[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Mar 24 20:10:31 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51bab48e by security tracker role at 2021-03-24T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2021-3467
+	RESERVED
+CVE-2021-3466
+	RESERVED
+CVE-2021-3465
+	RESERVED
+CVE-2021-29153
+	RESERVED
+CVE-2021-29152
+	RESERVED
+CVE-2021-29151
+	RESERVED
+CVE-2021-29150
+	RESERVED
+CVE-2021-29149
+	RESERVED
+CVE-2021-29148
+	RESERVED
+CVE-2021-29147
+	RESERVED
+CVE-2021-29146
+	RESERVED
+CVE-2021-29145
+	RESERVED
+CVE-2021-29144
+	RESERVED
+CVE-2021-29143
+	RESERVED
+CVE-2021-29142
+	RESERVED
+CVE-2021-29141
+	RESERVED
+CVE-2021-29140
+	RESERVED
+CVE-2021-29139
+	RESERVED
+CVE-2021-29138
+	RESERVED
+CVE-2021-29137
+	RESERVED
+CVE-2021-29136
+	RESERVED
+CVE-2021-29135
+	RESERVED
+CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when  ...)
+	TODO: check
 CVE-2021-3464
 	RESERVED
 CVE-2021-3463
@@ -215,24 +261,24 @@ CVE-2021-29035
 	RESERVED
 CVE-2021-29034
 	RESERVED
-CVE-2021-29033
-	RESERVED
-CVE-2021-29032
-	RESERVED
-CVE-2021-29031
-	RESERVED
-CVE-2021-29030
-	RESERVED
-CVE-2021-29029
-	RESERVED
-CVE-2021-29028
-	RESERVED
-CVE-2021-29027
-	RESERVED
-CVE-2021-29026
-	RESERVED
-CVE-2021-29025
-	RESERVED
+CVE-2021-29033 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
+	TODO: check
+CVE-2021-29032 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
+	TODO: check
+CVE-2021-29031 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
+	TODO: check
+CVE-2021-29030 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
+	TODO: check
+CVE-2021-29029 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
+	TODO: check
+CVE-2021-29028 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
+	TODO: check
+CVE-2021-29027 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
+	TODO: check
+CVE-2021-29026 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
+	TODO: check
+CVE-2021-29025 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
+	TODO: check
 CVE-2021-29024
 	RESERVED
 CVE-2021-29023
@@ -277,8 +323,8 @@ CVE-2021-29004
 	RESERVED
 CVE-2021-29003
 	RESERVED
-CVE-2021-29002
-	RESERVED
+CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 e ...)
+	TODO: check
 CVE-2021-29001
 	RESERVED
 CVE-2021-29000
@@ -393,6 +439,7 @@ CVE-2021-3451
 CVE-2021-3450
 	RESERVED
 CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.l ...)
+	{DLA-2606-1}
 	- lxml 4.6.3-1 (bug #985643)
 	NOTE: https://bugs.launchpad.net/lxml/+bug/1888153
 	NOTE: https://github.com/lxml/lxml/pull/316
@@ -1660,8 +1707,8 @@ CVE-2021-28363 (The urllib3 library 1.26.x before 1.26.4 for Python omits SSL ce
 	NOTE: Support for HTTPS request via HTTPS proxies only introduced in 1.26.0.
 	NOTE: In Debian urllib3 does require SSL certificate validation by default (since 1.3-3)
 	NOTE: with the 02_require-cert-verification.patch patch (Cf. #686872).
-CVE-2021-28362
-	RESERVED
+CVE-2021-28362 (An issue was discovered in Contiki through 3.0. When sending an ICMPv6 ...)
+	TODO: check
 CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit (SPDK)  ...)
 	NOT-FOR-US: Storage Performance Development Kit
 CVE-2021-28360
@@ -4087,18 +4134,18 @@ CVE-2021-27322
 	RESERVED
 CVE-2021-27321
 	RESERVED
-CVE-2021-27320
-	RESERVED
-CVE-2021-27319
-	RESERVED
+CVE-2021-27320 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0  ...)
+	TODO: check
+CVE-2021-27319 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0  ...)
+	TODO: check
 CVE-2021-27318 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...)
 	NOT-FOR-US: Doctor Appointment System
 CVE-2021-27317 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...)
 	NOT-FOR-US: Doctor Appointment System
-CVE-2021-27316
-	RESERVED
-CVE-2021-27315
-	RESERVED
+CVE-2021-27316 (Blind SQL injection in contactus.php in doctor appointment system 1.0  ...)
+	TODO: check
+CVE-2021-27315 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0  ...)
+	TODO: check
 CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an  ...)
 	NOT-FOR-US: doctor appointment system
 CVE-2021-27313
@@ -11844,6 +11891,7 @@ CVE-2021-23988
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988
 CVE-2021-23987
 	RESERVED
+	{DSA-4874-1}
 	- firefox 87.0-1
 	- firefox-esr 78.9.0esr-1
 	- thunderbird 1:78.9.0-1
@@ -11860,6 +11908,7 @@ CVE-2021-23985
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985
 CVE-2021-23984
 	RESERVED
+	{DSA-4874-1}
 	- firefox 87.0-1
 	- firefox-esr 78.9.0esr-1
 	- thunderbird 1:78.9.0-1
@@ -11872,6 +11921,7 @@ CVE-2021-23983
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983
 CVE-2021-23982
 	RESERVED
+	{DSA-4874-1}
 	- firefox 87.0-1
 	- firefox-esr 78.9.0esr-1
 	- thunderbird 1:78.9.0-1
@@ -11880,6 +11930,7 @@ CVE-2021-23982
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982
 CVE-2021-23981
 	RESERVED
+	{DSA-4874-1}
 	- firefox 87.0-1
 	- firefox-esr 78.9.0esr-1
 	- thunderbird 1:78.9.0-1
@@ -15788,10 +15839,10 @@ CVE-2021-22195
 	RESERVED
 CVE-2021-22194
 	RESERVED
-CVE-2021-22193
-	RESERVED
-CVE-2021-22192
-	RESERVED
+CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
+CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+	TODO: check
 CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11  ...)
 	- wireshark 3.4.4-1
 	[buster] - wireshark <postponed> (Minor issue, can be fixed along in future update)
@@ -15808,13 +15859,11 @@ CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions st
 	- gitlab <unfixed>
 CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...)
 	- gitlab 13.2.3-2
-CVE-2021-22186
-	RESERVED
+CVE-2021-22186 (An authorization issue in GitLab CE/EE version 9.4 and up allowed a gr ...)
 	[experimental] - gitlab 13.7.8+ds1-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
-CVE-2021-22185
-	RESERVED
+CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8 and up ...)
 	- gitlab <not-affected> (Only affects 13.8)
 	NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
 CVE-2021-22184
@@ -15829,14 +15878,14 @@ CVE-2021-22181
 	RESERVED
 CVE-2021-22180
 	RESERVED
-CVE-2021-22179
-	RESERVED
-CVE-2021-22178
-	RESERVED
+CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab  ...)
+	TODO: check
+CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
 CVE-2021-22177
 	RESERVED
-CVE-2021-22176
-	RESERVED
+CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
 CVE-2021-22175
 	RESERVED
 CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...)
@@ -15861,8 +15910,7 @@ CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab P
 	- gitlab <unfixed>
 CVE-2021-22170
 	RESERVED
-CVE-2021-22169
-	RESERVED
+CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...)
 	- gitlab <not-affected> (Specific to EE)
 	NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
 CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...)
@@ -22839,8 +22887,8 @@ CVE-2020-35339 (In 74cms version 5.0.1, there is a remote code execution vulnera
 	NOT-FOR-US: 74cms
 CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...)
 	NOT-FOR-US: Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server
-CVE-2020-35337
-	RESERVED
+CVE-2020-35337 (ThinkSAAS before 3.38 contains a SQL injection vulnerability through a ...)
+	TODO: check
 CVE-2020-35336
 	RESERVED
 CVE-2020-35335
@@ -58720,8 +58768,8 @@ CVE-2020-15810 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_10.patch
-CVE-2020-15809
-	RESERVED
+CVE-2020-15809 (spxmanage on certain SpinetiX devices allows requests that access unin ...)
+	TODO: check
 CVE-2020-15808
 	RESERVED
 CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted  ...)
@@ -81285,8 +81333,8 @@ CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATF
 	NOT-FOR-US: TOBESOFT XPLATFORM
 CVE-2020-7840
 	RESERVED
-CVE-2020-7839
-	RESERVED
+CVE-2020-7839 (In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability c ...)
+	TODO: check
 CVE-2020-7838 (A arbitrary code execution vulnerability exists in the way that the St ...)
 	NOT-FOR-US: Smilegate STOVE Client
 CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...)
@@ -88752,8 +88800,8 @@ CVE-2020-5017 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local
 	NOT-FOR-US: IBM
 CVE-2020-5016 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
 	NOT-FOR-US: IBM
-CVE-2020-5015
-	RESERVED
+CVE-2020-5015 (IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Stora ...)
+	TODO: check
 CVE-2020-5014 (IBM DataPower Gateway V10 and V2018 could allow a local attacker with  ...)
 	NOT-FOR-US: IBM
 CVE-2020-5013
@@ -98291,22 +98339,17 @@ CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code Executio
 	NOT-FOR-US: Netis WF2419
 CVE-2019-19355 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
 	NOT-FOR-US: openshift
-CVE-2019-19354
-	RESERVED
+CVE-2019-19354 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
 	NOT-FOR-US: openshift
-CVE-2019-19353
-	RESERVED
+CVE-2019-19353 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
 	NOT-FOR-US: openshift
-CVE-2019-19352
-	RESERVED
+CVE-2019-19352 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
 	NOT-FOR-US: openshift
 CVE-2019-19351 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
 	NOT-FOR-US: openshift
-CVE-2019-19350
-	RESERVED
+CVE-2019-19350 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
 	NOT-FOR-US: openshift
-CVE-2019-19349
-	RESERVED
+CVE-2019-19349 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
 	NOT-FOR-US: openshift
 CVE-2019-19348 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
 	NOT-FOR-US: openshift



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51bab48eff5ec62af1600803cb8e0d2a433e9669

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51bab48eff5ec62af1600803cb8e0d2a433e9669
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210324/7b77cfae/attachment.htm>


More information about the debian-security-tracker-commits mailing list