[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 17 21:10:33 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5803952d by security tracker role at 2021-05-17T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3554
+ RESERVED
+CVE-2021-3553
+ RESERVED
+CVE-2021-3552
+ RESERVED
+CVE-2021-33043
+ RESERVED
+CVE-2021-33042
+ RESERVED
+CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...)
+ TODO: check
+CVE-2021-33040
+ RESERVED
+CVE-2021-33039
+ RESERVED
+CVE-2021-33038
+ RESERVED
+CVE-2021-33037
+ RESERVED
+CVE-2021-33036
+ RESERVED
CVE-2021-33035
RESERVED
CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...)
@@ -864,10 +886,10 @@ CVE-2021-32620
RESERVED
CVE-2021-32619
RESERVED
-CVE-2021-32618
- RESERVED
-CVE-2021-32617
- RESERVED
+CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...)
+ TODO: check
+CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ TODO: check
CVE-2021-32616
RESERVED
CVE-2021-3549
@@ -1250,14 +1272,14 @@ CVE-2021-32458
RESERVED
CVE-2021-32457
RESERVED
-CVE-2021-32456
- RESERVED
-CVE-2021-32455
- RESERVED
-CVE-2021-32454
- RESERVED
-CVE-2021-32453
- RESERVED
+CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
+ TODO: check
+CVE-2021-32455 (SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access ...)
+ TODO: check
+CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded passwor ...)
+ TODO: check
+CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
+ TODO: check
CVE-2021-3540
RESERVED
CVE-2021-32452
@@ -1358,10 +1380,10 @@ CVE-2021-32405
RESERVED
CVE-2021-32404
RESERVED
-CVE-2021-32403
- RESERVED
-CVE-2021-32402
- RESERVED
+CVE-2021-32403 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...)
+ TODO: check
+CVE-2021-32402 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...)
+ TODO: check
CVE-2021-32401
RESERVED
CVE-2021-32400
@@ -2502,8 +2524,7 @@ CVE-2021-3526
RESERVED
CVE-2021-3525
RESERVED
-CVE-2021-3524 [ceph object gateway: radosgw: CRLF injection]
- RESERVED
+CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
- ceph <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674
CVE-2021-3523
@@ -3086,10 +3107,10 @@ CVE-2021-31730
RESERVED
CVE-2021-31729
RESERVED
-CVE-2021-31728
- RESERVED
-CVE-2021-31727
- RESERVED
+CVE-2021-31728 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...)
+ TODO: check
+CVE-2021-31727 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...)
+ TODO: check
CVE-2021-31726 (Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_ ...)
NOT-FOR-US: Akuvox
CVE-2021-31725
@@ -6542,8 +6563,7 @@ CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as
NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/issues/108
CVE-2021-3484
RESERVED
-CVE-2021-3483
- RESERVED
+CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...)
- linux 5.10.28-1
NOTE: https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf
CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...)
@@ -7588,8 +7608,8 @@ CVE-2021-29749
RESERVED
CVE-2021-29748
RESERVED
-CVE-2021-29747
- RESERVED
+CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+ TODO: check
CVE-2021-29746
RESERVED
CVE-2021-29745
@@ -9284,28 +9304,28 @@ CVE-2021-29055
RESERVED
CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...)
NOT-FOR-US: Papoo
-CVE-2021-29053
- RESERVED
-CVE-2021-29052
- RESERVED
-CVE-2021-29051
- RESERVED
+CVE-2021-29053 (Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Lif ...)
+ TODO: check
+CVE-2021-29052 (The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Life ...)
+ TODO: check
+CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's Asset P ...)
+ TODO: check
CVE-2021-29050
RESERVED
CVE-2021-29049
RESERVED
-CVE-2021-29048
- RESERVED
+CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout module's page a ...)
+ TODO: check
CVE-2021-29047 (The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Li ...)
NOT-FOR-US: Liferay
-CVE-2021-29046
- RESERVED
-CVE-2021-29045
- RESERVED
-CVE-2021-29044
- RESERVED
-CVE-2021-29043
- RESERVED
+CVE-2021-29046 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...)
+ TODO: check
+CVE-2021-29045 (Cross-site scripting (XSS) vulnerability in the Redirect module's redi ...)
+ TODO: check
+CVE-2021-29044 (Cross-site scripting (XSS) vulnerability in the Site module's membersh ...)
+ TODO: check
+CVE-2021-29043 (The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Lif ...)
+ TODO: check
CVE-2021-29042
RESERVED
CVE-2021-29041 (Denial-of-service (DoS) vulnerability in the Multi-Factor Authenticati ...)
@@ -9342,10 +9362,10 @@ CVE-2021-29026 (A cross-site scripting (XSS) vulnerability in Bitweaver version
NOT-FOR-US: Bitweaver
CVE-2021-29025 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
NOT-FOR-US: Bitweaver
-CVE-2021-29024
- RESERVED
-CVE-2021-29023
- RESERVED
+CVE-2021-29024 (In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticat ...)
+ TODO: check
+CVE-2021-29023 (InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset ...)
+ TODO: check
CVE-2021-29022 (In InvoicePlane 1.5.11, the upload feature discloses the full path of ...)
NOT-FOR-US: InvoicePlane
CVE-2021-29021
@@ -12437,8 +12457,8 @@ CVE-2021-27736 (FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via
NOT-FOR-US: fusionauth-samlv2
CVE-2021-27735
RESERVED
-CVE-2021-27734
- RESERVED
+CVE-2021-27734 (Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSe ...)
+ TODO: check
CVE-2021-27733 (In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via ...)
NOT-FOR-US: JetBrains
CVE-2021-27732
@@ -13297,8 +13317,8 @@ CVE-2021-27344
RESERVED
CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...)
NOT-FOR-US: SerenityOS
-CVE-2021-27342
- RESERVED
+CVE-2021-27342 (An authentication brute-force protection mechanism bypass in telnetd i ...)
+ TODO: check
CVE-2021-27341
RESERVED
CVE-2021-27340
@@ -18507,8 +18527,8 @@ CVE-2021-25266
RESERVED
CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...)
NOT-FOR-US: Sophos Connect Client
-CVE-2021-25264
- RESERVED
+CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...)
+ TODO: check
CVE-2021-25263
RESERVED
CVE-2021-25262
@@ -20438,16 +20458,16 @@ CVE-2021-24329
RESERVED
CVE-2021-24328
RESERVED
-CVE-2021-24327
- RESERVED
-CVE-2021-24326
- RESERVED
-CVE-2021-24325
- RESERVED
-CVE-2021-24324
- RESERVED
-CVE-2021-24323
- RESERVED
+CVE-2021-24327 (The SEO Redirection Plugin – 301 Redirect Manager WordPress plug ...)
+ TODO: check
+CVE-2021-24326 (The tab parameter of the settings page of the All 404 Redirect to Home ...)
+ TODO: check
+CVE-2021-24325 (The tab parameter of the settings page of the 404 SEO Redirection Word ...)
+ TODO: check
+CVE-2021-24324 (The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF c ...)
+ TODO: check
+CVE-2021-24323 (When taxes are enabled, the "Additional tax classes" field was not pro ...)
+ TODO: check
CVE-2021-24322
RESERVED
CVE-2021-24321
@@ -20462,10 +20482,10 @@ CVE-2021-24317
RESERVED
CVE-2021-24316
RESERVED
-CVE-2021-24315
- RESERVED
-CVE-2021-24314
- RESERVED
+CVE-2021-24315 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...)
+ TODO: check
+CVE-2021-24314 (The Goto WordPress theme before 2.1 did not sanitise, validate of esca ...)
+ TODO: check
CVE-2021-24313
RESERVED
CVE-2021-24312
@@ -20494,30 +20514,30 @@ CVE-2021-24301
RESERVED
CVE-2021-24300
RESERVED
-CVE-2021-24299
- RESERVED
+CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426 provid ...)
+ TODO: check
CVE-2021-24298
RESERVED
CVE-2021-24297
RESERVED
CVE-2021-24296
RESERVED
-CVE-2021-24295
- RESERVED
+CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind SQL Inj ...)
+ TODO: check
CVE-2021-24294
RESERVED
CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plugin be ...)
NOT-FOR-US: NextGEN Gallery Pro WordPress plugin
-CVE-2021-24292
- RESERVED
+CVE-2021-24292 (The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy A ...)
+ TODO: check
CVE-2021-24291 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...)
NOT-FOR-US: Photo Gallery by 10Web / Mobile-Friendly Image Gallery WordPress plugin
-CVE-2021-24290
- RESERVED
-CVE-2021-24289
- RESERVED
-CVE-2021-24288
- RESERVED
+CVE-2021-24290 (There are several endpoints in the Store Locator Plus for WordPress pl ...)
+ TODO: check
+CVE-2021-24289 (There is functionality in the Store Locator Plus for WordPress plugin ...)
+ TODO: check
+CVE-2021-24288 (When subscribing using AcyMailing, the 'redirect' parameter isn't prop ...)
+ TODO: check
CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies, Change ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress plugin befor ...)
@@ -22621,8 +22641,8 @@ CVE-2021-23386
RESERVED
CVE-2021-23385
RESERVED
-CVE-2021-23384
- RESERVED
+CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...)
+ TODO: check
CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ...)
- node-handlebars 3:4.7.6+~4.1.0-2
[buster] - node-handlebars <no-dsa> (Minor issue; can be fixed via point release)
@@ -23718,7 +23738,7 @@ CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cros
CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...)
- nextcloud-server <itp> (bug #941708)
CVE-2021-22876 (curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Pr ...)
- {DSA-4881-1}
+ {DSA-4881-1 DLA-2664-1}
- curl 7.74.0-1.2 (bug #986269)
NOTE: https://curl.se/docs/CVE-2021-22876.html
NOTE: Fixed by: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c
@@ -36026,8 +36046,8 @@ CVE-2020-29207
RESERVED
CVE-2020-29206
RESERVED
-CVE-2020-29205
- RESERVED
+CVE-2020-29205 (XSS in signup form in Project Worlds Online Examination System 1.0 all ...)
+ TODO: check
CVE-2020-29204 (XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-charact ...)
NOT-FOR-US: XXL-JOB
CVE-2020-29203 (struct2json before 2020-11-18 is affected by a Buffer Overflow because ...)
@@ -49544,10 +49564,10 @@ CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c i
NOTE: https://github.com/libass/libass/issues/422
NOTE: https://github.com/libass/libass/issues/423
NOTE: https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e799 (0.15.0)
-CVE-2020-24993
- RESERVED
-CVE-2020-24992
- RESERVED
+CVE-2020-24993 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...)
+ TODO: check
+CVE-2020-24992 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...)
+ TODO: check
CVE-2020-24991
RESERVED
CVE-2020-24990 (An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing ...)
@@ -56127,20 +56147,20 @@ CVE-2020-21821
RESERVED
CVE-2020-21820
RESERVED
-CVE-2020-21819
- RESERVED
-CVE-2020-21818
- RESERVED
-CVE-2020-21817
- RESERVED
-CVE-2020-21816
- RESERVED
-CVE-2020-21815
- RESERVED
-CVE-2020-21814
- RESERVED
-CVE-2020-21813
- RESERVED
+CVE-2020-21819 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...)
+ TODO: check
+CVE-2020-21818 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...)
+ TODO: check
+CVE-2020-21817 (A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via ...)
+ TODO: check
+CVE-2020-21816 (A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...)
+ TODO: check
+CVE-2020-21815 (A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via ou ...)
+ TODO: check
+CVE-2020-21814 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...)
+ TODO: check
+CVE-2020-21813 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...)
+ TODO: check
CVE-2020-21812
RESERVED
CVE-2020-21811
@@ -74783,8 +74803,8 @@ CVE-2020-13669
RESERVED
CVE-2020-13668
RESERVED
-CVE-2020-13667
- RESERVED
+CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces allows an att ...)
+ TODO: check
CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...)
{DLA-2458-1}
- drupal7 <removed>
@@ -99483,10 +99503,10 @@ CVE-2020-4672 (IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-
NOT-FOR-US: IBM
CVE-2020-4671 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
NOT-FOR-US: IBM
-CVE-2020-4670
- RESERVED
-CVE-2020-4669
- RESERVED
+CVE-2020-4670 (IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis ...)
+ TODO: check
+CVE-2020-4669 (IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB ...)
+ TODO: check
CVE-2020-4668
RESERVED
CVE-2020-4667 (IBM Engineering Requirements Quality Assistant On-Premises could allow ...)
@@ -124806,8 +124826,8 @@ CVE-2019-14829 (A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6
- moodle <removed>
CVE-2019-14828 (A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6 ...)
- moodle <removed>
-CVE-2019-14827
- RESERVED
+CVE-2019-14827 (A vulnerability was found in Moodle where javaScript injection was pos ...)
+ TODO: check
CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ...)
- freeipa <unfixed> (bug #940913)
[buster] - freeipa <no-dsa> (Minor issue)
@@ -451632,8 +451652,8 @@ CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0
- mysql-dfsg-4.1 <removed>
CVE-2007-5968
REJECTED
-CVE-2007-5967
- RESERVED
+CVE-2007-5967 (A flaw in Mozilla's embedded certificate code might allow web sites to ...)
+ TODO: check
CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in ...)
{DSA-1436-1}
- linux-2.6 2.6.23-2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5803952d7d7aa36e376eb2b177ed18493da9269c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5803952d7d7aa36e376eb2b177ed18493da9269c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210517/9af00fe6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list