[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 12 21:10:37 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e77dfd5 by security tracker role at 2021-05-12T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2021-3549
+ RESERVED
+CVE-2021-32615
+ RESERVED
+CVE-2021-32614
+ RESERVED
+CVE-2021-32613
+ RESERVED
+CVE-2021-32612
+ RESERVED
+CVE-2021-32611 (A NULL pointer dereference vulnerability exists in eXcall_api.c in Ant ...)
+ TODO: check
+CVE-2021-32610
+ RESERVED
+CVE-2021-32609
+ RESERVED
+CVE-2021-32608 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...)
+ TODO: check
+CVE-2021-32607 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...)
+ TODO: check
CVE-2021-3547
RESERVED
CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrar ...)
@@ -90,8 +110,8 @@ CVE-2021-32574
RESERVED
CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.js all ...)
NOT-FOR-US: Node express-cart
-CVE-2021-32572
- RESERVED
+CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...)
+ TODO: check
CVE-2021-32571
RESERVED
CVE-2021-32570
@@ -1731,6 +1751,7 @@ CVE-2021-3521
RESERVED
CVE-2021-3520 [memory corruption due to an integer overflow bug caused by memmove argument]
RESERVED
+ {DLA-2657-1}
- lz4 1.9.3-2 (bug #987856)
NOTE: https://github.com/lz4/lz4/pull/972
NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
@@ -2437,9 +2458,9 @@ CVE-2021-31586
RESERVED
CVE-2021-31585
RESERVED
-CVE-2021-31584 (Sipwise C5 NGCP CSC through CE_m39.3.1 allows call/click2dial CSRF att ...)
+CVE-2021-31584 (Sipwise C5 NGCP www_admin version 3.6.7 allows call/click2dial CSRF at ...)
NOT-FOR-US: Sipwise
-CVE-2021-31583 (Sipwise C5 NGCP CSC through CE_m39.3.1 has multiple authenticated stor ...)
+CVE-2021-31583 (Sipwise C5 NGCP CSC through CE_mr9.3.1 has multiple authenticated stor ...)
NOT-FOR-US: Sipwise
CVE-2021-31582
RESERVED
@@ -2581,8 +2602,8 @@ CVE-2021-31521
RESERVED
CVE-2021-31520 (A weak session token authentication bypass vulnerability in Trend Micr ...)
NOT-FOR-US: Trend Micro
-CVE-2021-31519
- RESERVED
+CVE-2021-31519 (An incorrect permission vulnerability in the product installer folders ...)
+ TODO: check
CVE-2021-31518 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...)
NOT-FOR-US: Trend Micro
CVE-2021-31517 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...)
@@ -2988,12 +3009,12 @@ CVE-2021-31343
RESERVED
CVE-2021-31342
RESERVED
-CVE-2021-31341
- RESERVED
+CVE-2021-31341 (A vulnerability has been identified in Mendix Database Replication (Al ...)
+ TODO: check
CVE-2021-31340
RESERVED
-CVE-2021-31339
- RESERVED
+CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Module (A ...)
+ TODO: check
CVE-2021-31338
RESERVED
CVE-2021-31337
@@ -5503,14 +5524,14 @@ CVE-2021-30216
RESERVED
CVE-2021-30215
RESERVED
-CVE-2021-30214
- RESERVED
-CVE-2021-30213
- RESERVED
-CVE-2021-30212
- RESERVED
-CVE-2021-30211
- RESERVED
+CVE-2021-30214 (Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injecti ...)
+ TODO: check
+CVE-2021-30213 (Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-sit ...)
+ TODO: check
+CVE-2021-30212 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...)
+ TODO: check
+CVE-2021-30211 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...)
+ TODO: check
CVE-2021-30210
RESERVED
CVE-2021-30209 (Textpattern V4.8.4 contains an arbitrary file upload vulnerability whe ...)
@@ -7178,8 +7199,8 @@ CVE-2021-29513
RESERVED
CVE-2021-29512
RESERVED
-CVE-2021-29511
- RESERVED
+CVE-2021-29511 (evm is a pure Rust implementation of Ethereum Virtual Machine. Prior t ...)
+ TODO: check
CVE-2021-29510
RESERVED
CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The f ...)
@@ -8468,8 +8489,7 @@ CVE-2021-28977
RESERVED
CVE-2021-28976
RESERVED
-CVE-2021-3457
- RESERVED
+CVE-2021-3457 (An improper authorization handling flaw was found in Foreman. The Shel ...)
- foreman <itp> (bug #663101)
CVE-2021-3456
RESERVED
@@ -9272,8 +9292,8 @@ CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used b
NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4
NOTE: Issue exists because of an incomplete fix for CVE-2020-36241.
-CVE-2021-28649
- RESERVED
+CVE-2021-28649 (An incorrect permission vulnerability in the product installer for Tre ...)
+ TODO: check
CVE-2021-28648 (Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vu ...)
NOT-FOR-US: Trend Micro
CVE-2021-28647 (Trend Micro Password Manager version 5 (Consumer) is vulnerable to a D ...)
@@ -12188,12 +12208,12 @@ CVE-2021-3412
NOT-FOR-US: Red Hat 3scale API Management
CVE-2021-27399
RESERVED
-CVE-2021-27398
- RESERVED
-CVE-2021-27397
- RESERVED
-CVE-2021-27396
- RESERVED
+CVE-2021-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
+CVE-2021-27396 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ TODO: check
CVE-2021-27395
RESERVED
CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...)
@@ -12212,14 +12232,14 @@ CVE-2021-27388
RESERVED
CVE-2021-27387
RESERVED
-CVE-2021-27386
- RESERVED
-CVE-2021-27385
- RESERVED
-CVE-2021-27384
- RESERVED
-CVE-2021-27383
- RESERVED
+CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ TODO: check
+CVE-2021-27385 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ TODO: check
+CVE-2021-27384 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ TODO: check
+CVE-2021-27383 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ TODO: check
CVE-2021-27382 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
NOT-FOR-US: Solid Edge (Siemens)
CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
@@ -14093,7 +14113,7 @@ CVE-2021-26585
RESERVED
CVE-2021-26584
RESERVED
-CVE-2021-26583 (Potential security vulnerabilities have been identified in HPE iLO Amp ...)
+CVE-2021-26583 (A potential security vulnerability was identified in HPE iLO Amplifier ...)
NOT-FOR-US: HPE
CVE-2021-26582 (A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgf ...)
NOT-FOR-US: HPE
@@ -16553,12 +16573,12 @@ CVE-2021-25664 (A vulnerability has been identified in Nucleus 4 (All versions &
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-25663 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2021-25662
- RESERVED
-CVE-2021-25661
- RESERVED
-CVE-2021-25660
- RESERVED
+CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ TODO: check
+CVE-2021-25661 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ TODO: check
+CVE-2021-25660 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ TODO: check
CVE-2021-25659
RESERVED
CVE-2021-25658
@@ -20574,10 +20594,10 @@ CVE-2021-23894
RESERVED
CVE-2021-23893
RESERVED
-CVE-2021-23892
- RESERVED
-CVE-2021-23891
- RESERVED
+CVE-2021-23892 (By exploiting a time of check to time of use (TOCTOU) race condition d ...)
+ TODO: check
+CVE-2021-23891 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
+ TODO: check
CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee ePolicy ...)
NOT-FOR-US: McAfee
CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
@@ -20614,8 +20634,8 @@ CVE-2021-23874 (Arbitrary Process Execution vulnerability in McAfee Total Protec
NOT-FOR-US: McAfee
CVE-2021-23873 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
NOT-FOR-US: McAfee
-CVE-2021-23872
- RESERVED
+CVE-2021-23872 (Privilege Escalation vulnerability in the File Lock component of McAfe ...)
+ TODO: check
CVE-2021-23871
RESERVED
CVE-2021-23870
@@ -30101,8 +30121,7 @@ CVE-2021-20279 (The ID number user profile field required additional sanitizing
CVE-2021-20278
RESERVED
NOT-FOR-US: Kiali
-CVE-2021-20277 [Out of bounds read in AD DC LDAP server]
- RESERVED
+CVE-2021-20277 (A flaw was found in Samba's libldb. Multiple, consecutive leading spac ...)
{DSA-4884-1 DLA-2611-1}
- ldb 2:2.2.0-3.1 (bug #985935)
- samba <unfixed> (unimportant)
@@ -30512,8 +30531,7 @@ CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator
NOTE: https://bugs.launchpad.net/qemu/+bug/1913873
NOTE: https://bugs.launchpad.net/qemu/+bug/1890152
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html
-CVE-2021-20202
- RESERVED
+CVE-2021-20202 (A flaw was found in keycloak. Directories can be created prior to the ...)
NOT-FOR-US: Keycloak
CVE-2021-20201 [Client initiated renegotiation denial of service]
RESERVED
@@ -31864,8 +31882,8 @@ CVE-2020-35200 (Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-f
NOT-FOR-US: Ignite Realtime Openfire
CVE-2020-35199 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID St ...)
NOT-FOR-US: Ignite Realtime Openfire
-CVE-2020-35198
- RESERVED
+CVE-2020-35198 (An issue was discovered in Wind River VxWorks 7. The memory allocator ...)
+ TODO: check
CVE-2020-35197 (The official memcached docker images before 1.5.11-alpine (Alpine spec ...)
NOT-FOR-US: memcached docker images before 1.5.11-alpine (Alpine specific)
CVE-2020-35196 (The official rabbitmq docker images before 3.7.13-beta.1-management-al ...)
@@ -38078,8 +38096,8 @@ CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch fam
NOT-FOR-US: Siemens
CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
NOT-FOR-US: Siemens
-CVE-2020-28393
- RESERVED
+CVE-2020-28393 (A vulnerability has been identified in SCALANCE XM-400 Family (All ver ...)
+ TODO: check
CVE-2020-28392 (A vulnerability has been identified in SIMARIS configuration (All vers ...)
NOT-FOR-US: Siemens
CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
@@ -41122,8 +41140,7 @@ CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib
- openjpeg2 2.4.0-1
NOTE: https://github.com/uclouvain/openjpeg/issues/1293
NOTE: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce (v2.4.0)
-CVE-2020-27840 [Heap corruption via crafted DN strings]
- RESERVED
+CVE-2020-27840 (A flaw was found in samba. Spaces used in a string around a domain nam ...)
{DSA-4884-1 DLA-2611-1}
- ldb 2:2.2.0-3.1 (bug #985936)
- samba <unfixed> (unimportant)
@@ -41316,7 +41333,7 @@ CVE-2020-27788
RESERVED
CVE-2020-27787
RESERVED
-CVE-2020-27786 (A flaw was found in the Linux kernels implementation of MIDI, where an ...)
+CVE-2020-27786 (A flaw was found in the Linux kernel’s implementation of MIDI, w ...)
- linux 5.6.14-1
[buster] - linux 4.19.131-1
[stretch] - linux 4.9.228-1
@@ -47941,8 +47958,8 @@ CVE-2020-25244 (A vulnerability has been identified in LOGO! Soft Comfort (All v
NOT-FOR-US: Siemens
CVE-2020-25243 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
NOT-FOR-US: Siemens
-CVE-2020-25242
- RESERVED
+CVE-2020-25242 (A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced ( ...)
+ TODO: check
CVE-2020-25241 (A vulnerability has been identified in SIMATIC MV400 family (All Versi ...)
NOT-FOR-US: Siemens
CVE-2020-25240 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -51194,8 +51211,8 @@ CVE-2020-23792
RESERVED
CVE-2020-23791
RESERVED
-CVE-2020-23790
- RESERVED
+CVE-2020-23790 (An Arbitrary File Upload vulnerability was discovered in the Golo Lara ...)
+ TODO: check
CVE-2020-23789
RESERVED
CVE-2020-23788
@@ -60246,10 +60263,10 @@ CVE-2020-19277
RESERVED
CVE-2020-19276
RESERVED
-CVE-2020-19275
- RESERVED
-CVE-2020-19274
- RESERVED
+CVE-2020-19275 (An Information Disclosure vulnerability exists in dhcms 2017-09-18 whe ...)
+ TODO: check
+CVE-2020-19274 (A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 ...)
+ TODO: check
CVE-2020-19273
RESERVED
CVE-2020-19272
@@ -62472,8 +62489,8 @@ CVE-2020-18167
RESERVED
CVE-2020-18166
RESERVED
-CVE-2020-18165
- RESERVED
+CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...)
+ TODO: check
CVE-2020-18164
RESERVED
CVE-2020-18163
@@ -72801,7 +72818,7 @@ CVE-2020-14011 (Lansweeper 6.0.x through 7.2.x has a default installation in whi
NOT-FOR-US: Lansweeper
CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via t ...)
NOT-FOR-US: Laborator Xenon theme for WordPress
-CVE-2020-14009 (Proofpoint Enterprise Protection (PPS/PoD) before 8.17.0 contains a vu ...)
+CVE-2020-14009 (Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vu ...)
NOT-FOR-US: Proofpoint Enterprise Protection (PPS/PoD)
CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows an auth ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
@@ -73182,8 +73199,8 @@ CVE-2020-13875
RESERVED
CVE-2020-13874
RESERVED
-CVE-2020-13873
- RESERVED
+CVE-2020-13873 (A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/T ...)
+ TODO: check
CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for at ...)
NOT-FOR-US: Royal TS
CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...)
@@ -107534,8 +107551,8 @@ CVE-2019-19278 (A vulnerability has been identified in SINAMICS PERFECT HARMONY
NOT-FOR-US: SINAMICS
CVE-2019-19277 (A vulnerability has been identified in SIPORT MP (All versions < 3. ...)
NOT-FOR-US: Siemens
-CVE-2019-19276
- RESERVED
+CVE-2019-19276 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st ...)
+ TODO: check
CVE-2019-19275 (typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. ...)
- python3-typed-ast 1.4.0-1 (low)
[buster] - python3-typed-ast <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e77dfd54ac458bf4d9282df7629823f95dd9ade
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e77dfd54ac458bf4d9282df7629823f95dd9ade
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210512/ba0b4c0b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list