[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 10 20:10:29 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
668915cc by security tracker role at 2021-11-10T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-3944
+ RESERVED
+CVE-2021-3943
+ RESERVED
CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
NOT-FOR-US: KNX ETS6
CVE-2021-43574
@@ -20,14 +24,14 @@ CVE-2021-43566
RESERVED
CVE-2021-43565
RESERVED
-CVE-2021-43564
- RESERVED
-CVE-2021-43563
- RESERVED
-CVE-2021-43562
- RESERVED
-CVE-2021-43561
- RESERVED
+CVE-2021-43564 (An issue was discovered in the jobfair (aka Job Fair) extension before ...)
+ TODO: check
+CVE-2021-43563 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...)
+ TODO: check
+CVE-2021-43562 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...)
+ TODO: check
+CVE-2021-43561 (An XSS issue was discovered in the google_for_jobs (aka Google for Job ...)
+ TODO: check
CVE-2021-43560
RESERVED
CVE-2021-43559
@@ -113,8 +117,8 @@ CVE-2021-43525
RESERVED
CVE-2021-43524
RESERVED
-CVE-2021-43523
- RESERVED
+CVE-2021-43523 (In uClibc and uClibc-ng before 1.0.39, incorrect handling of special c ...)
+ TODO: check
CVE-2021-43522
RESERVED
CVE-2021-3939
@@ -515,7 +519,7 @@ CVE-2021-43341
RESERVED
CVE-2021-43340
RESERVED
-CVE-2021-43339 (In Ericsson Network Location MPS GMPC21, it is possible to inject comm ...)
+CVE-2021-43339 (In Ericsson Network Location MPS GMPC21, it is possible for an authent ...)
NOT-FOR-US: Ericsson
CVE-2021-43338 (In Ericsson Network Location MPS GMPC21, it is possible to creates a n ...)
NOT-FOR-US: Ericsson
@@ -1959,8 +1963,8 @@ CVE-2021-43138
RESERVED
CVE-2021-43137
RESERVED
-CVE-2021-43136
- RESERVED
+CVE-2021-43136 (An authentication bypass issue in FormaLMS <= 2.4.4 allows an attac ...)
+ TODO: check
CVE-2021-43135
RESERVED
CVE-2021-43134
@@ -5480,8 +5484,8 @@ CVE-2021-42113
RESERVED
CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...)
- limesurvey <itp> (bug #472802)
-CVE-2021-42111
- RESERVED
+CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...)
+ TODO: check
CVE-2021-42110
RESERVED
CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
@@ -5624,8 +5628,8 @@ CVE-2021-42064
RESERVED
CVE-2021-42063
RESERVED
-CVE-2021-42062
- RESERVED
+CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization checks f ...)
+ TODO: check
CVE-2021-42061
RESERVED
CVE-2021-3868
@@ -7134,10 +7138,10 @@ CVE-2021-41429
RESERVED
CVE-2021-41428
REJECTED
-CVE-2021-41427
- RESERVED
-CVE-2021-41426
- RESERVED
+CVE-2021-41427 (Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) v ...)
+ TODO: check
+CVE-2021-41426 (Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery ( ...)
+ TODO: check
CVE-2021-41425
RESERVED
CVE-2021-41424
@@ -8042,8 +8046,8 @@ CVE-2021-41040
RESERVED
CVE-2021-41039
RESERVED
-CVE-2021-41038
- RESERVED
+CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior ...)
+ TODO: check
CVE-2021-41037
RESERVED
CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...)
@@ -9258,16 +9262,16 @@ CVE-2021-40523 (In Contiki 3.0, Telnet option negotiation is mishandled. During
NOT-FOR-US: Contiki
CVE-2021-40522
RESERVED
-CVE-2021-40521
- RESERVED
-CVE-2021-40520
- RESERVED
-CVE-2021-40519
- RESERVED
-CVE-2021-40518
- RESERVED
-CVE-2021-40517
- RESERVED
+CVE-2021-40521 (Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Executi ...)
+ TODO: check
+CVE-2021-40520 (Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials ...)
+ TODO: check
+CVE-2021-40519 (Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database ...)
+ TODO: check
+CVE-2021-40518 (Airangel HSMX Gateway devices through 5.2.04 allow CSRF. ...)
+ TODO: check
+CVE-2021-40517 (Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored C ...)
+ TODO: check
CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers to cause a denial of serv ...)
{DLA-2770-1}
- weechat 3.2.1-1 (bug #993803)
@@ -9318,14 +9322,14 @@ CVE-2021-3765 (validator.js is vulnerable to Inefficient Regular Expression Comp
[stretch] - validator.js <postponed> (Minor issue, ReDOS, partial fix, no rdeps)
NOTE: https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1 (13.7.0)
NOTE: partial fix, only applies to chars==null
-CVE-2021-40504
- RESERVED
-CVE-2021-40503
- RESERVED
-CVE-2021-40502
- RESERVED
-CVE-2021-40501
- RESERVED
+CVE-2021-40504 (A certain template role in SAP NetWeaver Application Server for ABAP a ...)
+ TODO: check
+CVE-2021-40503 (An information disclosure vulnerability exists in SAP GUI for Windows ...)
+ TODO: check
+CVE-2021-40502 (SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not pe ...)
+ TODO: check
+CVE-2021-40501 (SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not p ...)
+ TODO: check
CVE-2021-40500 (SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - ...)
NOT-FOR-US: SAP
CVE-2021-40499 (Client-side printing services SAP Cloud Print Manager and SAPSprint fo ...)
@@ -11681,8 +11685,8 @@ CVE-2021-39476
RESERVED
CVE-2021-39475
RESERVED
-CVE-2021-39474
- RESERVED
+CVE-2021-39474 (Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported a ...)
+ TODO: check
CVE-2021-39473
RESERVED
CVE-2021-39472
@@ -12564,57 +12568,57 @@ CVE-2021-39156 (Istio is an open source platform for providing a uniform way to
CVE-2021-39155 (Istio is an open source platform for providing a uniform way to integr ...)
NOT-FOR-US: Istio
CVE-2021-39154 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68
NOTE: https://x-stream.github.io/CVE-2021-39154.html
CVE-2021-39153 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v
NOTE: https://x-stream.github.io/CVE-2021-39153.html
CVE-2021-39152 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2
NOTE: https://x-stream.github.io/CVE-2021-39152.html
CVE-2021-39151 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4
NOTE: https://x-stream.github.io/CVE-2021-39151.html
CVE-2021-39150 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp
NOTE: https://x-stream.github.io/CVE-2021-39150.html
CVE-2021-39149 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x
NOTE: https://x-stream.github.io/CVE-2021-39149.html
CVE-2021-39148 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2
NOTE: https://x-stream.github.io/CVE-2021-39148.html
CVE-2021-39147 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc
NOTE: https://x-stream.github.io/CVE-2021-39147.html
CVE-2021-39146 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f
NOTE: https://x-stream.github.io/CVE-2021-39146.html
CVE-2021-39145 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v
NOTE: https://x-stream.github.io/CVE-2021-39145.html
CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
NOTE: https://x-stream.github.io/CVE-2021-39144.html
@@ -12623,17 +12627,17 @@ CVE-2021-39143
CVE-2021-39142
RESERVED
CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2
NOTE: https://x-stream.github.io/CVE-2021-39141.html
CVE-2021-39140 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc
NOTE: https://x-stream.github.io/CVE-2021-39140.html
CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back again ...)
- {DLA-2769-1}
+ {DSA-5004-1 DLA-2769-1}
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44
NOTE: https://x-stream.github.io/CVE-2021-39139.html
@@ -13147,8 +13151,8 @@ CVE-2021-38889
RESERVED
CVE-2021-38888
RESERVED
-CVE-2021-38887
- RESERVED
+CVE-2021-38887 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
+ TODO: check
CVE-2021-38886
RESERVED
CVE-2021-38885
@@ -16156,6 +16160,7 @@ CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown ob
CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...)
NOT-FOR-US: next.js
CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...)
+ {DLA-2816-1}
- icinga2 2.13.1-1
NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2
NOTE: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/
@@ -16686,7 +16691,7 @@ CVE-2021-37473 (In NavigateCMS version 2.9.4 and below, function in `product.php
NOT-FOR-US: NavigateCMS
CVE-2021-37472
RESERVED
-CVE-2021-37471 (A restricted shell escape sequence is possible on Cradlepoint IBR900-6 ...)
+CVE-2021-37471 (Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulne ...)
NOT-FOR-US: Cradlepoint
CVE-2021-37470 (In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists ...)
NOT-FOR-US: NCH
@@ -23392,8 +23397,8 @@ CVE-2021-34600
RESERVED
CVE-2021-34599
RESERVED
-CVE-2021-34598
- RESERVED
+CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
+ TODO: check
CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation Suite of ...)
NOT-FOR-US: Phoenix Contact
CVE-2021-34596 (A crafted request may cause a read access to an uninitialized pointer ...)
@@ -23424,8 +23429,8 @@ CVE-2021-34584 (Crafted web server requests can be utilised to read partial stac
NOT-FOR-US: CODESYS
CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer overflow and ...)
NOT-FOR-US: CODESYS
-CVE-2021-34582
- RESERVED
+CVE-2021-34582 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
+ TODO: check
CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in ...)
NOT-FOR-US: WAGO
CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can ...)
@@ -25278,8 +25283,7 @@ CVE-2021-33793 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an
NOT-FOR-US: Foxit Reader
CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...)
NOT-FOR-US: Foxit
-CVE-2021-3572 [Don't split git references on unicode separators #9827]
- RESERVED
+CVE-2021-3572 (A flaw was found in python-pip in the way it handled Unicode separator ...)
- python-pip 20.3.4-2
[buster] - python-pip <no-dsa> (Minor issue)
[stretch] - python-pip <postponed> (Minor issue. Fix along with next DLA)
@@ -27925,6 +27929,7 @@ CVE-2021-32745 (Collabora Online is a collaborative online office suite. A refle
CVE-2021-32744 (Collabora Online is a collaborative online office suite. In versions p ...)
NOT-FOR-US: Collabora Online
CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...)
+ {DLA-2816-1}
[experimental] - icinga2 2.12.5-1~exp1
- icinga2 2.12.5-1 (bug #991494)
NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
@@ -27940,6 +27945,7 @@ CVE-2021-32740 (Addressable is an alternative implementation to the URI implemen
NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...)
+ {DLA-2816-1}
[experimental] - icinga2 2.12.5-1~exp1
- icinga2 2.12.5-1 (bug #991494)
NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
@@ -29818,12 +29824,12 @@ CVE-2021-32025
RESERVED
CVE-2021-32024
RESERVED
-CVE-2021-32023
- RESERVED
-CVE-2021-32022
- RESERVED
-CVE-2021-32021
- RESERVED
+CVE-2021-32023 (An elevation of privilege vulnerability in the message broker of Black ...)
+ TODO: check
+CVE-2021-32022 (A low privileged delete vulnerability using CEF RPC server of BlackBer ...)
+ TODO: check
+CVE-2021-32021 (A denial of service vulnerability in the message broker of BlackBerry ...)
+ TODO: check
CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insuffici ...)
NOT-FOR-US: kernel in Amazon Web Services FreeRTOS
CVE-2021-32019 (There is missing input validation of host names displayed in OpenWrt b ...)
@@ -30298,8 +30304,8 @@ CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted mes
NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799
CVE-2021-31854
RESERVED
-CVE-2021-31853
- RESERVED
+CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...)
+ TODO: check
CVE-2021-31852
RESERVED
CVE-2021-31851
@@ -30983,6 +30989,7 @@ CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0
CVE-2021-31608
RESERVED
CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...)
+ {DLA-2815-1}
- salt 3002.6+dfsg1-2 (bug #987496)
NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to ...)
@@ -42439,11 +42446,11 @@ CVE-2021-27041 (A maliciously crafted DWG file can be used to write beyond the a
NOT-FOR-US: Autodesk
CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond allocated ...)
NOT-FOR-US: Autodesk
-CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 20 ...)
+CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017, ...)
NOT-FOR-US: Autodesk
-CVE-2021-27038 (A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 201 ...)
+CVE-2021-27038 (A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2 ...)
NOT-FOR-US: Autodesk
-CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 201 ...)
+CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2 ...)
NOT-FOR-US: Autodesk
CVE-2021-27036 (A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design R ...)
NOT-FOR-US: Autodesk
@@ -43651,8 +43658,8 @@ CVE-2021-3382 (Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1
- gitea <removed>
CVE-2021-3381
RESERVED
-CVE-2021-3380
- RESERVED
+CVE-2021-3380 (Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRM ...)
+ TODO: check
CVE-2021-26548
RESERVED
CVE-2021-26547
@@ -45157,10 +45164,10 @@ CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored
NOT-FOR-US: PiranhaCMS
CVE-2021-25976
RESERVED
-CVE-2021-25975
- RESERVED
-CVE-2021-25974
- RESERVED
+CVE-2021-25975 (In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a ...)
+ TODO: check
+CVE-2021-25974 (In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A us ...)
+ TODO: check
CVE-2021-25973 (In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Cont ...)
NOT-FOR-US: Publify
CVE-2021-25972 (In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-S ...)
@@ -46058,6 +46065,7 @@ CVE-2020-36201 (An issue was discovered in certain Xerox WorkCentre products. Th
CVE-2019-25015 (LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafte ...)
NOT-FOR-US: LuCI in OpenWrt
CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt-api' ...)
+ {DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 t ...)
@@ -47048,15 +47056,19 @@ CVE-2021-25286
CVE-2021-25285
RESERVED
CVE-2021-25284 (An issue was discovered in through SaltStack Salt before 3002.5. salt. ...)
+ {DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2021-25283 (An issue was discovered in through SaltStack Salt before 3002.5. The j ...)
+ {DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2021-25282 (An issue was discovered in through SaltStack Salt before 3002.5. The s ...)
+ {DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2021-25281 (An issue was discovered in through SaltStack Salt before 3002.5. salt- ...)
+ {DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2021-XXXX [SQL Server LIMIT / OFFSET SQL Injection]
@@ -47308,6 +47320,7 @@ CVE-2021-3150 (A cross-site scripting (XSS) vulnerability on the Delete Personal
CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ ...)
NOT-FOR-US: Netshield NANO devices
CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...)
+ {DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2021-3147
@@ -49496,6 +49509,7 @@ CVE-2021-3146 (The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows
CVE-2021-3145 (In Ionic Identity Vault before 5, a local root attacker on an Android ...)
NOT-FOR-US: Ionic Identity Vault
CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...)
+ {DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2021-3143
@@ -51727,24 +51741,24 @@ CVE-2021-3066
RESERVED
CVE-2021-3065
RESERVED
-CVE-2021-3064
- RESERVED
-CVE-2021-3063
- RESERVED
-CVE-2021-3062
- RESERVED
-CVE-2021-3061
- RESERVED
-CVE-2021-3060
- RESERVED
-CVE-2021-3059
- RESERVED
-CVE-2021-3058
- RESERVED
+CVE-2021-3064 (A memory corruption vulnerability exists in Palo Alto Networks GlobalP ...)
+ TODO: check
+CVE-2021-3063 (An improper handling of exceptional conditions vulnerability exists in ...)
+ TODO: check
+CVE-2021-3062 (An improper access control vulnerability in PAN-OS software enables an ...)
+ TODO: check
+CVE-2021-3061 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ TODO: check
+CVE-2021-3060 (An OS command injection vulnerability in the Simple Certificate Enroll ...)
+ TODO: check
+CVE-2021-3059 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ TODO: check
+CVE-2021-3058 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ TODO: check
CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo Alto Ne ...)
NOT-FOR-US: Palo Alto Networks
-CVE-2021-3056
- RESERVED
+CVE-2021-3056 (A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalP ...)
+ TODO: check
CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3054 (A time-of-check to time-of-use (TOCTOU) race condition vulnerability i ...)
@@ -54356,8 +54370,8 @@ CVE-2021-22050
RESERVED
CVE-2021-22049
RESERVED
-CVE-2021-22048
- RESERVED
+CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...)
+ TODO: check
CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older ...)
NOT-FOR-US: Spring Data REST
CVE-2021-22046
@@ -57043,6 +57057,7 @@ CVE-2020-35664 (An issue was discovered in Acronis Cyber Protect before 15 Updat
CVE-2020-35663
RESERVED
CVE-2020-35662 (In SaltStack Salt before 3002.5, when authenticating to services using ...)
+ {DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2020-35661
@@ -65710,6 +65725,7 @@ CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as
CVE-2020-28973 (The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to p ...)
NOT-FOR-US: ABUS Secvest wireless alarm system FUAA50000
CVE-2020-28972 (In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsp ...)
+ {DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2020-26235 (In Rust time crate from version 0.2.7 and before version 0.2.23, unix- ...)
@@ -70227,6 +70243,7 @@ CVE-2020-28245
CVE-2020-28244
RESERVED
CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The minion's ...)
+ {DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...)
@@ -70456,8 +70473,8 @@ CVE-2020-28139 (SourceCodester Online Clothing Store 1.0 is affected by a cross-
NOT-FOR-US: SourceCodester Online Clothing Store
CVE-2020-28138 (SourceCodester Online Clothing Store 1.0 is affected by a SQL Injectio ...)
NOT-FOR-US: SourceCodester Online Clothing Store
-CVE-2020-28137
- RESERVED
+CVE-2020-28137 (Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, al ...)
+ TODO: check
CVE-2020-28136 (An Arbitrary File Upload is discovered in SourceCodester Tourism Manag ...)
NOT-FOR-US: SourceCodester Tourism Management System
CVE-2020-28135
@@ -107859,8 +107876,8 @@ CVE-2020-12490
RESERVED
CVE-2020-12489
RESERVED
-CVE-2020-12488
- RESERVED
+CVE-2020-12488 (The attacker can access the sensitive information stored within the jo ...)
+ TODO: check
CVE-2020-12487
RESERVED
CVE-2020-12486
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/668915cc6c712d0b76b73c4513adb482327e0dff
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/668915cc6c712d0b76b73c4513adb482327e0dff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211110/eae03386/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list