[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 20 21:10:29 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
81d7e7a1 by security tracker role at 2021-05-20T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1764,12 +1764,12 @@ CVE-2021-32634
RESERVED
CVE-2021-32633
RESERVED
-CVE-2021-32632
- RESERVED
+CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...)
+ TODO: check
CVE-2021-32631
RESERVED
-CVE-2021-32630
- RESERVED
+CVE-2021-32630 (Admidio is a free, open source user management system for websites of ...)
+ TODO: check
CVE-2021-32629
RESERVED
CVE-2021-32628
@@ -3012,8 +3012,7 @@ CVE-2021-3537 (A vulnerability found in libxml2 in versions before 2.9.11 shows
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/245
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61
-CVE-2021-3536
- RESERVED
+CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final while crea ...)
- wildfly <itp> (bug #752018)
CVE-2021-3535
RESERVED
@@ -8695,28 +8694,28 @@ CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than
NOT-FOR-US: IBM
CVE-2021-29693
RESERVED
-CVE-2021-29692
- RESERVED
-CVE-2021-29691
- RESERVED
+CVE-2021-29692 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
+ TODO: check
+CVE-2021-29691 (IBM Security Identity Manager 7.0.2 contains hard-coded credentials, s ...)
+ TODO: check
CVE-2021-29690
RESERVED
CVE-2021-29689
RESERVED
-CVE-2021-29688
- RESERVED
-CVE-2021-29687
- RESERVED
-CVE-2021-29686
- RESERVED
+CVE-2021-29688 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
+ TODO: check
+CVE-2021-29687 (IBM Security Identity Manager 7.0.2 could allow a remote user to enume ...)
+ TODO: check
+CVE-2021-29686 (IBM Security Identity Manager 7.0.2 could allow an authenticated user ...)
+ TODO: check
CVE-2021-29685
RESERVED
CVE-2021-29684
RESERVED
-CVE-2021-29683
- RESERVED
-CVE-2021-29682
- RESERVED
+CVE-2021-29683 (IBM Security Identity Manager 7.0.2 stores user credentials in plain c ...)
+ TODO: check
+CVE-2021-29682 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
+ TODO: check
CVE-2021-29681
RESERVED
CVE-2021-29680
@@ -8799,8 +8798,8 @@ CVE-2021-29661 (Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_valu
NOT-FOR-US: Softing AG OPC Toolbox
CVE-2021-29660 (A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.htm ...)
NOT-FOR-US: Softing AG OPC Toolbox
-CVE-2021-29659
- RESERVED
+CVE-2021-29659 (ownCloud 10.7 has an incorrect access control vulnerability, leading t ...)
+ TODO: check
CVE-2021-29658 (The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Co ...)
NOT-FOR-US: vscode-rufo extension for Visual Studio Code
CVE-2021-29657 [KVM: SVM: load control fields from VMCB12 before checking them]
@@ -8844,8 +8843,7 @@ CVE-2020-36285 (Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347:
NOT-FOR-US: Union Pay
CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper ...)
NOT-FOR-US: Union Pay
-CVE-2021-3480
- RESERVED
+CVE-2021-3480 (A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointe ...)
- slapi-nis <unfixed> (bug #988736)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1944640
NOTE: https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master
@@ -9853,8 +9851,7 @@ CVE-2021-29260
RESERVED
CVE-2021-29259
RESERVED
-CVE-2021-29258
- RESERVED
+CVE-2021-29258 (An issue was discovered in Envoy 1.14.0. There is a remotely exploitab ...)
- envoyproxy <itp> (bug #987544)
CVE-2021-29257
RESERVED
@@ -10637,16 +10634,16 @@ CVE-2021-28908
RESERVED
CVE-2021-28907
RESERVED
-CVE-2021-28906
- RESERVED
-CVE-2021-28905
- RESERVED
-CVE-2021-28904
- RESERVED
-CVE-2021-28903
- RESERVED
-CVE-2021-28902
- RESERVED
+CVE-2021-28906 (In function read_yin_leaf() in libyang <= v1.0.225, it doesn't chec ...)
+ TODO: check
+CVE-2021-28905 (In function lys_node_free() in libyang <= v1.0.225, it asserts that ...)
+ TODO: check
+CVE-2021-28904 (In function ext_get_plugin() in libyang <= v1.0.225, it doesn't che ...)
+ TODO: check
+CVE-2021-28903 (A stack overflow in libyang <= v1.0.225 can cause a denial of servi ...)
+ TODO: check
+CVE-2021-28902 (In function read_yin_container() in libyang <= v1.0.225, it doesn't ...)
+ TODO: check
CVE-2021-28901
RESERVED
CVE-2021-28900
@@ -11126,11 +11123,9 @@ CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3
NOT-FOR-US: ASUS
CVE-2021-28684
RESERVED
-CVE-2021-28683
- RESERVED
+CVE-2021-28683 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...)
- envoyproxy <itp> (bug #987544)
-CVE-2021-28682
- RESERVED
+CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...)
- envoyproxy <itp> (bug #987544)
CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...)
NOT-FOR-US: Pion WebRTC
@@ -12195,8 +12190,8 @@ CVE-2021-3440
RESERVED
CVE-2021-3439
RESERVED
-CVE-2021-3438
- RESERVED
+CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...)
+ TODO: check
CVE-2021-3437
RESERVED
CVE-2021-3436
@@ -12512,10 +12507,10 @@ CVE-2021-28114
RESERVED
CVE-2021-28113 (A command injection vulnerability in the cookieDomain and relayDomain ...)
NOT-FOR-US: Okta Access Gateway
-CVE-2021-28112
- RESERVED
-CVE-2021-28111
- RESERVED
+CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a deb ...)
+ TODO: check
+CVE-2021-28111 (Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, le ...)
+ TODO: check
CVE-2021-28110 (/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27. ...)
NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
CVE-2021-28109 (TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected C ...)
@@ -12526,8 +12521,7 @@ CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier A
[buster] - courier-authlib <no-dsa> (Minor issue)
NOTE: Re-introduction of #378571 while migrating from debian/permissions to
NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2.
-CVE-2021-3426 [Running `pydoc -p` allows other local users to extract arbitrary files. The `/getfile?key=path` URL allows to read arbitrary file on the filesystem.]
- RESERVED
+CVE-2021-3426 (There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ...)
{DLA-2619-1}
[experimental] - python3.9 3.9.3-1
- python3.9 <unfixed>
@@ -12913,8 +12907,8 @@ CVE-2021-27958
RESERVED
CVE-2021-27957
RESERVED
-CVE-2021-27956
- RESERVED
+CVE-2021-27956 (Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on ...)
+ TODO: check
CVE-2020-36255 (An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel ...)
NOT-FOR-US: ScottBrady.IdentityModel
CVE-2019-25025 (The activerecord-session_store (aka Active Record Session Store) compo ...)
@@ -14031,28 +14025,28 @@ CVE-2021-27469
RESERVED
CVE-2021-27468
RESERVED
-CVE-2021-27467
- RESERVED
+CVE-2021-27467 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ TODO: check
CVE-2021-27466
RESERVED
-CVE-2021-27465
- RESERVED
+CVE-2021-27465 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ TODO: check
CVE-2021-27464
RESERVED
-CVE-2021-27463
- RESERVED
+CVE-2021-27463 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ TODO: check
CVE-2021-27462
RESERVED
-CVE-2021-27461
- RESERVED
+CVE-2021-27461 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ TODO: check
CVE-2021-27460
RESERVED
-CVE-2021-27459
- RESERVED
+CVE-2021-27459 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ TODO: check
CVE-2021-27458 (If Ethernet communication of the JTEKT Corporation TOYOPUC product ser ...)
NOT-FOR-US: JTEKT Corporation TOYOPUC
-CVE-2021-27457
- RESERVED
+CVE-2021-27457 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ TODO: check
CVE-2021-27456
RESERVED
CVE-2021-27455
@@ -14097,12 +14091,12 @@ CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-si
NOT-FOR-US: WebAccess/SCADA
CVE-2021-27435
RESERVED
-CVE-2021-27434
- RESERVED
+CVE-2021-27434 (Products with Unified Automation .NET based OPC UA Client/Server SDK B ...)
+ TODO: check
CVE-2021-27433
RESERVED
-CVE-2021-27432
- RESERVED
+CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC U ...)
+ TODO: check
CVE-2021-27431
RESERVED
CVE-2021-27430
@@ -16954,8 +16948,8 @@ CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page
NOT-FOR-US: JetBrains
CVE-2021-3314
RESERVED
-CVE-2021-3313
- RESERVED
+CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) ...)
+ TODO: check
CVE-2021-3312
RESERVED
CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...)
@@ -17720,16 +17714,16 @@ CVE-2021-25935
RESERVED
CVE-2021-25934
RESERVED
-CVE-2021-25933
- RESERVED
+CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ TODO: check
CVE-2021-25932
RESERVED
-CVE-2021-25931
- RESERVED
-CVE-2021-25930
- RESERVED
-CVE-2021-25929
- RESERVED
+CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ TODO: check
+CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ TODO: check
+CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ TODO: check
CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...)
NOT-FOR-US: Node safe-obj
CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...)
@@ -23659,8 +23653,8 @@ CVE-2021-23388
RESERVED
CVE-2021-23387
RESERVED
-CVE-2021-23386
- RESERVED
+CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
+ TODO: check
CVE-2021-23385
RESERVED
CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...)
@@ -30314,8 +30308,8 @@ CVE-2020-35582 (A stored cross-site scripting (XSS) issue in Envira Gallery Lite
NOT-FOR-US: Envira Gallery Lite
CVE-2020-35581 (A stored cross-site scripting (XSS) issue in Envira Gallery Lite befor ...)
NOT-FOR-US: Envira Gallery Lite
-CVE-2020-35580
- RESERVED
+CVE-2020-35580 (A local file inclusion vulnerability in the FileServlet in all SearchB ...)
+ TODO: check
CVE-2020-35579 (tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%& ...)
NOT-FOR-US: tindy2013
CVE-2020-35578 (An issue was discovered in the Manage Plugins page in Nagios XI before ...)
@@ -51911,10 +51905,10 @@ CVE-2020-24398
RESERVED
CVE-2020-24397 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...)
NOT-FOR-US: Zoho ManageEngine Desktop Central
-CVE-2020-24396
- RESERVED
-CVE-2020-24395
- RESERVED
+CVE-2020-24396 (homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH key ...)
+ TODO: check
+CVE-2020-24395 (The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28 ...)
+ TODO: check
CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) ca ...)
- linux 5.7.6-1 (bug #962254)
[buster] - linux 4.19.131-1
@@ -58124,8 +58118,8 @@ CVE-2020-21347
RESERVED
CVE-2020-21346
RESERVED
-CVE-2020-21345
- RESERVED
+CVE-2020-21345 (Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publis ...)
+ TODO: check
CVE-2020-21344
RESERVED
CVE-2020-21343
@@ -58700,16 +58694,16 @@ CVE-2020-21059
RESERVED
CVE-2020-21058
RESERVED
-CVE-2020-21057
- RESERVED
-CVE-2020-21056
- RESERVED
-CVE-2020-21055
- RESERVED
-CVE-2020-21054
- RESERVED
-CVE-2020-21053
- RESERVED
+CVE-2020-21057 (Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a r ...)
+ TODO: check
+CVE-2020-21056 (Directory Traversal vulnerability exists in FusionPBX 4.5.7, which all ...)
+ TODO: check
+CVE-2020-21055 (A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows m ...)
+ TODO: check
+CVE-2020-21054 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows rem ...)
+ TODO: check
+CVE-2020-21053 (Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 al ...)
+ TODO: check
CVE-2020-21052
RESERVED
CVE-2020-21051
@@ -70617,8 +70611,8 @@ CVE-2020-15524
CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, ...)
- python3.8 <not-affected> (Python on Windows)
- python2.7 <not-affected> (Python on Windows)
-CVE-2020-15522
- RESERVED
+CVE-2020-15522 (Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA bef ...)
+ TODO: check
CVE-2020-15521 (Zoho ManageEngine Applications Manager before 14 build 14730 has no pr ...)
NOT-FOR-US: Zoho
CVE-2020-15520
@@ -100178,8 +100172,8 @@ CVE-2020-4852
RESERVED
CVE-2020-4851 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 cou ...)
NOT-FOR-US: IBM
-CVE-2020-4850
- RESERVED
+CVE-2020-4850 (IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering c ...)
+ TODO: check
CVE-2020-4849 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could ...)
NOT-FOR-US: IBM
CVE-2020-4848 (IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d7e7a12ff2a19202c20ffd5c879af543d395e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d7e7a12ff2a19202c20ffd5c879af543d395e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210520/85c9f4da/attachment.htm>
More information about the debian-security-tracker-commits
mailing list