[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 19 21:10:36 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aaacf3d3 by security tracker role at 2021-05-19T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2021-3559
+	RESERVED
+CVE-2021-3558
+	RESERVED
+CVE-2021-3557
+	RESERVED
+CVE-2021-3556
+	RESERVED
+CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.5.1 fo ...)
+	TODO: check
+CVE-2021-33203
+	RESERVED
+CVE-2021-33202
+	RESERVED
+CVE-2021-33201
+	RESERVED
+CVE-2021-33200
+	RESERVED
+CVE-2021-33199
+	RESERVED
+CVE-2021-33198
+	RESERVED
+CVE-2021-33197
+	RESERVED
+CVE-2021-33196
+	RESERVED
+CVE-2021-33195
+	RESERVED
+CVE-2021-33194
+	RESERVED
+CVE-2021-33193
+	RESERVED
+CVE-2021-33192
+	RESERVED
+CVE-2021-33191
+	RESERVED
+CVE-2021-33190
+	RESERVED
+CVE-2020-36365 (Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.Cl ...)
+	TODO: check
+CVE-2020-36364 (An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0 ...)
+	TODO: check
 CVE-2021-XXXX [(remote) code execution via ESC G Q]
 	- rxvt-unicode <unfixed> (bug #988763)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/17/1
@@ -2806,8 +2848,8 @@ CVE-2021-31932
 	RESERVED
 CVE-2021-31931
 	RESERVED
-CVE-2021-31930
-	RESERVED
+CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...)
+	TODO: check
 CVE-2021-31929
 	RESERVED
 CVE-2021-31928
@@ -3116,8 +3158,7 @@ CVE-2021-3518 (There's a flaw in libxml2 in versions before 2.9.11. An attacker
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
-CVE-2021-3517 [heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c]
-	RESERVED
+CVE-2021-3517 (There is a flaw in the xml entity encoding functionality of libxml2 in ...)
 	{DLA-2653-1}
 	- libxml2 2.9.10+dfsg-6.6 (bug #987738)
 	[buster] - libxml2 <no-dsa> (Minor issue)
@@ -4680,8 +4721,8 @@ CVE-2021-31160
 	RESERVED
 CVE-2021-31159
 	RESERVED
-CVE-2021-31158
-	RESERVED
+CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, ...)
+	TODO: check
 CVE-2021-31157
 	RESERVED
 CVE-2021-31156
@@ -10668,8 +10709,7 @@ CVE-2017-20002 (The Debian shadow package before 1:4.5-1 for Shadow incorrectly
 	{DLA-2596-1}
 	- shadow 1:4.5-1 (bug #914957)
 	NOTE: Introduced in attempt to address #830255 in 1:4.4-2
-CVE-2021-3445
-	RESERVED
+CVE-2021-3445 (A flaw was found in libdnf's signature verification functionality in v ...)
 	- libdnf 0.55.2-6 (bug #986802)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079
 	NOTE: https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de
@@ -12327,8 +12367,7 @@ CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as u
 	NOTE: https://xenbits.xen.org/xsa/advisory-367.html
 CVE-2021-3422
 	RESERVED
-CVE-2021-3421
-	RESERVED
+CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. This fl ...)
 	- rpm <unfixed> (bug #985308)
 	[bullseye] - rpm <no-dsa> (Minor issue)
 	[buster] - rpm <no-dsa> (Minor issue)
@@ -12382,10 +12421,10 @@ CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10
 	NOTE: CControllerAuthenticationUpdate introduced by authentication revamp in https://support.zabbix.com/browse/ZBXNEXT-4573 (4.0)
 CVE-2021-27926
 	RESERVED
-CVE-2021-27925
-	RESERVED
-CVE-2021-27924
-	RESERVED
+CVE-2021-27925 (An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6. ...)
+	TODO: check
+CVE-2021-27924 (An issue was discovered in Couchbase Server 6.x through 6.6.1. The Cou ...)
+	TODO: check
 CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
 	- pillow 8.1.2-1
 	[buster] - pillow <ignored> (Minor issue)
@@ -17993,8 +18032,8 @@ CVE-2021-3186 (A Stored Cross-site scripting (XSS) vulnerability in /main.html W
 	NOT-FOR-US: Tenda AC5
 CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5, 6.1.x throug ...)
 	NOT-FOR-US: Couchbase Server
-CVE-2021-25644
-	RESERVED
+CVE-2021-25644 (An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1  ...)
+	TODO: check
 CVE-2021-25643
 	RESERVED
 CVE-2020-36200 (TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated  ...)
@@ -26643,10 +26682,10 @@ CVE-2021-21735
 	RESERVED
 CVE-2021-21734
 	RESERVED
-CVE-2021-21733
-	RESERVED
-CVE-2021-21732
-	RESERVED
+CVE-2021-21733 (The management system of ZXCDN is impacted by the information leak vul ...)
+	TODO: check
+CVE-2021-21732 (A mobile phone of ZTE is impacted by improper access control vulnerabi ...)
+	TODO: check
 CVE-2021-21731 (A CSRF vulnerability exists in the management page of a ZTE product.Th ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21730 (A ZTE product is impacted by improper access control vulnerability. Th ...)
@@ -30791,8 +30830,8 @@ CVE-2021-20591
 	RESERVED
 CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model all ...)
 	NOT-FOR-US: Mitsubishi
-CVE-2021-20589
-	RESERVED
+CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...)
+	TODO: check
 CVE-2021-20588 (Improper handling of length parameter inconsistency vulnerability in M ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Eng ...)
@@ -39496,7 +39535,7 @@ CVE-2020-28385 (A vulnerability has been identified in Solid Edge SE2020 (All ve
 	NOT-FOR-US: Siemens
 CVE-2020-28384 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
 	NOT-FOR-US: Siemens
-CVE-2020-28383 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+CVE-2020-28383 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
 	NOT-FOR-US: Siemens
 CVE-2020-28382 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
 	NOT-FOR-US: Siemens
@@ -45030,7 +45069,7 @@ CVE-2020-26991 (A vulnerability has been identified in JT2Go (All versions <
 	NOT-FOR-US: JT2Go
 CVE-2020-26990 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
 	NOT-FOR-US: JT2Go
-CVE-2020-26989 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+CVE-2020-26989 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
 	NOT-FOR-US: JT2Go
 CVE-2020-26988 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
 	NOT-FOR-US: JT2Go
@@ -59660,12 +59699,12 @@ CVE-2020-20268
 	RESERVED
 CVE-2020-20267 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
 	NOT-FOR-US: Mikrotik RouterOs
-CVE-2020-20266
-	RESERVED
+CVE-2020-20266 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
+	TODO: check
 CVE-2020-20265 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
 	NOT-FOR-US: Mikrotik RouterOs
-CVE-2020-20264
-	RESERVED
+CVE-2020-20264 (Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced- ...)
+	TODO: check
 CVE-2020-20263
 	RESERVED
 CVE-2020-20262
@@ -218795,16 +218834,16 @@ CVE-2017-17680 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was fou
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b97357e7f8d6ae848a4c699fe17db6fcf4bd7a9
 CVE-2017-17679
 	RESERVED
-CVE-2017-17678
-	RESERVED
-CVE-2017-17677
-	RESERVED
+CVE-2017-17678 (BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS).  ...)
+	TODO: check
+CVE-2017-17677 (BMC Remedy 9.1SP3 is affected by authenticated code execution. Authent ...)
+	TODO: check
 CVE-2017-17676
 	RESERVED
-CVE-2017-17675
-	RESERVED
-CVE-2017-17674
-	RESERVED
+CVE-2017-17675 (BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote loggin ...)
+	TODO: check
+CVE-2017-17674 (BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclus ...)
+	TODO: check
 CVE-2017-17673
 	RESERVED
 CVE-2017-17672 (In vBulletin through 5.3.x, there is an unauthenticated deserializatio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aaacf3d30d6ac592af76bde2478c30af4f62cec8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aaacf3d30d6ac592af76bde2478c30af4f62cec8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210519/04b3ec93/attachment.htm>


More information about the debian-security-tracker-commits mailing list