[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 14 21:10:25 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
100208dd by security tracker role at 2021-05-14T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -439,16 +439,16 @@ CVE-2021-32822
RESERVED
CVE-2021-32821
RESERVED
-CVE-2021-32820
- RESERVED
-CVE-2021-32819
- RESERVED
-CVE-2021-32818
- RESERVED
-CVE-2021-32817
- RESERVED
-CVE-2021-32816
- RESERVED
+CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...)
+ TODO: check
+CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that works o ...)
+ TODO: check
+CVE-2021-32818 (haml-coffee is a JavaScript templating solution. haml-coffee mixes pur ...)
+ TODO: check
+CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hbs mixe ...)
+ TODO: check
+CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...)
+ TODO: check
CVE-2021-32815
RESERVED
CVE-2021-32814
@@ -857,8 +857,7 @@ CVE-2021-32614 [read in memcpy() for up to 204 bytes in fill_mishblk()]
RESERVED
- dmg2img <unfixed>
NOTE: https://github.com/Lekensteyn/dmg2img/issues/11
-CVE-2021-32613 [double free in pyc parse via creafted file]
- RESERVED
+CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability in the p ...)
- radare2 <unfixed>
NOTE: https://github.com/radareorg/radare2/issues/18679
NOTE: https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc
@@ -6483,8 +6482,8 @@ CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via c
[stretch] - gnuchess <postponed> (Minor issue in a game; can be fixed in next update)
NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html
-CVE-2021-30183
- RESERVED
+CVE-2021-30183 (Cleartext storage of sensitive information in multiple versions of Oct ...)
+ TODO: check
CVE-2021-30182
RESERVED
CVE-2021-30181
@@ -8098,8 +8097,8 @@ CVE-2021-29514
RESERVED
CVE-2021-29513
RESERVED
-CVE-2021-29512
- RESERVED
+CVE-2021-29512 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-29511 (evm is a pure Rust implementation of Ethereum Virtual Machine. Prior t ...)
TODO: check
CVE-2021-29510 (Pydantic is a data validation and settings management using Python typ ...)
@@ -16621,12 +16620,12 @@ CVE-2021-25945
RESERVED
CVE-2021-25944
RESERVED
-CVE-2021-25943
- RESERVED
+CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6. ...)
+ TODO: check
CVE-2021-25942
RESERVED
-CVE-2021-25941
- RESERVED
+CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...)
+ TODO: check
CVE-2021-25940
RESERVED
CVE-2021-25939
@@ -20467,36 +20466,36 @@ CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plu
NOT-FOR-US: NextGEN Gallery Pro WordPress plugin
CVE-2021-24292
RESERVED
-CVE-2021-24291
- RESERVED
+CVE-2021-24291 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...)
+ TODO: check
CVE-2021-24290
RESERVED
CVE-2021-24289
RESERVED
CVE-2021-24288
RESERVED
-CVE-2021-24287
- RESERVED
-CVE-2021-24286
- RESERVED
-CVE-2021-24285
- RESERVED
-CVE-2021-24284
- RESERVED
-CVE-2021-24283
- RESERVED
-CVE-2021-24282
- RESERVED
-CVE-2021-24281
- RESERVED
-CVE-2021-24280
- RESERVED
-CVE-2021-24279
- RESERVED
-CVE-2021-24278
- RESERVED
-CVE-2021-24277
- RESERVED
+CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies, Change ...)
+ TODO: check
+CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress plugin befor ...)
+ TODO: check
+CVE-2021-24285 (The request_list_request AJAX call of the Car Seller - Auto Classified ...)
+ TODO: check
+CVE-2021-24284 (The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows una ...)
+ TODO: check
+CVE-2021-24283 (The tab GET parameter of the settings page is not sanitised or escaped ...)
+ TODO: check
+CVE-2021-24282 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
+ TODO: check
+CVE-2021-24281 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
+ TODO: check
+CVE-2021-24280 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
+ TODO: check
+CVE-2021-24279 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, l ...)
+ TODO: check
+CVE-2021-24278 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, u ...)
+ TODO: check
+CVE-2021-24277 (The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly ...)
+ TODO: check
CVE-2021-24276 (The Contact Form by Supsystic WordPress plugin before 1.7.15 did not s ...)
NOT-FOR-US: Supsystic WordPress plugin
CVE-2021-24275 (The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise ...)
@@ -20659,22 +20658,22 @@ CVE-2021-24197 (The wpDataTables – Tables & Table Charts premium WordP
NOT-FOR-US: WordPress plugin
CVE-2021-24196 (The Social Slider Widget WordPress plugin before 1.8.5 allowed Authent ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24195
- RESERVED
-CVE-2021-24194
- RESERVED
-CVE-2021-24193
- RESERVED
-CVE-2021-24192
- RESERVED
-CVE-2021-24191
- RESERVED
-CVE-2021-24190
- RESERVED
-CVE-2021-24189
- RESERVED
-CVE-2021-24188
- RESERVED
+CVE-2021-24195 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24194 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24193 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24192 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24191 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24190 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24189 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24188 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ TODO: check
CVE-2021-24187 (The setting page of the SEO Redirection Plugin - 301 Redirect Manager ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24186 (The tutor_answering_quiz_question/get_answer_by_id function pair from ...)
@@ -30376,10 +30375,10 @@ CVE-2021-20567
RESERVED
CVE-2021-20566
RESERVED
-CVE-2021-20565
- RESERVED
-CVE-2021-20564
- RESERVED
+CVE-2021-20565 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
+ TODO: check
+CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
+ TODO: check
CVE-2021-20563
RESERVED
CVE-2021-20562
@@ -30648,8 +30647,8 @@ CVE-2021-20431
RESERVED
CVE-2021-20430
RESERVED
-CVE-2021-20429
- RESERVED
+CVE-2021-20429 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose ...)
+ TODO: check
CVE-2021-20428
RESERVED
CVE-2021-20427
@@ -30720,12 +30719,12 @@ CVE-2021-20395
RESERVED
CVE-2021-20394
RESERVED
-CVE-2021-20393
- RESERVED
-CVE-2021-20392
- RESERVED
-CVE-2021-20391
- RESERVED
+CVE-2021-20393 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a r ...)
+ TODO: check
+CVE-2021-20392 (IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable t ...)
+ TODO: check
+CVE-2021-20391 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web page ...)
+ TODO: check
CVE-2021-20390
RESERVED
CVE-2021-20389
@@ -44071,6 +44070,7 @@ CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.a
CVE-2020-27217 (In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does ...)
NOT-FOR-US: Eclipse Hono
CVE-2020-27216 (In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thr ...)
+ {DLA-2661-1}
- jetty9 9.4.33-1
- jetty8 <removed>
- jetty <removed>
@@ -44149,10 +44149,10 @@ CVE-2020-27187 (An issue was discovered in KDE Partition Manager 4.1.0 before 4.
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1890199
CVE-2020-27186
RESERVED
-CVE-2020-27185
- RESERVED
-CVE-2020-27184
- RESERVED
+CVE-2020-27185 (Cleartext transmission of sensitive information via Moxa Service in NP ...)
+ TODO: check
+CVE-2020-27184 (The NPort IA5000A Series devices use Telnet as one of the network devi ...)
+ TODO: check
CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in konzept-ix p ...)
NOT-FOR-US: konzept-ix publiXone
CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publ ...)
@@ -44234,10 +44234,10 @@ CVE-2020-27153 (In BlueZ before 5.55, a double free was found in the gatttool di
[buster] - bluez <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1884817
NOTE: https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
-CVE-2020-27150
- RESERVED
-CVE-2020-27149
- RESERVED
+CVE-2020-27150 (In multiple versions of NPort IA5000A Series, the result of exporting ...)
+ TODO: check
+CVE-2020-27149 (By exploiting a vulnerability in NPort IA5150A/IA5250A Series before v ...)
+ TODO: check
CVE-2020-27148 (The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange ...)
NOT-FOR-US: TIBCO
CVE-2020-27147 (The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress c ...)
@@ -44501,8 +44501,8 @@ CVE-2020-27022
RESERVED
CVE-2020-27021 (In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible o ...)
NOT-FOR-US: Android
-CVE-2020-27020
- RESERVED
+CVE-2020-27020 (Password generator feature in Kaspersky Password Manager was not compl ...)
+ TODO: check
CVE-2020-27019 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
NOT-FOR-US: Trend Micro
CVE-2020-27018 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
@@ -52326,12 +52326,12 @@ CVE-2020-23693
RESERVED
CVE-2020-23692
RESERVED
-CVE-2020-23691
- RESERVED
+CVE-2020-23691 (YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the ...)
+ TODO: check
CVE-2020-23690
RESERVED
-CVE-2020-23689
- RESERVED
+CVE-2020-23689 (In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments s ...)
+ TODO: check
CVE-2020-23688
RESERVED
CVE-2020-23687
@@ -63402,10 +63402,10 @@ CVE-2020-18169
RESERVED
CVE-2020-18168
RESERVED
-CVE-2020-18167
- RESERVED
-CVE-2020-18166
- RESERVED
+CVE-2020-18167 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...)
+ TODO: check
+CVE-2020-18166 (Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to ...)
+ TODO: check
CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...)
NOT-FOR-US: LAOBANCMS
CVE-2020-18164
@@ -98786,12 +98786,12 @@ CVE-2020-4989
RESERVED
CVE-2020-4988 (Loopback 8.0.0 contains a vulnerability that could allow an attacker t ...)
NOT-FOR-US: IBM
-CVE-2020-4987 (IBM FlashSystem 900 1.5.2.9 and 1.6.1.3 user management GUI is vulnera ...)
+CVE-2020-4987 (The IBM FlashSystem 900 user management GUI is vulnerable to stored cr ...)
NOT-FOR-US: IBM
CVE-2020-4986
RESERVED
-CVE-2020-4985
- RESERVED
+CVE-2020-4985 (IBM Planning Analytics Local 2.0 could allow an attacker to obtain sen ...)
+ TODO: check
CVE-2020-4984
RESERVED
CVE-2020-4983 (IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a us ...)
@@ -99138,8 +99138,8 @@ CVE-2020-4813
RESERVED
CVE-2020-4812
RESERVED
-CVE-2020-4811
- RESERVED
+CVE-2020-4811 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
+ TODO: check
CVE-2020-4810
RESERVED
CVE-2020-4809
@@ -139069,6 +139069,7 @@ CVE-2019-10249 (All Xtext & Xtend versions prior to 2.18.0 were built using
CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts fo ...)
NOT-FOR-US: Eclipse Vorto
CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, ...)
+ {DLA-2661-1}
[experimental] - jetty9 9.4.18-1
- jetty9 9.4.18-2 (bug #928444)
[buster] - jetty9 <no-dsa> (Minor issue)
@@ -139093,6 +139094,7 @@ CVE-2019-10243 (In Eclipse Kura versions up to 4.0.0, Kura exposes the underlyin
CVE-2019-10242 (In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked ...)
NOT-FOR-US: Eclipse Kura
CVE-2019-10241 (In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.1 ...)
+ {DLA-2661-1}
[experimental] - jetty9 9.4.18-1
- jetty9 9.4.18-2 (bug #928444)
[buster] - jetty9 <no-dsa> (Minor issue)
@@ -186881,6 +186883,7 @@ CVE-2018-12538 (In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the op
CVE-2018-12537 (In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response header ...)
NOT-FOR-US: Eclipse Vertx
CVE-2018-12536 (In Eclipse Jetty Server, all 9.x versions, on webapps deployed using d ...)
+ {DLA-2661-1}
- jetty9 9.2.25-1 (low; bug #902774)
- jetty8 <removed>
[jessie] - jetty8 <ignored> (Harmless information leak)
@@ -245507,7 +245510,7 @@ CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript G
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1)
CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in util/security/Pass ...)
- {DLA-1021-1 DLA-1020-1}
+ {DLA-2661-1 DLA-1021-1 DLA-1020-1}
- jetty9 9.2.22-1 (bug #864898)
- jetty8 <removed>
[jessie] - jetty8 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100208dd6112769c88d9f5e18b439969b57e3ac5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100208dd6112769c88d9f5e18b439969b57e3ac5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210514/64b8bf66/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list