[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 10 21:10:40 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c66879bd by security tracker role at 2021-06-10T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2021-3596
+ RESERVED
+CVE-2021-3595
+ RESERVED
+CVE-2021-3594
+ RESERVED
+CVE-2021-3593
+ RESERVED
+CVE-2021-3592
+ RESERVED
+CVE-2021-34558
+ RESERVED
+CVE-2021-34556
+ RESERVED
+CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2021-34554
+ RESERVED
+CVE-2021-34553
+ RESERVED
+CVE-2021-34552
+ RESERVED
+CVE-2021-34551
+ RESERVED
+CVE-2021-34550
+ RESERVED
+CVE-2021-34549
+ RESERVED
+CVE-2021-34548
+ RESERVED
+CVE-2021-34547 (PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user a ...)
+ TODO: check
+CVE-2021-34546 (An unauthenticated attacker with physical access to a computer with Ne ...)
+ TODO: check
+CVE-2021-34545
+ RESERVED
+CVE-2021-34544
+ RESERVED
+CVE-2021-34543
+ RESERVED
+CVE-2021-34542
+ RESERVED
+CVE-2021-34541
+ RESERVED
+CVE-2021-34540
+ RESERVED
+CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...)
+ TODO: check
+CVE-2021-34538
+ RESERVED
+CVE-2019-25046 (The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11 ...)
+ TODO: check
CVE-2021-34537
RESERVED
CVE-2021-34536
@@ -354,8 +406,8 @@ CVE-2021-34365
RESERVED
CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow XSS via ...)
TODO: check
-CVE-2021-34363
- RESERVED
+CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows Path ...)
+ TODO: check
CVE-2021-34362
RESERVED
CVE-2021-34361
@@ -3366,8 +3418,8 @@ CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has
NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3
CVE-2021-33032
RESERVED
-CVE-2021-33031
- RESERVED
+CVE-2021-33031 (In LabCup before <v2_next_18022, it is possible to use the save API ...)
+ TODO: check
CVE-2021-33030
RESERVED
CVE-2021-33029
@@ -5757,10 +5809,10 @@ CVE-2021-32000
RESERVED
CVE-2021-31999
RESERVED
-CVE-2021-31998
- RESERVED
-CVE-2021-31997
- RESERVED
+CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
+ TODO: check
+CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...)
+ TODO: check
CVE-2021-31996 (An issue was discovered in the algorithmica crate through 2021-03-07 f ...)
NOT-FOR-US: Rust crate algorithmica
CVE-2021-3529 (A flaw was found in noobaa-core in versions before 5.7.0. This flaw re ...)
@@ -5897,12 +5949,12 @@ CVE-2021-31931
RESERVED
CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...)
NOT-FOR-US: Concerto
-CVE-2021-31929
- RESERVED
-CVE-2021-31928
- RESERVED
-CVE-2021-31927
- RESERVED
+CVE-2021-31929 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any auth ...)
+ TODO: check
+CVE-2021-31928 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any auth ...)
+ TODO: check
+CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in Annex Clou ...)
+ TODO: check
CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1. ...)
NOT-FOR-US: CubeCoders AMP
CVE-2021-31925
@@ -6184,10 +6236,10 @@ CVE-2021-31842
RESERVED
CVE-2021-31841
RESERVED
-CVE-2021-31840
- RESERVED
-CVE-2021-31839
- RESERVED
+CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...)
+ TODO: check
+CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent for Window ...)
+ TODO: check
CVE-2021-31838
RESERVED
CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...)
@@ -6684,10 +6736,10 @@ CVE-2021-31661
RESERVED
CVE-2021-31660
RESERVED
-CVE-2021-31659
- RESERVED
-CVE-2021-31658
- RESERVED
+CVE-2021-31659 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is v ...)
+ TODO: check
+CVE-2021-31658 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is a ...)
+ TODO: check
CVE-2021-31657
RESERVED
CVE-2021-31656
@@ -6924,8 +6976,8 @@ CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation)
NOT-FOR-US: Wowza Streaming Engine
CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01 (in a default installation) has ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2021-31538
- RESERVED
+CVE-2021-31538 (LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allo ...)
+ TODO: check
CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (a ...)
NOT-FOR-US: SIS-REWE Go
CVE-2021-31536
@@ -7036,7 +7088,7 @@ CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/no
[stretch] - linux <ignored> (f2fs is not supportable)
NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2
NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/
-CVE-2021-34557 [Disconnecting a video output can cause XScreenSaver to crash and unlock]
+CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than ten dis ...)
- xscreensaver 5.45+dfsg1-2 (bug #989508)
NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/2
@@ -7431,9 +7483,9 @@ CVE-2021-31345
RESERVED
CVE-2021-31344
RESERVED
-CVE-2021-31343 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
+CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020 before 2020 ...)
TODO: check
-CVE-2021-31342 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
+CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020 before 20 ...)
TODO: check
CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...)
NOT-FOR-US: Mendix Database Replication
@@ -8966,8 +9018,7 @@ CVE-2021-3496 (A heap-based buffer overflow was found in jhead in version 3.06 i
NOTE: https://github.com/Matthias-Wandel/jhead/issues/33
NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0
NOTE: Crash in CLI tool, no security impact
-CVE-2021-30641
- RESERVED
+CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behav ...)
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
@@ -16439,7 +16490,7 @@ CVE-2021-27614 (SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1,
NOT-FOR-US: SAP
CVE-2021-27613 (Under certain conditions, SAP Business One Chef cookbook, version - 9. ...)
NOT-FOR-US: SAP
-CVE-2021-27612 (In specific situations SAP GUI for Windows, versions - 7.60, 7.70 forw ...)
+CVE-2021-27612 (In specific situations SAP GUI for Windows, versions - 7.60 PL10, 7.70 ...)
NOT-FOR-US: SAP
CVE-2021-27611 (SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a hig ...)
NOT-FOR-US: SAP
@@ -17035,12 +17086,12 @@ CVE-2021-27349 (Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a
NOT-FOR-US: WooCommerce
CVE-2021-27348
RESERVED
-CVE-2021-27347
- RESERVED
+CVE-2021-27347 (Use after free in lzma_decompress_buf function in stream.c in Irzip 0. ...)
+ TODO: check
CVE-2021-27346
RESERVED
-CVE-2021-27345
- RESERVED
+CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stream.c i ...)
+ TODO: check
CVE-2021-27344
RESERVED
CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...)
@@ -18566,14 +18617,12 @@ CVE-2021-26693
RESERVED
CVE-2021-26692
RESERVED
-CVE-2021-26691
- RESERVED
+CVE-2021-26691 (In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted Ses ...)
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
NOTE: https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b
-CVE-2021-26690
- RESERVED
+CVE-2021-26690 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie ...)
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690
@@ -20416,10 +20465,10 @@ CVE-2021-25951
RESERVED
CVE-2021-25950
RESERVED
-CVE-2021-25949
- RESERVED
-CVE-2021-25948
- RESERVED
+CVE-2021-25949 (Prototype pollution vulnerability in ‘set-getter’ version ...)
+ TODO: check
+CVE-2021-25948 (Prototype pollution vulnerability in ‘expand-hash’ version ...)
+ TODO: check
CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1 ...)
NOT-FOR-US: Node nestie
CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...)
@@ -22032,8 +22081,8 @@ CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a clu
NOT-FOR-US: MISP
CVE-2021-25323 (The default setting of MISP 2.4.136 did not enable the requirements (a ...)
NOT-FOR-US: MISP
-CVE-2021-25322
- RESERVED
+CVE-2021-25322 (A UNIX Symbolic Link (Symlink) Following vulnerability in python-Hyper ...)
+ TODO: check
CVE-2021-25321
RESERVED
CVE-2021-25320
@@ -26905,12 +26954,12 @@ CVE-2021-3043
RESERVED
CVE-2021-3042
RESERVED
-CVE-2021-3041
- RESERVED
-CVE-2021-3040
- RESERVED
-CVE-2021-3039
- RESERVED
+CVE-2021-3041 (A local privilege escalation vulnerability exists in the Palo Alto Net ...)
+ TODO: check
+CVE-2021-3040 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...)
+ TODO: check
+CVE-2021-3039 (An information exposure through log file vulnerability exists in the P ...)
+ TODO: check
CVE-2021-3038 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3037 (An information exposure through log file vulnerability exists in Palo ...)
@@ -27157,12 +27206,12 @@ CVE-2021-23026
RESERVED
CVE-2021-23025
RESERVED
-CVE-2021-23024
- RESERVED
-CVE-2021-23023
- RESERVED
-CVE-2021-23022
- RESERVED
+CVE-2021-23024 (On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG ...)
+ TODO: check
+CVE-2021-23023 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a ...)
+ TODO: check
+CVE-2021-23022 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, t ...)
+ TODO: check
CVE-2021-23021 (The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/co ...)
NOT-FOR-US: NGINX Controller
CVE-2021-23020 (The NAAS 3.x before 3.10.0 API keys were generated using an insecure p ...)
@@ -30030,10 +30079,10 @@ CVE-2021-21738
RESERVED
CVE-2021-21737
RESERVED
-CVE-2021-21736
- RESERVED
-CVE-2021-21735
- RESERVED
+CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...)
+ TODO: check
+CVE-2021-21735 (A ZTE product has an information leak vulnerability. Due to improper p ...)
+ TODO: check
CVE-2021-21734 (Some PON MDU devices of ZTE stored sensitive information in plaintext, ...)
NOT-FOR-US: ZTE
CVE-2021-21733 (The management system of ZXCDN is impacted by the information leak vul ...)
@@ -30177,23 +30226,17 @@ CVE-2021-21668
RESERVED
CVE-2021-21667
RESERVED
-CVE-2021-21666
- RESERVED
+CVE-2021-21666 (Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query paramete ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21665
- RESERVED
+CVE-2021-21665 (A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21664
- RESERVED
+CVE-2021-21664 (An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21663
- RESERVED
+CVE-2021-21663 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21662
- RESERVED
+CVE-2021-21662 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21661
- RESERVED
+CVE-2021-21661 (Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform perm ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21660 (Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize ...)
NOT-FOR-US: Jenkins plugin
@@ -34723,8 +34766,8 @@ CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publi
NOT-FOR-US: MongoDB C# Driver
CVE-2021-20330
RESERVED
-CVE-2021-20329
- RESERVED
+CVE-2021-20329 (Specific cstrings input may not be properly validated in the MongoDB G ...)
+ TODO: check
CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...)
- mongo-java-driver <not-affected> (Vulnerable code introduce later)
NOTE: https://jira.mongodb.org/browse/JAVA-4017
@@ -34852,8 +34895,7 @@ CVE-2021-20294 (A flaw was found in binutils readelf 2.35 program. An attacker w
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26929
NOTE: binutils not covered by security support
-CVE-2021-20293
- RESERVED
+CVE-2021-20293 (A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ...)
- resteasy <undetermined>
- resteasy3.0 <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942819
@@ -35626,8 +35668,8 @@ CVE-2021-20083 (Improperly Controlled Modification of Object Prototype Attribute
NOT-FOR-US: jquery-plugin-query-object
CVE-2021-20082
RESERVED
-CVE-2021-20081
- RESERVED
+CVE-2021-20081 (Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus ...)
+ TODO: check
CVE-2021-20080 (Insufficient output sanitization in ManageEngine ServiceDesk Plus befo ...)
NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2021-20079
@@ -36128,8 +36170,7 @@ CVE-2020-35454 (The Taidii Diibear Android application 2.4.0 and all its derivat
NOT-FOR-US: Taidii Diibear Android application
CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorre ...)
NOT-FOR-US: HashiCorp Vault
-CVE-2020-35452
- RESERVED
+CVE-2020-35452 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest ...)
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452
@@ -52317,8 +52358,8 @@ CVE-2020-25469
RESERVED
CVE-2020-25468
RESERVED
-CVE-2020-25467
- RESERVED
+CVE-2020-25467 (A null pointer dereference was discovered lzo_decompress_buf in stream ...)
+ TODO: check
CVE-2020-25466 (A SSRF vulnerability exists in the downloadimage interface of CRMEB 3. ...)
NOT-FOR-US: CRMEB
CVE-2020-25465 (Null Pointer Dereference. in xObjectBindingFromExpression at moddable/ ...)
@@ -54111,26 +54152,26 @@ CVE-2020-24673 (In S+ Operations and S+ Historian, a successful SQL injection ex
NOT-FOR-US: ABB
CVE-2020-24672
RESERVED
-CVE-2020-24671
- RESERVED
+CVE-2020-24671 (Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL ...)
+ TODO: check
CVE-2020-24670 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
NOT-FOR-US: Hitachi
CVE-2020-24669 (The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x c ...)
NOT-FOR-US: Hitachi
-CVE-2020-24668
- RESERVED
-CVE-2020-24667
- RESERVED
+CVE-2020-24668 (Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulner ...)
+ TODO: check
+CVE-2020-24667 (Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL ...)
+ TODO: check
CVE-2020-24666 (The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x conta ...)
NOT-FOR-US: Hitachi
CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
NOT-FOR-US: Hitachi
CVE-2020-24664 (The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
NOT-FOR-US: Hitachi
-CVE-2020-24663
- RESERVED
-CVE-2020-24662
- RESERVED
+CVE-2020-24663 (Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnera ...)
+ TODO: check
+CVE-2020-24662 (SmartStream Transaction Lifecycle Management (TLM) Reconciliation Prem ...)
+ TODO: check
CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate verificati ...)
- geary 3.38.0.1-1
[buster] - geary <no-dsa> (Minor issue)
@@ -77968,8 +78009,7 @@ CVE-2020-13952 (In the course of work on the open source project it was discover
NOT-FOR-US: Apache Superset
CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeetings 4. ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2020-13950
- RESERVED
+CVE-2020-13950 (Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be mad ...)
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950
@@ -78011,8 +78051,7 @@ CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager
NOT-FOR-US: Apache NiFi
CVE-2020-13939
REJECTED
-CVE-2020-13938
- RESERVED
+CVE-2020-13938 (Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users c ...)
- apache2 <not-affected> (Only affects Apache on Windows)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13938
CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2 ...)
@@ -120320,8 +120359,7 @@ CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.4
NOTE: https://github.com/apache/tomcat/commit/b191a0d9cf06f4e04257c221bfe41d2b108a9cc8 (7.0.100)
CVE-2019-17568
REJECTED
-CVE-2019-17567
- RESERVED
+CVE-2019-17567 (Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configu ...)
[experimental] - apache2 2.4.48-1
- apache2 <unfixed>
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-17567
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c66879bd90abb31362fcd960548a35a8ca5a8da7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c66879bd90abb31362fcd960548a35a8ca5a8da7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210610/dc04df13/attachment.htm>
More information about the debian-security-tracker-commits
mailing list