[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5435793d by security tracker role at 2021-07-23T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-37424
+	RESERVED
+CVE-2021-37423
+	RESERVED
+CVE-2021-37422
+	RESERVED
+CVE-2021-37421
+	RESERVED
+CVE-2021-37420
+	RESERVED
+CVE-2021-37419
+	RESERVED
+CVE-2021-37418
+	RESERVED
+CVE-2021-37417
+	RESERVED
+CVE-2021-37416
+	RESERVED
+CVE-2021-37415
+	RESERVED
+CVE-2021-37414
+	RESERVED
+CVE-2021-37413
+	RESERVED
+CVE-2021-37412
+	RESERVED
+CVE-2021-37411
+	RESERVED
+CVE-2021-3665
+	RESERVED
+CVE-2021-3664
+	RESERVED
+CVE-2021-26250
+	RESERVED
+CVE-2021-23208
+	RESERVED
+CVE-2021-23183
+	RESERVED
 CVE-2021-XXXX [Remote Information Disclosure]
 	- prosody 0.11.9-2
 	NOTE: https://prosody.im/security/advisory_20210722/
@@ -25247,8 +25285,8 @@ CVE-2021-26801
 	RESERVED
 CVE-2021-26800
 	RESERVED
-CVE-2021-26799
-	RESERVED
+CVE-2021-26799 (Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka  ...)
+	TODO: check
 CVE-2021-26798
 	RESERVED
 CVE-2021-26797 (An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.2014 ...)
@@ -27993,10 +28031,10 @@ CVE-2021-25793
 	RESERVED
 CVE-2021-25792
 	RESERVED
-CVE-2021-25791
-	RESERVED
-CVE-2021-25790
-	RESERVED
+CVE-2021-25791 (Multiple stored cross site scripting (XSS) vulnerabilities in the "Upd ...)
+	TODO: check
+CVE-2021-25790 (Multiple stored cross site scripting (XSS) vulnerabilities in the "Reg ...)
+	TODO: check
 CVE-2021-25789
 	RESERVED
 CVE-2021-25788
@@ -29246,8 +29284,8 @@ CVE-2021-25275 (SolarWinds Orion Platform before 2020.2.4, as used by various So
 	NOT-FOR-US: SolarWinds
 CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before 2020.2.4 use ...)
 	NOT-FOR-US: SolarWinds
-CVE-2021-3159
-	RESERVED
+CVE-2021-3159 (A stored cross site scripting (XSS) vulnerability in the /sys/attachme ...)
+	TODO: check
 CVE-2021-25273
 	RESERVED
 CVE-2021-25272
@@ -29400,22 +29438,22 @@ CVE-2021-25210 (Arbitrary file upload vulnerability in SourceCodester Alumni Man
 	NOT-FOR-US: SourceCodester Alumni Management System
 CVE-2021-25209 (SQL injection vulnerability in SourceCodester Theme Park Ticketing Sys ...)
 	NOT-FOR-US: SourceCodester Theme Park Ticketing System
-CVE-2021-25208
-	RESERVED
-CVE-2021-25207
-	RESERVED
-CVE-2021-25206
-	RESERVED
+CVE-2021-25208 (Arbitrary file upload vulnerability in SourceCodester Travel Managemen ...)
+	TODO: check
+CVE-2021-25207 (Arbitrary file upload vulnerability in SourceCodester E-Commerce Websi ...)
+	TODO: check
+CVE-2021-25206 (Arbitrary file upload vulnerability in SourceCodester Responsive Order ...)
+	TODO: check
 CVE-2021-25205 (SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 ...)
 	NOT-FOR-US: SourceCodester
-CVE-2021-25204
-	RESERVED
-CVE-2021-25203
-	RESERVED
+CVE-2021-25204 (Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce  ...)
+	TODO: check
+CVE-2021-25203 (Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attacke ...)
+	TODO: check
 CVE-2021-25202 (SQL injection vulnerability in SourceCodester Sales and Inventory Syst ...)
 	NOT-FOR-US: SourceCodester Sales and Inventory System
-CVE-2021-25201
-	RESERVED
+CVE-2021-25201 (SQL injection vulnerability in Learning Management System v 1.0 allows ...)
+	TODO: check
 CVE-2021-25200
 	RESERVED
 CVE-2021-25199
@@ -33320,8 +33358,8 @@ CVE-2021-23414
 	RESERVED
 CVE-2021-23413
 	RESERVED
-CVE-2021-23412
-	RESERVED
+CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command Injection ...)
+	TODO: check
 CVE-2021-23411 (All versions of package anchorme are vulnerable to Cross-site Scriptin ...)
 	TODO: check
 CVE-2021-23410 (All versions of package msgpack are vulnerable to Deserialization of U ...)
@@ -40322,7 +40360,7 @@ CVE-2021-21045 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier)
 	NOT-FOR-US: Adobe
 CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
 	NOT-FOR-US: Adobe
-CVE-2021-21043 (Acrobat InDesign version 16.0 (and earlier) is affected by an Out-of-b ...)
+CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...)
 	NOT-FOR-US: Adobe
 CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.3001 ...)
 	NOT-FOR-US: Adobe
@@ -41796,8 +41834,8 @@ CVE-2021-20335 (For MongoDB Ops Manager <= 4.2.24 with multiple OM applicatio
 	NOT-FOR-US: MongoDB Ops Manager
 CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine where M ...)
 	NOT-FOR-US: MongoDB Compass
-CVE-2021-20333
-	RESERVED
+CVE-2021-20333 (Sending specially crafted commands to a MongoDB Server may result in a ...)
+	TODO: check
 CVE-2021-20332
 	RESERVED
 CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publish eve ...)
@@ -85003,8 +85041,8 @@ CVE-2020-14033 (An issue was discovered in janus-gateway (aka Janus WebRTC Serve
 	- janus 0.10.2-1
 	NOTE: https://github.com/meetecho/janus-gateway/pull/2229
 	NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80
-CVE-2020-14032
-	RESERVED
+CVE-2020-14032 (ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via ...)
+	TODO: check
 CVE-2020-14031 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ou ...)
 	NOT-FOR-US: Ozeki NG SMS Gateway
 CVE-2020-14030 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It sto ...)
@@ -101677,6 +101715,7 @@ CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 tha
 CVE-2020-8160 (MendixSSO <= 2.1.1 contains endpoints that make use of the openid h ...)
 	NOT-FOR-US: MendixSSO
 CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...)
+	{DLA-2719-1}
 	- ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
 	[buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
 	NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
@@ -151461,7 +151500,7 @@ CVE-2019-9985
 CVE-2019-9984
 	RESERVED
 CVE-2019-9983
-	RESERVED
+	REJECTED
 CVE-2019-9982
 	RESERVED
 CVE-2019-9981



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5435793d84b3140c4a28ae753c4670df39c55f45

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5435793d84b3140c4a28ae753c4670df39c55f45
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210723/e86bccbb/attachment.htm>