[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 25 21:10:34 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d302cb02 by security tracker role at 2021-06-25T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-3622
+	RESERVED
+CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in the nam ...)
+	TODO: check
 CVE-2021-3621
 	RESERVED
 CVE-2021-3620
@@ -54,8 +58,8 @@ CVE-2021-35477
 	RESERVED
 CVE-2021-35476
 	RESERVED
-CVE-2021-35475
-	RESERVED
+CVE-2021-35475 (SAS Environment Manager 2.5 allows XSS through the Name field when cre ...)
+	TODO: check
 CVE-2021-3618
 	RESERVED
 CVE-2021-3617
@@ -965,14 +969,14 @@ CVE-2021-35052
 	RESERVED
 CVE-2021-35051
 	RESERVED
-CVE-2021-35050
-	RESERVED
-CVE-2021-35049
-	RESERVED
-CVE-2021-35048
-	RESERVED
-CVE-2021-35047
-	RESERVED
+CVE-2021-35050 (User credentials stored in a recoverable format within Fidelis Network ...)
+	TODO: check
+CVE-2021-35049 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...)
+	TODO: check
+CVE-2021-35048 (Vulnerability in Fidelis Network and Deception CommandPost enables una ...)
+	TODO: check
+CVE-2021-35047 (Vulnerability in the CommandPost, Collector, and Sensor components of  ...)
+	TODO: check
 CVE-2021-35046 (A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS w ...)
 	NOT-FOR-US: Ice Hrm
 CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows  ...)
@@ -2352,8 +2356,8 @@ CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.
 	- jetty <removed>
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
 	NOTE: https://github.com/eclipse/jetty.project/issues/6277
-CVE-2021-34427
-	RESERVED
+CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query  ...)
+	TODO: check
 CVE-2021-34426
 	RESERVED
 CVE-2021-34425
@@ -2875,12 +2879,12 @@ CVE-2021-34187
 	RESERVED
 CVE-2021-34186
 	RESERVED
-CVE-2021-34185
-	RESERVED
-CVE-2021-34184
-	RESERVED
-CVE-2021-34183
-	RESERVED
+CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by an ou ...)
+	TODO: check
+CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could cause a b ...)
+	TODO: check
+CVE-2021-34183 (ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in s ...)
+	TODO: check
 CVE-2021-34182
 	RESERVED
 CVE-2021-34181
@@ -3097,8 +3101,8 @@ CVE-2021-34076
 	RESERVED
 CVE-2021-34075
 	RESERVED
-CVE-2021-34074
-	RESERVED
+CVE-2021-34074 (PandoraFMS <=7.54 allows arbitrary file upload, it leading to remot ...)
+	TODO: check
 CVE-2021-34073
 	RESERVED
 CVE-2021-34072
@@ -3494,8 +3498,8 @@ CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traver
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/2
 	NOTE: https://github.com/dino/dino/commit/0c8d25b7a3e7a10a506f1e19b868fe9b0c761495 (master)
 	NOTE: https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 (v0.2.1)
-CVE-2021-33895
-	RESERVED
+CVE-2021-33895 (ETINET BACKBOX E4.09 and H4.09 mismanages password access control. Whe ...)
+	TODO: check
 CVE-2021-33894 (In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before  ...)
 	NOT-FOR-US: Progress MOVEit
 CVE-2021-33893
@@ -4361,36 +4365,36 @@ CVE-2021-33544
 	RESERVED
 CVE-2021-33543
 	RESERVED
-CVE-2021-33542
-	RESERVED
-CVE-2021-33541
-	RESERVED
-CVE-2021-33540
-	RESERVED
-CVE-2021-33539
-	RESERVED
-CVE-2021-33538
-	RESERVED
-CVE-2021-33537
-	RESERVED
-CVE-2021-33536
-	RESERVED
-CVE-2021-33535
-	RESERVED
-CVE-2021-33534
-	RESERVED
-CVE-2021-33533
-	RESERVED
-CVE-2021-33532
-	RESERVED
-CVE-2021-33531
-	RESERVED
-CVE-2021-33530
-	RESERVED
-CVE-2021-33529
-	RESERVED
-CVE-2021-33528
-	RESERVED
+CVE-2021-33542 (Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 ...)
+	TODO: check
+CVE-2021-33541 (Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all vers ...)
+	TODO: check
+CVE-2021-33540 (In certain devices of the Phoenix Contact AXL F BK and IL BK product f ...)
+	TODO: check
+CVE-2021-33539 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+	TODO: check
+CVE-2021-33538 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+	TODO: check
+CVE-2021-33537 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+	TODO: check
+CVE-2021-33536 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+	TODO: check
+CVE-2021-33535 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+	TODO: check
+CVE-2021-33534 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+	TODO: check
+CVE-2021-33533 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+	TODO: check
+CVE-2021-33532 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+	TODO: check
+CVE-2021-33531 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+	TODO: check
+CVE-2021-33530 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+	TODO: check
+CVE-2021-33529 (In Weidmueller Industrial WLAN devices in multiple versions the usage  ...)
+	TODO: check
+CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+	TODO: check
 CVE-2021-33527
 	RESERVED
 CVE-2021-33526
@@ -6248,8 +6252,8 @@ CVE-2021-32704 (DHIS 2 is an information system for data capture, management, va
 	TODO: check
 CVE-2021-32703
 	RESERVED
-CVE-2021-32702
-	RESERVED
+CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+	TODO: check
 CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Cont ...)
 	NOT-FOR-US: ORY Oathkeeper
 CVE-2021-32700 (Ballerina is an open source programming language and platform for clou ...)
@@ -8977,8 +8981,8 @@ CVE-2021-31617
 	RESERVED
 CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
 	NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
-CVE-2021-31615
-	RESERVED
+CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...)
+	TODO: check
 CVE-2021-31614
 	RESERVED
 CVE-2021-31613
@@ -13642,10 +13646,10 @@ CVE-2021-29679
 	RESERVED
 CVE-2021-29678
 	RESERVED
-CVE-2021-29677
-	RESERVED
-CVE-2021-29676
-	RESERVED
+CVE-2021-29677 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
+	TODO: check
+CVE-2021-29676 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
+	TODO: check
 CVE-2021-29675
 	RESERVED
 CVE-2021-29674
@@ -15466,8 +15470,8 @@ CVE-2021-28960
 	RESERVED
 CVE-2021-28959 (Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to una ...)
 	NOT-FOR-US: Zoho ManageEngine
-CVE-2021-28958
-	RESERVED
+CVE-2021-28958 (Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to una ...)
+	TODO: check
 CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka S ...)
 	NOT-FOR-US: vscode-sass-lint
 CVE-2021-28955 (git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will  ...)
@@ -20023,14 +20027,14 @@ CVE-2021-27045
 	RESERVED
 CVE-2021-27044
 	RESERVED
-CVE-2021-27043
-	RESERVED
-CVE-2021-27042
-	RESERVED
-CVE-2021-27041
-	RESERVED
-CVE-2021-27040
-	RESERVED
+CVE-2021-27043 (An Arbitrary Address Write issue in the Autodesk DWG application can a ...)
+	TODO: check
+CVE-2021-27042 (A maliciously crafted DWG file can be used to write beyond the allocat ...)
+	TODO: check
+CVE-2021-27041 (A maliciously crafted DWG file can be used to write beyond the allocat ...)
+	TODO: check
+CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond allocated  ...)
+	TODO: check
 CVE-2021-27039
 	RESERVED
 CVE-2021-27038
@@ -21992,8 +21996,8 @@ CVE-2021-3316
 	RESERVED
 CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was  ...)
 	NOT-FOR-US: JetBrains
-CVE-2021-3314
-	RESERVED
+CVE-2021-3314 (** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and b ...)
+	TODO: check
 CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS)  ...)
 	NOT-FOR-US: Plone
 CVE-2021-3312
@@ -35724,14 +35728,14 @@ CVE-2020-35549 (An issue was discovered on Samsung mobile devices with O(8.x), P
 	NOT-FOR-US: Samsung mobile devices
 CVE-2020-35548 (An issue was discovered in Finder on Samsung mobile devices with Q(10. ...)
 	NOT-FOR-US: Samsung mobile devices
-CVE-2021-21005
-	RESERVED
-CVE-2021-21004
-	RESERVED
-CVE-2021-21003
-	RESERVED
-CVE-2021-21002
-	RESERVED
+CVE-2021-21005 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+	TODO: check
+CVE-2021-21004 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+	TODO: check
+CVE-2021-21003 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+	TODO: check
+CVE-2021-21002 (In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Mo ...)
+	TODO: check
 CVE-2021-21001 (On WAGO PFC200 devices in different firmware versions with special cra ...)
 	NOT-FOR-US: WAGO
 CVE-2021-21000 (On WAGO PFC200 devices in different firmware versions with special cra ...)
@@ -36571,8 +36575,8 @@ CVE-2021-20585 (IBM Security Verify Access 20.07 could disclose sensitive inform
 	NOT-FOR-US: IBM
 CVE-2021-20584
 	RESERVED
-CVE-2021-20583
-	RESERVED
+CVE-2021-20583 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) coul ...)
+	TODO: check
 CVE-2021-20582
 	RESERVED
 CVE-2021-20581
@@ -51291,8 +51295,8 @@ CVE-2020-26803 (In Sentrifugo 3.2, users can upload an image under "Assets ->
 	NOT-FOR-US: Sentrifugo
 CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in  ...)
 	NOT-FOR-US: forma.lms
-CVE-2020-26801
-	RESERVED
+CVE-2020-26801 (A stored cross-site scripting (XSS) vulnerability was discovered in /F ...)
+	TODO: check
 CVE-2020-26800 (A stack overflow vulnerability in Aleth Ethereum C++ client version &l ...)
 	NOT-FOR-US: Aleth Ethereum
 CVE-2020-26799
@@ -106068,10 +106072,10 @@ CVE-2020-4612 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated u
 	NOT-FOR-US: IBM
 CVE-2020-4611 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...)
 	NOT-FOR-US: IBM
-CVE-2020-4610
-	RESERVED
-CVE-2020-4609
-	RESERVED
+CVE-2020-4610 (IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8 ...)
+	TODO: check
+CVE-2020-4609 (IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8 ...)
+	TODO: check
 CVE-2020-4608
 	RESERVED
 CVE-2020-4607 (IBM Security Secret Server (IBM Security Verify Privilege Vault Remote ...)
@@ -177855,7 +177859,7 @@ CVE-2018-18474
 	RESERVED
 CVE-2018-18473 (A hidden backdoor on PATLITE NH-FB Series devices with firmware versio ...)
 	NOT-FOR-US: PATLITE NBM-D88N
-CVE-2018-18472 (Western Digital WD My Book Live (all versions) has a root Remote Comma ...)
+CVE-2018-18472 (Western Digital WD My Book Live and WD My Book Live Duo (all versions) ...)
 	NOT-FOR-US: Western Digital WD My Book Live
 CVE-2018-18471 (/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stor ...)
 	NOT-FOR-US: Axentra firmware



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d302cb023d7eb986cd112038a06c3d7799dd8699

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d302cb023d7eb986cd112038a06c3d7799dd8699
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210625/82cb02f4/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list