[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 25 21:10:34 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d302cb02 by security tracker role at 2021-06-25T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-3622
+ RESERVED
+CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in the nam ...)
+ TODO: check
CVE-2021-3621
RESERVED
CVE-2021-3620
@@ -54,8 +58,8 @@ CVE-2021-35477
RESERVED
CVE-2021-35476
RESERVED
-CVE-2021-35475
- RESERVED
+CVE-2021-35475 (SAS Environment Manager 2.5 allows XSS through the Name field when cre ...)
+ TODO: check
CVE-2021-3618
RESERVED
CVE-2021-3617
@@ -965,14 +969,14 @@ CVE-2021-35052
RESERVED
CVE-2021-35051
RESERVED
-CVE-2021-35050
- RESERVED
-CVE-2021-35049
- RESERVED
-CVE-2021-35048
- RESERVED
-CVE-2021-35047
- RESERVED
+CVE-2021-35050 (User credentials stored in a recoverable format within Fidelis Network ...)
+ TODO: check
+CVE-2021-35049 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...)
+ TODO: check
+CVE-2021-35048 (Vulnerability in Fidelis Network and Deception CommandPost enables una ...)
+ TODO: check
+CVE-2021-35047 (Vulnerability in the CommandPost, Collector, and Sensor components of ...)
+ TODO: check
CVE-2021-35046 (A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS w ...)
NOT-FOR-US: Ice Hrm
CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows ...)
@@ -2352,8 +2356,8 @@ CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.
- jetty <removed>
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
NOTE: https://github.com/eclipse/jetty.project/issues/6277
-CVE-2021-34427
- RESERVED
+CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query ...)
+ TODO: check
CVE-2021-34426
RESERVED
CVE-2021-34425
@@ -2875,12 +2879,12 @@ CVE-2021-34187
RESERVED
CVE-2021-34186
RESERVED
-CVE-2021-34185
- RESERVED
-CVE-2021-34184
- RESERVED
-CVE-2021-34183
- RESERVED
+CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by an ou ...)
+ TODO: check
+CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could cause a b ...)
+ TODO: check
+CVE-2021-34183 (ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in s ...)
+ TODO: check
CVE-2021-34182
RESERVED
CVE-2021-34181
@@ -3097,8 +3101,8 @@ CVE-2021-34076
RESERVED
CVE-2021-34075
RESERVED
-CVE-2021-34074
- RESERVED
+CVE-2021-34074 (PandoraFMS <=7.54 allows arbitrary file upload, it leading to remot ...)
+ TODO: check
CVE-2021-34073
RESERVED
CVE-2021-34072
@@ -3494,8 +3498,8 @@ CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traver
NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/2
NOTE: https://github.com/dino/dino/commit/0c8d25b7a3e7a10a506f1e19b868fe9b0c761495 (master)
NOTE: https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 (v0.2.1)
-CVE-2021-33895
- RESERVED
+CVE-2021-33895 (ETINET BACKBOX E4.09 and H4.09 mismanages password access control. Whe ...)
+ TODO: check
CVE-2021-33894 (In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before ...)
NOT-FOR-US: Progress MOVEit
CVE-2021-33893
@@ -4361,36 +4365,36 @@ CVE-2021-33544
RESERVED
CVE-2021-33543
RESERVED
-CVE-2021-33542
- RESERVED
-CVE-2021-33541
- RESERVED
-CVE-2021-33540
- RESERVED
-CVE-2021-33539
- RESERVED
-CVE-2021-33538
- RESERVED
-CVE-2021-33537
- RESERVED
-CVE-2021-33536
- RESERVED
-CVE-2021-33535
- RESERVED
-CVE-2021-33534
- RESERVED
-CVE-2021-33533
- RESERVED
-CVE-2021-33532
- RESERVED
-CVE-2021-33531
- RESERVED
-CVE-2021-33530
- RESERVED
-CVE-2021-33529
- RESERVED
-CVE-2021-33528
- RESERVED
+CVE-2021-33542 (Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 ...)
+ TODO: check
+CVE-2021-33541 (Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all vers ...)
+ TODO: check
+CVE-2021-33540 (In certain devices of the Phoenix Contact AXL F BK and IL BK product f ...)
+ TODO: check
+CVE-2021-33539 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ TODO: check
+CVE-2021-33538 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ TODO: check
+CVE-2021-33537 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ TODO: check
+CVE-2021-33536 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ TODO: check
+CVE-2021-33535 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ TODO: check
+CVE-2021-33534 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ TODO: check
+CVE-2021-33533 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ TODO: check
+CVE-2021-33532 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ TODO: check
+CVE-2021-33531 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ TODO: check
+CVE-2021-33530 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ TODO: check
+CVE-2021-33529 (In Weidmueller Industrial WLAN devices in multiple versions the usage ...)
+ TODO: check
+CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ TODO: check
CVE-2021-33527
RESERVED
CVE-2021-33526
@@ -6248,8 +6252,8 @@ CVE-2021-32704 (DHIS 2 is an information system for data capture, management, va
TODO: check
CVE-2021-32703
RESERVED
-CVE-2021-32702
- RESERVED
+CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+ TODO: check
CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Cont ...)
NOT-FOR-US: ORY Oathkeeper
CVE-2021-32700 (Ballerina is an open source programming language and platform for clou ...)
@@ -8977,8 +8981,8 @@ CVE-2021-31617
RESERVED
CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
-CVE-2021-31615
- RESERVED
+CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...)
+ TODO: check
CVE-2021-31614
RESERVED
CVE-2021-31613
@@ -13642,10 +13646,10 @@ CVE-2021-29679
RESERVED
CVE-2021-29678
RESERVED
-CVE-2021-29677
- RESERVED
-CVE-2021-29676
- RESERVED
+CVE-2021-29677 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
+ TODO: check
+CVE-2021-29676 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
+ TODO: check
CVE-2021-29675
RESERVED
CVE-2021-29674
@@ -15466,8 +15470,8 @@ CVE-2021-28960
RESERVED
CVE-2021-28959 (Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to una ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-28958
- RESERVED
+CVE-2021-28958 (Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to una ...)
+ TODO: check
CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka S ...)
NOT-FOR-US: vscode-sass-lint
CVE-2021-28955 (git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will ...)
@@ -20023,14 +20027,14 @@ CVE-2021-27045
RESERVED
CVE-2021-27044
RESERVED
-CVE-2021-27043
- RESERVED
-CVE-2021-27042
- RESERVED
-CVE-2021-27041
- RESERVED
-CVE-2021-27040
- RESERVED
+CVE-2021-27043 (An Arbitrary Address Write issue in the Autodesk DWG application can a ...)
+ TODO: check
+CVE-2021-27042 (A maliciously crafted DWG file can be used to write beyond the allocat ...)
+ TODO: check
+CVE-2021-27041 (A maliciously crafted DWG file can be used to write beyond the allocat ...)
+ TODO: check
+CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond allocated ...)
+ TODO: check
CVE-2021-27039
RESERVED
CVE-2021-27038
@@ -21992,8 +21996,8 @@ CVE-2021-3316
RESERVED
CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was ...)
NOT-FOR-US: JetBrains
-CVE-2021-3314
- RESERVED
+CVE-2021-3314 (** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and b ...)
+ TODO: check
CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) ...)
NOT-FOR-US: Plone
CVE-2021-3312
@@ -35724,14 +35728,14 @@ CVE-2020-35549 (An issue was discovered on Samsung mobile devices with O(8.x), P
NOT-FOR-US: Samsung mobile devices
CVE-2020-35548 (An issue was discovered in Finder on Samsung mobile devices with Q(10. ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2021-21005
- RESERVED
-CVE-2021-21004
- RESERVED
-CVE-2021-21003
- RESERVED
-CVE-2021-21002
- RESERVED
+CVE-2021-21005 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+ TODO: check
+CVE-2021-21004 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+ TODO: check
+CVE-2021-21003 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+ TODO: check
+CVE-2021-21002 (In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Mo ...)
+ TODO: check
CVE-2021-21001 (On WAGO PFC200 devices in different firmware versions with special cra ...)
NOT-FOR-US: WAGO
CVE-2021-21000 (On WAGO PFC200 devices in different firmware versions with special cra ...)
@@ -36571,8 +36575,8 @@ CVE-2021-20585 (IBM Security Verify Access 20.07 could disclose sensitive inform
NOT-FOR-US: IBM
CVE-2021-20584
RESERVED
-CVE-2021-20583
- RESERVED
+CVE-2021-20583 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) coul ...)
+ TODO: check
CVE-2021-20582
RESERVED
CVE-2021-20581
@@ -51291,8 +51295,8 @@ CVE-2020-26803 (In Sentrifugo 3.2, users can upload an image under "Assets ->
NOT-FOR-US: Sentrifugo
CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in ...)
NOT-FOR-US: forma.lms
-CVE-2020-26801
- RESERVED
+CVE-2020-26801 (A stored cross-site scripting (XSS) vulnerability was discovered in /F ...)
+ TODO: check
CVE-2020-26800 (A stack overflow vulnerability in Aleth Ethereum C++ client version &l ...)
NOT-FOR-US: Aleth Ethereum
CVE-2020-26799
@@ -106068,10 +106072,10 @@ CVE-2020-4612 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated u
NOT-FOR-US: IBM
CVE-2020-4611 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...)
NOT-FOR-US: IBM
-CVE-2020-4610
- RESERVED
-CVE-2020-4609
- RESERVED
+CVE-2020-4610 (IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8 ...)
+ TODO: check
+CVE-2020-4609 (IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8 ...)
+ TODO: check
CVE-2020-4608
RESERVED
CVE-2020-4607 (IBM Security Secret Server (IBM Security Verify Privilege Vault Remote ...)
@@ -177855,7 +177859,7 @@ CVE-2018-18474
RESERVED
CVE-2018-18473 (A hidden backdoor on PATLITE NH-FB Series devices with firmware versio ...)
NOT-FOR-US: PATLITE NBM-D88N
-CVE-2018-18472 (Western Digital WD My Book Live (all versions) has a root Remote Comma ...)
+CVE-2018-18472 (Western Digital WD My Book Live and WD My Book Live Duo (all versions) ...)
NOT-FOR-US: Western Digital WD My Book Live
CVE-2018-18471 (/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stor ...)
NOT-FOR-US: Axentra firmware
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d302cb023d7eb986cd112038a06c3d7799dd8699
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d302cb023d7eb986cd112038a06c3d7799dd8699
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210625/82cb02f4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list