[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 3 21:10:29 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5cd6e87f by security tracker role at 2021-06-03T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,64 @@
+CVE-2021-33833
+ RESERVED
+CVE-2021-33832
+ RESERVED
+CVE-2021-33831
+ RESERVED
+CVE-2021-33830
+ RESERVED
+CVE-2021-33829
+ RESERVED
+CVE-2021-33828
+ RESERVED
+CVE-2021-33827
+ RESERVED
+CVE-2021-33826
+ RESERVED
+CVE-2021-33825
+ RESERVED
+CVE-2021-33824
+ RESERVED
+CVE-2021-33823
+ RESERVED
+CVE-2021-33822
+ RESERVED
+CVE-2021-33821
+ RESERVED
+CVE-2021-33820
+ RESERVED
+CVE-2021-33819
+ RESERVED
+CVE-2021-33818
+ RESERVED
+CVE-2021-33817
+ RESERVED
+CVE-2021-33816
+ RESERVED
+CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-boun ...)
+ TODO: check
+CVE-2021-33814
+ RESERVED
+CVE-2021-33813
+ RESERVED
+CVE-2021-33812
+ RESERVED
+CVE-2021-33811
+ RESERVED
+CVE-2021-33810
+ RESERVED
+CVE-2021-33809
+ RESERVED
+CVE-2021-33808
+ RESERVED
+CVE-2021-33807
+ RESERVED
CVE-2021-3579
RESERVED
CVE-2021-3578
RESERVED
-CVE-2021-33806
- RESERVED
-CVE-2021-33805 (In the reference implementation of FUSE before 2.9.8, local attackers ...)
+CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows remote cod ...)
+ TODO: check
+CVE-2021-33805 (In the reference implementation of FUSE before 2.9.8 and 3.x before 3. ...)
TODO: check
CVE-2021-3577
RESERVED
@@ -188,8 +242,7 @@ CVE-2020-36367 (Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1,
NOT-FOR-US: Cesanta MJS
CVE-2020-36366 (Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows ...)
NOT-FOR-US: Cesanta MJS
-CVE-2021-3569 [stack corruption bug in RSA decryption]
- RESERVED
+CVE-2021-3569 (A stack corruption bug was found in libtpms in versions before 0.7.2 a ...)
- libtpms 0.8.2-1
NOTE: https://github.com/stefanberger/libtpms/commit/505ef841c00b4c096b1977c667cb957bec3a1d8b (v0.8.0)
NOTE: https://github.com/stefanberger/libtpms/commit/40cfe134c017d3aeaaed05ce71eaf9bfbe556b16 (v0.7.2)
@@ -545,7 +598,7 @@ CVE-2021-33576
RESERVED
CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...)
NOT-FOR-US: ruby-jss gem
-CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) through 2.33 h ...)
+CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32 ...)
- glibc <unfixed> (bug #989147)
[bullseye] - glibc <no-dsa> (Minor issue)
[buster] - glibc <no-dsa> (Minor issue)
@@ -1986,8 +2039,8 @@ CVE-2021-32928
RESERVED
CVE-2021-32927
RESERVED
-CVE-2021-32926
- RESERVED
+CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
+ TODO: check
CVE-2021-3551
RESERVED
CVE-2021-3550
@@ -1996,8 +2049,8 @@ CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.14 reads XML data without
NOT-FOR-US: Chamilo
CVE-2021-32924 (Invision Community (aka IPS Community Suite) before 4.6.0 allows eval- ...)
NOT-FOR-US: Invision Community (aka IPS Community Suite)
-CVE-2021-32923
- RESERVED
+CVE-2021-32923 (HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-exp ...)
+ TODO: check
CVE-2021-32922
RESERVED
CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not use a co ...)
@@ -2551,10 +2604,10 @@ CVE-2021-32663
RESERVED
CVE-2021-32662
RESERVED
-CVE-2021-32661
- RESERVED
-CVE-2021-32660
- RESERVED
+CVE-2021-32661 (Backstage is an open platform for building developer portals. In versi ...)
+ TODO: check
+CVE-2021-32660 (Backstage is an open platform for building developer portals, and tech ...)
+ TODO: check
CVE-2021-32659
RESERVED
CVE-2021-32658
@@ -3077,13 +3130,13 @@ CVE-2021-32462
RESERVED
CVE-2021-32461
RESERVED
-CVE-2021-32460
- RESERVED
-CVE-2021-32459 (A hard-coded password vulnerability exists in the SFTP Log Collection ...)
+CVE-2021-32460 (The Trend Micro Maximum Security 2021 (v17) consumer product is vulner ...)
+ TODO: check
+CVE-2021-32459 (Trend Micro Home Network Security version 6.6.604 and earlier contains ...)
NOT-FOR-US: Trend Micro
-CVE-2021-32458 (A privilege escalation vulnerability exists in the tdts.ko chrdev_ioct ...)
+CVE-2021-32458 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...)
NOT-FOR-US: Trend Micro
-CVE-2021-32457 (A privilege escalation vulnerability exists in the tdts.ko chrdev_ioct ...)
+CVE-2021-32457 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...)
NOT-FOR-US: Trend Micro
CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
NOT-FOR-US: SITEL CAP/PRX firmware
@@ -4597,10 +4650,10 @@ CVE-2021-31833
RESERVED
CVE-2021-31832
RESERVED
-CVE-2021-31831
- RESERVED
-CVE-2021-31830
- RESERVED
+CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...)
+ TODO: check
+CVE-2021-31830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Des ...)
- libphp-phpmailer 6.2.0-2 (bug #988732)
[buster] - libphp-phpmailer <not-affected> (Regression introduced in 6.1.8)
@@ -11827,10 +11880,10 @@ CVE-2021-28850
RESERVED
CVE-2021-28849
RESERVED
-CVE-2021-28848
- RESERVED
-CVE-2021-28847
- RESERVED
+CVE-2021-28848 (Mintty before 3.4.5 allows remote servers to cause a denial of service ...)
+ TODO: check
+CVE-2021-28847 (MobaXterm before 21.0 allows remote servers to cause a denial of servi ...)
+ TODO: check
CVE-2021-28846
RESERVED
CVE-2021-28845
@@ -17151,8 +17204,8 @@ CVE-2021-26586
RESERVED
CVE-2021-26585
RESERVED
-CVE-2021-26584
- RESERVED
+CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter (OV4VC) cou ...)
+ TODO: check
CVE-2021-26583 (A potential security vulnerability was identified in HPE iLO Amplifier ...)
NOT-FOR-US: HPE
CVE-2021-26582 (A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgf ...)
@@ -20694,6 +20747,7 @@ CVE-2021-25219
CVE-2021-25218
RESERVED
CVE-2021-25217 (In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 ( ...)
+ {DLA-2674-1}
- isc-dhcp 4.4.1-2.3 (bug #989157)
[buster] - isc-dhcp <no-dsa> (Can be fixed via point release)
NOTE: https://kb.isc.org/docs/cve-2021-25217
@@ -23177,8 +23231,8 @@ CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote
- hhvm <removed>
CVE-2021-24024 (A clear text storage of sensitive information into log file vulnerabil ...)
NOT-FOR-US: FortiADCManager
-CVE-2021-24023
- RESERVED
+CVE-2021-24023 (An improper input validation in FortiAI v1.4.0 and earlier may allow a ...)
+ TODO: check
CVE-2021-24022
RESERVED
CVE-2021-24021
@@ -27070,8 +27124,8 @@ CVE-2021-22338
RESERVED
CVE-2021-22337
RESERVED
-CVE-2021-22336
- RESERVED
+CVE-2021-22336 (There is an Improper Control of Generation of Code vulnerability in Hu ...)
+ TODO: check
CVE-2021-22335
RESERVED
CVE-2021-22334
@@ -27092,14 +27146,14 @@ CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei smart
NOT-FOR-US: Huawei
CVE-2021-22326
RESERVED
-CVE-2021-22325
- RESERVED
-CVE-2021-22324
- RESERVED
+CVE-2021-22325 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
+ TODO: check
+CVE-2021-22324 (There is a Credentials Management Errors vulnerability in Huawei Smart ...)
+ TODO: check
CVE-2021-22323
RESERVED
-CVE-2021-22322
- RESERVED
+CVE-2021-22322 (There is a Missing Authentication for Critical Function vulnerability ...)
+ TODO: check
CVE-2021-22321 (There is a use-after-free vulnerability in a Huawei product. A module ...)
NOT-FOR-US: Huawei
CVE-2021-22320 (There is a denial of service vulnerability in Huawei products. A modul ...)
@@ -27108,16 +27162,16 @@ CVE-2021-22319
RESERVED
CVE-2021-22318
RESERVED
-CVE-2021-22317
- RESERVED
-CVE-2021-22316
- RESERVED
+CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
+ TODO: check
+CVE-2021-22316 (There is a Missing Authentication for Critical Function vulnerability ...)
+ TODO: check
CVE-2021-22315
RESERVED
CVE-2021-22314 (There is a local privilege escalation vulnerability in some versions o ...)
NOT-FOR-US: Huawei
-CVE-2021-22313
- RESERVED
+CVE-2021-22313 (There is a Security Function vulnerability in Huawei Smartphone. Succe ...)
+ TODO: check
CVE-2021-22312 (There is a memory leak vulnerability in some Huawei products. An authe ...)
NOT-FOR-US: Huawei
CVE-2021-22311 (There is an improper permission assignment vulnerability in Huawei Man ...)
@@ -27126,8 +27180,8 @@ CVE-2021-22310 (There is an information leakage vulnerability in some huawei pro
NOT-FOR-US: Huawei
CVE-2021-22309 (There is insecure algorithm vulnerability in Huawei products. A module ...)
NOT-FOR-US: Huawei
-CVE-2021-22308
- RESERVED
+CVE-2021-22308 (There is a Business Logic Errors vulnerability in Huawei Smartphone. T ...)
+ TODO: check
CVE-2021-22307 (There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7 ...)
NOT-FOR-US: Huawei
CVE-2021-22306 (There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E ...)
@@ -27533,8 +27587,8 @@ CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 contain an information di
- elasticsearch <removed>
CVE-2021-22131
RESERVED
-CVE-2021-22130
- RESERVED
+CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy physical app ...)
+ TODO: check
CVE-2021-22129
RESERVED
CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal ...)
@@ -32924,8 +32978,8 @@ CVE-2021-20382
RESERVED
CVE-2021-20381
RESERVED
-CVE-2021-20380
- RESERVED
+CVE-2021-20380 (IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRad ...)
+ TODO: check
CVE-2021-20379
RESERVED
CVE-2021-20378
@@ -41013,8 +41067,7 @@ CVE-2020-28471
RESERVED
CVE-2020-28470 (This affects the package @scullyio/scully before 1.0.9. The transfer s ...)
NOT-FOR-US: scully
-CVE-2020-28469
- RESERVED
+CVE-2020-28469 (This affects the package glob-parent before 5.1.2. The enclosure regex ...)
- node-glob-parent 5.1.1+~5.1.0-2
[buster] - node-glob-parent <no-dsa> (Minor issue)
[stretch] - node-glob-parent <postponed> (Minor issue; can be fixed in next update)
@@ -59994,12 +60047,12 @@ CVE-2020-21007
RESERVED
CVE-2020-21006
RESERVED
-CVE-2020-21005
- RESERVED
+CVE-2020-21005 (WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to t ...)
+ TODO: check
CVE-2020-21004
RESERVED
-CVE-2020-21003
- RESERVED
+CVE-2020-21003 (Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin. ...)
+ TODO: check
CVE-2020-21002
RESERVED
CVE-2020-21001
@@ -186982,7 +187035,7 @@ CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS 5
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13375 (An Improper Neutralization of Script-Related HTML Tags in Fortinet For ...)
NOT-FOR-US: FortiAnalyzer and FortiManager
-CVE-2018-13374 (A Improper Access Control in Fortinet FortiOS allows attacker to obtai ...)
+CVE-2018-13374 (A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13373
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd6e87fe5eee3448b231d7328da67d8bfcd0938
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd6e87fe5eee3448b231d7328da67d8bfcd0938
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210603/bcef9947/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list