[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 17 21:10:33 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5803952d by security tracker role at 2021-05-17T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3554
+	RESERVED
+CVE-2021-3553
+	RESERVED
+CVE-2021-3552
+	RESERVED
+CVE-2021-33043
+	RESERVED
+CVE-2021-33042
+	RESERVED
+CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...)
+	TODO: check
+CVE-2021-33040
+	RESERVED
+CVE-2021-33039
+	RESERVED
+CVE-2021-33038
+	RESERVED
+CVE-2021-33037
+	RESERVED
+CVE-2021-33036
+	RESERVED
 CVE-2021-33035
 	RESERVED
 CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...)
@@ -864,10 +886,10 @@ CVE-2021-32620
 	RESERVED
 CVE-2021-32619
 	RESERVED
-CVE-2021-32618
-	RESERVED
-CVE-2021-32617
-	RESERVED
+CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...)
+	TODO: check
+CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
+	TODO: check
 CVE-2021-32616
 	RESERVED
 CVE-2021-3549
@@ -1250,14 +1272,14 @@ CVE-2021-32458
 	RESERVED
 CVE-2021-32457
 	RESERVED
-CVE-2021-32456
-	RESERVED
-CVE-2021-32455
-	RESERVED
-CVE-2021-32454
-	RESERVED
-CVE-2021-32453
-	RESERVED
+CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
+	TODO: check
+CVE-2021-32455 (SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access  ...)
+	TODO: check
+CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded passwor ...)
+	TODO: check
+CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
+	TODO: check
 CVE-2021-3540
 	RESERVED
 CVE-2021-32452
@@ -1358,10 +1380,10 @@ CVE-2021-32405
 	RESERVED
 CVE-2021-32404
 	RESERVED
-CVE-2021-32403
-	RESERVED
-CVE-2021-32402
-	RESERVED
+CVE-2021-32403 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...)
+	TODO: check
+CVE-2021-32402 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...)
+	TODO: check
 CVE-2021-32401
 	RESERVED
 CVE-2021-32400
@@ -2502,8 +2524,7 @@ CVE-2021-3526
 	RESERVED
 CVE-2021-3525
 	RESERVED
-CVE-2021-3524 [ceph object gateway: radosgw: CRLF injection]
-	RESERVED
+CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
 	- ceph <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674
 CVE-2021-3523
@@ -3086,10 +3107,10 @@ CVE-2021-31730
 	RESERVED
 CVE-2021-31729
 	RESERVED
-CVE-2021-31728
-	RESERVED
-CVE-2021-31727
-	RESERVED
+CVE-2021-31728 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...)
+	TODO: check
+CVE-2021-31727 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...)
+	TODO: check
 CVE-2021-31726 (Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_ ...)
 	NOT-FOR-US: Akuvox
 CVE-2021-31725
@@ -6542,8 +6563,7 @@ CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as
 	NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/issues/108
 CVE-2021-3484
 	RESERVED
-CVE-2021-3483
-	RESERVED
+CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...)
 	- linux 5.10.28-1
 	NOTE: https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf
 CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...)
@@ -7588,8 +7608,8 @@ CVE-2021-29749
 	RESERVED
 CVE-2021-29748
 	RESERVED
-CVE-2021-29747
-	RESERVED
+CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+	TODO: check
 CVE-2021-29746
 	RESERVED
 CVE-2021-29745
@@ -9284,28 +9304,28 @@ CVE-2021-29055
 	RESERVED
 CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...)
 	NOT-FOR-US: Papoo
-CVE-2021-29053
-	RESERVED
-CVE-2021-29052
-	RESERVED
-CVE-2021-29051
-	RESERVED
+CVE-2021-29053 (Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Lif ...)
+	TODO: check
+CVE-2021-29052 (The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Life ...)
+	TODO: check
+CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's Asset P ...)
+	TODO: check
 CVE-2021-29050
 	RESERVED
 CVE-2021-29049
 	RESERVED
-CVE-2021-29048
-	RESERVED
+CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout module's page a ...)
+	TODO: check
 CVE-2021-29047 (The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Li ...)
 	NOT-FOR-US: Liferay
-CVE-2021-29046
-	RESERVED
-CVE-2021-29045
-	RESERVED
-CVE-2021-29044
-	RESERVED
-CVE-2021-29043
-	RESERVED
+CVE-2021-29046 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...)
+	TODO: check
+CVE-2021-29045 (Cross-site scripting (XSS) vulnerability in the Redirect module's redi ...)
+	TODO: check
+CVE-2021-29044 (Cross-site scripting (XSS) vulnerability in the Site module's membersh ...)
+	TODO: check
+CVE-2021-29043 (The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Lif ...)
+	TODO: check
 CVE-2021-29042
 	RESERVED
 CVE-2021-29041 (Denial-of-service (DoS) vulnerability in the Multi-Factor Authenticati ...)
@@ -9342,10 +9362,10 @@ CVE-2021-29026 (A cross-site scripting (XSS) vulnerability in Bitweaver version
 	NOT-FOR-US: Bitweaver
 CVE-2021-29025 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
 	NOT-FOR-US: Bitweaver
-CVE-2021-29024
-	RESERVED
-CVE-2021-29023
-	RESERVED
+CVE-2021-29024 (In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticat ...)
+	TODO: check
+CVE-2021-29023 (InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset  ...)
+	TODO: check
 CVE-2021-29022 (In InvoicePlane 1.5.11, the upload feature discloses the full path of  ...)
 	NOT-FOR-US: InvoicePlane
 CVE-2021-29021
@@ -12437,8 +12457,8 @@ CVE-2021-27736 (FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via
 	NOT-FOR-US: fusionauth-samlv2
 CVE-2021-27735
 	RESERVED
-CVE-2021-27734
-	RESERVED
+CVE-2021-27734 (Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSe ...)
+	TODO: check
 CVE-2021-27733 (In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via  ...)
 	NOT-FOR-US: JetBrains
 CVE-2021-27732
@@ -13297,8 +13317,8 @@ CVE-2021-27344
 	RESERVED
 CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...)
 	NOT-FOR-US: SerenityOS
-CVE-2021-27342
-	RESERVED
+CVE-2021-27342 (An authentication brute-force protection mechanism bypass in telnetd i ...)
+	TODO: check
 CVE-2021-27341
 	RESERVED
 CVE-2021-27340
@@ -18507,8 +18527,8 @@ CVE-2021-25266
 	RESERVED
 CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...)
 	NOT-FOR-US: Sophos Connect Client
-CVE-2021-25264
-	RESERVED
+CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...)
+	TODO: check
 CVE-2021-25263
 	RESERVED
 CVE-2021-25262
@@ -20438,16 +20458,16 @@ CVE-2021-24329
 	RESERVED
 CVE-2021-24328
 	RESERVED
-CVE-2021-24327
-	RESERVED
-CVE-2021-24326
-	RESERVED
-CVE-2021-24325
-	RESERVED
-CVE-2021-24324
-	RESERVED
-CVE-2021-24323
-	RESERVED
+CVE-2021-24327 (The SEO Redirection Plugin – 301 Redirect Manager WordPress plug ...)
+	TODO: check
+CVE-2021-24326 (The tab parameter of the settings page of the All 404 Redirect to Home ...)
+	TODO: check
+CVE-2021-24325 (The tab parameter of the settings page of the 404 SEO Redirection Word ...)
+	TODO: check
+CVE-2021-24324 (The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF c ...)
+	TODO: check
+CVE-2021-24323 (When taxes are enabled, the "Additional tax classes" field was not pro ...)
+	TODO: check
 CVE-2021-24322
 	RESERVED
 CVE-2021-24321
@@ -20462,10 +20482,10 @@ CVE-2021-24317
 	RESERVED
 CVE-2021-24316
 	RESERVED
-CVE-2021-24315
-	RESERVED
-CVE-2021-24314
-	RESERVED
+CVE-2021-24315 (The GiveWP – Donation Plugin and Fundraising Platform WordPress  ...)
+	TODO: check
+CVE-2021-24314 (The Goto WordPress theme before 2.1 did not sanitise, validate of esca ...)
+	TODO: check
 CVE-2021-24313
 	RESERVED
 CVE-2021-24312
@@ -20494,30 +20514,30 @@ CVE-2021-24301
 	RESERVED
 CVE-2021-24300
 	RESERVED
-CVE-2021-24299
-	RESERVED
+CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426 provid ...)
+	TODO: check
 CVE-2021-24298
 	RESERVED
 CVE-2021-24297
 	RESERVED
 CVE-2021-24296
 	RESERVED
-CVE-2021-24295
-	RESERVED
+CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind SQL Inj ...)
+	TODO: check
 CVE-2021-24294
 	RESERVED
 CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plugin be ...)
 	NOT-FOR-US: NextGEN Gallery Pro WordPress plugin
-CVE-2021-24292
-	RESERVED
+CVE-2021-24292 (The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy A ...)
+	TODO: check
 CVE-2021-24291 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...)
 	NOT-FOR-US: Photo Gallery by 10Web / Mobile-Friendly Image Gallery WordPress plugin
-CVE-2021-24290
-	RESERVED
-CVE-2021-24289
-	RESERVED
-CVE-2021-24288
-	RESERVED
+CVE-2021-24290 (There are several endpoints in the Store Locator Plus for WordPress pl ...)
+	TODO: check
+CVE-2021-24289 (There is functionality in the Store Locator Plus for WordPress plugin  ...)
+	TODO: check
+CVE-2021-24288 (When subscribing using AcyMailing, the 'redirect' parameter isn't prop ...)
+	TODO: check
 CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies, Change  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress plugin befor ...)
@@ -22621,8 +22641,8 @@ CVE-2021-23386
 	RESERVED
 CVE-2021-23385
 	RESERVED
-CVE-2021-23384
-	RESERVED
+CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...)
+	TODO: check
 CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ...)
 	- node-handlebars 3:4.7.6+~4.1.0-2
 	[buster] - node-handlebars <no-dsa> (Minor issue; can be fixed via point release)
@@ -23718,7 +23738,7 @@ CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cros
 CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-22876 (curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Pr ...)
-	{DSA-4881-1}
+	{DSA-4881-1 DLA-2664-1}
 	- curl 7.74.0-1.2 (bug #986269)
 	NOTE: https://curl.se/docs/CVE-2021-22876.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c
@@ -36026,8 +36046,8 @@ CVE-2020-29207
 	RESERVED
 CVE-2020-29206
 	RESERVED
-CVE-2020-29205
-	RESERVED
+CVE-2020-29205 (XSS in signup form in Project Worlds Online Examination System 1.0 all ...)
+	TODO: check
 CVE-2020-29204 (XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-charact ...)
 	NOT-FOR-US: XXL-JOB
 CVE-2020-29203 (struct2json before 2020-11-18 is affected by a Buffer Overflow because ...)
@@ -49544,10 +49564,10 @@ CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c i
 	NOTE: https://github.com/libass/libass/issues/422
 	NOTE: https://github.com/libass/libass/issues/423
 	NOTE: https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e799 (0.15.0)
-CVE-2020-24993
-	RESERVED
-CVE-2020-24992
-	RESERVED
+CVE-2020-24993 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...)
+	TODO: check
+CVE-2020-24992 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...)
+	TODO: check
 CVE-2020-24991
 	RESERVED
 CVE-2020-24990 (An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing  ...)
@@ -56127,20 +56147,20 @@ CVE-2020-21821
 	RESERVED
 CVE-2020-21820
 	RESERVED
-CVE-2020-21819
-	RESERVED
-CVE-2020-21818
-	RESERVED
-CVE-2020-21817
-	RESERVED
-CVE-2020-21816
-	RESERVED
-CVE-2020-21815
-	RESERVED
-CVE-2020-21814
-	RESERVED
-CVE-2020-21813
-	RESERVED
+CVE-2020-21819 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...)
+	TODO: check
+CVE-2020-21818 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...)
+	TODO: check
+CVE-2020-21817 (A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via  ...)
+	TODO: check
+CVE-2020-21816 (A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...)
+	TODO: check
+CVE-2020-21815 (A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via ou ...)
+	TODO: check
+CVE-2020-21814 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...)
+	TODO: check
+CVE-2020-21813 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...)
+	TODO: check
 CVE-2020-21812
 	RESERVED
 CVE-2020-21811
@@ -74783,8 +74803,8 @@ CVE-2020-13669
 	RESERVED
 CVE-2020-13668
 	RESERVED
-CVE-2020-13667
-	RESERVED
+CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces allows an att ...)
+	TODO: check
 CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...)
 	{DLA-2458-1}
 	- drupal7 <removed>
@@ -99483,10 +99503,10 @@ CVE-2020-4672 (IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-
 	NOT-FOR-US: IBM
 CVE-2020-4671 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
 	NOT-FOR-US: IBM
-CVE-2020-4670
-	RESERVED
-CVE-2020-4669
-	RESERVED
+CVE-2020-4670 (IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis ...)
+	TODO: check
+CVE-2020-4669 (IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB ...)
+	TODO: check
 CVE-2020-4668
 	RESERVED
 CVE-2020-4667 (IBM Engineering Requirements Quality Assistant On-Premises could allow ...)
@@ -124806,8 +124826,8 @@ CVE-2019-14829 (A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6
 	- moodle <removed>
 CVE-2019-14828 (A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6 ...)
 	- moodle <removed>
-CVE-2019-14827
-	RESERVED
+CVE-2019-14827 (A vulnerability was found in Moodle where javaScript injection was pos ...)
+	TODO: check
 CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies  ...)
 	- freeipa <unfixed> (bug #940913)
 	[buster] - freeipa <no-dsa> (Minor issue)
@@ -451632,8 +451652,8 @@ CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0
 	- mysql-dfsg-4.1 <removed>
 CVE-2007-5968
 	REJECTED
-CVE-2007-5967
-	RESERVED
+CVE-2007-5967 (A flaw in Mozilla's embedded certificate code might allow web sites to ...)
+	TODO: check
 CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in  ...)
 	{DSA-1436-1}
 	- linux-2.6 2.6.23-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5803952d7d7aa36e376eb2b177ed18493da9269c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5803952d7d7aa36e376eb2b177ed18493da9269c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210517/9af00fe6/attachment.htm>


More information about the debian-security-tracker-commits mailing list