[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 29 21:10:41 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b36b4fee by security tracker role at 2021-07-29T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,217 @@
+CVE-2021-37714
+ RESERVED
+CVE-2021-37713
+ RESERVED
+CVE-2021-37712
+ RESERVED
+CVE-2021-37711
+ RESERVED
+CVE-2021-37710
+ RESERVED
+CVE-2021-37709
+ RESERVED
+CVE-2021-37708
+ RESERVED
+CVE-2021-37707
+ RESERVED
+CVE-2021-37706
+ RESERVED
+CVE-2021-37705
+ RESERVED
+CVE-2021-37704
+ RESERVED
+CVE-2021-37703
+ RESERVED
+CVE-2021-37702
+ RESERVED
+CVE-2021-37701
+ RESERVED
+CVE-2021-37700
+ RESERVED
+CVE-2021-37699
+ RESERVED
+CVE-2021-37698
+ RESERVED
+CVE-2021-37697
+ RESERVED
+CVE-2021-37696
+ RESERVED
+CVE-2021-37695
+ RESERVED
+CVE-2021-37694
+ RESERVED
+CVE-2021-37693
+ RESERVED
+CVE-2021-37692
+ RESERVED
+CVE-2021-37691
+ RESERVED
+CVE-2021-37690
+ RESERVED
+CVE-2021-37689
+ RESERVED
+CVE-2021-37688
+ RESERVED
+CVE-2021-37687
+ RESERVED
+CVE-2021-37686
+ RESERVED
+CVE-2021-37685
+ RESERVED
+CVE-2021-37684
+ RESERVED
+CVE-2021-37683
+ RESERVED
+CVE-2021-37682
+ RESERVED
+CVE-2021-37681
+ RESERVED
+CVE-2021-37680
+ RESERVED
+CVE-2021-37679
+ RESERVED
+CVE-2021-37678
+ RESERVED
+CVE-2021-37677
+ RESERVED
+CVE-2021-37676
+ RESERVED
+CVE-2021-37675
+ RESERVED
+CVE-2021-37674
+ RESERVED
+CVE-2021-37673
+ RESERVED
+CVE-2021-37672
+ RESERVED
+CVE-2021-37671
+ RESERVED
+CVE-2021-37670
+ RESERVED
+CVE-2021-37669
+ RESERVED
+CVE-2021-37668
+ RESERVED
+CVE-2021-37667
+ RESERVED
+CVE-2021-37666
+ RESERVED
+CVE-2021-37665
+ RESERVED
+CVE-2021-37664
+ RESERVED
+CVE-2021-37663
+ RESERVED
+CVE-2021-37662
+ RESERVED
+CVE-2021-37661
+ RESERVED
+CVE-2021-37660
+ RESERVED
+CVE-2021-37659
+ RESERVED
+CVE-2021-37658
+ RESERVED
+CVE-2021-37657
+ RESERVED
+CVE-2021-37656
+ RESERVED
+CVE-2021-37655
+ RESERVED
+CVE-2021-37654
+ RESERVED
+CVE-2021-37653
+ RESERVED
+CVE-2021-37652
+ RESERVED
+CVE-2021-37651
+ RESERVED
+CVE-2021-37650
+ RESERVED
+CVE-2021-37649
+ RESERVED
+CVE-2021-37648
+ RESERVED
+CVE-2021-37647
+ RESERVED
+CVE-2021-37646
+ RESERVED
+CVE-2021-37645
+ RESERVED
+CVE-2021-37644
+ RESERVED
+CVE-2021-37643
+ RESERVED
+CVE-2021-37642
+ RESERVED
+CVE-2021-37641
+ RESERVED
+CVE-2021-37640
+ RESERVED
+CVE-2021-37639
+ RESERVED
+CVE-2021-37638
+ RESERVED
+CVE-2021-37637
+ RESERVED
+CVE-2021-37636
+ RESERVED
+CVE-2021-37635
+ RESERVED
+CVE-2021-37634
+ RESERVED
+CVE-2021-37633
+ RESERVED
+CVE-2021-37632
+ RESERVED
+CVE-2021-37631
+ RESERVED
+CVE-2021-37630
+ RESERVED
+CVE-2021-37629
+ RESERVED
+CVE-2021-37628
+ RESERVED
+CVE-2021-37627
+ RESERVED
+CVE-2021-37626
+ RESERVED
+CVE-2021-37625
+ RESERVED
+CVE-2021-37624
+ RESERVED
+CVE-2021-37623
+ RESERVED
+CVE-2021-37622
+ RESERVED
+CVE-2021-37621
+ RESERVED
+CVE-2021-37620
+ RESERVED
+CVE-2021-37619
+ RESERVED
+CVE-2021-37618
+ RESERVED
+CVE-2021-37617
+ RESERVED
+CVE-2021-37616
+ RESERVED
+CVE-2021-37615
+ RESERVED
+CVE-2021-37614
+ RESERVED
+CVE-2021-37613
+ RESERVED
+CVE-2021-37612
+ RESERVED
+CVE-2021-37611
+ RESERVED
+CVE-2021-37610
+ RESERVED
+CVE-2021-37609
+ RESERVED
+CVE-2021-37608
+ RESERVED
CVE-2021-37607
RESERVED
CVE-2021-3669
@@ -978,8 +1192,8 @@ CVE-2021-37146
RESERVED
CVE-2021-37145
RESERVED
-CVE-2021-37144
- RESERVED
+CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in ...)
+ TODO: check
CVE-2021-37143
RESERVED
CVE-2021-37142
@@ -2163,14 +2377,14 @@ CVE-2021-36626
RESERVED
CVE-2021-36625
RESERVED
-CVE-2021-36624
- RESERVED
+CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0 suffers ...)
+ TODO: check
CVE-2021-36623
RESERVED
CVE-2021-36622
RESERVED
-CVE-2021-36621
- RESERVED
+CVE-2021-36621 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulner ...)
+ TODO: check
CVE-2021-36620
RESERVED
CVE-2021-36619
@@ -2644,8 +2858,7 @@ CVE-2021-36388
RESERVED
CVE-2021-36387
RESERVED
-CVE-2021-36386 [denial of service or information disclosure when logging long messages]
- RESERVED
+CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...)
- fetchmail 6.4.16-4 (unimportant)
NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
NOTE: https://gitlab.com/fetchmail/fetchmail/-/commit/c546c8299243a10a7b85c638e0e61396ecd5d8b5
@@ -13057,7 +13270,7 @@ CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object
NOTE: Fixed by: https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1
CVE-2021-3523
RESERVED
-CVE-2021-31921 (Istio before 1.8.6 and 1.9.x before 1.9.5, when a gateway is using the ...)
+CVE-2021-31921 (Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploita ...)
NOT-FOR-US: Istio
CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...)
NOT-FOR-US: Istio
@@ -13553,8 +13766,7 @@ CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in
[buster] - impacket <no-dsa> (Minor issue)
[stretch] - impacket <no-dsa> (Minor issue)
NOTE: https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f
-CVE-2021-31799 [A command injection vulnerability in RDoc]
- RESERVED
+CVE-2021-31799 (In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...)
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
@@ -17821,8 +18033,8 @@ CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows
NOT-FOR-US: Lightmeter ControlCenter
CVE-2021-30125 (Jamf Pro before 10.28.0 allows XSS related to inventory history, aka P ...)
NOT-FOR-US: Jamf Pro
-CVE-2021-30124
- RESERVED
+CVE-2021-30124 (The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1 ...)
+ TODO: check
CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec ...)
- ffmpeg <not-affected> (Only affects 4.4 development branches)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
@@ -27172,8 +27384,8 @@ CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through
NOT-FOR-US: eslint-fixer
CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...)
NOT-FOR-US: Atlassian
-CVE-2020-36239
- RESERVED
+CVE-2020-36239 (Jira Data Center, Jira Core Data Center, Jira Software Data Center fro ...)
+ TODO: check
CVE-2020-36238 (The /rest/api/1.0/render resource in Jira Server and Data Center befor ...)
NOT-FOR-US: Atlassian
CVE-2020-36237 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
@@ -33940,8 +34152,8 @@ CVE-2021-23420
RESERVED
CVE-2021-23419
RESERVED
-CVE-2021-23418
- RESERVED
+CVE-2021-23418 (The package glances before 3.2.1 are vulnerable to XML External Entity ...)
+ TODO: check
CVE-2021-23417 (All versions of package deepmergefn are vulnerable to Prototype Pollut ...)
TODO: check
CVE-2021-23416 (This affects all versions of package curly-bracket-parser. When used a ...)
@@ -38130,8 +38342,8 @@ CVE-2021-21548
RESERVED
CVE-2021-21547 (Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 ...)
NOT-FOR-US: EMC
-CVE-2021-21546
- RESERVED
+CVE-2021-21546 (Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 c ...)
+ TODO: check
CVE-2021-21545 (Dell Peripheral Manager 1.3.1 or greater contains remediation for a lo ...)
NOT-FOR-US: Dell
CVE-2021-21544 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authe ...)
@@ -38146,8 +38358,8 @@ CVE-2021-21540 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-bas
NOT-FOR-US: EMC
CVE-2021-21539 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check T ...)
NOT-FOR-US: EMC
-CVE-2021-21538
- RESERVED
+CVE-2021-21538 (Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00 ...)
+ TODO: check
CVE-2021-21537 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
NOT-FOR-US: Dell Hybrid Client
CVE-2021-21536 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
@@ -42105,8 +42317,8 @@ CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering products are vulnerable
NOT-FOR-US: IBM
CVE-2021-20506 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
NOT-FOR-US: IBM
-CVE-2021-20505
- RESERVED
+CVE-2021-20505 (The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, ...)
+ TODO: check
CVE-2021-20504 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
NOT-FOR-US: IBM
CVE-2021-20503 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
@@ -43310,14 +43522,14 @@ CVE-2021-20116
RESERVED
CVE-2021-20115
RESERVED
-CVE-2021-20114
- RESERVED
-CVE-2021-20113
- RESERVED
-CVE-2021-20112
- RESERVED
-CVE-2021-20111
- RESERVED
+CVE-2021-20114 (When installed following the default/recommended settings, TCExam < ...)
+ TODO: check
+CVE-2021-20113 (An exposure of sensitive information vulnerability exists in TCExam &l ...)
+ TODO: check
+CVE-2021-20112 (A stored cross-site scripting vulnerability exists in TCExam <= 14. ...)
+ TODO: check
+CVE-2021-20111 (A stored cross-site scripting vulnerability exists in TCExam <= 14. ...)
+ TODO: check
CVE-2021-20110 (Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS ...)
NOT-FOR-US: Manage Engine Asset Explorer Agent
CVE-2021-20109 (Due to the Asset Explorer agent not validating HTTPS certificates, an ...)
@@ -44854,6 +45066,7 @@ CVE-2021-2389 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <removed>
- mysql-8.0 <unfixed>
CVE-2021-2388 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-4946-1}
- openjdk-11 11.0.12+7-1
- openjdk-8 <unfixed>
CVE-2021-2387 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -44895,6 +45108,7 @@ CVE-2021-2371 (Vulnerability in the Oracle Coherence product of Oracle Fusion Mi
CVE-2021-2370 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2021-2369 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-4946-1}
- openjdk-11 11.0.12+7-1
- openjdk-8 <unfixed>
CVE-2021-2368 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM (componen ...)
@@ -44954,6 +45168,7 @@ CVE-2021-2342 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <removed>
- mysql-8.0 <unfixed>
CVE-2021-2341 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-4946-1}
- openjdk-11 11.0.12+7-1
- openjdk-8 <unfixed>
CVE-2021-2340 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -66020,16 +66235,16 @@ CVE-2020-22767
RESERVED
CVE-2020-22766
RESERVED
-CVE-2020-22765
- RESERVED
+CVE-2020-22765 (Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the ...)
+ TODO: check
CVE-2020-22764
RESERVED
CVE-2020-22763
RESERVED
CVE-2020-22762
RESERVED
-CVE-2020-22761
- RESERVED
+CVE-2020-22761 (Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via t ...)
+ TODO: check
CVE-2020-22760
RESERVED
CVE-2020-22759
@@ -68050,10 +68265,10 @@ CVE-2020-21811
RESERVED
CVE-2020-21810
RESERVED
-CVE-2020-21809
- RESERVED
-CVE-2020-21808
- RESERVED
+CVE-2020-21809 (SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4. ...)
+ TODO: check
+CVE-2020-21808 (SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the to ...)
+ TODO: check
CVE-2020-21807
RESERVED
CVE-2020-21806 (SQL Injection Vulnerability in ECTouch v2 via the shop page in index.p ...)
@@ -75405,8 +75620,8 @@ CVE-2020-18177
RESERVED
CVE-2020-18176
RESERVED
-CVE-2020-18175
- RESERVED
+CVE-2020-18175 (SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd a ...)
+ TODO: check
CVE-2020-18174 (A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 ...)
TODO: check
CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 al ...)
@@ -75439,10 +75654,10 @@ CVE-2020-18160
RESERVED
CVE-2020-18159
RESERVED
-CVE-2020-18158
- RESERVED
-CVE-2020-18157
- RESERVED
+CVE-2020-18158 (Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname ...)
+ TODO: check
+CVE-2020-18157 (Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a ...)
+ TODO: check
CVE-2020-18156
RESERVED
CVE-2020-18155 (SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page i ...)
@@ -109491,8 +109706,8 @@ CVE-2020-5355
RESERVED
CVE-2020-5354
RESERVED
-CVE-2020-5353
- RESERVED
+CVE-2020-5353 (The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...)
+ TODO: check
CVE-2020-5352 (Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS comma ...)
NOT-FOR-US: EMC
CVE-2020-5351 (Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an ...)
@@ -109539,8 +109754,8 @@ CVE-2020-5331 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an inform
NOT-FOR-US: RSA
CVE-2020-5330 (Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell ...)
NOT-FOR-US: EMC
-CVE-2020-5329
- RESERVED
+CVE-2020-5329 (Dell EMC Avamar Server contains an open redirect vulnerability. A remo ...)
+ TODO: check
CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized ...)
NOT-FOR-US: EMC
CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b36b4feedda2bfadcf5456082c9eef3f4f868b5e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b36b4feedda2bfadcf5456082c9eef3f4f868b5e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210729/e5e19ef5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list