[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 19 21:10:36 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aaacf3d3 by security tracker role at 2021-05-19T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2021-3559
+ RESERVED
+CVE-2021-3558
+ RESERVED
+CVE-2021-3557
+ RESERVED
+CVE-2021-3556
+ RESERVED
+CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.5.1 fo ...)
+ TODO: check
+CVE-2021-33203
+ RESERVED
+CVE-2021-33202
+ RESERVED
+CVE-2021-33201
+ RESERVED
+CVE-2021-33200
+ RESERVED
+CVE-2021-33199
+ RESERVED
+CVE-2021-33198
+ RESERVED
+CVE-2021-33197
+ RESERVED
+CVE-2021-33196
+ RESERVED
+CVE-2021-33195
+ RESERVED
+CVE-2021-33194
+ RESERVED
+CVE-2021-33193
+ RESERVED
+CVE-2021-33192
+ RESERVED
+CVE-2021-33191
+ RESERVED
+CVE-2021-33190
+ RESERVED
+CVE-2020-36365 (Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.Cl ...)
+ TODO: check
+CVE-2020-36364 (An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0 ...)
+ TODO: check
CVE-2021-XXXX [(remote) code execution via ESC G Q]
- rxvt-unicode <unfixed> (bug #988763)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/17/1
@@ -2806,8 +2848,8 @@ CVE-2021-31932
RESERVED
CVE-2021-31931
RESERVED
-CVE-2021-31930
- RESERVED
+CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...)
+ TODO: check
CVE-2021-31929
RESERVED
CVE-2021-31928
@@ -3116,8 +3158,7 @@ CVE-2021-3518 (There's a flaw in libxml2 in versions before 2.9.11. An attacker
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
-CVE-2021-3517 [heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c]
- RESERVED
+CVE-2021-3517 (There is a flaw in the xml entity encoding functionality of libxml2 in ...)
{DLA-2653-1}
- libxml2 2.9.10+dfsg-6.6 (bug #987738)
[buster] - libxml2 <no-dsa> (Minor issue)
@@ -4680,8 +4721,8 @@ CVE-2021-31160
RESERVED
CVE-2021-31159
RESERVED
-CVE-2021-31158
- RESERVED
+CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, ...)
+ TODO: check
CVE-2021-31157
RESERVED
CVE-2021-31156
@@ -10668,8 +10709,7 @@ CVE-2017-20002 (The Debian shadow package before 1:4.5-1 for Shadow incorrectly
{DLA-2596-1}
- shadow 1:4.5-1 (bug #914957)
NOTE: Introduced in attempt to address #830255 in 1:4.4-2
-CVE-2021-3445
- RESERVED
+CVE-2021-3445 (A flaw was found in libdnf's signature verification functionality in v ...)
- libdnf 0.55.2-6 (bug #986802)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079
NOTE: https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de
@@ -12327,8 +12367,7 @@ CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as u
NOTE: https://xenbits.xen.org/xsa/advisory-367.html
CVE-2021-3422
RESERVED
-CVE-2021-3421
- RESERVED
+CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. This fl ...)
- rpm <unfixed> (bug #985308)
[bullseye] - rpm <no-dsa> (Minor issue)
[buster] - rpm <no-dsa> (Minor issue)
@@ -12382,10 +12421,10 @@ CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10
NOTE: CControllerAuthenticationUpdate introduced by authentication revamp in https://support.zabbix.com/browse/ZBXNEXT-4573 (4.0)
CVE-2021-27926
RESERVED
-CVE-2021-27925
- RESERVED
-CVE-2021-27924
- RESERVED
+CVE-2021-27925 (An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6. ...)
+ TODO: check
+CVE-2021-27924 (An issue was discovered in Couchbase Server 6.x through 6.6.1. The Cou ...)
+ TODO: check
CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
- pillow 8.1.2-1
[buster] - pillow <ignored> (Minor issue)
@@ -17993,8 +18032,8 @@ CVE-2021-3186 (A Stored Cross-site scripting (XSS) vulnerability in /main.html W
NOT-FOR-US: Tenda AC5
CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5, 6.1.x throug ...)
NOT-FOR-US: Couchbase Server
-CVE-2021-25644
- RESERVED
+CVE-2021-25644 (An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 ...)
+ TODO: check
CVE-2021-25643
RESERVED
CVE-2020-36200 (TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated ...)
@@ -26643,10 +26682,10 @@ CVE-2021-21735
RESERVED
CVE-2021-21734
RESERVED
-CVE-2021-21733
- RESERVED
-CVE-2021-21732
- RESERVED
+CVE-2021-21733 (The management system of ZXCDN is impacted by the information leak vul ...)
+ TODO: check
+CVE-2021-21732 (A mobile phone of ZTE is impacted by improper access control vulnerabi ...)
+ TODO: check
CVE-2021-21731 (A CSRF vulnerability exists in the management page of a ZTE product.Th ...)
NOT-FOR-US: ZTE
CVE-2021-21730 (A ZTE product is impacted by improper access control vulnerability. Th ...)
@@ -30791,8 +30830,8 @@ CVE-2021-20591
RESERVED
CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model all ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20589
- RESERVED
+CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...)
+ TODO: check
CVE-2021-20588 (Improper handling of length parameter inconsistency vulnerability in M ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Eng ...)
@@ -39496,7 +39535,7 @@ CVE-2020-28385 (A vulnerability has been identified in Solid Edge SE2020 (All ve
NOT-FOR-US: Siemens
CVE-2020-28384 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
NOT-FOR-US: Siemens
-CVE-2020-28383 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+CVE-2020-28383 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
NOT-FOR-US: Siemens
CVE-2020-28382 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
NOT-FOR-US: Siemens
@@ -45030,7 +45069,7 @@ CVE-2020-26991 (A vulnerability has been identified in JT2Go (All versions <
NOT-FOR-US: JT2Go
CVE-2020-26990 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
NOT-FOR-US: JT2Go
-CVE-2020-26989 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...)
+CVE-2020-26989 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
NOT-FOR-US: JT2Go
CVE-2020-26988 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
NOT-FOR-US: JT2Go
@@ -59660,12 +59699,12 @@ CVE-2020-20268
RESERVED
CVE-2020-20267 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
NOT-FOR-US: Mikrotik RouterOs
-CVE-2020-20266
- RESERVED
+CVE-2020-20266 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
+ TODO: check
CVE-2020-20265 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
NOT-FOR-US: Mikrotik RouterOs
-CVE-2020-20264
- RESERVED
+CVE-2020-20264 (Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced- ...)
+ TODO: check
CVE-2020-20263
RESERVED
CVE-2020-20262
@@ -218795,16 +218834,16 @@ CVE-2017-17680 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was fou
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b97357e7f8d6ae848a4c699fe17db6fcf4bd7a9
CVE-2017-17679
RESERVED
-CVE-2017-17678
- RESERVED
-CVE-2017-17677
- RESERVED
+CVE-2017-17678 (BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). ...)
+ TODO: check
+CVE-2017-17677 (BMC Remedy 9.1SP3 is affected by authenticated code execution. Authent ...)
+ TODO: check
CVE-2017-17676
RESERVED
-CVE-2017-17675
- RESERVED
-CVE-2017-17674
- RESERVED
+CVE-2017-17675 (BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote loggin ...)
+ TODO: check
+CVE-2017-17674 (BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclus ...)
+ TODO: check
CVE-2017-17673
RESERVED
CVE-2017-17672 (In vBulletin through 5.3.x, there is an unauthenticated deserializatio ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aaacf3d30d6ac592af76bde2478c30af4f62cec8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aaacf3d30d6ac592af76bde2478c30af4f62cec8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210519/04b3ec93/attachment.htm>
More information about the debian-security-tracker-commits
mailing list