[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 25 21:10:39 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4e3aad17 by security tracker role at 2021-05-25T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-3565
+ RESERVED
CVE-2021-33564
RESERVED
CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password strength po ...)
@@ -291,8 +293,8 @@ CVE-2021-33427
RESERVED
CVE-2021-33426
RESERVED
-CVE-2021-33425
- RESERVED
+CVE-2021-33425 (A stored cross-site scripting (XSS) vulnerability was discovered in th ...)
+ TODO: check
CVE-2021-33424
RESERVED
CVE-2021-33423
@@ -1963,12 +1965,12 @@ CVE-2021-32642
RESERVED
CVE-2021-32641
RESERVED
-CVE-2021-32640
- RESERVED
+CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js. ...)
+ TODO: check
CVE-2021-32639
RESERVED
-CVE-2021-32638
- RESERVED
+CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code scanning o ...)
+ TODO: check
CVE-2021-32637
RESERVED
CVE-2021-32636
@@ -7739,26 +7741,26 @@ CVE-2021-30197
RESERVED
CVE-2021-30196
RESERVED
-CVE-2021-30195
- RESERVED
-CVE-2021-30194
- RESERVED
-CVE-2021-30193
- RESERVED
-CVE-2021-30192
- RESERVED
-CVE-2021-30191
- RESERVED
-CVE-2021-30190
- RESERVED
-CVE-2021-30189
- RESERVED
-CVE-2021-30188
- RESERVED
-CVE-2021-30187
- RESERVED
-CVE-2021-30186
- RESERVED
+CVE-2021-30195 (CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validatio ...)
+ TODO: check
+CVE-2021-30194 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. ...)
+ TODO: check
+CVE-2021-30193 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. ...)
+ TODO: check
+CVE-2021-30192 (CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Se ...)
+ TODO: check
+CVE-2021-30191 (CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Chec ...)
+ TODO: check
+CVE-2021-30190 (CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. ...)
+ TODO: check
+CVE-2021-30189 (CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflo ...)
+ TODO: check
+CVE-2021-30188 (CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer ...)
+ TODO: check
+CVE-2021-30187 (CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralizati ...)
+ TODO: check
+CVE-2021-30186 (CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer O ...)
+ TODO: check
CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...)
NOT-FOR-US: CERN Indico
CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...)
@@ -8918,8 +8920,8 @@ CVE-2021-29710
RESERVED
CVE-2021-29709
RESERVED
-CVE-2021-29708
- RESERVED
+CVE-2021-29708 (IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI ...)
+ TODO: check
CVE-2021-29707
RESERVED
CVE-2021-29706
@@ -8944,8 +8946,8 @@ CVE-2021-29697
RESERVED
CVE-2021-29696
RESERVED
-CVE-2021-29695
- RESERVED
+CVE-2021-29695 (IBM Host firmware for LC-class Systems could allow a remote attacker t ...)
+ TODO: check
CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expec ...)
NOT-FOR-US: IBM
CVE-2021-29693
@@ -10211,28 +10213,28 @@ CVE-2021-29213
RESERVED
CVE-2021-29212
RESERVED
-CVE-2021-29211
- RESERVED
-CVE-2021-29210
- RESERVED
-CVE-2021-29209
- RESERVED
-CVE-2021-29208
- RESERVED
-CVE-2021-29207
- RESERVED
-CVE-2021-29206
- RESERVED
-CVE-2021-29205
- RESERVED
-CVE-2021-29204
- RESERVED
+CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ TODO: check
+CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
+ TODO: check
+CVE-2021-29209 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
+ TODO: check
+CVE-2021-29208 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
+ TODO: check
+CVE-2021-29207 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ TODO: check
+CVE-2021-29206 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ TODO: check
+CVE-2021-29205 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ TODO: check
+CVE-2021-29204 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ TODO: check
CVE-2021-29203 (A security vulnerability has been identified in the HPE Edgeline Infra ...)
NOT-FOR-US: HPE
-CVE-2021-29202
- RESERVED
-CVE-2021-29201
- RESERVED
+CVE-2021-29202 (A local buffer overflow vulnerability was discovered in HPE Integrated ...)
+ TODO: check
+CVE-2021-29201 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ TODO: check
CVE-2021-29200 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version An u ...)
NOT-FOR-US: Apache OFBiz
CVE-2021-29199
@@ -13542,12 +13544,12 @@ CVE-2021-27825
RESERVED
CVE-2021-27824
RESERVED
-CVE-2021-27823
- RESERVED
+CVE-2021-27823 (An information disclosure vulnerability was discovered in /index.class ...)
+ TODO: check
CVE-2021-27822
RESERVED
-CVE-2021-27821
- RESERVED
+CVE-2021-27821 (The Web Interface for OpenWRT LuCI version 19.07 and lower has been di ...)
+ TODO: check
CVE-2021-27820
RESERVED
CVE-2021-27819
@@ -14111,8 +14113,8 @@ CVE-2021-27564 (A stored XSS issue exists in Appspace 6.2.4. After a user is aut
NOT-FOR-US: Appspace
CVE-2021-27563
RESERVED
-CVE-2021-27562
- RESERVED
+CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may trigger a syst ...)
+ TODO: check
CVE-2021-27561
RESERVED
CVE-2021-27560
@@ -17979,12 +17981,12 @@ CVE-2021-25948
RESERVED
CVE-2021-25947
RESERVED
-CVE-2021-25946
- RESERVED
+CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...)
+ TODO: check
CVE-2021-25945
RESERVED
-CVE-2021-25944
- RESERVED
+CVE-2021-25944 (Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 th ...)
+ TODO: check
CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6. ...)
NOT-FOR-US: Node 101
CVE-2021-25942
@@ -18001,10 +18003,10 @@ CVE-2021-25937
RESERVED
CVE-2021-25936
RESERVED
-CVE-2021-25935
- RESERVED
-CVE-2021-25934
- RESERVED
+CVE-2021-25935 (In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1 ...)
+ TODO: check
+CVE-2021-25934 (In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1 ...)
+ TODO: check
CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
NOT-FOR-US: OpenNMS
CVE-2021-25932
@@ -22750,8 +22752,7 @@ CVE-2021-23939
RESERVED
CVE-2021-23938
RESERVED
-CVE-2021-23937
- RESERVED
+CVE-2021-23937 (A DNS proxy and possible amplification attack vulnerability in WebClie ...)
NOT-FOR-US: Apache Wicket
CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypas ...)
NOT-FOR-US: Discourse
@@ -27716,14 +27717,14 @@ CVE-2021-21662
RESERVED
CVE-2021-21661
RESERVED
-CVE-2021-21660
- RESERVED
-CVE-2021-21659
- RESERVED
-CVE-2021-21658
- RESERVED
-CVE-2021-21657
- RESERVED
+CVE-2021-21660 (Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize ...)
+ TODO: check
+CVE-2021-21659 (Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML ...)
+ TODO: check
+CVE-2021-21658 (Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser ...)
+ TODO: check
+CVE-2021-21657 (Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure ...)
+ TODO: check
CVE-2021-21656 (Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21655 (A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin ...)
@@ -33124,8 +33125,8 @@ CVE-2021-20098
RESERVED
CVE-2021-20097
RESERVED
-CVE-2021-20096
- RESERVED
+CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a remote atta ...)
+ TODO: check
CVE-2021-20095 (Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbi ...)
- python-babel 2.8.0+dfsg.1-7 (bug #987824)
NOTE: https://www.tenable.com/security/research/tra-2021-14
@@ -60246,20 +60247,20 @@ CVE-2020-20453
RESERVED
CVE-2020-20452
RESERVED
-CVE-2020-20451
- RESERVED
-CVE-2020-20450
- RESERVED
+CVE-2020-20451 (Denial of Service issue in FFmpeg 4.2 due to resource management error ...)
+ TODO: check
+CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer dereference passed as argument ...)
+ TODO: check
CVE-2020-20449
RESERVED
-CVE-2020-20448
- RESERVED
+CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/rate ...)
+ TODO: check
CVE-2020-20447
RESERVED
-CVE-2020-20446
- RESERVED
-CVE-2020-20445
- RESERVED
+CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy ...)
+ TODO: check
+CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, ...)
+ TODO: check
CVE-2020-20444
RESERVED
CVE-2020-20443
@@ -88546,12 +88547,12 @@ CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.
NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local ...)
NOT-FOR-US: Epson
-CVE-2020-9452
- RESERVED
-CVE-2020-9451
- RESERVED
-CVE-2020-9450
- RESERVED
+CVE-2020-9452 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...)
+ TODO: check
+CVE-2020-9451 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...)
+ TODO: check
+CVE-2020-9450 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...)
+ TODO: check
CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB! ...)
NOT-FOR-US: BlaB!
CVE-2020-9448
@@ -100544,8 +100545,8 @@ CVE-2020-4841 (IBM Security Secret Server 10.6 could allow a remote attacker to
NOT-FOR-US: IBM
CVE-2020-4840 (IBM Security Secret Server 10.6 could allow a remote attacker to condu ...)
NOT-FOR-US: IBM
-CVE-2020-4839
- RESERVED
+CVE-2020-4839 (IBM Host firmware for LC-class Systems is vulnerable to a stack based ...)
+ TODO: check
CVE-2020-4838 (IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross ...)
NOT-FOR-US: IBM
CVE-2020-4837
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e3aad17b2a990badaa94668a16c64ded35a54f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e3aad17b2a990badaa94668a16c64ded35a54f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210525/12c1fcbe/attachment.htm>
More information about the debian-security-tracker-commits
mailing list