[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 18 20:10:47 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2fbc450e by security tracker role at 2021-03-18T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,345 @@
+CVE-2021-28830
+ RESERVED
+CVE-2021-28829
+ RESERVED
+CVE-2021-28828
+ RESERVED
+CVE-2021-28827
+ RESERVED
+CVE-2021-28826
+ RESERVED
+CVE-2021-28825
+ RESERVED
+CVE-2021-28824
+ RESERVED
+CVE-2021-28823
+ RESERVED
+CVE-2021-28822
+ RESERVED
+CVE-2021-28821
+ RESERVED
+CVE-2021-28820
+ RESERVED
+CVE-2021-28819
+ RESERVED
+CVE-2021-28818
+ RESERVED
+CVE-2021-28817
+ RESERVED
+CVE-2021-28816
+ RESERVED
+CVE-2021-28815
+ RESERVED
+CVE-2021-28814
+ RESERVED
+CVE-2021-28813
+ RESERVED
+CVE-2021-28812
+ RESERVED
+CVE-2021-28811
+ RESERVED
+CVE-2021-28810
+ RESERVED
+CVE-2021-28809
+ RESERVED
+CVE-2021-28808
+ RESERVED
+CVE-2021-28807
+ RESERVED
+CVE-2021-28806
+ RESERVED
+CVE-2021-28805
+ RESERVED
+CVE-2021-28804
+ RESERVED
+CVE-2021-28803
+ RESERVED
+CVE-2021-28802
+ RESERVED
+CVE-2021-28801
+ RESERVED
+CVE-2021-28800
+ RESERVED
+CVE-2021-28799
+ RESERVED
+CVE-2021-28798
+ RESERVED
+CVE-2021-28797
+ RESERVED
+CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...)
+ TODO: check
+CVE-2021-28795
+ RESERVED
+CVE-2021-28794 (The unofficial ShellCheck extension before 0.13.4 for Visual Studio Co ...)
+ TODO: check
+CVE-2021-28793
+ RESERVED
+CVE-2021-28792 (The unofficial Swift Development Environment extension before 2.12.1 f ...)
+ TODO: check
+CVE-2021-28791 (The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Co ...)
+ TODO: check
+CVE-2021-28790 (The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code ...)
+ TODO: check
+CVE-2021-28789 (The unofficial apple/swift-format extension before 1.1.2 for Visual St ...)
+ TODO: check
+CVE-2021-28788
+ RESERVED
+CVE-2021-28787
+ RESERVED
+CVE-2021-28786
+ RESERVED
+CVE-2021-28785
+ RESERVED
+CVE-2021-28784
+ RESERVED
+CVE-2021-28783
+ RESERVED
+CVE-2021-28782
+ RESERVED
+CVE-2021-28781
+ RESERVED
+CVE-2021-28780
+ RESERVED
+CVE-2021-28779
+ RESERVED
+CVE-2021-28778
+ RESERVED
+CVE-2021-28777
+ RESERVED
+CVE-2021-28776
+ RESERVED
+CVE-2021-28775
+ RESERVED
+CVE-2021-28774
+ RESERVED
+CVE-2021-28773
+ RESERVED
+CVE-2021-28772
+ RESERVED
+CVE-2021-28771
+ RESERVED
+CVE-2021-28770
+ RESERVED
+CVE-2021-28769
+ RESERVED
+CVE-2021-28768
+ RESERVED
+CVE-2021-28767
+ RESERVED
+CVE-2021-28766
+ RESERVED
+CVE-2021-28765
+ RESERVED
+CVE-2021-28764
+ RESERVED
+CVE-2021-28763
+ RESERVED
+CVE-2021-28762
+ RESERVED
+CVE-2021-28761
+ RESERVED
+CVE-2021-28760
+ RESERVED
+CVE-2021-28759
+ RESERVED
+CVE-2021-28758
+ RESERVED
+CVE-2021-28757
+ RESERVED
+CVE-2021-28756
+ RESERVED
+CVE-2021-28755
+ RESERVED
+CVE-2021-28754
+ RESERVED
+CVE-2021-28753
+ RESERVED
+CVE-2021-28752
+ RESERVED
+CVE-2021-28751
+ RESERVED
+CVE-2021-28750
+ RESERVED
+CVE-2021-28749
+ RESERVED
+CVE-2021-28748
+ RESERVED
+CVE-2021-28747
+ RESERVED
+CVE-2021-28746
+ RESERVED
+CVE-2021-28745
+ RESERVED
+CVE-2021-28744
+ RESERVED
+CVE-2021-28743
+ RESERVED
+CVE-2021-28742
+ RESERVED
+CVE-2021-28741
+ RESERVED
+CVE-2021-28740
+ RESERVED
+CVE-2021-28739
+ RESERVED
+CVE-2021-28738
+ RESERVED
+CVE-2021-28737
+ RESERVED
+CVE-2021-28736
+ RESERVED
+CVE-2021-28735
+ RESERVED
+CVE-2021-28734
+ RESERVED
+CVE-2021-28733
+ RESERVED
+CVE-2021-28732
+ RESERVED
+CVE-2021-28731
+ RESERVED
+CVE-2021-28730
+ RESERVED
+CVE-2021-28729
+ RESERVED
+CVE-2021-28728
+ RESERVED
+CVE-2021-28727
+ RESERVED
+CVE-2021-28726
+ RESERVED
+CVE-2021-28725
+ RESERVED
+CVE-2021-28724
+ RESERVED
+CVE-2021-28723
+ RESERVED
+CVE-2021-28722
+ RESERVED
+CVE-2021-28721
+ RESERVED
+CVE-2021-28720
+ RESERVED
+CVE-2021-28719
+ RESERVED
+CVE-2021-28718
+ RESERVED
+CVE-2021-28717
+ RESERVED
+CVE-2021-28716
+ RESERVED
+CVE-2021-28715
+ RESERVED
+CVE-2021-28714
+ RESERVED
+CVE-2021-28713
+ RESERVED
+CVE-2021-28712
+ RESERVED
+CVE-2021-28711
+ RESERVED
+CVE-2021-28710
+ RESERVED
+CVE-2021-28709
+ RESERVED
+CVE-2021-28708
+ RESERVED
+CVE-2021-28707
+ RESERVED
+CVE-2021-28706
+ RESERVED
+CVE-2021-28705
+ RESERVED
+CVE-2021-28704
+ RESERVED
+CVE-2021-28703
+ RESERVED
+CVE-2021-28702
+ RESERVED
+CVE-2021-28701
+ RESERVED
+CVE-2021-28700
+ RESERVED
+CVE-2021-28699
+ RESERVED
+CVE-2021-28698
+ RESERVED
+CVE-2021-28697
+ RESERVED
+CVE-2021-28696
+ RESERVED
+CVE-2021-28695
+ RESERVED
+CVE-2021-28694
+ RESERVED
+CVE-2021-28693
+ RESERVED
+CVE-2021-28692
+ RESERVED
+CVE-2021-28691
+ RESERVED
+CVE-2021-28690
+ RESERVED
+CVE-2021-28689
+ RESERVED
+CVE-2021-28688
+ RESERVED
+CVE-2021-28686
+ RESERVED
+CVE-2021-28685
+ RESERVED
+CVE-2021-28684
+ RESERVED
+CVE-2021-28683
+ RESERVED
+CVE-2021-28682
+ RESERVED
+CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...)
+ TODO: check
+CVE-2021-28680
+ RESERVED
+CVE-2021-28679
+ RESERVED
+CVE-2021-28678
+ RESERVED
+CVE-2021-28677
+ RESERVED
+CVE-2021-28676
+ RESERVED
+CVE-2021-28675
+ RESERVED
+CVE-2021-28674
+ RESERVED
+CVE-2021-28673
+ RESERVED
+CVE-2021-28672
+ RESERVED
+CVE-2021-28671
+ RESERVED
+CVE-2021-28670
+ RESERVED
+CVE-2021-28669
+ RESERVED
+CVE-2021-28668
+ RESERVED
+CVE-2021-28667 (StackStorm before 3.4.1, in some situations, has an infinite loop that ...)
+ TODO: check
+CVE-2021-28666
+ RESERVED
+CVE-2021-28665
+ RESERVED
+CVE-2021-28664
+ RESERVED
+CVE-2021-28663
+ RESERVED
+CVE-2021-28662
+ RESERVED
+CVE-2021-28661
+ RESERVED
CVE-2021-3449
RESERVED
CVE-2021-28687 [HVM soft-reset crashes toolstack]
+ RESERVED
- xen <unfixed>
[buster] - xen <not-affected> (Vulnerable code introduced later)
[stretch] - xen <not-affected> (Vulnerable code introduced later)
@@ -54,7 +393,7 @@ CVE-2021-28646
RESERVED
CVE-2021-28645
RESERVED
-CVE-2017-20002 (The Debian shadow package before 4.5-1 for Shadow incorrectly lists pt ...)
+CVE-2017-20002 (The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists ...)
{DLA-2596-1}
- shadow 1:4.5-1 (bug #914957)
NOTE: Introduced in attempt to address #830255 in 1:4.4-2
@@ -519,14 +858,14 @@ CVE-2021-28422
RESERVED
CVE-2021-28421
RESERVED
-CVE-2021-28420
- RESERVED
-CVE-2021-28419
- RESERVED
-CVE-2021-28418
- RESERVED
-CVE-2021-28417
- RESERVED
+CVE-2021-28420 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
+ TODO: check
+CVE-2021-28419 (The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnera ...)
+ TODO: check
+CVE-2021-28418 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
+ TODO: check
+CVE-2021-28417 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
+ TODO: check
CVE-2021-28416
RESERVED
CVE-2021-28415
@@ -1144,8 +1483,8 @@ CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786
NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1173485
-CVE-2021-28145
- RESERVED
+CVE-2021-28145 (Concrete CMS (formerly concrete5) before 8.5.5 allows remote authentic ...)
+ TODO: check
CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote a ...)
NOT-FOR-US: D-Link
CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated ...)
@@ -1168,8 +1507,8 @@ CVE-2021-28135
RESERVED
CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote attacke ...)
NOT-FOR-US: Clipper
-CVE-2021-28133
- RESERVED
+CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private informat ...)
+ TODO: check
CVE-2021-3427
RESERVED
CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows unauthenticated ...)
@@ -2307,8 +2646,8 @@ CVE-2021-27658
RESERVED
CVE-2021-27657
RESERVED
-CVE-2021-27656
- RESERVED
+CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior could a ...)
+ TODO: check
CVE-2021-27655
RESERVED
CVE-2021-27654
@@ -3080,8 +3419,8 @@ CVE-2021-27308
RESERVED
CVE-2021-27307
RESERVED
-CVE-2021-27306
- RESERVED
+CVE-2021-27306 (An improper access control vulnerability in the JWT plugin in Kong Gat ...)
+ TODO: check
CVE-2021-27305
RESERVED
CVE-2021-27304
@@ -3908,8 +4247,8 @@ CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c al
NOTE: https://github.com/Yeraze/ytnef/commit/f2380a53fb84d370eaf6e6c3473062c54c57fac7
CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when ...)
NOT-FOR-US: ReplaySorcery
-CVE-2021-26935
- RESERVED
+CVE-2021-26935 (In WoWonder < 3.1, remote attackers can gain access to the database ...)
+ TODO: check
CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...)
- linux <unfixed> (unimportant)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5679,16 +6018,16 @@ CVE-2021-26239
RESERVED
CVE-2021-26238
RESERVED
-CVE-2021-26237
- RESERVED
-CVE-2021-26236
- RESERVED
-CVE-2021-26235
- RESERVED
-CVE-2021-26234
- RESERVED
-CVE-2021-26233
- RESERVED
+CVE-2021-26237 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...)
+ TODO: check
+CVE-2021-26236 (FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer ...)
+ TODO: check
+CVE-2021-26235 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...)
+ TODO: check
+CVE-2021-26234 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...)
+ TODO: check
+CVE-2021-26233 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...)
+ TODO: check
CVE-2021-26232
RESERVED
CVE-2021-26231
@@ -5721,10 +6060,10 @@ CVE-2021-26218
RESERVED
CVE-2021-26217
RESERVED
-CVE-2021-26216
- RESERVED
-CVE-2021-26215
- RESERVED
+CVE-2021-26216 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...)
+ TODO: check
+CVE-2021-26215 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...)
+ TODO: check
CVE-2021-26214
RESERVED
CVE-2021-26213
@@ -10427,60 +10766,60 @@ CVE-2021-24151
RESERVED
CVE-2021-24150
RESERVED
-CVE-2021-24149
- RESERVED
-CVE-2021-24148
- RESERVED
-CVE-2021-24147
- RESERVED
-CVE-2021-24146
- RESERVED
-CVE-2021-24145
- RESERVED
-CVE-2021-24144
- RESERVED
-CVE-2021-24143
- RESERVED
-CVE-2021-24142
- RESERVED
-CVE-2021-24141
- RESERVED
-CVE-2021-24140
- RESERVED
-CVE-2021-24139
- RESERVED
-CVE-2021-24138
- RESERVED
-CVE-2021-24137
- RESERVED
-CVE-2021-24136
- RESERVED
-CVE-2021-24135
- RESERVED
-CVE-2021-24134
- RESERVED
-CVE-2021-24133
- RESERVED
-CVE-2021-24132
- RESERVED
-CVE-2021-24131
- RESERVED
-CVE-2021-24130
- RESERVED
-CVE-2021-24129
- RESERVED
-CVE-2021-24128
- RESERVED
-CVE-2021-24127
- RESERVED
-CVE-2021-24126
- RESERVED
-CVE-2021-24125
- RESERVED
-CVE-2021-24124
- RESERVED
-CVE-2021-24123
- RESERVED
+CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress plugin, ...)
+ TODO: check
+CVE-2021-24148 (A business logic issue in the MStore API WordPress plugin, versions be ...)
+ TODO: check
+CVE-2021-24147 (Unvalidated input and lack of output encoding in the Modern Events Cal ...)
+ TODO: check
+CVE-2021-24146 (Lack of authorisation checks in the Modern Events Calendar Lite WordPr ...)
+ TODO: check
+CVE-2021-24145 (Arbitrary file upload in the Modern Events Calendar Lite WordPress plu ...)
+ TODO: check
+CVE-2021-24144 (Unvalidated input in the Contact Form 7 Database Addon plugin, version ...)
+ TODO: check
+CVE-2021-24143 (Unvalidated input in the AccessPress Social Icons plugin, versions bef ...)
+ TODO: check
+CVE-2021-24142 (Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPre ...)
+ TODO: check
+CVE-2021-24141 (Unvaludated input in the Advanced Database Cleaner plugin, versions be ...)
+ TODO: check
+CVE-2021-24140 (Unvalidated input in the Ajax Load More WordPress plugin, versions bef ...)
+ TODO: check
+CVE-2021-24139 (Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress ...)
+ TODO: check
+CVE-2021-24138 (Unvalidated input in the AdRotate WordPress plugin, versions before 5. ...)
+ TODO: check
+CVE-2021-24137 (Unvalidated input in the Blog2Social WordPress plugin, versions before ...)
+ TODO: check
+CVE-2021-24136 (Unvalidated input and lack of output encoding in the Testimonials Widg ...)
+ TODO: check
+CVE-2021-24135 (Unvalidated input and lack of output encoding in the WP Customer Revie ...)
+ TODO: check
+CVE-2021-24134 (Unvalidated input and lack of output encoding in the Constant Contact ...)
+ TODO: check
+CVE-2021-24133 (Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions b ...)
+ TODO: check
+CVE-2021-24132 (The Slider by 10Web WordPress plugin, versions before 1.2.36, in the b ...)
+ TODO: check
+CVE-2021-24131 (Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, vers ...)
+ TODO: check
+CVE-2021-24130 (Unvalidated input in the WP Google Map Plugin WordPress plugin, versio ...)
+ TODO: check
+CVE-2021-24129 (Unvalidated input and lack of output encoding in the Themify Portfolio ...)
+ TODO: check
+CVE-2021-24128 (Unvalidated input and lack of output encoding in the Team Members Word ...)
+ TODO: check
+CVE-2021-24127 (Unvalidated input and lack of output encoding in the ThirstyAffiliates ...)
+ TODO: check
+CVE-2021-24126 (Unvalidated input and lack of output encoding in the Envira Gallery Li ...)
+ TODO: check
+CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress plugin, ve ...)
+ TODO: check
+CVE-2021-24124 (Unvalidated input and lack of output encoding in the WP Shieldon WordP ...)
+ TODO: check
+CVE-2021-24123 (Arbitrary file upload in the PowerPress WordPress plugin, versions bef ...)
+ TODO: check
CVE-2021-24122 (When serving resources from a network location using the NTFS file sys ...)
{DLA-2594-1}
- tomcat9 9.0.40-1 (unimportant)
@@ -10516,8 +10855,8 @@ CVE-2021-3143
RESERVED
CVE-2021-3142
REJECTED
-CVE-2021-3141
- RESERVED
+CVE-2021-3141 (In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is st ...)
+ TODO: check
CVE-2021-24121
RESERVED
CVE-2021-24120
@@ -12209,8 +12548,8 @@ CVE-2021-23361
RESERVED
CVE-2021-23360
RESERVED
-CVE-2021-23359
- RESERVED
+CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...)
+ TODO: check
CVE-2021-23358
RESERVED
CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...)
@@ -12259,7 +12598,7 @@ CVE-2021-23339 (This affects all versions before 10.1.14 and from 10.2.0 to 10.2
NOT-FOR-US: com.typesafe.akka:akka-http-core
CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...)
NOT-FOR-US: qlib
-CVE-2021-23337 (All versions of package lodash; all versions of package org.fujion.web ...)
+CVE-2021-23337 (Lodash versions prior to 4.17.21 are vulnerable to Command Injection v ...)
- node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086)
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724
@@ -13248,8 +13587,8 @@ CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pa
NOT-FOR-US: HGiga EIP
CVE-2021-22849 (Hyweb HyCMS-J1 backend editing function does not filter special charac ...)
NOT-FOR-US: Hyweb HyCMS-J1
-CVE-2021-22848
- RESERVED
+CVE-2021-22848 (HGiga MailSherlock contains a SQL Injection. Remote attackers can inje ...)
+ TODO: check
CVE-2021-22847 (Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote at ...)
NOT-FOR-US: Hyweb HyCMS-J1
CVE-2021-22846
@@ -13768,8 +14107,8 @@ CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due
NOT-FOR-US: BB-ESWGP506-2SFP-T
CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-bas ...)
NOT-FOR-US: Fatek FvDesigner
-CVE-2021-22665
- RESERVED
+CVE-2021-22665 (Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 ...)
+ TODO: check
CVE-2021-22664
RESERVED
CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...)
@@ -15909,16 +16248,16 @@ CVE-2021-21629
RESERVED
CVE-2021-21628
RESERVED
-CVE-2021-21627
- RESERVED
-CVE-2021-21626
- RESERVED
-CVE-2021-21625
- RESERVED
-CVE-2021-21624
- RESERVED
-CVE-2021-21623
- RESERVED
+CVE-2021-21627 (A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt A ...)
+ TODO: check
+CVE-2021-21626 (Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not per ...)
+ TODO: check
+CVE-2021-21625 (Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not per ...)
+ TODO: check
+CVE-2021-21624 (An incorrect permission check in Jenkins Role-based Authorization Stra ...)
+ TODO: check
+CVE-2021-21623 (An incorrect permission check in Jenkins Matrix Authorization Strategy ...)
+ TODO: check
CVE-2021-21622 (Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does no ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21621 (Jenkins Support Core Plugin 2.72 and earlier provides the serialized u ...)
@@ -17652,8 +17991,8 @@ CVE-2021-21385
RESERVED
CVE-2021-21384
RESERVED
-CVE-2021-21383
- RESERVED
+CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before versi ...)
+ TODO: check
CVE-2021-21382
RESERVED
CVE-2021-21380
@@ -19460,14 +19799,14 @@ CVE-2021-20680
RESERVED
CVE-2021-20679
RESERVED
-CVE-2021-20678
- RESERVED
+CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro versions prior ...)
+ TODO: check
CVE-2021-20677
RESERVED
-CVE-2021-20676
- RESERVED
-CVE-2021-20675
- RESERVED
+CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
+ TODO: check
+CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
+ TODO: check
CVE-2021-20674 (Untrusted search path vulnerability in Installer of MagicConnect Clien ...)
NOT-FOR-US: MagicConnect client
CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 ...)
@@ -19548,28 +19887,28 @@ CVE-2021-20636 (Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W
NOT-FOR-US: LOGITEC
CVE-2021-20635 (Improper restriction of excessive authentication attempts in LOGITEC L ...)
NOT-FOR-US: LOGITEC
-CVE-2021-20634
- RESERVED
-CVE-2021-20633
- RESERVED
-CVE-2021-20632
- RESERVED
-CVE-2021-20631
- RESERVED
-CVE-2021-20630
- RESERVED
-CVE-2021-20629
- RESERVED
-CVE-2021-20628
- RESERVED
-CVE-2021-20627
- RESERVED
-CVE-2021-20626
- RESERVED
-CVE-2021-20625
- RESERVED
-CVE-2021-20624
- RESERVED
+CVE-2021-20634 (Improper access control vulnerability in Custom App of Cybozu Office 1 ...)
+ TODO: check
+CVE-2021-20633 (Improper access control vulnerability in Cabinet of Cybozu Office 10.0 ...)
+ TODO: check
+CVE-2021-20632 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...)
+ TODO: check
+CVE-2021-20631 (Improper input validation vulnerability in Custom App of Cybozu Office ...)
+ TODO: check
+CVE-2021-20630 (Improper access control vulnerability in Phone Messages of Cybozu Offi ...)
+ TODO: check
+CVE-2021-20629 (Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 t ...)
+ TODO: check
+CVE-2021-20628 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...)
+ TODO: check
+CVE-2021-20627 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...)
+ TODO: check
+CVE-2021-20626 (Improper access control vulnerability in Workflow of Cybozu Office 10. ...)
+ TODO: check
+CVE-2021-20625 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...)
+ TODO: check
+CVE-2021-20624 (Improper access control vulnerability in Scheduler of Cybozu Office 10 ...)
+ TODO: check
CVE-2021-20623 (Video Insight VMS versions prior to 7.8 allows a remote attacker to ex ...)
NOT-FOR-US: Video Insight VMS
CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 ...)
@@ -27857,7 +28196,7 @@ CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versio
NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
CVE-2020-28501
RESERVED
-CVE-2020-28500 (All versions of package lodash; all versions of package org.fujion.web ...)
+CVE-2020-28500 (Lodash versions prior to 4.17.21 are vulnerable to Regular Expression ...)
- node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086)
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1018905
@@ -31134,8 +31473,7 @@ CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0.
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/252
NOTE: https://github.com/jasper-software/jasper/pull/253
-CVE-2020-27827 [lldp: avoid memory leak from bad packets]
- RESERVED
+CVE-2020-27827 (A flaw was found in multiple versions of OpenvSwitch. Specially crafte ...)
{DSA-4836-1 DLA-2571-1}
- lldpd 1.0.8-1
[buster] - lldpd <no-dsa> (Minor issue)
@@ -35561,8 +35899,8 @@ CVE-2020-26157 (Leanote Desktop through 2.6.2 allows XSS because a note's title
NOT-FOR-US: Leanote Desktop
CVE-2020-26156
REJECTED
-CVE-2020-26155
- RESERVED
+CVE-2020-26155 (Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31 ...)
+ TODO: check
CVE-2020-26153
RESERVED
CVE-2020-26152
@@ -38178,6 +38516,7 @@ CVE-2020-25098
RESERVED
CVE-2020-25097
RESERVED
+ {DLA-2598-1}
- squid <unfixed> (bug #985068)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
@@ -56388,7 +56727,7 @@ CVE-2020-16232
RESERVED
CVE-2020-16231
RESERVED
-CVE-2020-16230 (The WADashboard component of WebAccess/SCADA may allow an attacker to ...)
+CVE-2020-16230 (WebAccess/SCADA Versions 9.0 and prior are vulnerable to cross-site sc ...)
NOT-FOR-US: HMS Networks
CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
NOT-FOR-US: Advantech WebAccess
@@ -60818,8 +61157,8 @@ CVE-2020-14518 (Philips DreamMapper, Version 2.24 and prior. Information written
NOT-FOR-US: Philips DreamMapper
CVE-2020-14517 (Protocol encryption can be easily broken for CodeMeter (All versions p ...)
NOT-FOR-US: CodeMeter
-CVE-2020-14516
- RESERVED
+CVE-2020-14516 (In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 ...)
+ TODO: check
CVE-2020-14515 (CodeMeter (All versions prior to 6.90 when using CmActLicense update f ...)
NOT-FOR-US: CodeMeter
CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus traffic ca ...)
@@ -102500,16 +102839,16 @@ CVE-2019-18237
RESERVED
CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC Editor Ver ...)
NOT-FOR-US: PLC Editor
-CVE-2019-18235
- RESERVED
+CVE-2019-18235 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient ...)
+ TODO: check
CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL injection ...)
NOT-FOR-US: Equinox Control Expert
-CVE-2019-18233
- RESERVED
+CVE-2019-18233 (In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the ...)
+ TODO: check
CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only ...)
NOT-FOR-US: SafeNet Sentinel LDK License Manager
-CVE-2019-18231
- RESERVED
+CVE-2019-18231 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwo ...)
+ TODO: check
CVE-2019-18230 (Honeywell equIP and Performance series IP cameras, multiple versions, ...)
NOT-FOR-US: Honeywell
CVE-2019-18229 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitizati ...)
@@ -145456,8 +145795,7 @@ CVE-2019-3869 (When running Tower before 3.4.3 on OpenShift or Kubernetes, appli
NOT-FOR-US: Ansible Tower
CVE-2019-3868 (Keycloak up to version 6.0.0 allows the end user token (access or id t ...)
NOT-FOR-US: Keycloak
-CVE-2019-3867
- RESERVED
+CVE-2019-3867 (A vulnerability was found in the Quay web application. Sessions in the ...)
NOT-FOR-US: OpenShift (web-cosnole issue specific to OpenShift only)
CVE-2019-3866 (An information-exposure vulnerability was discovered where openstack-m ...)
- python-oslo.utils 3.41.3-1 (low; bug #946060)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fbc450e2f29caddc0a0235b3dbeb5a0ad37c1f3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fbc450e2f29caddc0a0235b3dbeb5a0ad37c1f3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210318/30c34a10/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list