[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 16 21:10:31 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
510037c4 by security tracker role at 2021-07-16T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2021-36767
+	RESERVED
+CVE-2021-36766
+	RESERVED
+CVE-2021-36765
+	RESERVED
+CVE-2021-36764
+	RESERVED
+CVE-2021-36763
+	RESERVED
+CVE-2021-36762
+	RESERVED
+CVE-2021-36761
+	RESERVED
+CVE-2021-36760
+	RESERVED
+CVE-2021-36759
+	RESERVED
+CVE-2021-3651
+	RESERVED
 CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks, perm ...)
 	NOT-FOR-US: 1Password
 CVE-2021-36757
@@ -20,8 +40,8 @@ CVE-2021-36749
 	RESERVED
 CVE-2021-3650
 	RESERVED
-CVE-2021-3649
-	RESERVED
+CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity ...)
+	TODO: check
 CVE-2021-36748
 	RESERVED
 CVE-2021-36747
@@ -43,8 +63,8 @@ CVE-2021-36741
 	RESERVED
 CVE-2021-3648
 	RESERVED
-CVE-2021-3647
-	RESERVED
+CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site ...)
+	TODO: check
 CVE-2021-3646
 	RESERVED
 CVE-2021-3645
@@ -1813,10 +1833,10 @@ CVE-2021-35964
 	RESERVED
 CVE-2021-35963
 	RESERVED
-CVE-2021-35962
-	RESERVED
-CVE-2021-35961
-	RESERVED
+CVE-2021-35962 (Specific page parameters in Dr. ID Door Access Control and Personnel A ...)
+	TODO: check
+CVE-2021-35961 (Dr. ID Door Access Control and Personnel Attendance Management system  ...)
+	TODO: check
 CVE-2021-35960
 	RESERVED
 CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folde ...)
@@ -8991,8 +9011,8 @@ CVE-2021-32771
 	RESERVED
 CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...)
 	NOT-FOR-US: Gatsby
-CVE-2021-32769
-	RESERVED
+CVE-2021-32769 (Micronaut is a JVM-based, full stack Java framework designed for build ...)
+	TODO: check
 CVE-2021-32768
 	RESERVED
 CVE-2021-32767
@@ -9031,8 +9051,7 @@ CVE-2021-32751
 	RESERVED
 CVE-2021-32750 (MuWire is a file publishing and networking tool that protects the iden ...)
 	NOT-FOR-US: MuWire
-CVE-2021-32749
-	RESERVED
+CVE-2021-32749 (fail2ban is a daemon to ban hosts that cause multiple authentication e ...)
 	- fail2ban 0.11.2-2
 	[buster] - fail2ban <no-dsa> (Minor issue, can be fixed in point release)
 	NOTE: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
@@ -20560,8 +20579,8 @@ CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations
 	NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=5131
 CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the com ...)
 	NOT-FOR-US: MyBB addon
-CVE-2021-28114
-	RESERVED
+CVE-2021-28114 (Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace co ...)
+	TODO: check
 CVE-2021-28113 (A command injection vulnerability in the cookieDomain and relayDomain  ...)
 	NOT-FOR-US: Okta Access Gateway
 CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a deb ...)
@@ -20767,10 +20786,10 @@ CVE-2021-28056
 	RESERVED
 CVE-2021-28055 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.  ...)
 	- centreon-web <itp> (bug #913903)
-CVE-2021-28054
-	RESERVED
-CVE-2021-28053
-	RESERVED
+CVE-2021-28054 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.  ...)
+	TODO: check
+CVE-2021-28053 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.  ...)
+	TODO: check
 CVE-2021-28052
 	RESERVED
 CVE-2021-28051
@@ -35299,16 +35318,16 @@ CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine o
 	NOT-FOR-US: Foxit
 CVE-2021-21821 (A stack-based buffer overflow vulnerability exists in the PDF process_ ...)
 	NOT-FOR-US: Accusoft ImageGear
-CVE-2021-21820
-	RESERVED
-CVE-2021-21819
-	RESERVED
-CVE-2021-21818
-	RESERVED
-CVE-2021-21817
-	RESERVED
-CVE-2021-21816
-	RESERVED
+CVE-2021-21820 (A hard-coded password vulnerability exists in the Libcli Test Environm ...)
+	TODO: check
+CVE-2021-21819 (A code execution vulnerability exists in the Libcli Test Environment f ...)
+	TODO: check
+CVE-2021-21818 (A hard-coded password vulnerability exists in the Zebra IP Routing Man ...)
+	TODO: check
+CVE-2021-21817 (An information disclosure vulnerability exists in the Zebra IP Routing ...)
+	TODO: check
+CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog functiona ...)
+	TODO: check
 CVE-2021-21815
 	RESERVED
 CVE-2021-21814
@@ -35335,18 +35354,18 @@ CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
 CVE-2021-21805
 	RESERVED
-CVE-2021-21804
-	RESERVED
-CVE-2021-21803
-	RESERVED
-CVE-2021-21802
-	RESERVED
-CVE-2021-21801
-	RESERVED
-CVE-2021-21800
-	RESERVED
-CVE-2021-21799
-	RESERVED
+CVE-2021-21804 (A local file inclusion (LFI) vulnerability exists in the options.php s ...)
+	TODO: check
+CVE-2021-21803 (This vulnerability is present in device_graph_page.php script, which i ...)
+	TODO: check
+CVE-2021-21802 (This vulnerability is present in device_graph_page.php script, which i ...)
+	TODO: check
+CVE-2021-21801 (This vulnerability is present in device_graph_page.php script, which i ...)
+	TODO: check
+CVE-2021-21800 (Cross-site scripting vulnerabilities exist in the ssh_form.php script  ...)
+	TODO: check
+CVE-2021-21799 (Cross-site scripting vulnerabilities exist in the telnet_form.php scri ...)
+	TODO: check
 CVE-2021-21798
 	RESERVED
 CVE-2021-21797
@@ -47022,8 +47041,8 @@ CVE-2021-1424
 	RESERVED
 CVE-2021-1423 (A vulnerability in the implementation of a CLI command in Cisco Airone ...)
 	NOT-FOR-US: Cisco
-CVE-2021-1422
-	RESERVED
+CVE-2021-1422 (A vulnerability in the software cryptography module of Cisco Adaptive  ...)
+	TODO: check
 CVE-2021-1421 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1420 (A vulnerability in certain web pages of Cisco Webex Meetings could all ...)
@@ -108538,8 +108557,8 @@ CVE-2020-4982
 	RESERVED
 CVE-2020-4981 (IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privile ...)
 	NOT-FOR-US: IBM
-CVE-2020-4980
-	RESERVED
+CVE-2020-4980 (IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting da ...)
+	TODO: check
 CVE-2020-4979 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment ...)
 	NOT-FOR-US: IBM
 CVE-2020-4978
@@ -108856,8 +108875,8 @@ CVE-2020-4823
 	RESERVED
 CVE-2020-4822
 	RESERVED
-CVE-2020-4821
-	RESERVED
+CVE-2020-4821 (IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Ca ...)
+	TODO: check
 CVE-2020-4820 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site  ...)
 	NOT-FOR-US: IBM
 CVE-2020-4819
@@ -109151,8 +109170,8 @@ CVE-2020-4677
 	RESERVED
 CVE-2020-4676
 	RESERVED
-CVE-2020-4675
-	RESERVED
+CVE-2020-4675 (IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cro ...)
+	TODO: check
 CVE-2020-4674 (IBM Workload Automation 9.5 stores the server path in URLs that could  ...)
 	NOT-FOR-US: IBM
 CVE-2020-4673 (IBM Workload Automation 9.5 stores sensitive information in HTML comme ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510037c4b33e0721f2dc90b90565ec84acdb9ad1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510037c4b33e0721f2dc90b90565ec84acdb9ad1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210716/892068d9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list