[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 9 21:10:34 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb2e60d4 by security tracker role at 2021-06-09T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2021-3591
+ RESERVED
+CVE-2021-3590
+ RESERVED
+CVE-2021-3589
+ RESERVED
+CVE-2021-34437
+ RESERVED
+CVE-2021-34436
+ RESERVED
+CVE-2021-34435
+ RESERVED
+CVE-2021-34434
+ RESERVED
+CVE-2021-34433
+ RESERVED
+CVE-2021-34432
+ RESERVED
+CVE-2021-34431
+ RESERVED
+CVE-2021-34430
+ RESERVED
+CVE-2021-34429
+ RESERVED
+CVE-2021-34428
+ RESERVED
+CVE-2021-34427
+ RESERVED
+CVE-2021-34426
+ RESERVED
+CVE-2021-34425
+ RESERVED
+CVE-2021-34424
+ RESERVED
+CVE-2021-34423
+ RESERVED
+CVE-2021-34422
+ RESERVED
+CVE-2021-34421
+ RESERVED
+CVE-2021-34420
+ RESERVED
+CVE-2021-34419
+ RESERVED
+CVE-2021-34418
+ RESERVED
+CVE-2021-34417
+ RESERVED
+CVE-2021-34416
+ RESERVED
+CVE-2021-34415
+ RESERVED
+CVE-2021-34414
+ RESERVED
+CVE-2021-34413
+ RESERVED
+CVE-2021-34412
+ RESERVED
+CVE-2021-34411
+ RESERVED
+CVE-2021-34410
+ RESERVED
+CVE-2021-34409
+ RESERVED
+CVE-2021-34408
+ RESERVED
+CVE-2021-34407
+ RESERVED
+CVE-2021-34406
+ RESERVED
+CVE-2021-34405
+ RESERVED
+CVE-2021-34404
+ RESERVED
+CVE-2021-34403
+ RESERVED
+CVE-2021-34402
+ RESERVED
+CVE-2021-34401
+ RESERVED
+CVE-2021-34400
+ RESERVED
+CVE-2021-34399
+ RESERVED
+CVE-2021-34398
+ RESERVED
+CVE-2021-34397
+ RESERVED
+CVE-2021-34396
+ RESERVED
+CVE-2021-34395
+ RESERVED
+CVE-2021-34394
+ RESERVED
+CVE-2021-34393
+ RESERVED
+CVE-2021-34392
+ RESERVED
+CVE-2021-34391
+ RESERVED
+CVE-2021-34390
+ RESERVED
+CVE-2021-34389
+ RESERVED
+CVE-2021-34388
+ RESERVED
+CVE-2021-34387
+ RESERVED
+CVE-2021-34386
+ RESERVED
+CVE-2021-34385
+ RESERVED
+CVE-2021-34384
+ RESERVED
+CVE-2021-34383
+ RESERVED
+CVE-2021-34382
+ RESERVED
+CVE-2021-34381
+ RESERVED
+CVE-2021-34380
+ RESERVED
+CVE-2021-34379
+ RESERVED
+CVE-2021-34378
+ RESERVED
+CVE-2021-34377
+ RESERVED
+CVE-2021-34376
+ RESERVED
+CVE-2021-34375
+ RESERVED
+CVE-2021-34374
+ RESERVED
+CVE-2021-34373
+ RESERVED
+CVE-2021-34372
+ RESERVED
+CVE-2021-34371
+ RESERVED
+CVE-2021-34370 (Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do s ...)
+ TODO: check
+CVE-2021-34369 (portlets/contact/ref/refContactDetail.do in Accela Civic Platform thro ...)
+ TODO: check
+CVE-2021-34368
+ RESERVED
+CVE-2021-34367
+ RESERVED
+CVE-2021-34366
+ RESERVED
+CVE-2021-34365
+ RESERVED
+CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow XSS via ...)
+ TODO: check
+CVE-2021-34363
+ RESERVED
CVE-2021-34362
RESERVED
CVE-2021-34361
@@ -992,8 +1148,8 @@ CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traver
NOTE: https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 (v0.2.1)
CVE-2021-33895
RESERVED
-CVE-2021-33894
- RESERVED
+CVE-2021-33894 (In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before ...)
+ TODO: check
CVE-2021-33893
RESERVED
CVE-2021-33892
@@ -1104,10 +1260,10 @@ CVE-2021-3580 [Remote crash in RSA decryption via manipulated ciphertext]
NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
CVE-2021-33844
RESERVED
-CVE-2021-33842
- RESERVED
-CVE-2021-33841
- RESERVED
+CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...)
+ TODO: check
+CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...)
+ TODO: check
CVE-2021-23210
RESERVED
CVE-2021-23172
@@ -1128,8 +1284,7 @@ CVE-2021-33835
RESERVED
CVE-2021-33834
RESERVED
-CVE-2021-33833 [dnsproxy: Check the length of buffers before memcpy]
- RESERVED
+CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...)
- connman <unfixed> (bug #989662)
NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
@@ -1139,8 +1294,8 @@ CVE-2021-33831
RESERVED
CVE-2021-33830
RESERVED
-CVE-2021-33829
- RESERVED
+CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...)
+ TODO: check
CVE-2021-33828
RESERVED
CVE-2021-33827
@@ -1197,8 +1352,8 @@ CVE-2021-3578 [possible remote code execution in isync/mbsync]
NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/1
CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows remote cod ...)
NOT-FOR-US: BDew BdLib library
-CVE-2021-33805 (In the reference implementation of FUSE before 2.9.8 and 3.x before 3. ...)
- TODO: check
+CVE-2021-33805
+ REJECTED
CVE-2021-3577
RESERVED
CVE-2021-3576
@@ -1545,28 +1700,28 @@ CVE-2021-33671
RESERVED
CVE-2021-33670
RESERVED
-CVE-2021-33669
- RESERVED
-CVE-2021-33668
- RESERVED
+CVE-2021-33669 (Under certain conditions, SAP Mobile SDK Certificate Provider allows a ...)
+ TODO: check
+CVE-2021-33668 (Due to improper input sanitization, specially crafted LDAP queries can ...)
+ TODO: check
CVE-2021-33667
RESERVED
-CVE-2021-33666
- RESERVED
-CVE-2021-33665
- RESERVED
-CVE-2021-33664
- RESERVED
-CVE-2021-33663
- RESERVED
-CVE-2021-33662
- RESERVED
-CVE-2021-33661
- RESERVED
-CVE-2021-33660
- RESERVED
-CVE-2021-33659
- RESERVED
+CVE-2021-33666 (When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it ...)
+ TODO: check
+CVE-2021-33665 (SAP NetWeaver Application Server ABAP (Applications based on SAP GUI f ...)
+ TODO: check
+CVE-2021-33664 (SAP NetWeaver Application Server ABAP (Applications based on Web Dynpr ...)
+ TODO: check
+CVE-2021-33663 (SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - ...)
+ TODO: check
+CVE-2021-33662 (Under certain conditions, the installation of SAP Business One, versio ...)
+ TODO: check
+CVE-2021-33661 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ TODO: check
+CVE-2021-33660 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ TODO: check
+CVE-2021-33659 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ TODO: check
CVE-2021-33658
RESERVED
CVE-2021-33657
@@ -1713,7 +1868,7 @@ CVE-2021-33589
RESERVED
CVE-2021-33588
RESERVED
-CVE-2021-33587 (The css-what package before 5.0.1 for Node.js does not ensure that att ...)
+CVE-2021-33587 (The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...)
- node-css-what <unfixed> (bug #989264)
[bullseye] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series)
[buster] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series)
@@ -2239,14 +2394,14 @@ CVE-2021-33361
RESERVED
CVE-2021-33360
RESERVED
-CVE-2021-33359
- RESERVED
-CVE-2021-33358
- RESERVED
-CVE-2021-33357
- RESERVED
-CVE-2021-33356
- RESERVED
+CVE-2021-33359 (A vulnerability exists in gowitness < 2.3.6 that allows an unauthen ...)
+ TODO: check
+CVE-2021-33358 (Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interfac ...)
+ TODO: check
+CVE-2021-33357 (A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET param ...)
+ TODO: check
+CVE-2021-33356 (Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 c ...)
+ TODO: check
CVE-2021-33355
RESERVED
CVE-2021-33354
@@ -2658,7 +2813,7 @@ CVE-2021-33479 [stack-based buffer overflow in measure_pitch() in pgm2asc.c]
NOTE: https://sourceforge.net/p/jocr/bugs/39/
NOTE: Crash in CLI tool, no security impact
CVE-2021-33477 (rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (po ...)
- {DLA-2671-1}
+ {DLA-2683-1 DLA-2682-1 DLA-2681-1 DLA-2671-1}
- rxvt <removed>
- rxvt-unicode 9.22-11 (bug #988763)
[buster] - rxvt-unicode <no-dsa> (Minor issue)
@@ -3188,8 +3343,8 @@ CVE-2021-32944
RESERVED
CVE-2021-32943
RESERVED
-CVE-2021-32942
- RESERVED
+CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...)
+ TODO: check
CVE-2021-32941
RESERVED
CVE-2021-32940
@@ -3755,8 +3910,8 @@ CVE-2021-32679
RESERVED
CVE-2021-32678
RESERVED
-CVE-2021-32677
- RESERVED
+CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ based on ...)
+ TODO: check
CVE-2021-32676
RESERVED
CVE-2021-32675
@@ -5315,8 +5470,7 @@ CVE-2018-25014 (A flaw was found in libwebp in versions before 1.0.1. An unitial
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
CVE-2021-3534
RESERVED
-CVE-2021-3533
- RESERVED
+CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR ...)
- ansible <unfixed>
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
@@ -5352,8 +5506,7 @@ CVE-2021-32013
RESERVED
CVE-2021-32012
RESERVED
-CVE-2021-3532
- RESERVED
+CVE-2021-3532 (A flaw was found in Ansible where the secret information present in as ...)
- ansible <unfixed>
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
@@ -5830,8 +5983,8 @@ CVE-2021-31839
RESERVED
CVE-2021-31838
RESERVED
-CVE-2021-31837
- RESERVED
+CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...)
+ TODO: check
CVE-2021-31836
RESERVED
CVE-2021-31835
@@ -5840,8 +5993,8 @@ CVE-2021-31834
RESERVED
CVE-2021-31833
RESERVED
-CVE-2021-31832
- RESERVED
+CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...)
+ TODO: check
CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...)
NOT-FOR-US: McAfee
CVE-2021-31830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -9943,8 +10096,8 @@ CVE-2021-30135
RESERVED
CVE-2021-30134
RESERVED
-CVE-2021-30133
- RESERVED
+CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, C ...)
+ TODO: check
CVE-2021-30132
RESERVED
CVE-2021-30131
@@ -10247,8 +10400,8 @@ CVE-2021-29997 (An issue was discovered in Wind River VxWorks 7 before 21.03. A
NOT-FOR-US: Helix ALM
CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...)
NOT-FOR-US: marktext
-CVE-2021-29995
- RESERVED
+CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in CloverD ...)
+ TODO: check
CVE-2021-29994
RESERVED
CVE-2021-29993
@@ -12583,8 +12736,8 @@ CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's A
NOT-FOR-US: Liferay
CVE-2021-29050
RESERVED
-CVE-2021-29049
- RESERVED
+CVE-2021-29049 (Cross-site scripting (XSS) vulnerability in the Portal Workflow module ...)
+ TODO: check
CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout module's page a ...)
NOT-FOR-US: Liferay
CVE-2021-29047 (The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Li ...)
@@ -15982,54 +16135,54 @@ CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka g
NOTE: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919
CVE-2021-27644
RESERVED
-CVE-2021-27643
- RESERVED
-CVE-2021-27642
- RESERVED
-CVE-2021-27641
- RESERVED
-CVE-2021-27640
- RESERVED
-CVE-2021-27639
- RESERVED
-CVE-2021-27638
- RESERVED
-CVE-2021-27637
- RESERVED
+CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ TODO: check
+CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ TODO: check
+CVE-2021-27641 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ TODO: check
+CVE-2021-27640 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ TODO: check
+CVE-2021-27639 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ TODO: check
+CVE-2021-27638 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ TODO: check
+CVE-2021-27637 (Under certain conditions SAP Enable Now (SAP Workforce Performance Bui ...)
+ TODO: check
CVE-2021-27636
RESERVED
-CVE-2021-27635
- RESERVED
-CVE-2021-27634
- RESERVED
-CVE-2021-27633
- RESERVED
-CVE-2021-27632
- RESERVED
-CVE-2021-27631
- RESERVED
-CVE-2021-27630
- RESERVED
-CVE-2021-27629
- RESERVED
-CVE-2021-27628
- RESERVED
-CVE-2021-27627
- RESERVED
-CVE-2021-27626
- RESERVED
-CVE-2021-27625
- RESERVED
-CVE-2021-27624
- RESERVED
-CVE-2021-27623
- RESERVED
-CVE-2021-27622
- RESERVED
-CVE-2021-27621
- RESERVED
-CVE-2021-27620
- RESERVED
+CVE-2021-27635 (SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, al ...)
+ TODO: check
+CVE-2021-27634 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...)
+ TODO: check
+CVE-2021-27633 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...)
+ TODO: check
+CVE-2021-27632 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ TODO: check
+CVE-2021-27631 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ TODO: check
+CVE-2021-27630 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ TODO: check
+CVE-2021-27629 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ TODO: check
+CVE-2021-27628 (SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - K ...)
+ TODO: check
+CVE-2021-27627 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ TODO: check
+CVE-2021-27626 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ TODO: check
+CVE-2021-27625 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ TODO: check
+CVE-2021-27624 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ TODO: check
+CVE-2021-27623 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ TODO: check
+CVE-2021-27622 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ TODO: check
+CVE-2021-27621 (Information Disclosure vulnerability in UserAdmin application in SAP N ...)
+ TODO: check
+CVE-2021-27620 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ TODO: check
CVE-2021-27619 (SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2 ...)
NOT-FOR-US: SAP
CVE-2021-27618 (The Integration Builder Framework of SAP Process Integration versions ...)
@@ -16038,8 +16191,8 @@ CVE-2021-27617 (The Integration Builder Framework of SAP Process Integration ver
NOT-FOR-US: SAP
CVE-2021-27616 (Under certain conditions, SAP Business One Hana Chef Cookbook, version ...)
NOT-FOR-US: SAP
-CVE-2021-27615
- RESERVED
+CVE-2021-27615 (SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does n ...)
+ TODO: check
CVE-2021-27614 (SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9 ...)
NOT-FOR-US: SAP
CVE-2021-27613 (Under certain conditions, SAP Business One Chef cookbook, version - 9. ...)
@@ -16054,10 +16207,10 @@ CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary au
NOT-FOR-US: SAP
CVE-2021-27608 (An unquoted service path in SAPSetup, version - 9.0, could lead to pri ...)
NOT-FOR-US: SAPSetup
-CVE-2021-27607
- RESERVED
-CVE-2021-27606
- RESERVED
+CVE-2021-27607 (SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - K ...)
+ TODO: check
+CVE-2021-27606 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ TODO: check
CVE-2021-27605 (SAP's HCM Travel Management Fiori Apps V2, version - 608, does not per ...)
NOT-FOR-US: SAP
CVE-2021-27604 (In order to prevent XML External Entity vulnerability in SAP NetWeaver ...)
@@ -16074,8 +16227,8 @@ CVE-2021-27599 (SAP NetWeaver ABAP Server and ABAP Platform (Process Integration
NOT-FOR-US: SAP
CVE-2021-27598 (SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions ...)
NOT-FOR-US: SAP
-CVE-2021-27597
- RESERVED
+CVE-2021-27597 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...)
+ TODO: check
CVE-2021-27596 (When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) fil ...)
NOT-FOR-US: SAP
CVE-2021-27595 (When a user opens manipulated Portable Document Format (.PDF) files re ...)
@@ -19072,10 +19225,9 @@ CVE-2021-26316
RESERVED
CVE-2021-26315
RESERVED
-CVE-2021-26314
- RESERVED
-CVE-2021-26313
- RESERVED
+CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...)
+ TODO: check
+CVE-2021-26313 (Potential speculative code store bypass in all supported CPU products, ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-375.html
@@ -20856,8 +21008,8 @@ CVE-2019-25015 (LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a
CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt-api' ...)
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
-CVE-2021-3196
- RESERVED
+CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 t ...)
+ TODO: check
CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a ne ...)
NOTE: Disputed Bitcoin issue
NOTE: https://github.com/bitcoin/bitcoin/issues/20866
@@ -25009,22 +25161,22 @@ CVE-2021-23856
RESERVED
CVE-2021-23855
RESERVED
-CVE-2021-23854
- RESERVED
-CVE-2021-23853
- RESERVED
-CVE-2021-23852
- RESERVED
+CVE-2021-23854 (An error in the handling of a page parameter in Bosch IP cameras may l ...)
+ TODO: check
+CVE-2021-23853 (In Bosch IP cameras, improper validation of the HTTP header allows an ...)
+ TODO: check
+CVE-2021-23852 (An authenticated attacker with administrator rights Bosch IP cameras c ...)
+ TODO: check
CVE-2021-23851
RESERVED
CVE-2021-23850
RESERVED
CVE-2021-23849
RESERVED
-CVE-2021-23848
- RESERVED
-CVE-2021-23847
- RESERVED
+CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a reflected c ...)
+ TODO: check
+CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP cameras allo ...)
+ TODO: check
CVE-2021-23846
RESERVED
CVE-2021-23845
@@ -30858,8 +31010,8 @@ CVE-2021-21492 (SAP NetWeaver Application Server Java(HTTP Service), versions -
NOT-FOR-US: SAP
CVE-2021-21491 (SAP Netweaver Application Server Java (Applications based on WebDynpro ...)
NOT-FOR-US: SAP
-CVE-2021-21490
- RESERVED
+CVE-2021-21490 (SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, ...)
+ TODO: check
CVE-2021-21489
RESERVED
CVE-2021-21488 (Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allow ...)
@@ -30892,8 +31044,8 @@ CVE-2021-21475 (Under specific circumstances SAP Master Data Management, version
NOT-FOR-US: SAP
CVE-2021-21474 (SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 d ...)
NOT-FOR-US: SAP
-CVE-2021-21473
- RESERVED
+CVE-2021-21473 (SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711 ...)
+ TODO: check
CVE-2021-21472 (SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Manag ...)
NOT-FOR-US: SAP
CVE-2021-21471 (In CLA-Assistant, versions before 2.8.5, due to improper access contro ...)
@@ -46350,56 +46502,55 @@ CVE-2021-0115
RESERVED
CVE-2021-0114
RESERVED
-CVE-2021-0113
- RESERVED
-CVE-2021-0112
- RESERVED
+CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server Board M10J ...)
+ TODO: check
+CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows before ...)
+ TODO: check
CVE-2021-0111
RESERVED
CVE-2021-0110
RESERVED
CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...)
NOT-FOR-US: Intel
-CVE-2021-0108
- RESERVED
+CVE-2021-0108 (Uncontrolled search path in the Intel Unite(R) Client for Windows befo ...)
+ TODO: check
CVE-2021-0107
RESERVED
CVE-2021-0106
RESERVED
-CVE-2021-0105
- RESERVED
+CVE-2021-0105 (Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi d ...)
+ TODO: check
CVE-2021-0104
RESERVED
CVE-2021-0103
RESERVED
-CVE-2021-0102
- RESERVED
-CVE-2021-0101
- RESERVED
+CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for Window ...)
+ TODO: check
+CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...)
+ TODO: check
CVE-2021-0100
RESERVED
CVE-2021-0099
RESERVED
-CVE-2021-0098
- RESERVED
-CVE-2021-0097
- RESERVED
+CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows befor ...)
+ TODO: check
+CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...)
+ TODO: check
CVE-2021-0096
RESERVED
-CVE-2021-0095
- RESERVED
-CVE-2021-0094
- RESERVED
+CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0094 (Improper link resolution before file access in Intel(R) DSA before ver ...)
+ TODO: check
CVE-2021-0093
RESERVED
CVE-2021-0092
RESERVED
CVE-2021-0091
RESERVED
-CVE-2021-0090
- RESERVED
-CVE-2021-0089 [Speculative Code Store Bypass]
- RESERVED
+CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version 20.11. ...)
+ TODO: check
+CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may allow ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-375.html
@@ -46407,8 +46558,8 @@ CVE-2021-0088
RESERVED
CVE-2021-0087
RESERVED
-CVE-2021-0086
- RESERVED
+CVE-2021-0086 (Observable response discrepancy in floating-point operations for some ...)
+ TODO: check
CVE-2021-0085
RESERVED
CVE-2021-0084
@@ -46433,20 +46584,20 @@ CVE-2021-0075
RESERVED
CVE-2021-0074
RESERVED
-CVE-2021-0073
- RESERVED
+CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...)
+ TODO: check
CVE-2021-0072
RESERVED
CVE-2021-0071
RESERVED
-CVE-2021-0070
- RESERVED
+CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...)
+ TODO: check
CVE-2021-0069
RESERVED
CVE-2021-0068
RESERVED
-CVE-2021-0067
- RESERVED
+CVE-2021-0067 ( Improper access control in system firmware for some Intel(R) ...)
+ TODO: check
CVE-2021-0066
RESERVED
CVE-2021-0065
@@ -46463,22 +46614,22 @@ CVE-2021-0060
RESERVED
CVE-2021-0059
RESERVED
-CVE-2021-0058
- RESERVED
-CVE-2021-0057
- RESERVED
-CVE-2021-0056
- RESERVED
-CVE-2021-0055
- RESERVED
-CVE-2021-0054
- RESERVED
+CVE-2021-0058 (Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Drive ...)
+ TODO: check
+CVE-2021-0057 (Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pac ...)
+ TODO: check
+CVE-2021-0056 (Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Dri ...)
+ TODO: check
+CVE-2021-0055 (Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop ...)
+ TODO: check
+CVE-2021-0054 (Improper buffer restrictions in system firmware for some Intel(R) NUCs ...)
+ TODO: check
CVE-2021-0053
RESERVED
CVE-2021-0052
RESERVED
-CVE-2021-0051
- RESERVED
+CVE-2021-0051 (Improper input validation in the Intel(R) SPS versions before SPS_E5_0 ...)
+ TODO: check
CVE-2021-0050
RESERVED
CVE-2021-0049
@@ -46577,8 +46728,8 @@ CVE-2021-0003
RESERVED
CVE-2021-0002
RESERVED
-CVE-2021-0001
- RESERVED
+CVE-2021-0001 (Observable timing discrepancy in Intel(R) IPP before version 2020 upda ...)
+ TODO: check
CVE-2020-27669
RESERVED
CVE-2020-27668
@@ -47215,10 +47366,10 @@ CVE-2020-27386 (An unrestricted file upload issue in FlexDotnetCMS before v1.5.9
NOT-FOR-US: FlexDotnetCMS
CVE-2020-27385 (Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) ...)
NOT-FOR-US: FlexDotnetCMS
-CVE-2020-27384
- RESERVED
-CVE-2020-27383
- RESERVED
+CVE-2020-27384 (The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an ...)
+ TODO: check
+CVE-2020-27383 (Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of ...)
+ TODO: check
CVE-2020-27382
RESERVED
CVE-2020-27381
@@ -54087,37 +54238,34 @@ CVE-2020-24518
RESERVED
CVE-2020-24517
RESERVED
-CVE-2020-24516
- RESERVED
-CVE-2020-24515
- RESERVED
-CVE-2020-24514
- RESERVED
-CVE-2020-24513 [INTEL-SA-00465]
- RESERVED
+CVE-2020-24516 (Modification of assumed-immutable data in subsystem in Intel(R) CSME v ...)
+ TODO: check
+CVE-2020-24515 (Protection mechanism failure in some Intel(R) RealSense(TM) IDs may al ...)
+ TODO: check
+CVE-2020-24514 (Improper authentication in some Intel(R) RealSense(TM) IDs may allow a ...)
+ TODO: check
+CVE-2020-24513 (Domain-bypass transient execution vulnerability in some Intel Atom(R) ...)
- intel-microcode 3.20210608.1 (bug #989615)
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
-CVE-2020-24512 [INTEL-SA-00464]
- RESERVED
+CVE-2020-24512 (Observable timing discrepancy in some Intel(R) Processors may allow an ...)
- intel-microcode 3.20210608.1 (bug #989615)
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html
-CVE-2020-24511 [INTEL-SA-00464]
- RESERVED
+CVE-2020-24511 (Improper isolation of shared resources in some Intel(R) Processors may ...)
- intel-microcode 3.20210608.1 (bug #989615)
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html
CVE-2020-24510
RESERVED
-CVE-2020-24509
- RESERVED
+CVE-2020-24509 (Insufficient control flow management in subsystem in Intel(R) SPS vers ...)
+ TODO: check
CVE-2020-24508
RESERVED
-CVE-2020-24507
- RESERVED
-CVE-2020-24506
- RESERVED
+CVE-2020-24507 (Improper initialization in a subsystem in the Intel(R) CSME versions b ...)
+ TODO: check
+CVE-2020-24506 (Out of bound read in a subsystem in the Intel(R) CSME versions before ...)
+ TODO: check
CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R) 700-ser ...)
NOT-FOR-US: Intel NIC firmware
CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapt ...)
@@ -54163,9 +54311,9 @@ CVE-2020-24488
RESERVED
CVE-2020-24487
RESERVED
-CVE-2020-24486
- RESERVED
-CVE-2020-24485 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector ...)
+CVE-2020-24486 (Improper input validation in the firmware for some Intel(R) Processors ...)
+ TODO: check
+CVE-2020-24485 (Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux b ...)
NOT-FOR-US: Intel
CVE-2020-24484
RESERVED
@@ -54185,12 +54333,12 @@ CVE-2020-24477
RESERVED
CVE-2020-24476
RESERVED
-CVE-2020-24475
- RESERVED
-CVE-2020-24474
- RESERVED
-CVE-2020-24473
- RESERVED
+CVE-2020-24475 (Improper initialization in the BMC firmware for some Intel(R) Server B ...)
+ TODO: check
+CVE-2020-24474 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...)
+ TODO: check
+CVE-2020-24473 (Out of bounds write in the BMC firmware for some Intel(R) Server Board ...)
+ TODO: check
CVE-2020-24472
RESERVED
CVE-2020-24471
@@ -73541,28 +73689,28 @@ CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-f
NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 (v2.4.0)
CVE-2020-15388
RESERVED
-CVE-2020-15387
- RESERVED
-CVE-2020-15386
- RESERVED
-CVE-2020-15385
- RESERVED
-CVE-2020-15384
- RESERVED
-CVE-2020-15383
- RESERVED
-CVE-2020-15382
- RESERVED
-CVE-2020-15381
- RESERVED
-CVE-2020-15380
- RESERVED
-CVE-2020-15379
- RESERVED
-CVE-2020-15378
- RESERVED
-CVE-2020-15377
- RESERVED
+CVE-2020-15387 (The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7. ...)
+ TODO: check
+CVE-2020-15386 (Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2 ...)
+ TODO: check
+CVE-2020-15385 (Brocade SANnav before version 2.1.1 allows an authenticated attacker t ...)
+ TODO: check
+CVE-2020-15384 (Brocade SANNav before version 2.1.1 contains an information disclosure ...)
+ TODO: check
+CVE-2020-15383 (Running security scans against the SAN switch can cause config and sec ...)
+ TODO: check
+CVE-2020-15382 (Brocade SANnav before version 2.1.1 uses a hard-coded administrator ac ...)
+ TODO: check
+CVE-2020-15381 (Brocade SANnav before version 2.1.1 contains an Improper Authenticatio ...)
+ TODO: check
+CVE-2020-15380 (Brocade SANnav before version 2.1.1 logs account credentials at the &# ...)
+ TODO: check
+CVE-2020-15379 (Brocade SANnav before v.2.1.0a could allow remote attackers cause a de ...)
+ TODO: check
+CVE-2020-15378 (The OVA version of Brocade SANnav before version 2.1.1 installation wi ...)
+ TODO: check
+CVE-2020-15377 (Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated ...)
+ TODO: check
CVE-2020-15376 (Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, con ...)
NOT-FOR-US: Brocade Fabric OS
CVE-2020-15375 (Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v ...)
@@ -81840,14 +81988,14 @@ CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Driv
NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b
CVE-2020-12361 (Use after free in some Intel(R) Graphics Drivers before version 15.33. ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2020-12360
- RESERVED
-CVE-2020-12359
- RESERVED
-CVE-2020-12358
- RESERVED
-CVE-2020-12357
- RESERVED
+CVE-2020-12360 (Out of bounds read in the firmware for some Intel(R) Processors may al ...)
+ TODO: check
+CVE-2020-12359 (Insufficient control flow management in the firmware for some Intel(R) ...)
+ TODO: check
+CVE-2020-12358 (Out of bounds write in the firmware for some Intel(R) Processors may a ...)
+ TODO: check
+CVE-2020-12357 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ TODO: check
CVE-2020-12356 (Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.8 ...)
NOT-FOR-US: Intel
CVE-2020-12355 (Authentication bypass by capture-replay in RPMB protocol message authe ...)
@@ -81999,24 +82147,24 @@ CVE-2020-12298
RESERVED
CVE-2020-12297 (Improper access control in Installer for Intel(R) CSME Driver for Wind ...)
NOT-FOR-US: Intel
-CVE-2020-12296
- RESERVED
-CVE-2020-12295
- RESERVED
-CVE-2020-12294
- RESERVED
-CVE-2020-12293
- RESERVED
-CVE-2020-12292
- RESERVED
-CVE-2020-12291
- RESERVED
-CVE-2020-12290
- RESERVED
-CVE-2020-12289
- RESERVED
-CVE-2020-12288
- RESERVED
+CVE-2020-12296 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...)
+ TODO: check
+CVE-2020-12295 (Improper input validation in some Intel(R) Thunderbolt(TM) controllers ...)
+ TODO: check
+CVE-2020-12294 (Insufficient control flow management in some Intel(R) Thunderbolt(TM) ...)
+ TODO: check
+CVE-2020-12293 (Improper control of a resource through its lifetime in some Intel(R) T ...)
+ TODO: check
+CVE-2020-12292 (Improper conditions check in some Intel(R) Thunderbolt(TM) controllers ...)
+ TODO: check
+CVE-2020-12291 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...)
+ TODO: check
+CVE-2020-12290 (Improper access control in some Intel(R) Thunderbolt(TM) controllers m ...)
+ TODO: check
+CVE-2020-12289 (Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may a ...)
+ TODO: check
+CVE-2020-12288 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) controll ...)
+ TODO: check
CVE-2020-12287 (Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Too ...)
NOT-FOR-US: Intel
CVE-2019-20791 (OpenThread before 2019-12-13 has a stack-based buffer overflow in Mesh ...)
@@ -92590,16 +92738,16 @@ CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Serv
NOT-FOR-US: Intel
CVE-2020-8705 (Insecure default initialization of resource in Intel(R) Boot Guard in ...)
NOT-FOR-US: Intel
-CVE-2020-8704
- RESERVED
-CVE-2020-8703
- RESERVED
-CVE-2020-8702
- RESERVED
+CVE-2020-8704 (Race condition in a subsystem in the Intel(R) LMS versions before 2039 ...)
+ TODO: check
+CVE-2020-8703 (Improper buffer restrictions in a subsystem in the Intel(R) CSME versi ...)
+ TODO: check
+CVE-2020-8702 (Uncontrolled search path element in the Intel(R) Processor Diagnostic ...)
+ TODO: check
CVE-2020-8701 (Incorrect default permissions in installer for the Intel(R) SSD Toolbo ...)
NOT-FOR-US: Intel
-CVE-2020-8700
- RESERVED
+CVE-2020-8700 (Improper input validation in the firmware for some Intel(R) Processors ...)
+ TODO: check
CVE-2020-8699
RESERVED
CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...)
@@ -92673,8 +92821,8 @@ CVE-2020-8672 (Out of bound read in BIOS firmware for 8th, 9th Generation Intel(
NOT-FOR-US: Intel
CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...)
NOT-FOR-US: Intel
-CVE-2020-8670
- RESERVED
+CVE-2020-8670 (Race condition in the firmware for some Intel(R) Processors may allow ...)
+ TODO: check
CVE-2020-8669 (Improper input validation in the Intel(R) Data Center Manager Console ...)
NOT-FOR-US: Intel
CVE-2020-8668
@@ -256429,6 +256577,7 @@ CVE-2017-7484 (It was found that some selectivity estimation functions in Postgr
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cad15943225adbcadea51602b38b04d71d1183d2
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=935e77d527a018b652f247c7374c558871210db6
CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the ...)
+ {DLA-2683-1}
- rxvt 1:2.7.10-7.1 (low; bug #861694)
[jessie] - rxvt <no-dsa> (Minor issue)
[wheezy] - rxvt <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb2e60d4b8cdf5e7d84fa0d23324aa1596a3d909
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb2e60d4b8cdf5e7d84fa0d23324aa1596a3d909
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210609/5959f9b6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list