[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 31 21:10:30 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
883e8a4e by security tracker role at 2021-05-31T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-3571
+	RESERVED
+CVE-2021-3570
+	RESERVED
+CVE-2020-36382
+	RESERVED
 CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code execution becau ...)
 	TODO: check
 CVE-2021-33789
@@ -8384,10 +8390,10 @@ CVE-2021-30182
 	RESERVED
 CVE-2021-30181 (Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which wi ...)
 	NOT-FOR-US: Apache Dubbo
-CVE-2021-30180
-	RESERVED
-CVE-2021-30179
-	RESERVED
+CVE-2021-30180 (Apache Dubbo prior to 2.7.9 support Tag routing which will enable a cu ...)
+	TODO: check
+CVE-2021-30179 (Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic call ...)
+	TODO: check
 CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used b ...)
 	- file-roller 3.38.1-1
 	[buster] - file-roller <no-dsa> (Minor issue)
@@ -9619,8 +9625,8 @@ CVE-2021-29667 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0
 	NOT-FOR-US: IBM
 CVE-2021-29666 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is  ...)
 	NOT-FOR-US: IBM
-CVE-2021-29665
-	RESERVED
+CVE-2021-29665 (IBM Security Verify Access 20.07 is vulnerable to a stack based buffer ...)
+	TODO: check
 CVE-2021-29664
 	RESERVED
 CVE-2020-36305
@@ -19536,8 +19542,8 @@ CVE-2021-25642
 	RESERVED
 CVE-2021-25641 (Each Apache Dubbo server will set a serialization id to tell the clien ...)
 	NOT-FOR-US: Apache Dubbo
-CVE-2021-25640
-	RESERVED
+CVE-2021-25640 (In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method ...)
+	TODO: check
 CVE-2021-25639
 	RESERVED
 CVE-2021-25638
@@ -24560,8 +24566,8 @@ CVE-2021-23390
 	RESERVED
 CVE-2021-23389
 	RESERVED
-CVE-2021-23388
-	RESERVED
+CVE-2021-23388 (The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulner ...)
+	TODO: check
 CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open Redirec ...)
 	NOT-FOR-US: Node trailing-slash
 CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
@@ -32363,8 +32369,8 @@ CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi Electric
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20586 (Resource management errors vulnerability in a robot controller of MELF ...)
 	NOT-FOR-US: Mitsubishi
-CVE-2021-20585
-	RESERVED
+CVE-2021-20585 (IBM Security Verify Access 20.07 could disclose sensitive information  ...)
+	TODO: check
 CVE-2021-20584
 	RESERVED
 CVE-2021-20583
@@ -32381,10 +32387,10 @@ CVE-2021-20578
 	RESERVED
 CVE-2021-20577 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to ...)
 	NOT-FOR-US: IBM
-CVE-2021-20576
-	RESERVED
-CVE-2021-20575
-	RESERVED
+CVE-2021-20576 (IBM Security Verify Access 20.07 could allow a remote attacker to send ...)
+	TODO: check
+CVE-2021-20575 (IBM Security Verify Access 20.07 allows web pages to be stored locally ...)
+	TODO: check
 CVE-2021-20574
 	RESERVED
 CVE-2021-20573
@@ -86308,8 +86314,8 @@ CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0
 	NOT-FOR-US: Canon
 CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
 	NOT-FOR-US: Canon
-CVE-2020-10666
-	RESERVED
+CVE-2020-10666 (The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXa ...)
+	TODO: check
 CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...)
 	- libperlspeak-perl <removed> (bug #954238)
 	[jessie] - libperlspeak-perl <end-of-life> (Not supported in jessie LTS)
@@ -101746,8 +101752,8 @@ CVE-2020-4563
 	RESERVED
 CVE-2020-4562 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
 	NOT-FOR-US: IBM
-CVE-2020-4561
-	RESERVED
+CVE-2020-4561 (IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all co ...)
+	TODO: check
 CVE-2020-4560 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...)
 	NOT-FOR-US: IBM
 CVE-2020-4559 (IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a de ...)
@@ -101828,8 +101834,8 @@ CVE-2020-4522 (IBM Jazz Team Server based Applications are vulnerable to cross-s
 	NOT-FOR-US: IBM
 CVE-2020-4521 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authe ...)
 	NOT-FOR-US: IBM
-CVE-2020-4520
-	RESERVED
+CVE-2020-4520 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to in ...)
+	TODO: check
 CVE-2020-4519
 	RESERVED
 CVE-2020-4518
@@ -102160,8 +102166,8 @@ CVE-2020-4356
 	RESERVED
 CVE-2020-4355 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
 	NOT-FOR-US: IBM
-CVE-2020-4354
-	RESERVED
+CVE-2020-4354 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
+	TODO: check
 CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the device  ...)
 	NOT-FOR-US: IBM
 CVE-2020-4352 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...)
@@ -102268,8 +102274,8 @@ CVE-2020-4302 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker
 	NOT-FOR-US: IBM
 CVE-2020-4301
 	RESERVED
-CVE-2020-4300
-	RESERVED
+CVE-2020-4300 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External En ...)
+	TODO: check
 CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 c ...)
 	NOT-FOR-US: IBM
 CVE-2020-4298 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
@@ -156900,8 +156906,8 @@ CVE-2019-4732 (IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.5
 	NOT-FOR-US: IBM
 CVE-2019-4731 (IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highl ...)
 	NOT-FOR-US: IBM
-CVE-2019-4730
-	RESERVED
+CVE-2019-4730 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External En ...)
+	TODO: check
 CVE-2019-4729 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
 	NOT-FOR-US: IBM
 CVE-2019-4728 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2 ...)
@@ -156912,12 +156918,12 @@ CVE-2019-4726 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.
 	NOT-FOR-US: IBM
 CVE-2019-4725 (IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site  ...)
 	NOT-FOR-US: IBM
-CVE-2019-4724
-	RESERVED
-CVE-2019-4723
-	RESERVED
-CVE-2019-4722
-	RESERVED
+CVE-2019-4724 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
+	TODO: check
+CVE-2019-4723 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
+	TODO: check
+CVE-2019-4722 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
+	TODO: check
 CVE-2019-4721
 	RESERVED
 CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
@@ -157054,8 +157060,8 @@ CVE-2019-4655 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.
 	NOT-FOR-US: IBM
 CVE-2019-4654 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly va ...)
 	NOT-FOR-US: IBM
-CVE-2019-4653
-	RESERVED
+CVE-2019-4653 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
+	TODO: check
 CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file per ...)
 	NOT-FOR-US: IBM Spectrum Protect Plus
 CVE-2019-4651 (IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injectio ...)
@@ -157418,8 +157424,8 @@ CVE-2019-4473 (Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and
 	NOT-FOR-US: IBM
 CVE-2019-4472
 	RESERVED
-CVE-2019-4471
-	RESERVED
+CVE-2019-4471 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
+	TODO: check
 CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
 	NOT-FOR-US: IBM
 CVE-2019-4469



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/883e8a4ec6aafe61112f3112cad59c87daafa996

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/883e8a4ec6aafe61112f3112cad59c87daafa996
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210531/ce5d259d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list