[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 5 21:10:45 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
026d7e45 by security tracker role at 2021-05-05T20:10:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,126 @@
-CVE-2021-32055 [out-of-bounds read in situations where an IMAP sequence set ends with a comma]
+CVE-2021-3536
+ RESERVED
+CVE-2021-3535
+ RESERVED
+CVE-2021-32061
+ RESERVED
+CVE-2021-32060
+ RESERVED
+CVE-2021-32059
+ RESERVED
+CVE-2021-32058
+ RESERVED
+CVE-2021-32057
+ RESERVED
+CVE-2021-32056
+ RESERVED
+CVE-2021-32054
+ RESERVED
+CVE-2021-32053
+ RESERVED
+CVE-2021-32052
+ RESERVED
+CVE-2021-32051
+ RESERVED
+CVE-2021-32050
+ RESERVED
+CVE-2021-32049
+ RESERVED
+CVE-2021-32048
+ RESERVED
+CVE-2021-32047
+ RESERVED
+CVE-2021-32046
+ RESERVED
+CVE-2021-32045
+ RESERVED
+CVE-2021-32044
+ RESERVED
+CVE-2021-32043
+ RESERVED
+CVE-2021-32042
+ RESERVED
+CVE-2021-32041
+ RESERVED
+CVE-2021-32040
+ RESERVED
+CVE-2021-32039
+ RESERVED
+CVE-2021-32038
+ RESERVED
+CVE-2021-32037
+ RESERVED
+CVE-2021-32036
+ RESERVED
+CVE-2021-32035
+ RESERVED
+CVE-2021-32034
+ RESERVED
+CVE-2021-32033
+ RESERVED
+CVE-2021-32032
+ RESERVED
+CVE-2021-32031
+ RESERVED
+CVE-2020-36362
+ RESERVED
+CVE-2020-36361
+ RESERVED
+CVE-2020-36360
+ RESERVED
+CVE-2020-36359
+ RESERVED
+CVE-2020-36358
+ RESERVED
+CVE-2020-36357
+ RESERVED
+CVE-2020-36356
+ RESERVED
+CVE-2020-36355
+ RESERVED
+CVE-2020-36354
+ RESERVED
+CVE-2020-36353
+ RESERVED
+CVE-2020-36352
+ RESERVED
+CVE-2020-36351
+ RESERVED
+CVE-2020-36350
+ RESERVED
+CVE-2020-36349
+ RESERVED
+CVE-2020-36348
+ RESERVED
+CVE-2020-36347
+ RESERVED
+CVE-2020-36346
+ RESERVED
+CVE-2020-36345
+ RESERVED
+CVE-2020-36344
+ RESERVED
+CVE-2020-36343
+ RESERVED
+CVE-2020-36342
+ RESERVED
+CVE-2020-36341
+ RESERVED
+CVE-2020-36340
+ RESERVED
+CVE-2020-36339
+ RESERVED
+CVE-2020-36338
+ RESERVED
+CVE-2020-36337
+ RESERVED
+CVE-2020-36336
+ RESERVED
+CVE-2020-36335
+ RESERVED
+CVE-2016-20010 (EWWW Image Optimizer before 2.8.5 allows remote command execution beca ...)
+ TODO: check
+CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through ...)
- mutt <unfixed> (bug #988106)
[buster] - mutt <not-affected> (Vulnerable code introduced later)
[stretch] - mutt <not-affected> (Vulnerable code introduced later)
@@ -642,8 +764,8 @@ CVE-2021-31802 (NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overfl
NOT-FOR-US: Netgear
CVE-2021-31801
RESERVED
-CVE-2021-31800
- RESERVED
+CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in Impac ...)
+ TODO: check
CVE-2021-31799
RESERVED
CVE-2021-31798
@@ -1156,8 +1278,7 @@ CVE-2021-31544
RESERVED
CVE-2021-31543
RESERVED
-CVE-2021-31542
- RESERVED
+CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...)
- python-django 2:2.2.21-1 (bug #988053)
NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/
NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main)
@@ -1166,7 +1287,7 @@ CVE-2021-31541
RESERVED
CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation) has i ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2021-31539 (Wowza Streaming Engine through 4.8.5 (in a default installation) has c ...)
+CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01 (in a default installation) has ...)
NOT-FOR-US: Wowza Streaming Engine
CVE-2021-31538
RESERVED
@@ -1225,10 +1346,10 @@ CVE-2021-31520
RESERVED
CVE-2021-31519
RESERVED
-CVE-2021-31518
- RESERVED
-CVE-2021-31517
- RESERVED
+CVE-2021-31518 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...)
+ TODO: check
+CVE-2021-31517 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...)
+ TODO: check
CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an infinit ...)
- pdfresurrect <unfixed> (unimportant)
NOTE: https://github.com/enferex/pdfresurrect/issues/17
@@ -5796,8 +5917,8 @@ CVE-2021-29491
RESERVED
CVE-2021-29490
RESERVED
-CVE-2021-29489
- RESERVED
+CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...)
+ TODO: check
CVE-2021-29488
RESERVED
CVE-2021-29487
@@ -6442,18 +6563,18 @@ CVE-2021-29252
RESERVED
CVE-2021-29251 (BTCPay Server before 1.0.7.1 mishandles the policy setting in which us ...)
NOT-FOR-US: BTCPay Server
-CVE-2021-29250
- RESERVED
+CVE-2021-29250 (BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripti ...)
+ TODO: check
CVE-2021-29249 (BTCPay Server before 1.0.6.0, when the payment button is used, has a p ...)
NOT-FOR-US: BTCPay Server
-CVE-2021-29248
- RESERVED
-CVE-2021-29247
- RESERVED
-CVE-2021-29246
- RESERVED
-CVE-2021-29245
- RESERVED
+CVE-2021-29248 (BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain ...)
+ TODO: check
+CVE-2021-29247 (BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain ...)
+ TODO: check
+CVE-2021-29246 (BTCPay Server through 1.0.7.0 suffers from directory traversal, which ...)
+ TODO: check
+CVE-2021-29245 (BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseud ...)
+ TODO: check
CVE-2021-29244
RESERVED
CVE-2021-29243
@@ -6767,8 +6888,8 @@ CVE-2021-29102
RESERVED
CVE-2021-29101
RESERVED
-CVE-2021-29100
- RESERVED
+CVE-2021-29100 (A path traversal vulnerability exists in Esri ArcGIS Earth versions 1. ...)
+ TODO: check
CVE-2021-29099
RESERVED
CVE-2021-29098 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...)
@@ -15818,14 +15939,12 @@ CVE-2021-25321
RESERVED
CVE-2021-25320
RESERVED
-CVE-2021-25319
- RESERVED
+CVE-2021-25319 (A Incorrect Default Permissions vulnerability in the packaging of virt ...)
- virtualbox <not-affected> (openSUSE specific security issue in the openSUSE packaging)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/2
CVE-2021-25318
RESERVED
-CVE-2021-25317
- RESERVED
+CVE-2021-25317 (A Incorrect Default Permissions vulnerability in the packaging of cups ...)
- cups <not-affected> (In Debian /var/log/cups is owned by root:root)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1949119
CVE-2021-25316 (A Insecure Temporary File vulnerability in s390-tools of SUSE Linux En ...)
@@ -28278,16 +28397,16 @@ CVE-2021-20403 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnera
NOT-FOR-US: IBM
CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...)
NOT-FOR-US: IBM
-CVE-2021-20401
- RESERVED
+CVE-2021-20401 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a ...)
+ TODO: check
CVE-2021-20400
RESERVED
CVE-2021-20399
RESERVED
CVE-2021-20398
RESERVED
-CVE-2021-20397
- RESERVED
+CVE-2021-20397 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ TODO: check
CVE-2021-20396
RESERVED
CVE-2021-20395
@@ -28728,8 +28847,7 @@ CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was fou
[buster] - qemu <postponed> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
-CVE-2021-20254 [Negative idmap cache entries can cause incorrect group entries in the Samba file server process token]
- RESERVED
+CVE-2021-20254 (A flaw was found in samba. The Samba smbd file server must map Windows ...)
- samba <unfixed> (bug #987811)
[buster] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2021-20254.html
@@ -38967,45 +39085,46 @@ CVE-2020-28027
RESERVED
CVE-2020-28026
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28025
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/80a47a2c9633437d4ceebd214cd44abfbd4f4543 (exim-4_70_RC3)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28024
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28023
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/18481de384caecff421f23f715be916403f5d0ee (exim-4_88_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28022
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/d7a2c8337f7b615763d4429ab27653862756b6fb (exim-4_89_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28021
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28020
RESERVED
+ {DLA-2650-1}
- exim4 4.92~RC5-1
NOTE: Fixed by: https://git.exim.org/exim.git/commit/56ac062a3ff94fc4e1bbfc2293119c079a4e980b (exim-4.92-RC5)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28019
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by: https://git.exim.org/exim.git/commit/7e3ce68e68ab9b8906a637d352993abf361554e2 (exim-4_88_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
@@ -39019,7 +39138,7 @@ CVE-2020-28018
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28017
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28016
@@ -39031,27 +39150,27 @@ CVE-2020-28016
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28015
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28014
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28013
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28012
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28011
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28010
@@ -39063,17 +39182,17 @@ CVE-2020-28010
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28009
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28008
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28007
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-25692 (A NULL pointer dereference was found in OpenLDAP server and was fixed ...)
@@ -72269,18 +72388,15 @@ CVE-2020-13668
RESERVED
CVE-2020-13667
RESERVED
-CVE-2020-13666 [SA-CORE-2020-007]
- RESERVED
+CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...)
{DLA-2458-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2020-007
NOTE: https://github.com/drupal/drupal/commit/cd3721550d988240ef6e682bd1cae2939c6e9e5a
-CVE-2020-13665
- RESERVED
+CVE-2020-13665 (Access bypass vulnerability in Drupal Core allows JSON:API when JSON:A ...)
- drupal7 <not-affected> (Drupal 7 not affected)
NOTE: https://www.drupal.org/sa-core-2020-006
-CVE-2020-13664
- RESERVED
+CVE-2020-13664 (Arbitrary PHP code execution vulnerability in Drupal Core under certai ...)
- drupal7 <not-affected> (Drupal 7 not affected)
NOTE: https://www.drupal.org/sa-core-2020-005
CVE-2020-13663 [Drupal SA 2020-004]
@@ -72486,8 +72602,7 @@ CVE-2020-13594 (The Bluetooth Low Energy (BLE) controller implementation in Espr
NOT-FOR-US: Espressif
CVE-2020-13593 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...)
NOT-FOR-US: Espressif
-CVE-2020-13662 [Drupal SA 2020-003]
- RESERVED
+CVE-2020-13662 (Open Redirect vulnerability in Drupal Core allows a user to be tricked ...)
{DSA-4693-1 DLA-2250-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2020-003
@@ -85863,9 +85978,9 @@ CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a
NOT-FOR-US: OpenSearch Web browser
CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...)
NOT-FOR-US: OpenVPN Access Server
-CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...)
+CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allow ...)
NOT-FOR-US: Fiserv Accurate Reconciliation
-CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Des ...)
+CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allow ...)
NOT-FOR-US: Fiserv Accurate Reconciliation
CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...)
NOT-FOR-US: Radeon AMD User Experience Program Launcher
@@ -96276,8 +96391,8 @@ CVE-2020-5015 (IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic
NOT-FOR-US: IBM
CVE-2020-5014 (IBM DataPower Gateway V10 and V2018 could allow a local attacker with ...)
NOT-FOR-US: IBM
-CVE-2020-5013
- RESERVED
+CVE-2020-5013 (IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity In ...)
+ TODO: check
CVE-2020-5012
RESERVED
CVE-2020-5011
@@ -96316,8 +96431,8 @@ CVE-2020-4995 (IBM Security Identity Governance and Intelligence 5.2.6 does not
NOT-FOR-US: IBM
CVE-2020-4994
RESERVED
-CVE-2020-4993
- RESERVED
+CVE-2020-4993 (IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature ...)
+ TODO: check
CVE-2020-4992
RESERVED
CVE-2020-4991
@@ -96344,8 +96459,8 @@ CVE-2020-4981 (IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local pr
NOT-FOR-US: IBM
CVE-2020-4980
RESERVED
-CVE-2020-4979
- RESERVED
+CVE-2020-4979 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment ...)
+ TODO: check
CVE-2020-4978
RESERVED
CVE-2020-4977
@@ -96438,14 +96553,14 @@ CVE-2020-4934 (IBM Content Navigator 3.0.CD could allow a remote attacker to tra
NOT-FOR-US: IBM
CVE-2020-4933 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...)
NOT-FOR-US: IBM
-CVE-2020-4932
- RESERVED
+CVE-2020-4932 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a ...)
+ TODO: check
CVE-2020-4931 (IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authe ...)
NOT-FOR-US: IBM
CVE-2020-4930
RESERVED
-CVE-2020-4929
- RESERVED
+CVE-2020-4929 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ TODO: check
CVE-2020-4928 (IBM Cloud Pak System 2.3 could allow a local privileged attacker to up ...)
NOT-FOR-US: IBM
CVE-2020-4927
@@ -96536,8 +96651,8 @@ CVE-2020-4885
RESERVED
CVE-2020-4884 (IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user c ...)
NOT-FOR-US: IBM
-CVE-2020-4883
- RESERVED
+CVE-2020-4883 (IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about ...)
+ TODO: check
CVE-2020-4882 (IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Reques ...)
NOT-FOR-US: IBM
CVE-2020-4881 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/026d7e4531207aed861e0b83e483c64de4ed7522
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/026d7e4531207aed861e0b83e483c64de4ed7522
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210505/1e95fe58/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list