[Git][security-tracker-team/security-tracker][master] automatic update

Tue May 4 09:10:27 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42273d1a by security tracker role at 2021-05-04T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2021-3534
+	RESERVED
+CVE-2021-3533
+	RESERVED
+CVE-2021-32026
+	RESERVED
+CVE-2021-32025
+	RESERVED
+CVE-2021-32024
+	RESERVED
+CVE-2021-32023
+	RESERVED
+CVE-2021-32022
+	RESERVED
+CVE-2021-32021
+	RESERVED
+CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insuffici ...)
+	TODO: check
+CVE-2021-32019
+	RESERVED
+CVE-2021-32018
+	RESERVED
+CVE-2021-32017
+	RESERVED
+CVE-2021-32016
+	RESERVED
+CVE-2021-32015
+	RESERVED
+CVE-2021-32014
+	RESERVED
+CVE-2021-32013
+	RESERVED
+CVE-2021-32012
+	RESERVED
 CVE-2021-3532
 	RESERVED
 CVE-2021-3531
@@ -1926,8 +1960,8 @@ CVE-2021-31166
 	RESERVED
 CVE-2021-31165
 	RESERVED
-CVE-2021-31164
-	RESERVED
+CVE-2021-31164 (Apache Unomi prior to version 1.5.5 allows CRLF log injection because  ...)
+	TODO: check
 CVE-2021-31163
 	RESERVED
 CVE-2021-31162 (In the standard library in Rust before 1.53.0, a double free can occur ...)
@@ -25145,14 +25179,14 @@ CVE-2020-35760
 	RESERVED
 CVE-2020-35759
 	RESERVED
-CVE-2020-35758
-	RESERVED
-CVE-2020-35757
-	RESERVED
-CVE-2020-35756
-	RESERVED
-CVE-2020-35755
-	RESERVED
+CVE-2020-35758 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
+	TODO: check
+CVE-2020-35757 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
+	TODO: check
+CVE-2020-35756 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
+	TODO: check
+CVE-2020-35755 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
+	TODO: check
 CVE-2020-35754 (OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authe ...)
 	NOT-FOR-US: OpenSolution Quick.CMS
 CVE-2020-35753 (The job posting recommendation form in Persis Human Resource Managemen ...)
@@ -26043,24 +26077,31 @@ CVE-2021-21234 (spring-boot-actuator-logview in a library that adds a simple log
 CVE-2020-35627 (Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vul ...)
 	NOT-FOR-US: Ultimate WooCommerce Gift Cards
 CVE-2021-21233 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90. ...)
+	{DSA-4911-1}
 	- chromium 90.0.4430.93-1 (bug #987715)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-21232 (Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 all ...)
+	{DSA-4911-1}
 	- chromium 90.0.4430.93-1 (bug #987715)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-21231 (Insufficient data validation in V8 in Google Chrome prior to 90.0.4430 ...)
+	{DSA-4911-1}
 	- chromium 90.0.4430.93-1 (bug #987715)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-21230 (Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a  ...)
+	{DSA-4911-1}
 	- chromium 90.0.4430.93-1 (bug #987715)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-21229 (Incorrect security UI in downloads in Google Chrome on Android prior t ...)
+	{DSA-4911-1}
 	- chromium 90.0.4430.93-1 (bug #987715)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-21228 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+	{DSA-4911-1}
 	- chromium 90.0.4430.93-1 (bug #987715)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-21227 (Insufficient data validation in V8 in Google Chrome prior to 90.0.4430 ...)
+	{DSA-4911-1}
 	- chromium 90.0.4430.93-1 (bug #987715)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-21226 (Use after free in navigation in Google Chrome prior to 90.0.4430.85 al ...)
@@ -33967,8 +34008,8 @@ CVE-2020-28947 (In MISP 2.4.134, XSS exists in the template element index view b
 	NOT-FOR-US: MISP
 CVE-2020-28946 (An improper webserver configuration on Plum IK-401 devices with firmwa ...)
 	NOT-FOR-US: Plum IK-401 devices
-CVE-2020-28945
-	RESERVED
+CVE-2020-28945 (OX App Suite 7.10.4 and earlier allows XSS via crafted content to reac ...)
+	TODO: check
 CVE-2020-28944 (OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS serve ...)
 	NOT-FOR-US: OX Guard
 CVE-2020-28943 (OX App Suite 7.10.4 and earlier allows SSRF via a snippet. ...)
@@ -50821,8 +50862,8 @@ CVE-2020-23085
 	RESERVED
 CVE-2020-23084
 	RESERVED
-CVE-2020-23083
-	RESERVED
+CVE-2020-23083 (Unrestricted File Upload in JEECG v4.0 and earlier allows remote attac ...)
+	TODO: check
 CVE-2020-23082
 	RESERVED
 CVE-2020-23081
@@ -50957,8 +50998,8 @@ CVE-2020-23017
 	RESERVED
 CVE-2020-23016
 	RESERVED
-CVE-2020-23015
-	RESERVED
+CVE-2020-23015 (An open redirect issue was discovered in OPNsense through 20.1.5. The  ...)
+	TODO: check
 CVE-2020-23014 (APfell 1.4 is vulnerable to authenticated reflected cross-site scripti ...)
 	NOT-FOR-US: APfell
 CVE-2020-23013
@@ -61977,7 +62018,7 @@ CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomc
 CVE-2020-17526 (Incorrect Session Validation in Apache Airflow Webserver versions prio ...)
 	- airflow <itp> (bug #819700)
 CVE-2020-17525 (Subversion's mod_authz_svn module will crash if the server is using in ...)
-	{DSA-4851-1}
+	{DSA-4851-1 DLA-2646-1}
 	- subversion 1.14.1-1 (bug #982464)
 	NOTE: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
 CVE-2020-17524



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42273d1a990f0684e4c2a629d04a0ff16f507910

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42273d1a990f0684e4c2a629d04a0ff16f507910
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210504/59bec494/attachment.htm>
