[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 26 08:10:21 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cb845789 by security tracker role at 2021-03-26T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2021-29258
+ RESERVED
+CVE-2021-29257
+ RESERVED
+CVE-2021-29256
+ RESERVED
+CVE-2021-29255
+ RESERVED
+CVE-2021-29254
+ RESERVED
+CVE-2021-29253
+ RESERVED
+CVE-2021-29252
+ RESERVED
+CVE-2021-29251
+ RESERVED
+CVE-2021-29250
+ RESERVED
+CVE-2021-29249
+ RESERVED
+CVE-2021-29248
+ RESERVED
+CVE-2021-29247
+ RESERVED
+CVE-2021-29246
+ RESERVED
+CVE-2021-29245
+ RESERVED
+CVE-2021-29244
+ RESERVED
+CVE-2021-29243
+ RESERVED
+CVE-2021-29242
+ RESERVED
+CVE-2021-29241
+ RESERVED
+CVE-2021-29240
+ RESERVED
+CVE-2021-29239
+ RESERVED
+CVE-2021-29238
+ RESERVED
+CVE-2021-29237
+ RESERVED
+CVE-2021-29236
+ RESERVED
+CVE-2021-29235
+ RESERVED
+CVE-2021-29234
+ RESERVED
+CVE-2021-29233
+ RESERVED
+CVE-2021-29232
+ RESERVED
CVE-2021-29231
RESERVED
CVE-2021-29230
@@ -288,18 +342,18 @@ CVE-2021-29100
RESERVED
CVE-2021-29099
RESERVED
-CVE-2021-29098
- RESERVED
-CVE-2021-29097
- RESERVED
+CVE-2021-29098 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...)
+ TODO: check
+CVE-2021-29097 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...)
+ TODO: check
CVE-2021-29096 (A use-after-free vulnerability when parsing a specially crafted file i ...)
NOT-FOR-US: Esri (various ArcGIS products)
-CVE-2021-29095
- RESERVED
-CVE-2021-29094
- RESERVED
-CVE-2021-29093
- RESERVED
+CVE-2021-29095 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...)
+ TODO: check
+CVE-2021-29094 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...)
+ TODO: check
+CVE-2021-29093 (A use-after-free vulnerability when parsing a specially crafted file i ...)
+ TODO: check
CVE-2021-3461
RESERVED
NOT-FOR-US: Keycloak
@@ -473,12 +527,12 @@ CVE-2021-29012
RESERVED
CVE-2021-29011
RESERVED
-CVE-2021-29010
- RESERVED
-CVE-2021-29009
- RESERVED
-CVE-2021-29008
- RESERVED
+CVE-2021-29010 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
+ TODO: check
+CVE-2021-29009 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
+ TODO: check
+CVE-2021-29008 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
+ TODO: check
CVE-2021-29007
RESERVED
CVE-2021-29006
@@ -2119,8 +2173,8 @@ CVE-2021-28248
RESERVED
CVE-2021-28247
RESERVED
-CVE-2021-28246
- RESERVED
+CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ TODO: check
CVE-2021-28245
RESERVED
CVE-2021-28244
@@ -3997,20 +4051,20 @@ CVE-2021-27456
RESERVED
CVE-2021-27455
RESERVED
-CVE-2021-27454
- RESERVED
+CVE-2021-27454 (The software performs an operation at a privilege level higher than th ...)
+ TODO: check
CVE-2021-27453
RESERVED
-CVE-2021-27452
- RESERVED
+CVE-2021-27452 (The software contains a hard-coded password that could allow an attack ...)
+ TODO: check
CVE-2021-27451
RESERVED
-CVE-2021-27450
- RESERVED
+CVE-2021-27450 (SSH server configuration file does not implement some best practices. ...)
+ TODO: check
CVE-2021-27449
RESERVED
-CVE-2021-27448
- RESERVED
+CVE-2021-27448 (A miscommunication in the file system allows adversaries with access t ...)
+ TODO: check
CVE-2021-27447
RESERVED
CVE-2021-27446
@@ -4025,12 +4079,12 @@ CVE-2021-27442
RESERVED
CVE-2021-27441
RESERVED
-CVE-2021-27440
- RESERVED
+CVE-2021-27440 (The software contains a hard-coded password it uses for its own inboun ...)
+ TODO: check
CVE-2021-27439
RESERVED
-CVE-2021-27438
- RESERVED
+CVE-2021-27438 (The software contains a hard-coded password it uses for its own inboun ...)
+ TODO: check
CVE-2021-27437
RESERVED
CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scr ...)
@@ -4197,8 +4251,8 @@ CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 be
NOT-FOR-US: VertiGIS WebOffice
CVE-2021-27373
RESERVED
-CVE-2021-27372
- RESERVED
+CVE-2021-27372 (Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may ...)
+ TODO: check
CVE-2021-27371 (The Contact page in Monica 2.19.1 allows stored XSS via the Descriptio ...)
NOT-FOR-US: Monica
CVE-2021-27370 (The Contact page in Monica 2.19.1 allows stored XSS via the Last Name ...)
@@ -9581,8 +9635,8 @@ CVE-2021-3155
RESERVED
CVE-2021-3154
RESERVED
-CVE-2021-3153
- RESERVED
+CVE-2021-3153 (HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an or ...)
+ TODO: check
CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...)
NOT-FOR-US: Home Assistant
CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) ...)
@@ -12072,7 +12126,7 @@ CVE-2021-23988
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988
CVE-2021-23987
RESERVED
- {DSA-4874-1 DLA-2607-1}
+ {DSA-4876-1 DSA-4874-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -12089,7 +12143,7 @@ CVE-2021-23985
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985
CVE-2021-23984
RESERVED
- {DSA-4874-1 DLA-2607-1}
+ {DSA-4876-1 DSA-4874-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -12102,7 +12156,7 @@ CVE-2021-23983
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983
CVE-2021-23982
RESERVED
- {DSA-4874-1 DLA-2607-1}
+ {DSA-4876-1 DSA-4874-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -12111,7 +12165,7 @@ CVE-2021-23982
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982
CVE-2021-23981
RESERVED
- {DSA-4874-1 DLA-2607-1}
+ {DSA-4876-1 DSA-4874-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -12536,8 +12590,8 @@ CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unm
NOTE: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
CVE-2021-3120 (An arbitrary file upload vulnerability in the YITH WooCommerce Gift Ca ...)
NOT-FOR-US: YITH WooCommerce Gift Cards Premium plugin for WordPress
-CVE-2021-3119
- RESERVED
+CVE-2021-3119 (Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing is ...)
+ TODO: check
CVE-2021-3118 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...)
NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging)
CVE-2021-3117
@@ -14458,10 +14512,10 @@ CVE-2021-22891
RESERVED
CVE-2021-22890
RESERVED
-CVE-2021-22889
- RESERVED
-CVE-2021-22888
- RESERVED
+CVE-2021-22889 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...)
+ TODO: check
+CVE-2021-22888 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...)
+ TODO: check
CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) mode ...)
NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000
CVE-2021-22886
@@ -14980,8 +15034,8 @@ CVE-2020-36170 (The Ultimate Member plugin before 2.1.13 for WordPress mishandle
NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2012-10001 (The Limit Login Attempts plugin before 1.7.1 for WordPress does not cl ...)
NOT-FOR-US: Limit Login Attempts plugin for WordPress
-CVE-2021-3027
- RESERVED
+CVE-2021-3027 (app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected ...)
+ TODO: check
CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...)
NOT-FOR-US: Invision Community IPS Community Suite
CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injec ...)
@@ -29598,8 +29652,8 @@ CVE-2020-28348 (HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client D
NOTE: https://github.com/hashicorp/nomad/issues/9303
CVE-2020-28347 (tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows rem ...)
NOT-FOR-US: TP-Link
-CVE-2020-28346
- RESERVED
+CVE-2020-28346 (ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer ...)
+ TODO: check
CVE-2020-28345 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
NOT-FOR-US: LG mobile devices
CVE-2020-28344 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
@@ -42962,8 +43016,8 @@ CVE-2020-23519
RESERVED
CVE-2020-23518 (Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - ...)
NOT-FOR-US: UltimateKode Neo Billing - Accounting, Invoicing And CRM Software
-CVE-2020-23517
- RESERVED
+CVE-2020-23517 (Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS ...)
+ TODO: check
CVE-2020-23516
RESERVED
CVE-2020-23515
@@ -73068,7 +73122,7 @@ CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS)
CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable ...)
NOT-FOR-US: Moonlight iOS/tvOS
CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...)
- {DSA-4693-1}
+ {DSA-4693-1 DLA-2608-1}
- jquery <removed>
[buster] - jquery <no-dsa> (Minor issue)
[jessie] - jquery <not-affected> (Vulnerable code not present)
@@ -73083,7 +73137,7 @@ CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5
NOTE: https://www.drupal.org/sa-core-2020-002
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
- {DSA-4693-1}
+ {DSA-4693-1 DLA-2608-1}
- jquery <removed>
[buster] - jquery <no-dsa> (Minor issue)
[jessie] - jquery <not-affected> (Vulnerable code not present)
@@ -74698,18 +74752,18 @@ CVE-2020-10586
RESERVED
CVE-2020-10585
RESERVED
-CVE-2020-10584
- RESERVED
-CVE-2020-10583
- RESERVED
-CVE-2020-10582
- RESERVED
-CVE-2020-10581
- RESERVED
-CVE-2020-10580
- RESERVED
-CVE-2020-10579
- RESERVED
+CVE-2020-10584 (A directory traversal on the /admin/search_by.php script of Invigo Aut ...)
+ TODO: check
+CVE-2020-10583 (The /admin/admapi.php script of Invigo Automatic Device Management (AD ...)
+ TODO: check
+CVE-2020-10582 (A SQL injection on the /admin/display_errors.php script of Invigo Auto ...)
+ TODO: check
+CVE-2020-10581 (Multiple session validity check issues in several administration funct ...)
+ TODO: check
+CVE-2020-10580 (A command injection on the /admin/broadcast.php script of Invigo Autom ...)
+ TODO: check
+CVE-2020-10579 (A directory traversal on the /admin/sysmon.php script of Invigo Automa ...)
+ TODO: check
CVE-2020-10578 (An arbitrary file read vulnerability exists in system/controller/backe ...)
NOT-FOR-US: QCMS
CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has multiple c ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb845789dc7de56b9a7ac06cc9071bbdda536139
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb845789dc7de56b9a7ac06cc9071bbdda536139
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210326/3fe2cf7c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list