[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon May 3 21:10:33 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
74d67e27 by security tracker role at 2021-05-03T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2021-3532
+	RESERVED
+CVE-2021-3531
+	RESERVED
+CVE-2021-3530
+	RESERVED
+CVE-2021-32011
+	RESERVED
+CVE-2021-32010
+	RESERVED
+CVE-2021-32009
+	RESERVED
+CVE-2021-32008
+	RESERVED
+CVE-2021-32007
+	RESERVED
+CVE-2021-32006
+	RESERVED
+CVE-2021-32005
+	RESERVED
+CVE-2021-32004
+	RESERVED
+CVE-2021-32003
+	RESERVED
+CVE-2021-32002
+	RESERVED
 CVE-2021-32001
 	RESERVED
 CVE-2021-32000
@@ -6016,8 +6042,8 @@ CVE-2021-29371
 	RESERVED
 CVE-2021-29370 (A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1. ...)
 	NOT-FOR-US: Thanos-Soft Cheetah Browser in Android
-CVE-2021-29369
-	RESERVED
+CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows code exe ...)
+	TODO: check
 CVE-2021-29368
 	RESERVED
 CVE-2021-29367
@@ -6307,16 +6333,16 @@ CVE-2021-29244
 	RESERVED
 CVE-2021-29243
 	RESERVED
-CVE-2021-29242
-	RESERVED
-CVE-2021-29241
-	RESERVED
+CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper input vali ...)
+	TODO: check
+CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that  ...)
+	TODO: check
 CVE-2021-29240
 	RESERVED
-CVE-2021-29239
-	RESERVED
-CVE-2021-29238
-	RESERVED
+CVE-2021-29239 (CODESYS Development System 3 before 3.5.17.0 displays or executes mali ...)
+	TODO: check
+CVE-2021-29238 (CODESYS Automation Server before 1.16.0 allows cross-site request forg ...)
+	TODO: check
 CVE-2021-29237
 	RESERVED
 CVE-2021-29236
@@ -7161,8 +7187,8 @@ CVE-2021-28862
 	RESERVED
 CVE-2021-28861
 	RESERVED
-CVE-2021-28860
-	RESERVED
+CVE-2021-28860 (Node.js mixme 0.5.0, an attacker can add or alter properties of an obj ...)
+	TODO: check
 CVE-2021-28859
 	RESERVED
 CVE-2021-28858
@@ -14997,8 +15023,7 @@ CVE-2021-25633
 	RESERVED
 CVE-2021-25632
 	RESERVED
-CVE-2021-25631
-	RESERVED
+CVE-2021-25631 (In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7 ...)
 	- libreoffice <not-affected> (Libreoffice on Windows)
 	NOTE: https://positive.security/blog/url-open-rce#open-libreoffice
 CVE-2021-25630 ("loolforkit" is a privileged program that is supposed to be run by a s ...)
@@ -25916,8 +25941,8 @@ CVE-2021-21266 (openHAB is a vendor and technology agnostic open source automati
 	NOT-FOR-US: openHAB
 CVE-2021-21265 (October is a free, open-source, self-hosted CMS platform based on the  ...)
 	NOT-FOR-US: October CMS
-CVE-2021-21264
-	RESERVED
+CVE-2021-21264 (October is a free, open-source, self-hosted CMS platform based on the  ...)
+	TODO: check
 CVE-2021-21262
 	RESERVED
 CVE-2021-21260 (Online Invoicing System (OIS) is open source software which is a lean  ...)
@@ -56473,8 +56498,8 @@ CVE-2020-20249
 	RESERVED
 CVE-2020-20248
 	RESERVED
-CVE-2020-20247
-	RESERVED
+CVE-2020-20247 (Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory co ...)
+	TODO: check
 CVE-2020-20246
 	RESERVED
 CVE-2020-20245
@@ -56531,8 +56556,8 @@ CVE-2020-20220
 	RESERVED
 CVE-2020-20219
 	RESERVED
-CVE-2020-20218
-	RESERVED
+CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
+	TODO: check
 CVE-2020-20217
 	RESERVED
 CVE-2020-20216
@@ -72937,7 +72962,7 @@ CVE-2020-13287 (A vulnerability was discovered in GitLab versions before 13.1.10
 CVE-2020-13286 (For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configur ...)
 	- gitlab <not-affected> (Only affects GitLab 12.7 and later)
 	NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13285 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulne ...)
+CVE-2020-13285 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) ...)
 	- gitlab <not-affected> (Only affects GitLab 12.9 and later)
 	NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
 CVE-2020-13284 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d67e27ead056353a02b793af390cac79b19233

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d67e27ead056353a02b793af390cac79b19233
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210503/bbad9ec5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list