[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 24 09:10:24 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54e74045 by security tracker role at 2021-05-24T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,10 +37,10 @@ CVE-2021-3563
 	- keystone <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908
 	TODO: scarce details on it if there are upstream references, try to get more information
-CVE-2021-33497
-	RESERVED
-CVE-2021-33496
-	RESERVED
+CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for de ...)
+	TODO: check
+CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. ...)
+	TODO: check
 CVE-2021-33495
 	RESERVED
 CVE-2021-33494
@@ -4527,6 +4527,7 @@ CVE-2021-31536
 	RESERVED
 CVE-2021-31535
 	RESERVED
+	{DSA-4920-1 DLA-2666-1}
 	- libx11 2:1.7.1-1 (bug #988737)
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/2
@@ -8360,7 +8361,7 @@ CVE-2021-29923
 	RESERVED
 CVE-2021-29922
 	RESERVED
-CVE-2021-29921 (Improper input validation of octal strings in Python stdlib ipaddress  ...)
+CVE-2021-29921 (In Python before 3,9,5, the ipaddress library mishandles leading zero  ...)
 	[experimental] - python3.9 3.9.5-1
 	- python3.9 <unfixed>
 	NOTE: https://bugs.python.org/issue36384#msg392423
@@ -31296,16 +31297,16 @@ CVE-2021-20728
 	RESERVED
 CVE-2021-20727
 	RESERVED
-CVE-2021-20726
-	RESERVED
-CVE-2021-20725
-	RESERVED
-CVE-2021-20724
-	RESERVED
-CVE-2021-20723
-	RESERVED
-CVE-2021-20722
-	RESERVED
+CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...)
+	TODO: check
+CVE-2021-20725 (Reflected cross-site scripting vulnerability in the admin page of [Cal ...)
+	TODO: check
+CVE-2021-20724 (Reflected cross-site scripting vulnerability in the admin page of [Tel ...)
+	TODO: check
+CVE-2021-20723 (Reflected cross-site scripting vulnerability in [MailForm01] free edit ...)
+	TODO: check
+CVE-2021-20722 (Untrusted search path vulnerability in the installers of ScanSnap Mana ...)
+	TODO: check
 CVE-2021-20721 (KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload a ...)
 	NOT-FOR-US: KonaWiki2
 CVE-2021-20720 (SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 a ...)
@@ -31323,8 +31324,8 @@ CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet App
 	NOT-FOR-US: Hot Pepper Gourmet App
 CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions prior t ...)
 	NOT-FOR-US: WP fastest cache
-CVE-2021-20713
-	RESERVED
+CVE-2021-20713 (Privilege escalation vulnerability in QND Advance/Premium/Standard Ver ...)
+	TODO: check
 CVE-2021-20712 (Improper access control vulnerability in NEC Aterm WG2600HS firmware V ...)
 	NOT-FOR-US: Aterm firmware
 CVE-2021-20711 (Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to exe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54e740459ef9c93dd7f66ce8d40eb3666c6d7fe0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54e740459ef9c93dd7f66ce8d40eb3666c6d7fe0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210524/de301966/attachment.htm>


More information about the debian-security-tracker-commits mailing list