[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 28 09:10:26 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8174bdde by security tracker role at 2021-07-28T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2021-37598
+ RESERVED
+CVE-2021-37597
+ RESERVED
+CVE-2021-37596 (Telegram Web K Alpha 0.6.1 allows XSS via a document name. ...)
+ TODO: check
+CVE-2021-37595 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...)
+ TODO: check
+CVE-2021-37594 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...)
+ TODO: check
+CVE-2021-37593 (PEEL Shopping before 9.4.0.1 allows remote SQL injection. A public use ...)
+ TODO: check
+CVE-2021-37592
+ RESERVED
+CVE-2021-37591
+ RESERVED
+CVE-2021-37590
+ RESERVED
+CVE-2021-37589
+ RESERVED
+CVE-2021-37588 (In Charm 0.43, any two users can collude to achieve the ability to dec ...)
+ TODO: check
+CVE-2021-37587 (In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 dat ...)
+ TODO: check
+CVE-2021-37586
+ RESERVED
+CVE-2021-37585
+ RESERVED
+CVE-2021-37584
+ RESERVED
+CVE-2021-37583
+ RESERVED
+CVE-2021-37582
+ RESERVED
+CVE-2021-37581
+ RESERVED
+CVE-2021-37580
+ RESERVED
+CVE-2021-37579
+ RESERVED
+CVE-2021-3667
+ RESERVED
CVE-2021-37578
RESERVED
CVE-2021-37577
@@ -1216,8 +1258,7 @@ CVE-2021-36985
RESERVED
CVE-2021-36984
RESERVED
-CVE-2021-36983
- RESERVED
+CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to ...)
NOT-FOR-US: ReplaySorcery
CVE-2021-36982
RESERVED
@@ -2109,8 +2150,8 @@ CVE-2021-36607
RESERVED
CVE-2021-36606
RESERVED
-CVE-2021-36605
- RESERVED
+CVE-2021-36605 (engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is ...)
+ TODO: check
CVE-2021-36604
RESERVED
CVE-2021-36603
@@ -3519,8 +3560,8 @@ CVE-2021-36006
RESERVED
CVE-2021-36005
RESERVED
-CVE-2021-36004
- RESERVED
+CVE-2021-36004 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
+ TODO: check
CVE-2021-36003
RESERVED
CVE-2021-36002
@@ -4647,10 +4688,10 @@ CVE-2021-35481
RESERVED
CVE-2021-35480
RESERVED
-CVE-2021-35479
- RESERVED
-CVE-2021-35478
- RESERVED
+CVE-2021-35479 (Nagios Log Server before 2.1.9 contains Stored XSS in the custom colum ...)
+ TODO: check
+CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown ...)
+ TODO: check
CVE-2021-35477
RESERVED
CVE-2021-35476
@@ -6142,8 +6183,8 @@ CVE-2021-34804
RESERVED
CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...)
NOT-FOR-US: TeamViewer
-CVE-2021-34802
- RESERVED
+CVE-2021-34802 (A failure in resetting the security context in some transaction action ...)
+ TODO: check
CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of service (ap ...)
NOT-FOR-US: Valine
CVE-2021-34800
@@ -7015,8 +7056,8 @@ CVE-2021-34434
RESERVED
CVE-2021-34433
RESERVED
-CVE-2021-34432
- RESERVED
+CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...)
+ TODO: check
CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...)
- mosquitto 2.0.11-1
[buster] - mosquitto <not-affected> (Vulnerable code introduced later)
@@ -10799,8 +10840,8 @@ CVE-2021-32798
RESERVED
CVE-2021-32797
RESERVED
-CVE-2021-32796
- RESERVED
+CVE-2021-32796 (xmldom is an open source pure JavaScript W3C standard-based (XML DOM L ...)
+ TODO: check
CVE-2021-32795 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...)
NOT-FOR-US: ArchiSteamFarm
CVE-2021-32794 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...)
@@ -10820,8 +10861,8 @@ CVE-2021-32790 (Woocommerce is an open source eCommerce plugin for WordPress. An
NOT-FOR-US: Woocommerce
CVE-2021-32789 (woocommerce-gutenberg-products-block is a feature plugin for WooCommer ...)
NOT-FOR-US: woocommerce-gutenberg-products-block
-CVE-2021-32788
- RESERVED
+CVE-2021-32788 (Discourse is an open source discussion platform. In versions prior to ...)
+ TODO: check
CVE-2021-32787
RESERVED
CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
@@ -10919,8 +10960,8 @@ CVE-2021-32749 (fail2ban is a daemon to ban hosts that cause multiple authentica
NOTE: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 (0.10, 0.11, 1.0)
NOTE: Fix introduces regression for installations with mail command from the bsd-mailx package:
NOTE: https://github.com/fail2ban/fail2ban/issues/3059
-CVE-2021-32748
- RESERVED
+CVE-2021-32748 (Nextcloud Richdocuments in an open source self hosted online office. N ...)
+ TODO: check
CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, framework, an ...)
[experimental] - icingaweb2 2.8.3-1~exp1
- icingaweb2 <unfixed> (bug #991116)
@@ -15785,12 +15826,14 @@ CVE-2021-30763
RESERVED
CVE-2021-30762
RESERVED
+ {DSA-4681-1}
- webkit2gtk 2.28.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
CVE-2021-30761
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.1-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.26.3-1
@@ -15977,6 +16020,7 @@ CVE-2021-30683
RESERVED
CVE-2021-30682
RESERVED
+ {DSA-4923-1}
- webkit2gtk 2.32.0-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.0-2
@@ -16013,6 +16057,7 @@ CVE-2021-30667
RESERVED
CVE-2021-30666
RESERVED
+ {DSA-4558-1}
- webkit2gtk 2.26.1-2
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.26.3-1
@@ -16035,6 +16080,7 @@ CVE-2021-30662
RESERVED
CVE-2021-30661
RESERVED
+ {DSA-4797-1}
- webkit2gtk 2.30.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.0-1
@@ -16726,8 +16772,8 @@ CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The functi
NOTE: https://sourceforge.net/p/ezxml/bugs/25
CVE-2021-30484
RESERVED
-CVE-2021-30483
- RESERVED
+CVE-2021-30483 (isomorphic-git before 1.8.2 allows Directory Traversal via a crafted r ...)
+ TODO: check
CVE-2021-30482 (In JetBrains UpSource before 2020.1.1883, application passwords were n ...)
NOT-FOR-US: JetBrains
CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is installed ...)
@@ -20502,8 +20548,8 @@ CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS vulnerabil
NOT-FOR-US: PunBB
CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio Code al ...)
NOT-FOR-US: MATLAB extenstion for vscode
-CVE-2021-28966
- RESERVED
+CVE-2021-28966 (In Ruby through 3.0 on Windows, a remote attacker can submit a crafted ...)
+ TODO: check
CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, a ...)
- ruby2.7 2.7.3-1 (bug #986807)
- ruby2.5 <removed>
@@ -21229,8 +21275,8 @@ CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.P
[stretch] - pillow <ignored> (Minor issue, too intrusive to backport)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
NOTE: https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497
-CVE-2021-28674
- RESERVED
+CVE-2021-28674 (The node management page in SolarWinds Orion Platform before 2020.2.5 ...)
+ TODO: check
CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...)
NOT-FOR-US: Xerox
CVE-2021-28672 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...)
@@ -28433,15 +28479,19 @@ CVE-2021-25806
CVE-2021-25805
RESERVED
CVE-2021-25804 (A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Pl ...)
+ {DSA-4834-1}
- vlc 3.0.12-1
NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c (v3.0.12)
CVE-2021-25803 (A buffer overflow vulnerability in the vlc_input_attachment_New compon ...)
+ {DSA-4834-1}
- vlc 3.0.12-1
NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb (v3.0.12)
CVE-2021-25802 (A buffer overflow vulnerability in the AVI_ExtractSubtitle component o ...)
+ {DSA-4834-1}
- vlc 3.0.12-1
NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72 (v3.0.12)
CVE-2021-25801 (A buffer overflow vulnerability in the __Parse_indx component of Video ...)
+ {DSA-4834-1}
- vlc 3.0.12-1
NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2 (v3.0.12)
CVE-2021-25800
@@ -41357,20 +41407,20 @@ CVE-2021-20791
RESERVED
CVE-2021-20790
RESERVED
-CVE-2021-20789
- RESERVED
-CVE-2021-20788
- RESERVED
-CVE-2021-20787
- RESERVED
-CVE-2021-20786
- RESERVED
-CVE-2021-20785
- RESERVED
+CVE-2021-20789 (Open redirect vulnerability in GroupSession (GroupSession Free edition ...)
+ TODO: check
+CVE-2021-20788 (Server-side request forgery (SSRF) vulnerability in GroupSession (Grou ...)
+ TODO: check
+CVE-2021-20787 (Cross-site scripting vulnerability in GroupSession (GroupSession Free ...)
+ TODO: check
+CVE-2021-20786 (Cross-site request forgery (CSRF) vulnerability in GroupSession (Group ...)
+ TODO: check
+CVE-2021-20785 (Cross-site scripting vulnerability in GroupSession (GroupSession Free ...)
+ TODO: check
CVE-2021-20784 (HTTP header injection vulnerability in Everything all versions except ...)
NOT-FOR-US: Everything
-CVE-2021-20783
- RESERVED
+CVE-2021-20783 (Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-W ...)
+ TODO: check
CVE-2021-20782 (Cross-site request forgery (CSRF) vulnerability in Software License Ma ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-20781 (Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data ...)
@@ -41814,8 +41864,8 @@ CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6
NOT-FOR-US: IBM
CVE-2021-20563
RESERVED
-CVE-2021-20562
- RESERVED
+CVE-2021-20562 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 ...)
+ TODO: check
CVE-2021-20561
RESERVED
CVE-2021-20560 (IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 ...)
@@ -42140,8 +42190,8 @@ CVE-2021-20401 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, suc
NOT-FOR-US: IBM
CVE-2021-20400
RESERVED
-CVE-2021-20399
- RESERVED
+CVE-2021-20399 (IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulner ...)
+ TODO: check
CVE-2021-20398
RESERVED
CVE-2021-20397 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
@@ -45918,12 +45968,14 @@ CVE-2021-1827
RESERVED
CVE-2021-1826
RESERVED
+ {DSA-4797-1}
- webkit2gtk 2.30.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.0-1
NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
CVE-2021-1825
RESERVED
+ {DSA-4797-1}
- webkit2gtk 2.30.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.0-1
@@ -45938,6 +45990,7 @@ CVE-2021-1821
RESERVED
CVE-2021-1820
RESERVED
+ {DSA-4797-1}
- webkit2gtk 2.30.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.0-1
@@ -45948,6 +46001,7 @@ CVE-2021-1818 (A logic issue was addressed with improved state management. This
NOT-FOR-US: Apple
CVE-2021-1817
RESERVED
+ {DSA-4797-1}
- webkit2gtk 2.30.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.0-1
@@ -58019,8 +58073,8 @@ CVE-2020-26182 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorre
NOT-FOR-US: EMC
CVE-2020-26181 (Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale O ...)
NOT-FOR-US: EMC
-CVE-2020-26180
- RESERVED
+CVE-2020-26180 (Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC Po ...)
+ TODO: check
CVE-2020-26179
RESERVED
CVE-2020-26178 (In tangro Business Workflow before 1.18.1, knowing an attachment ID, i ...)
@@ -67863,8 +67917,8 @@ CVE-2020-21808
RESERVED
CVE-2020-21807
RESERVED
-CVE-2020-21806
- RESERVED
+CVE-2020-21806 (SQL Injection Vulnerability in ECTouch v2 via the shop page in index.p ...)
+ TODO: check
CVE-2020-21805
RESERVED
CVE-2020-21804
@@ -70089,14 +70143,14 @@ CVE-2020-20703
RESERVED
CVE-2020-20702
RESERVED
-CVE-2020-20701
- RESERVED
-CVE-2020-20700
- RESERVED
-CVE-2020-20699
- RESERVED
-CVE-2020-20698
- RESERVED
+CVE-2020-20701 (A stored cross site scripting (XSS) vulnerability in /app/config/of S- ...)
+ TODO: check
+CVE-2020-20700 (A stored cross site scripting (XSS) vulnerability in /app/form_add/of ...)
+ TODO: check
+CVE-2020-20699 (A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows at ...)
+ TODO: check
+CVE-2020-20698 (A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP ...)
+ TODO: check
CVE-2020-20697
RESERVED
CVE-2020-20696
@@ -73301,8 +73355,8 @@ CVE-2020-19120
RESERVED
CVE-2020-19119
RESERVED
-CVE-2020-19118
- RESERVED
+CVE-2020-19118 (Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_cod ...)
+ TODO: check
CVE-2020-19117
RESERVED
CVE-2020-19116
@@ -75539,8 +75593,8 @@ CVE-2020-18015
RESERVED
CVE-2020-18014
RESERVED
-CVE-2020-18013
- RESERVED
+CVE-2020-18013 (SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter ...)
+ TODO: check
CVE-2020-18012
RESERVED
CVE-2020-18011
@@ -77991,8 +78045,8 @@ CVE-2020-16841
RESERVED
CVE-2020-16840
RESERVED
-CVE-2020-16839
- RESERVED
+CVE-2020-16839 (On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before th ...)
+ TODO: check
CVE-2020-16838
RESERVED
CVE-2020-16837
@@ -82666,8 +82720,8 @@ CVE-2020-15001 (An information leak was discovered on Yubico YubiKey 5 NFC devic
NOT-FOR-US: Yubico YubiKey 5 NFC devices
CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5 devices 5. ...)
NOT-FOR-US: Yubico YubiKey 5 devices
-CVE-2020-14999
- RESERVED
+CVE-2020-14999 (A logic bug in system monitoring driver of Acronis Agent after 12.5.21 ...)
+ TODO: check
CVE-2020-14998
RESERVED
CVE-2020-14997
@@ -109302,8 +109356,8 @@ CVE-2020-5353
RESERVED
CVE-2020-5352 (Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS comma ...)
NOT-FOR-US: EMC
-CVE-2020-5351
- RESERVED
+CVE-2020-5351 (Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an ...)
+ TODO: check
CVE-2020-5350 (Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, ...)
NOT-FOR-US: EMC
CVE-2020-5349 (Dell EMC Networking S4100 and S5200 Series Switches manufactured prior ...)
@@ -109322,8 +109376,8 @@ CVE-2020-5343 (Dell Client platforms restored using a Dell OS recovery image dow
NOT-FOR-US: Dell
CVE-2020-5342 (Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect ...)
NOT-FOR-US: Dell
-CVE-2020-5341
- RESERVED
+CVE-2020-5341 (Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server ...)
+ TODO: check
CVE-2020-5340 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...)
NOT-FOR-US: RSA Authentication Manager
CVE-2020-5339 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8174bddee941b1fd82f30f1b38045e109e419356
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8174bddee941b1fd82f30f1b38045e109e419356
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210728/ee2a9d8e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list