: check
CVE-2021-20367
RESERVED
-CVE-2021-20366
- RESERVED
-CVE-2021-20365
- RESERVED
-CVE-2021-20364
- RESERVED
-CVE-2021-20363
- RESERVED
-CVE-2021-20362
- RESERVED
-CVE-2021-20361
- RESERVED
-CVE-2021-20360
- RESERVED
+CVE-2021-20366 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ TODO: check
+CVE-2021-20365 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ TODO: check
+CVE-2021-20364 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ TODO: check
+CVE-2021-20363 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ TODO: check
+CVE-2021-20362 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ TODO: check
+CVE-2021-20361 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ TODO: check
+CVE-2021-20360 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...)
+ TODO: check
CVE-2021-20359 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automatio ...)
NOT-FOR-US: IBM
CVE-2021-20358 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially s ...)
@@ -48179,8 +48193,8 @@ CVE-2020-28402 (An improper authorization vulnerability exists in Star Practice
NOT-FOR-US: Star Practice Management Web
CVE-2020-28401 (An improper authorization vulnerability exists in Star Practice Manage ...)
NOT-FOR-US: Star Practice Management Web
-CVE-2020-28400
- RESERVED
+CVE-2020-28400 (A vulnerability has been identified in Development/Evaluation Kits for ...)
+ TODO: check
CVE-2020-28399
RESERVED
CVE-2020-28398
@@ -55769,8 +55783,8 @@ CVE-2020-26156
REJECTED
CVE-2020-26155 (Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31 ...)
NOT-FOR-US: Utimaco SecurityServer
-CVE-2020-26153
- RESERVED
+CVE-2020-26153 (A cross-site scripting (XSS) vulnerability in wp-content/plugins/event ...)
+ TODO: check
CVE-2020-26152
RESERVED
CVE-2020-26151
@@ -63207,8 +63221,8 @@ CVE-2020-22909
RESERVED
CVE-2020-22908
RESERVED
-CVE-2020-22907
- RESERVED
+CVE-2020-22907 (Stack overflow vulnerability in function jsi_evalcode_sub in jsish bef ...)
+ TODO: check
CVE-2020-22906
RESERVED
CVE-2020-22905
@@ -63249,16 +63263,16 @@ CVE-2020-22888
RESERVED
CVE-2020-22887
RESERVED
-CVE-2020-22886
- RESERVED
-CVE-2020-22885
- RESERVED
-CVE-2020-22884
- RESERVED
+CVE-2020-22886 (Buffer overflow vulnerability in function jsG_markobject in jsgc.c in ...)
+ TODO: check
+CVE-2020-22885 (Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in ...)
+ TODO: check
+CVE-2020-22884 (Buffer overflow vulnerability in function jsvGetStringChars in Espruin ...)
+ TODO: check
CVE-2020-22883
RESERVED
-CVE-2020-22882
- RESERVED
+CVE-2020-22882 (Issue was discovered in the fxParserTree function in moddable, allows ...)
+ TODO: check
CVE-2020-22881
RESERVED
CVE-2020-22880
@@ -63269,14 +63283,14 @@ CVE-2020-22878
RESERVED
CVE-2020-22877
RESERVED
-CVE-2020-22876
- RESERVED
-CVE-2020-22875
- RESERVED
-CVE-2020-22874
- RESERVED
-CVE-2020-22873
- RESERVED
+CVE-2020-22876 (Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote a ...)
+ TODO: check
+CVE-2020-22875 (Integer overflow vulnerability in function Jsi_ObjSetLength in jsish b ...)
+ TODO: check
+CVE-2020-22874 (Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish ...)
+ TODO: check
+CVE-2020-22873 (Buffer overflow vulnerability in function NumberToPrecisionCmd in jsis ...)
+ TODO: check
CVE-2020-22872
RESERVED
CVE-2020-22871
@@ -68657,12 +68671,12 @@ CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memor
NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by ...)
NOT-FOR-US: Mikrotik RouterOs
-CVE-2020-20252
- RESERVED
+CVE-2020-20252 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...)
+ TODO: check
CVE-2020-20251
RESERVED
-CVE-2020-20250
- RESERVED
+CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...)
+ TODO: check
CVE-2020-20249
RESERVED
CVE-2020-20248
@@ -218792,9 +218806,9 @@ CVE-2018-4842 (A vulnerability has been identified in SCALANCE X-200IRT switch f
NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions < ...)
NOT-FOR-US: TIM
-CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...)
+CVE-2018-4840 (A vulnerability has been identified in DIGSI 4 (All versions < V4.9 ...)
NOT-FOR-US: Siemens
-CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...)
+CVE-2018-4839 (A vulnerability has been identified in DIGSI 4 (All versions < V4.9 ...)
NOT-FOR-US: Siemens
CVE-2018-4838 (A vulnerability has been identified in EN100 Ethernet module IEC 61850 ...)
NOT-FOR-US: Siemens
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf4dcf3d3d79fb2ccd1dcc68d68963132de36d05
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf4dcf3d3d79fb2ccd1dcc68d68963132de36d05
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210713/917ed9da/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list