[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 13 21:10:27 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f444e825 by security tracker role at 2021-05-13T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,32 +1,36 @@
+CVE-2021-3551
+ RESERVED
+CVE-2021-3550
+ RESERVED
+CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.14 reads XML data without disabl ...)
+ TODO: check
+CVE-2021-32924
+ RESERVED
CVE-2021-32923
RESERVED
CVE-2021-32922
RESERVED
-CVE-2021-32921 [Use of timing-dependent string comparison with sensitive values]
- RESERVED
+CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not use a co ...)
- prosody <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
NOTE: https://hg.prosody.im/trunk/rev/c98aebe601f9
NOTE: https://hg.prosody.im/trunk/rev/13b84682518e
NOTE: https://hg.prosody.im/trunk/rev/6f56170ea986
-CVE-2021-32920 [DoS via repeated TLS renegotiation causing excessive CPU consumption]
- RESERVED
+CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood ...)
- prosody <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
NOTE: https://hg.prosody.im/trunk/rev/55ef50d6cf65
NOTE: https://hg.prosody.im/trunk/rev/5a484bd050a7
NOTE: https://hg.prosody.im/trunk/rev/aaf9c6b6d18d
-CVE-2021-32919 [Undocumented dialback-without-dialback option insecure]
- RESERVED
+CVE-2021-32919 (An issue was discovered in Prosody before 0.11.9. The undocumented dia ...)
- prosody <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
NOTE: https://hg.prosody.im/trunk/rev/6be890ca492e
NOTE: https://hg.prosody.im/trunk/rev/d0e9ffccdef9
-CVE-2021-32918 [DoS via insufficient memory consumption controls]
- RESERVED
+CVE-2021-32918 (An issue was discovered in Prosody before 0.11.9. Default settings are ...)
- prosody <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
@@ -36,8 +40,7 @@ CVE-2021-32918 [DoS via insufficient memory consumption controls]
NOTE: https://hg.prosody.im/trunk/rev/63fd4c8465fb
NOTE: https://hg.prosody.im/trunk/rev/1937b3c3efb5
NOTE: https://hg.prosody.im/trunk/rev/3413fea9e6db
-CVE-2021-32917 [Use of mod_proxy65 is unrestricted in default configuration]
- RESERVED
+CVE-2021-32917 (An issue was discovered in Prosody before 0.11.9. The proxy65 componen ...)
- prosody <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
@@ -2244,8 +2247,7 @@ CVE-2021-31923
RESERVED
CVE-2021-31922
RESERVED
-CVE-2021-3528
- RESERVED
+CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...)
NOT-FOR-US: noobaa
CVE-2021-3527 [usb: unbounded stack allocation in usbredir]
RESERVED
@@ -2437,18 +2439,22 @@ CVE-2021-31867
CVE-2021-3519
RESERVED
CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...)
+ {DLA-2658-1}
- redmine <unfixed>
NOTE: https://www.redmine.org/news/131
NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20854
CVE-2021-31865 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...)
+ {DLA-2658-1}
- redmine <unfixed>
NOTE: https://www.redmine.org/news/131
NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20946
CVE-2021-31864 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...)
+ {DLA-2658-1}
- redmine <unfixed>
NOTE: https://www.redmine.org/news/131
NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20970
CVE-2021-31863 (Insufficient input validation in the Git repository integration of Red ...)
+ {DLA-2658-1}
- redmine <unfixed>
NOTE: https://www.redmine.org/news/131
NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20962
@@ -6322,9 +6328,11 @@ CVE-2021-30166 (The NTP Server configuration function of the IP camera device is
CVE-2021-30165 (The default administrator account & password of the EDIMAX wireles ...)
NOT-FOR-US: EDIMAX
CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...)
+ {DLA-2658-1}
- redmine <unfixed> (bug #986800)
NOTE: https://www.redmine.org/projects/redmine/repository/revisions/19975
CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...)
+ {DLA-2658-1}
- redmine <unfixed> (bug #986800)
NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20819
CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...)
@@ -6367,12 +6375,16 @@ CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in Ope
[stretch] - nginx <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/openresty/lua-nginx-module/pull/1654
CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...)
+ {DLA-2658-1}
- redmine 4.0.7-1
CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...)
+ {DLA-2658-1}
- redmine 4.0.7-1
CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...)
+ {DLA-2658-1}
- redmine 4.0.7-1
CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...)
+ {DLA-2658-1}
- redmine 4.0.6-1
CVE-2021-30160
RESERVED
@@ -7655,8 +7667,8 @@ CVE-2021-29625
RESERVED
CVE-2021-29624
RESERVED
-CVE-2021-29623
- RESERVED
+CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
+ TODO: check
CVE-2021-29622
RESERVED
CVE-2021-29621
@@ -7881,8 +7893,8 @@ CVE-2021-29512
RESERVED
CVE-2021-29511 (evm is a pure Rust implementation of Ethereum Virtual Machine. Prior t ...)
TODO: check
-CVE-2021-29510
- RESERVED
+CVE-2021-29510 (Pydantic is a data validation and settings management using Python typ ...)
+ TODO: check
CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The f ...)
- puma <unfixed>
NOTE: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
@@ -7892,8 +7904,8 @@ CVE-2021-29508 (Due to how Wire handles type information in its serialization fo
TODO: check
CVE-2021-29507
RESERVED
-CVE-2021-29506
- RESERVED
+CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In GrassHopper from ...)
+ TODO: check
CVE-2021-29505
RESERVED
CVE-2021-29504
@@ -12836,8 +12848,8 @@ CVE-2021-27415
RESERVED
CVE-2021-27414
RESERVED
-CVE-2021-27413
- RESERVED
+CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0 ...)
+ TODO: check
CVE-2021-27412
RESERVED
CVE-2021-27411
@@ -12921,11 +12933,11 @@ CVE-2021-27387
RESERVED
CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
NOT-FOR-US: Siemens
-CVE-2021-27385 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+CVE-2021-27385 (A remote attacker could send specially crafted packets to a SmartVNC d ...)
NOT-FOR-US: Siemens
CVE-2021-27384 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
NOT-FOR-US: Siemens
-CVE-2021-27383 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+CVE-2021-27383 (SmartVNC has a heap allocation leak vulnerability in the server Tight ...)
NOT-FOR-US: Siemens
CVE-2021-27382 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
NOT-FOR-US: Solid Edge (Siemens)
@@ -15445,8 +15457,8 @@ CVE-2021-26313
RESERVED
CVE-2021-26312
RESERVED
-CVE-2021-26311
- RESERVED
+CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...)
+ TODO: check
CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...)
NOT-FOR-US: Foris
CVE-2021-3344 (A privilege escalation flaw was found in OpenShift builder. During bui ...)
@@ -17172,10 +17184,10 @@ CVE-2021-25696
RESERVED
CVE-2021-25695
RESERVED
-CVE-2021-25694
- RESERVED
-CVE-2021-25693
- RESERVED
+CVE-2021-25694 (Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not vali ...)
+ TODO: check
+CVE-2021-25693 (An attacker may cause a Denial of Service (DoS) in multiple versions o ...)
+ TODO: check
CVE-2021-25692 (Sensitive smart card data is logged in default INFO logs by Teradici's ...)
NOT-FOR-US: Teradici
CVE-2021-25691
@@ -17261,7 +17273,7 @@ CVE-2021-25664 (A vulnerability has been identified in Nucleus 4 (All versions &
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-25663 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+CVE-2021-25662 (SmartVNC client fails to handle an exception properly if the program e ...)
NOT-FOR-US: Siemens
CVE-2021-25661 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
NOT-FOR-US: Siemens
@@ -21237,16 +21249,16 @@ CVE-2021-23912
RESERVED
CVE-2021-23911
RESERVED
-CVE-2021-23910
- RESERVED
-CVE-2021-23909
- RESERVED
-CVE-2021-23908
- RESERVED
-CVE-2021-23907
- RESERVED
-CVE-2021-23906
- RESERVED
+CVE-2021-23910 (An issue was discovered in HERMES 2.1 in the MBUX Infotainment System ...)
+ TODO: check
+CVE-2021-23909 (An issue was discovered in HERMES 2.1 in the MBUX Infotainment System ...)
+ TODO: check
+CVE-2021-23908 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...)
+ TODO: check
+CVE-2021-23907 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...)
+ TODO: check
+CVE-2021-23906 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...)
+ TODO: check
CVE-2021-23905
RESERVED
CVE-2021-23904
@@ -25100,12 +25112,12 @@ CVE-2021-22156
RESERVED
CVE-2021-22155 (An Authentication Bypass vulnerability in the SAML Authentication comp ...)
NOT-FOR-US: BlackBerry Workspaces Server
-CVE-2021-22154
- RESERVED
-CVE-2021-22153
- RESERVED
-CVE-2021-22152
- RESERVED
+CVE-2021-22154 (An Information Disclosure vulnerability in the Management Console comp ...)
+ TODO: check
+CVE-2021-22153 (A Remote Code Execution vulnerability in the Management Console compon ...)
+ TODO: check
+CVE-2021-22152 (A Denial of Service due to Improper Input Validation vulnerability in ...)
+ TODO: check
CVE-2021-22151
RESERVED
CVE-2021-22150
@@ -25128,22 +25140,17 @@ CVE-2021-22142
RESERVED
CVE-2021-22141
RESERVED
-CVE-2021-22140
- RESERVED
+CVE-2021-22140 (Elastic App Search versions after 7.11.0 and before 7.12.0 contain an ...)
NOT-FOR-US: Elastic App Search web crawler
-CVE-2021-22139
- RESERVED
+CVE-2021-22139 (Kibana versions before 7.12.1 contain a denial of service vulnerabilit ...)
- kibana <itp> (bug #700337)
-CVE-2021-22138
- RESERVED
-CVE-2021-22137
- RESERVED
+CVE-2021-22138 (In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS ce ...)
+ TODO: check
+CVE-2021-22137 (In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosu ...)
- elasticsearch <removed>
-CVE-2021-22136
- RESERVED
+CVE-2021-22136 (In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session time ...)
- kibana <itp> (bug #700337)
-CVE-2021-22135
- RESERVED
+CVE-2021-22135 (Elasticsearch versions before 7.11.2 and 6.8.15 contain a document dis ...)
- elasticsearch <removed>
CVE-2021-22134 (A document disclosure flaw was found in Elasticsearch versions after 7 ...)
- elasticsearch <removed>
@@ -27865,8 +27872,7 @@ CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento Commun
NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a way to con ...)
NOT-FOR-US: Grav Admin Plugin
-CVE-2021-21424 [Prevent user enumeration via response content]
- RESERVED
+CVE-2021-21424 (Symfony is a PHP framework for web and console applications and a set ...)
- symfony 4.4.19+dfsg-2
NOTE: https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms
NOTE: https://github.com/symfony/symfony/commit/f012eee6c6034a94566dff596fe4e16dfc5d9c1f
@@ -29291,20 +29297,20 @@ CVE-2021-21001
RESERVED
CVE-2021-21000
RESERVED
-CVE-2021-20999
- RESERVED
-CVE-2021-20998
- RESERVED
-CVE-2021-20997
- RESERVED
-CVE-2021-20996
- RESERVED
-CVE-2021-20995
- RESERVED
-CVE-2021-20994
- RESERVED
-CVE-2021-20993
- RESERVED
+CVE-2021-20999 (In Weidmüller u-controls and IoT-Gateways in versions up to 1.12. ...)
+ TODO: check
+CVE-2021-20998 (In multiple managed switches by WAGO in different versions without aut ...)
+ TODO: check
+CVE-2021-20997 (In multiple managed switches by WAGO in different versions it is possi ...)
+ TODO: check
+CVE-2021-20996 (In multiple managed switches by WAGO in different versions special cra ...)
+ TODO: check
+CVE-2021-20995 (In multiple managed switches by WAGO in different versions the webserv ...)
+ TODO: check
+CVE-2021-20994 (In multiple managed switches by WAGO in different versions an attacker ...)
+ TODO: check
+CVE-2021-20993 (In multiple managed switches by WAGO in different versions the activat ...)
+ TODO: check
CVE-2021-20992 (In Fibaro Home Center 2 and Lite devices in all versions provide a web ...)
NOT-FOR-US: Fibaro Home Center
CVE-2021-20991 (In Fibaro Home Center 2 and Lite devices with firmware version 4.540 a ...)
@@ -29313,8 +29319,8 @@ CVE-2021-20990 (In Fibaro Home Center 2 and Lite devices with firmware version 4
NOT-FOR-US: Fibaro Home Center
CVE-2021-20989 (Fibaro Home Center 2 and Lite devices with firmware version 4.600 and ...)
NOT-FOR-US: Fibaro Home Center
-CVE-2021-20988
- RESERVED
+CVE-2021-20988 (In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet ...)
+ TODO: check
CVE-2021-20987 (A denial of service and memory corruption vulnerability was found in H ...)
NOT-FOR-US: Hilscher EtherNet/IP Core
CVE-2021-20986 (A Denial of Service vulnerability was found in Hilscher PROFINET IO De ...)
@@ -30219,8 +30225,8 @@ CVE-2021-20537
RESERVED
CVE-2021-20536 (IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores ...)
NOT-FOR-US: IBM
-CVE-2021-20535
- RESERVED
+CVE-2021-20535 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...)
+ TODO: check
CVE-2021-20534
RESERVED
CVE-2021-20533
@@ -30627,8 +30633,8 @@ CVE-2021-20333
RESERVED
CVE-2021-20332
RESERVED
-CVE-2021-20331
- RESERVED
+CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publish eve ...)
+ TODO: check
CVE-2021-20330
RESERVED
CVE-2021-20329
@@ -30950,8 +30956,7 @@ CVE-2021-20252 (A flaw was found in Red Hat 3scale API Management Platform 2. Th
NOT-FOR-US: Red Hat 3scale API Management
CVE-2021-20251
RESERVED
-CVE-2021-20250
- RESERVED
+CVE-2021-20250 (A flaw was found in wildfly. The JBoss EJB client has publicly accessi ...)
- wildfly <itp> (bug #752018)
CVE-2021-20249
RESERVED
@@ -31119,8 +31124,7 @@ CVE-2021-20223
RESERVED
CVE-2021-20222 (A flaw was found in keycloak. The new account console in keycloak can ...)
NOT-FOR-US: Keycloak
-CVE-2021-20221 [GIC: out-of-bound heap buffer access via an interrupt ID field]
- RESERVED
+CVE-2021-20221 (An out-of-bounds heap buffer access issue was found in the ARM Generic ...)
{DLA-2560-1}
- qemu 1:5.2+dfsg-4
[buster] - qemu <postponed> (Minor issue)
@@ -31212,6 +31216,7 @@ CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a deni
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/493
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1719d12e51641cce5c77e259516649ba5ef6303c
CVE-2021-20204 (A heap memory corruption problem (use after free) can be triggered in ...)
+ {DLA-2660-1}
- libgetdata 0.10.0-10 (bug #988239)
[buster] - libgetdata <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956348
@@ -31317,8 +31322,7 @@ CVE-2021-20183 (It was found in Moodle before version 3.10.1 that some search in
- moodle <removed>
CVE-2021-20182 (A privilege escalation flaw was found in openshift4/ose-docker-builder ...)
NOT-FOR-US: OpenShift
-CVE-2021-20181 [9pfs: Fully restart unreclaim loop]
- RESERVED
+CVE-2021-20181 (A race condition flaw was found in the 9pfs server implementation of Q ...)
{DLA-2560-1}
- qemu 1:5.2+dfsg-4
[buster] - qemu <postponed> (Minor issue)
@@ -31904,8 +31908,8 @@ CVE-2021-20027
RESERVED
CVE-2021-20026
RESERVED
-CVE-2021-20025
- RESERVED
+CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and earlier ...)
+ TODO: check
CVE-2021-20024
RESERVED
CVE-2021-20023 (SonicWall Email Security version 10.0.9.x contains a vulnerability tha ...)
@@ -38793,7 +38797,7 @@ CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch fam
NOT-FOR-US: Siemens
CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
NOT-FOR-US: Siemens
-CVE-2020-28393 (A vulnerability has been identified in SCALANCE XM-400 Family (All ver ...)
+CVE-2020-28393 (An unauthenticated remote attacker could create a permanent denial-of- ...)
NOT-FOR-US: Siemens
CVE-2020-28392 (A vulnerability has been identified in SIMARIS configuration (All vers ...)
NOT-FOR-US: Siemens
@@ -41059,8 +41063,8 @@ CVE-2020-28065
RESERVED
CVE-2020-28064
RESERVED
-CVE-2020-28063
- RESERVED
+CVE-2020-28063 (A file upload issue exists in all versions of ArticleCMS which allows ...)
+ TODO: check
CVE-2020-28062
RESERVED
CVE-2020-28061
@@ -41886,8 +41890,7 @@ CVE-2020-27832
CVE-2020-27831
RESERVED
NOT-FOR-US: Quay
-CVE-2020-27830 [Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2]
- RESERVED
+CVE-2020-27830 (A vulnerability was found in Linux Kernel where in the spk_ttyio_recei ...)
{DSA-4843-1 DLA-2557-1}
- linux 5.9.15-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
@@ -41921,14 +41924,12 @@ CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c in
{DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.9.6-1
NOTE: https://git.kernel.org/linus/bbeb97464eefc65f506084fd9f18f21653e01137
-CVE-2020-27824 [global-buffer-overflow read in lib-openjp2]
- RESERVED
+CVE-2020-27824 (A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_expli ...)
{DSA-4882-1 DLA-2550-1}
- openjpeg2 2.4.0-1
NOTE: https://github.com/uclouvain/openjpeg/issues/1286
NOTE: https://github.com/uclouvain/openjpeg/commit/6daf5f3e1ec6eff03b7982889874a3de6617db8d (v2.4.0)
-CVE-2020-27823 [Heap-buffer-overflow write in lib-openjp2]
- RESERVED
+CVE-2020-27823 (A flaw was found in OpenJPEG’s encoder. This flaw allows an atta ...)
{DSA-4882-1 DLA-2550-1}
- openjpeg2 2.4.0-1
NOTE: https://github.com/uclouvain/openjpeg/issues/1284
@@ -47390,8 +47391,7 @@ CVE-2020-25715
NOTE: https://github.com/dogtagpki/pki/commit/13f4c7fe7d71d42b46b25f3e8472ef7f35da5dd6
CVE-2020-25714
RESERVED
-CVE-2020-25713 [Out of bounds read leads to segfault in raptor_xml_writer_start_element_common]
- RESERVED
+CVE-2020-25713 (A malformed input file can lead to a segfault due to an out of bounds ...)
- raptor <removed>
- raptor2 2.0.14-1.2 (bug #974664)
[buster] - raptor2 <no-dsa> (Minor issue)
@@ -56810,8 +56810,8 @@ CVE-2020-21344
RESERVED
CVE-2020-21343
RESERVED
-CVE-2020-21342
- RESERVED
+CVE-2020-21342 (Insecure permissions issue in zzcms 201910 via the reset any user pass ...)
+ TODO: check
CVE-2020-21341
RESERVED
CVE-2020-21340
@@ -59318,8 +59318,8 @@ CVE-2020-20094
RESERVED
CVE-2020-20093
RESERVED
-CVE-2020-20092
- RESERVED
+CVE-2020-20092 (File Upload vulnerability exists in ArticleCMS 1.0 via the image uploa ...)
+ TODO: check
CVE-2020-20091
RESERVED
CVE-2020-20090
@@ -63454,7 +63454,7 @@ CVE-2020-18034
CVE-2020-18033
RESERVED
CVE-2020-18032 (Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f ...)
- {DSA-4914-1}
+ {DSA-4914-1 DLA-2659-1}
- graphviz 2.42.2-5 (bug #988000)
NOTE: https://gitlab.com/graphviz/graphviz/-/issues/1700
NOTE: https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b
@@ -72512,8 +72512,7 @@ CVE-2020-14355 (Multiple buffer overflow vulnerabilities were found in the QUIC
NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d146c5bf3118bb41bf3378e4
NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d759e5415b8e35b92bb1a4c206
NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b66b86e601c725d30f00c37e684b6395b6
-CVE-2020-14354 [ares_destroy() with pending ares_getaddrinfo() leads to Use-After-Free]
- RESERVED
+CVE-2020-14354 (A possible use-after-free and double-free in c-ares lib version 1.16.0 ...)
- c-ares 1.16.1-1
[buster] - c-ares <not-affected> (Vulnerable code introduced later)
[stretch] - c-ares <not-affected> (Vulnerable code introduced later)
@@ -76217,8 +76216,8 @@ CVE-2020-12969
RESERVED
CVE-2020-12968
RESERVED
-CVE-2020-12967
- RESERVED
+CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES feature ...)
+ TODO: check
CVE-2020-12966
RESERVED
CVE-2020-12965
@@ -77388,8 +77387,8 @@ CVE-2020-12528 (An issue was discovered in MB connect line mymbCONNECT24 and mbC
NOT-FOR-US: MB connect software
CVE-2020-12527 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...)
NOT-FOR-US: MB connect software
-CVE-2020-12526
- RESERVED
+CVE-2020-12526 (TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics U ...)
+ TODO: check
CVE-2020-12525 (M&M Software fdtCONTAINER Component in versions below 3.5.20304.x ...)
NOT-FOR-US: M&M Software fdtCONTAINER Component
CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...)
@@ -149216,7 +149215,7 @@ CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions v
NOT-FOR-US: Modicon
CVE-2019-6856 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: Modicon
-CVE-2019-6855 (ÊA CWE-863: Incorrect Authorization vulnerability exists in EcoSt ...)
+CVE-2019-6855 (Incorrect Authorization vulnerability exists in EcoStruxure Control Ex ...)
NOT-FOR-US: EcoStruxure Control Expert
CVE-2019-6854 (A CWE-287: Improper Authentication vulnerability exists in a folder wi ...)
NOT-FOR-US: EcoStruxure Geo SCADA Expert
@@ -193400,6 +193399,7 @@ CVE-2018-10198 (An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker
CVE-2018-10197 (There is a time-based blind SQL injection vulnerability in the Access ...)
NOT-FOR-US: ELO
CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists function ...)
+ {DLA-2659-1}
- graphviz 2.40.1-6 (low; bug #898841)
[jessie] - graphviz <no-dsa> (Minor issue)
[wheezy] - graphviz <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f444e8257bfa144083453afc613ebff03033fdf1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f444e8257bfa144083453afc613ebff03033fdf1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210513/6ae26a9b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list