[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri May 7 21:10:37 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
496e18f3 by security tracker role at 2021-05-07T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2021-32478
+ RESERVED
+CVE-2021-32477
+ RESERVED
+CVE-2021-32476
+ RESERVED
+CVE-2021-32475
+ RESERVED
+CVE-2021-32474
+ RESERVED
+CVE-2021-32473
+ RESERVED
+CVE-2021-32472
+ RESERVED
+CVE-2021-32471
+ RESERVED
+CVE-2021-32470 (Craft CMS before 3.6.13 has an XSS vulnerability. ...)
+ TODO: check
+CVE-2021-32469
+ RESERVED
+CVE-2021-32468
+ RESERVED
+CVE-2021-32467
+ RESERVED
+CVE-2021-32466
+ RESERVED
+CVE-2021-32465
+ RESERVED
+CVE-2021-32464
+ RESERVED
+CVE-2021-32463
+ RESERVED
+CVE-2021-32462
+ RESERVED
+CVE-2021-32461
+ RESERVED
+CVE-2021-32460
+ RESERVED
+CVE-2021-32459
+ RESERVED
+CVE-2021-32458
+ RESERVED
+CVE-2021-32457
+ RESERVED
+CVE-2021-32456
+ RESERVED
+CVE-2021-32455
+ RESERVED
+CVE-2021-32454
+ RESERVED
+CVE-2021-32453
+ RESERVED
CVE-2021-3540
RESERVED
CVE-2021-32452
@@ -387,7 +439,7 @@ CVE-2021-32261
CVE-2021-32260
RESERVED
CVE-2021-32259
- RESERVED
+ REJECTED
CVE-2021-32258
RESERVED
CVE-2021-32257
@@ -2467,8 +2519,7 @@ CVE-2021-31404 (Non-constant-time comparison of CSRF tokens in UIDL request hand
NOT-FOR-US: Vaadin
CVE-2021-31403 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...)
NOT-FOR-US: Vaadin
-CVE-2021-3502 [reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames]
- RESERVED
+CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present in a ...)
- avahi <unfixed> (bug #986018)
[buster] - avahi <not-affected> (Vulnerable code introduced later)
[stretch] - avahi <not-affected> (Vulnerable code introduced later)
@@ -5172,14 +5223,14 @@ CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /
NOT-FOR-US: ZEROF Web Server
CVE-2021-30174
RESERVED
-CVE-2021-30173
- RESERVED
-CVE-2021-30172
- RESERVED
-CVE-2021-30171
- RESERVED
-CVE-2021-30170
- RESERVED
+CVE-2021-30173 (Local File Inclusion vulnerability of the omni-directional communicati ...)
+ TODO: check
+CVE-2021-30172 (Special characters of picture preview page in the Quan-Fang-Wei-Tong-X ...)
+ TODO: check
+CVE-2021-30171 (Special characters of ERP POS news page are not filtered in users̵ ...)
+ TODO: check
+CVE-2021-30170 (Special characters of ERP POS customer profile page are not filtered i ...)
+ TODO: check
CVE-2021-30169 (The sensitive information of webcam device is not properly protected. ...)
NOT-FOR-US: LILIN
CVE-2021-30168 (The sensitive information of webcam device is not properly protected. ...)
@@ -6777,8 +6828,8 @@ CVE-2021-29497
RESERVED
CVE-2021-29496
RESERVED
-CVE-2021-29495
- RESERVED
+CVE-2021-29495 (Nim is a statically typed compiled systems programming language. In Ni ...)
+ TODO: check
CVE-2021-29494
RESERVED
CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has ...)
@@ -6791,8 +6842,8 @@ CVE-2021-29490 (Jellyfin is a free software media system that provides media fro
TODO: check
CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...)
NOT-FOR-US: Highcharts JS
-CVE-2021-29488
- RESERVED
+CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...)
+ TODO: check
CVE-2021-29487
RESERVED
CVE-2021-29486 (cumulative-distribution-function is an open source npm library used wh ...)
@@ -8308,7 +8359,7 @@ CVE-2021-28862
RESERVED
CVE-2021-28861
RESERVED
-CVE-2021-28860 (Node.js mixme 0.5.0, an attacker can add or alter properties of an obj ...)
+CVE-2021-28860 (In Node.js mixme, prior to v0.5.1, an attacker can add or alter proper ...)
NOT-FOR-US: Node mixme
CVE-2021-28859
RESERVED
@@ -11319,18 +11370,18 @@ CVE-2021-27576 (If was found that the NetTest web service can be used to overloa
NOT-FOR-US: Apache OpenMeetings
CVE-2021-27575
RESERVED
-CVE-2021-27574
- RESERVED
-CVE-2021-27573
- RESERVED
-CVE-2021-27572
- RESERVED
-CVE-2021-27571
- RESERVED
-CVE-2021-27570
- RESERVED
-CVE-2021-27569
- RESERVED
+CVE-2021-27574 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses ...)
+ TODO: check
+CVE-2021-27573 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote ...)
+ TODO: check
+CVE-2021-27572 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authent ...)
+ TODO: check
+CVE-2021-27571 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...)
+ TODO: check
+CVE-2021-27570 (An issue was discovered in Emote Remote Mouse through 3.015. Attackers ...)
+ TODO: check
+CVE-2021-27569 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...)
+ TODO: check
CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through 2015-10-23 an ...)
NOT-FOR-US: netplex
CVE-2021-27567
@@ -11607,8 +11658,8 @@ CVE-2021-27439
RESERVED
CVE-2021-27438 (The software contains a hard-coded password it uses for its own inboun ...)
NOT-FOR-US: GE
-CVE-2021-27437
- RESERVED
+CVE-2021-27437 (The affected product allows attackers to obtain sensitive information ...)
+ TODO: check
CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scr ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2021-27435
@@ -14823,10 +14874,10 @@ CVE-2021-23140
RESERVED
CVE-2021-23136
RESERVED
-CVE-2021-26123
- RESERVED
-CVE-2021-26122
- RESERVED
+CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wiht ...)
+ TODO: check
+CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedb ...)
+ TODO: check
CVE-2021-26121
RESERVED
CVE-2021-26120 (Smarty before 3.1.39 allows code injection via an unexpected function ...)
@@ -22802,24 +22853,24 @@ CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and l
NOT-FOR-US: Rockwell Automation
CVE-2021-22680
RESERVED
-CVE-2021-22679
- RESERVED
+CVE-2021-22679 (The affected product is vulnerable to an integer overflow while proces ...)
+ TODO: check
CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation of use ...)
NOT-FOR-US: Cscape
-CVE-2021-22677
- RESERVED
+CVE-2021-22677 (An integer overflow exists in the APIs of the host MCU while trying to ...)
+ TODO: check
CVE-2021-22676
RESERVED
-CVE-2021-22675
- RESERVED
+CVE-2021-22675 (The affected product is vulnerable to integer overflow while parsing m ...)
+ TODO: check
CVE-2021-22674
RESERVED
-CVE-2021-22673
- RESERVED
+CVE-2021-22673 (The affected product is vulnerable to stack-based buffer overflow whil ...)
+ TODO: check
CVE-2021-22672
RESERVED
-CVE-2021-22671
- RESERVED
+CVE-2021-22671 (Multiple integer overflow issues exist while processing long domain na ...)
+ TODO: check
CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version ...)
NOT-FOR-US: Fatek FvDesigner
CVE-2021-22669 (Incorrect permissions are set to default on the ‘Project Managem ...)
@@ -24245,8 +24296,8 @@ CVE-2021-21986
RESERVED
CVE-2021-21985
RESERVED
-CVE-2021-21984
- RESERVED
+CVE-2021-21984 (VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remot ...)
+ TODO: check
CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manager API ...)
NOT-FOR-US: vRealize Operations Manager API (Vmware)
CVE-2021-21982 (VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an aut ...)
@@ -25326,16 +25377,16 @@ CVE-2020-36130
RESERVED
CVE-2020-36129
RESERVED
-CVE-2020-36128
- RESERVED
-CVE-2020-36127
- RESERVED
-CVE-2020-36126
- RESERVED
-CVE-2020-36125
- RESERVED
-CVE-2020-36124
- RESERVED
+CVE-2020-36128 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
+ TODO: check
+CVE-2020-36127 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
+ TODO: check
+CVE-2020-36126 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
+ TODO: check
+CVE-2020-36125 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
+ TODO: check
+CVE-2020-36124 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
+ TODO: check
CVE-2020-36123
RESERVED
CVE-2020-36122
@@ -26674,8 +26725,8 @@ CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications
NOT-FOR-US: node-etsy-client
CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerability ...)
NOT-FOR-US: vscode-stripe Visual Studio Code extension
-CVE-2021-21419
- RESERVED
+CVE-2021-21419 (Eventlet is a concurrent networking library for Python. A websocket pe ...)
+ TODO: check
CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...)
NOT-FOR-US: PrestaShop
CVE-2021-21417 (fluidsynth is a software synthesizer based on the SoundFont 2 specific ...)
@@ -32804,13 +32855,12 @@ CVE-2021-1929
RESERVED
CVE-2021-1928
RESERVED
-CVE-2021-1927
- RESERVED
+CVE-2021-1927 (Possible use after free due to lack of null check while memory is bein ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1926
RESERVED
-CVE-2021-1925
- RESERVED
+CVE-2021-1925 (Possible denial of service scenario due to improper handling of group ...)
+ TODO: check
CVE-2021-1924
RESERVED
CVE-2021-1923
@@ -32829,8 +32879,7 @@ CVE-2021-1917
RESERVED
CVE-2021-1916
RESERVED
-CVE-2021-1915
- RESERVED
+CVE-2021-1915 (Buffer overflow can occur due to improper validation of NDP applicatio ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1914
RESERVED
@@ -32840,8 +32889,7 @@ CVE-2021-1912
RESERVED
CVE-2021-1911
RESERVED
-CVE-2021-1910
- RESERVED
+CVE-2021-1910 (Double free in video due to lack of input buffer length check in Snapd ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1909
RESERVED
@@ -32849,11 +32897,9 @@ CVE-2021-1908
RESERVED
CVE-2021-1907
RESERVED
-CVE-2021-1906
- RESERVED
+CVE-2021-1906 (Improper handling of address deregistration on failure can lead to new ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1905
- RESERVED
+CVE-2021-1905 (Possible use after free due to improper handling of memory mapping of ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1904
RESERVED
@@ -32873,16 +32919,15 @@ CVE-2021-1897
RESERVED
CVE-2021-1896
RESERVED
-CVE-2021-1895
- RESERVED
+CVE-2021-1895 (Possible integer overflow due to improper length check while flashing ...)
+ TODO: check
CVE-2021-1894
RESERVED
CVE-2021-1893
RESERVED
CVE-2021-1892 (Memory corruption due to improper input validation while processing IO ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1891
- RESERVED
+CVE-2021-1891 (A possible use-after-free occurrence in audio driver can happen when p ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1890
RESERVED
@@ -72265,8 +72310,8 @@ CVE-2020-14011 (Lansweeper 6.0.x through 7.2.x has a default installation in whi
NOT-FOR-US: Lansweeper
CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via t ...)
NOT-FOR-US: Laborator Xenon theme for WordPress
-CVE-2020-14009
- RESERVED
+CVE-2020-14009 (Proofpoint Enterprise Protection (PPS/PoD) before 8.17.0 contains a vu ...)
+ TODO: check
CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows an auth ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...)
@@ -80547,14 +80592,11 @@ CVE-2020-11297 (Denial of service in WLAN module due to improper check of subtyp
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11296 (Arithmetic overflow can happen while processing NOA IE due to improper ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11295
- RESERVED
+CVE-2020-11295 (Use after free in camera If the threadmanager is being cleaned up whil ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11294
- RESERVED
+CVE-2020-11294 (Out of bound write in logger due to prefix size is not validated while ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11293
- RESERVED
+CVE-2020-11293 (Out of bound read can happen in Widevine TA while copying data to buff ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11292
RESERVED
@@ -80562,21 +80604,17 @@ CVE-2020-11291
RESERVED
CVE-2020-11290 (Use after free condition in msm ioctl events due to race between the i ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11289
- RESERVED
+CVE-2020-11289 (Out of bound write can occur in TZ command handler due to lack of vali ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11288
- RESERVED
+CVE-2020-11288 (Out of bound write can occur in playready while processing command due ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11287 (Allowing RTT frames to be linked with non randomized MAC address by co ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11286 (An Untrusted Pointer Dereference can occur while doing USB control tra ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11285
- RESERVED
+CVE-2020-11285 (Buffer over-read while unpacking the RTCP packet we may read extra byt ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11284
- RESERVED
+CVE-2020-11284 (Locked memory can be unlocked and modified by non secure boot loader t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11283 (A buffer overflow can occur when playing an MKV clip due to lack of in ...)
NOT-FOR-US: Qualcomm components for Android
@@ -80586,8 +80624,7 @@ CVE-2020-11281 (Allowing RTT frames to be linked with non randomized MAC address
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11280 (Denial of service while processing fine timing measurement request (FT ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11279
- RESERVED
+CVE-2020-11279 (Memory corruption while processing crafted SDES packets due to imprope ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11278 (Possible denial of service while handling host WMI command due to impr ...)
NOT-FOR-US: Qualcomm components for Android
@@ -80597,11 +80634,9 @@ CVE-2020-11276 (Possible buffer over read while processing P2P IE and NOA attrib
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11275 (Possible buffer over-read while parsing quiet IE in Rx beacon frame du ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11274
- RESERVED
+CVE-2020-11274 (Denial of service in MODEM due to assert to the invalid configuration ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11273
- RESERVED
+CVE-2020-11273 (Histogram type KPI was teardown with the assumption of the existence o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11272 (Before enqueuing a frame to the PE queue for further processing, an en ...)
NOT-FOR-US: Qualcomm components for Android
@@ -80611,8 +80646,8 @@ CVE-2020-11270 (Possible denial of service due to RTT responder consistently rej
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11269 (Possible memory corruption while processing EAPOL frames due to lack o ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11268
- RESERVED
+CVE-2020-11268 (Potential UE reset while decoding a crafted Sib1 or SIB1 that schedule ...)
+ TODO: check
CVE-2020-11267
RESERVED
CVE-2020-11266
@@ -80642,8 +80677,7 @@ CVE-2020-11256
RESERVED
CVE-2020-11255 (Denial of service while processing RTCP packets containing multiple SD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11254
- RESERVED
+CVE-2020-11254 (Memory corruption during buffer allocation due to dereferencing sessio ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11253 (Arbitrary memory write issue in video driver while setting the interna ...)
NOT-FOR-US: Qualcomm components for Android
@@ -97490,8 +97524,8 @@ CVE-2020-4903 (IBM API Connect V10 and V2018 could allow an attacker who has int
NOT-FOR-US: IBM
CVE-2020-4902
RESERVED
-CVE-2020-4901
- RESERVED
+CVE-2020-4901 (IBM Robotic Process Automation with Automation Anywhere 11.0 could all ...)
+ TODO: check
CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive ...)
NOT-FOR-US: IBM
CVE-2020-4899 (IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/496e18f3d7be4cd6169415620258d82e0340e505
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/496e18f3d7be4cd6169415620258d82e0340e505
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210507/50d790e1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list