[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 24 21:10:36 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b3bcdf6a by security tracker role at 2021-05-24T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3564
+ RESERVED
+CVE-2021-33524
+ RESERVED
+CVE-2021-33523
+ RESERVED
+CVE-2021-33522
+ RESERVED
+CVE-2021-33521
+ RESERVED
+CVE-2021-33520
+ RESERVED
+CVE-2021-33519
+ RESERVED
+CVE-2021-33518
+ RESERVED
+CVE-2021-33517
+ RESERVED
+CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x befo ...)
+ TODO: check
+CVE-2021-33515
+ RESERVED
CVE-2021-33514 (Certain NETGEAR devices are affected by command injection by an unauth ...)
NOT-FOR-US: Netgear
CVE-2021-33513 (Plone through 5.2.4 allows XSS via the inline_diff methods in Products ...)
@@ -22,8 +44,8 @@ CVE-2021-33504
RESERVED
CVE-2021-33503
RESERVED
-CVE-2021-33502
- RESERVED
+CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...)
+ TODO: check
CVE-2021-33501
RESERVED
CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...)
@@ -627,8 +649,7 @@ CVE-2021-33206
RESERVED
CVE-2021-33205
RESERVED
-CVE-2021-3559 [nodedev-list command may cause libvirt to crash on hosts with GRID driver installed]
- RESERVED
+CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...)
- libvirt <not-affected> (Vulnerable code never in a released version)
NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1)
NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/f1b08901f7ae7557f79d83bdac33cc0bd79d1437 (v6.10.0-rc1)
@@ -1880,8 +1901,8 @@ CVE-2021-32631
RESERVED
CVE-2021-32630 (Admidio is a free, open source user management system for websites of ...)
NOT-FOR-US: Admidio
-CVE-2021-32629
- RESERVED
+CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecode Alli ...)
+ TODO: check
CVE-2021-32628
RESERVED
CVE-2021-32627
@@ -1890,8 +1911,8 @@ CVE-2021-32626
RESERVED
CVE-2021-32625
RESERVED
-CVE-2021-32624
- RESERVED
+CVE-2021-32624 (Keystone 5 is an open source CMS platform to build Node.js application ...)
+ TODO: check
CVE-2021-32623
RESERVED
CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip ...)
@@ -3082,8 +3103,8 @@ CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions befor
NOT-FOR-US: VerityStream MSOW Solutions
CVE-2021-32076
RESERVED
-CVE-2021-32075
- RESERVED
+CVE-2021-32075 (Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. ...)
+ TODO: check
CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows a ...)
NOT-FOR-US: HashiCorp vault-action (aka Vault GitHub Action)
CVE-2021-32073 (DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote at ...)
@@ -7520,8 +7541,8 @@ CVE-2020-36316 (In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1
NOT-FOR-US: RELIC
CVE-2020-36315 (In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occu ...)
NOT-FOR-US: RELIC
-CVE-2021-3485
- RESERVED
+CVE-2021-3485 (An Improper Input Validation vulnerability in the Product Update featu ...)
+ TODO: check
CVE-2021-30244
RESERVED
CVE-2021-30243
@@ -7964,12 +7985,12 @@ CVE-2021-30085
RESERVED
CVE-2021-30084
RESERVED
-CVE-2021-30083
- RESERVED
-CVE-2021-30082
- RESERVED
-CVE-2021-30081
- RESERVED
+CVE-2021-30083 (An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vuln ...)
+ TODO: check
+CVE-2021-30082 (An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vu ...)
+ TODO: check
+CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL Injection ...)
+ TODO: check
CVE-2021-30080
RESERVED
CVE-2021-30079
@@ -9880,8 +9901,8 @@ CVE-2021-29302 (TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 cont
NOT-FOR-US: TP-Link
CVE-2021-29301
RESERVED
-CVE-2021-29300
- RESERVED
+CVE-2021-29300 (The @ronomon/opened library before 1.5.2 is vulnerable to a command in ...)
+ TODO: check
CVE-2021-29299
RESERVED
CVE-2021-29298
@@ -10001,8 +10022,8 @@ CVE-2021-29258 (An issue was discovered in Envoy 1.14.0. There is a remotely exp
- envoyproxy <itp> (bug #987544)
CVE-2021-29257
RESERVED
-CVE-2021-29256
- RESERVED
+CVE-2021-29256 (. The Arm Mali GPU kernel driver allows an unprivileged user to achiev ...)
+ TODO: check
CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credent ...)
NOT-FOR-US: MicroSeven
CVE-2021-29254
@@ -17864,8 +17885,8 @@ CVE-2021-25940
RESERVED
CVE-2021-25939
RESERVED
-CVE-2021-25938
- RESERVED
+CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...)
+ TODO: check
CVE-2021-25937
RESERVED
CVE-2021-25936
@@ -21624,8 +21645,8 @@ CVE-2021-24334
RESERVED
CVE-2021-24333
RESERVED
-CVE-2021-24332
- RESERVED
+CVE-2021-24332 (The Autoptimize WordPress plugin before 2.8.4 was missing proper escap ...)
+ TODO: check
CVE-2021-24331
RESERVED
CVE-2021-24330
@@ -21672,36 +21693,36 @@ CVE-2021-24310
RESERVED
CVE-2021-24309
RESERVED
-CVE-2021-24308
- RESERVED
-CVE-2021-24307
- RESERVED
-CVE-2021-24306
- RESERVED
-CVE-2021-24305
- RESERVED
+CVE-2021-24308 (The 'State' field of the Edit profile page of the LMS by LifterLMS  ...)
+ TODO: check
+CVE-2021-24307 (The All in One SEO – Best WordPress SEO Plugin – Easily Im ...)
+ TODO: check
+CVE-2021-24306 (The Ultimate Member – User Profile, User Registration, Login &am ...)
+ TODO: check
+CVE-2021-24305 (The Target First WordPress Plugin v2.0, also previously known as Watch ...)
+ TODO: check
CVE-2021-24304
RESERVED
CVE-2021-24303
RESERVED
-CVE-2021-24302
- RESERVED
-CVE-2021-24301
- RESERVED
-CVE-2021-24300
- RESERVED
+CVE-2021-24302 (The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an ...)
+ TODO: check
+CVE-2021-24301 (The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable ...)
+ TODO: check
+CVE-2021-24300 (The slider import search feature of the PickPlugins Product Slider for ...)
+ TODO: check
CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426 provid ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24298
- RESERVED
-CVE-2021-24297
- RESERVED
-CVE-2021-24296
- RESERVED
+CVE-2021-24298 (The method and share GET parameters of the Giveaway pages were not san ...)
+ TODO: check
+CVE-2021-24297 (The Goto WordPress theme before 2.1 did not properly sanitize the form ...)
+ TODO: check
+CVE-2021-24296 (The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise ...)
+ TODO: check
CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind SQL Inj ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24294
- RESERVED
+CVE-2021-24294 (The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP Word ...)
+ TODO: check
CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plugin be ...)
NOT-FOR-US: NextGEN Gallery Pro WordPress plugin
CVE-2021-24292 (The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy A ...)
@@ -23811,8 +23832,8 @@ CVE-2021-23389
RESERVED
CVE-2021-23388
RESERVED
-CVE-2021-23387
- RESERVED
+CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open Redirec ...)
+ TODO: check
CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
NOT-FOR-US: Node dns-packet
CVE-2021-23385
@@ -26895,12 +26916,12 @@ CVE-2021-21991
RESERVED
CVE-2021-21990 (VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior t ...)
NOT-FOR-US: VMware
-CVE-2021-21989
- RESERVED
-CVE-2021-21988
- RESERVED
-CVE-2021-21987
- RESERVED
+CVE-2021-21989 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
+ TODO: check
+CVE-2021-21988 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
+ TODO: check
+CVE-2021-21987 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
+ TODO: check
CVE-2021-21986
RESERVED
CVE-2021-21985
@@ -30757,10 +30778,10 @@ CVE-2021-21003
RESERVED
CVE-2021-21002
RESERVED
-CVE-2021-21001
- RESERVED
-CVE-2021-21000
- RESERVED
+CVE-2021-21001 (On WAGO PFC200 devices in different firmware versions with special cra ...)
+ TODO: check
+CVE-2021-21000 (On WAGO PFC200 devices in different firmware versions with special cra ...)
+ TODO: check
CVE-2021-20999 (In Weidmüller u-controls and IoT-Gateways in versions up to 1.12. ...)
NOT-FOR-US: Weidmueller u-controls and IoT Gateways
CVE-2021-20998 (In multiple managed switches by WAGO in different versions without aut ...)
@@ -31648,8 +31669,8 @@ CVE-2021-20559 (IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site
NOT-FOR-US: IBM
CVE-2021-20558
RESERVED
-CVE-2021-20557
- RESERVED
+CVE-2021-20557 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...)
+ TODO: check
CVE-2021-20556
RESERVED
CVE-2021-20555
@@ -31906,12 +31927,12 @@ CVE-2021-20430
RESERVED
CVE-2021-20429 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose ...)
NOT-FOR-US: IBM
-CVE-2021-20428
- RESERVED
+CVE-2021-20428 (IBM Security Guardium 11.2 could allow a remote attacker to obtain sen ...)
+ TODO: check
CVE-2021-20427
RESERVED
-CVE-2021-20426
- RESERVED
+CVE-2021-20426 (IBM Security Guardium 11.2 contains hard-coded credentials, such as a ...)
+ TODO: check
CVE-2021-20425
RESERVED
CVE-2021-20424
@@ -31924,8 +31945,8 @@ CVE-2021-20421
RESERVED
CVE-2021-20420
RESERVED
-CVE-2021-20419
- RESERVED
+CVE-2021-20419 (IBM Security Guardium 11.2 uses weaker than expected cryptographic alg ...)
+ TODO: check
CVE-2021-20418
RESERVED
CVE-2021-20417
@@ -31984,16 +32005,16 @@ CVE-2021-20391 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows we
NOT-FOR-US: IBM
CVE-2021-20390
RESERVED
-CVE-2021-20389
- RESERVED
+CVE-2021-20389 (IBM Security Guardium 11.2 stores user credentials in plain clear text ...)
+ TODO: check
CVE-2021-20388
RESERVED
CVE-2021-20387
RESERVED
-CVE-2021-20386
- RESERVED
-CVE-2021-20385
- RESERVED
+CVE-2021-20386 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
+ TODO: check
+CVE-2021-20385 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...)
+ TODO: check
CVE-2021-20384
RESERVED
CVE-2021-20383
@@ -37947,30 +37968,30 @@ CVE-2020-28912 (With MariaDB running on Windows, when local clients connect to t
- mariadb-10.1 <not-affected> (Only affects MariaDB on Windows)
NOTE: https://jira.mariadb.org/browse/MDEV-24040
NOTE: https://github.com/MariaDB/server/commit/3829b408d6
-CVE-2020-28911
- RESERVED
-CVE-2020-28910
- RESERVED
-CVE-2020-28909
- RESERVED
-CVE-2020-28908
- RESERVED
-CVE-2020-28907
- RESERVED
-CVE-2020-28906
- RESERVED
-CVE-2020-28905
- RESERVED
-CVE-2020-28904
- RESERVED
-CVE-2020-28903
- RESERVED
-CVE-2020-28902
- RESERVED
-CVE-2020-28901
- RESERVED
-CVE-2020-28900
- RESERVED
+CVE-2020-28911 (Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low ...)
+ TODO: check
+CVE-2020-28910 (Creation of a Temporary Directory with Insecure Permissions in Nagios ...)
+ TODO: check
+CVE-2020-28909 (Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows f ...)
+ TODO: check
+CVE-2020-28908 (Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privil ...)
+ TODO: check
+CVE-2020-28907 (Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlie ...)
+ TODO: check
+CVE-2020-28906 (Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios F ...)
+ TODO: check
+CVE-2020-28905 (Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an ...)
+ TODO: check
+CVE-2020-28904 (Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earli ...)
+ TODO: check
+CVE-2020-28903 (Improper input validation in Nagios Fusion 4.1.8 and earlier allows a ...)
+ TODO: check
+CVE-2020-28902 (Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege ...)
+ TODO: check
+CVE-2020-28901 (Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privil ...)
+ TODO: check
+CVE-2020-28900 (Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 ...)
+ TODO: check
CVE-2020-28899 (The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does ...)
NOT-FOR-US: ZyXEL
CVE-2020-28898 (In QED ResourceXpress through 4.9k, a large numeric or alphanumeric va ...)
@@ -43143,7 +43164,7 @@ CVE-2021-0232 (An authentication bypass vulnerability in the Juniper Networks Pa
NOT-FOR-US: Juniper
CVE-2021-0231 (A path traversal vulnerability in the Juniper Networks SRX and vSRX Se ...)
NOT-FOR-US: Juniper
-CVE-2021-0230 (On Juniper Networks Junos OS platforms with link aggregation (lag) con ...)
+CVE-2021-0230 (On Juniper Networks SRX Series devices with link aggregation (lag) con ...)
NOT-FOR-US: Juniper
CVE-2021-0229 (An uncontrolled resource consumption vulnerability in Message Queue Te ...)
NOT-FOR-US: Juniper
@@ -46891,18 +46912,18 @@ CVE-2020-26562
RESERVED
CVE-2020-26561 (** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_ ...)
NOT-FOR-US: Belkin
-CVE-2020-26560
- RESERVED
-CVE-2020-26559
- RESERVED
-CVE-2020-26558
- RESERVED
-CVE-2020-26557
- RESERVED
-CVE-2020-26556
- RESERVED
-CVE-2020-26555
- RESERVED
+CVE-2020-26560 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0. ...)
+ TODO: check
+CVE-2020-26559 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0. ...)
+ TODO: check
+CVE-2020-26558 (Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification ...)
+ TODO: check
+CVE-2020-26557 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...)
+ TODO: check
+CVE-2020-26556 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...)
+ TODO: check
+CVE-2020-26555 (Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specificati ...)
+ TODO: check
CVE-2020-26554 (REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML ...)
NOT-FOR-US: REDDOXX MailDepot
CVE-2020-26553 (An issue was discovered in Aviatrix Controller before R6.0.2483. Sever ...)
@@ -48192,8 +48213,8 @@ CVE-2020-26008
RESERVED
CVE-2020-26007
RESERVED
-CVE-2020-26006
- RESERVED
+CVE-2020-26006 (Project Worlds Online Examination System 1.0 is affected by Cross Site ...)
+ TODO: check
CVE-2020-26005
RESERVED
CVE-2020-26004
@@ -49770,14 +49791,14 @@ CVE-2020-25412 (com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds
NOTE: https://sourceforge.net/p/gnuplot/bugs/2303/
NOTE: No security impact, gnuplot can execute arbitrary commands and need to
NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
-CVE-2020-25411
- RESERVED
+CVE-2020-25411 (Projectworlds Online Examination System 1.0 is vulnerable to CSRF, whi ...)
+ TODO: check
CVE-2020-25410
RESERVED
-CVE-2020-25409
- RESERVED
-CVE-2020-25408
- RESERVED
+CVE-2020-25409 (Projectsworlds College Management System Php 1.0 is vulnerable to SQL ...)
+ TODO: check
+CVE-2020-25408 (A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWor ...)
+ TODO: check
CVE-2020-25407
RESERVED
CVE-2020-25406 (app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to ...)
@@ -58903,8 +58924,8 @@ CVE-2020-21043
RESERVED
CVE-2020-21042
RESERVED
-CVE-2020-21041
- RESERVED
+CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse ...)
+ TODO: check
CVE-2020-21040
RESERVED
CVE-2020-21039
@@ -59171,8 +59192,8 @@ CVE-2020-20909
RESERVED
CVE-2020-20908
RESERVED
-CVE-2020-20907
- RESERVED
+CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...)
+ TODO: check
CVE-2020-20906
RESERVED
CVE-2020-20905
@@ -60637,8 +60658,8 @@ CVE-2020-20180
RESERVED
CVE-2020-20179
RESERVED
-CVE-2020-20178
- RESERVED
+CVE-2020-20178 (A flaw was found in OpenLDAP. This flaw allows an attacker who can sen ...)
+ TODO: check
CVE-2020-20177
RESERVED
CVE-2020-20176
@@ -100083,8 +100104,8 @@ CVE-2020-4992
RESERVED
CVE-2020-4991
RESERVED
-CVE-2020-4990
- RESERVED
+CVE-2020-4990 (IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote at ...)
+ TODO: check
CVE-2020-4989
RESERVED
CVE-2020-4988 (Loopback 8.0.0 contains a vulnerability that could allow an attacker t ...)
@@ -134594,8 +134615,8 @@ CVE-2019-12350
RESERVED
CVE-2019-12349
RESERVED
-CVE-2019-12348
- RESERVED
+CVE-2019-12348 (An issue was discovered in zzcms 2019. SQL Injection exists in user/zt ...)
+ TODO: check
CVE-2019-12347 (In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers ...)
NOT-FOR-US: pfSense
CVE-2019-12346 (In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for Word ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3bcdf6a5ee87cc5bce8e1a7fa4404873fd803bb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3bcdf6a5ee87cc5bce8e1a7fa4404873fd803bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210524/0f7cbbf0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list