[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 10 20:10:29 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
668915cc by security tracker role at 2021-11-10T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-3944
+	RESERVED
+CVE-2021-3943
+	RESERVED
 CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
 	NOT-FOR-US: KNX ETS6
 CVE-2021-43574
@@ -20,14 +24,14 @@ CVE-2021-43566
 	RESERVED
 CVE-2021-43565
 	RESERVED
-CVE-2021-43564
-	RESERVED
-CVE-2021-43563
-	RESERVED
-CVE-2021-43562
-	RESERVED
-CVE-2021-43561
-	RESERVED
+CVE-2021-43564 (An issue was discovered in the jobfair (aka Job Fair) extension before ...)
+	TODO: check
+CVE-2021-43563 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...)
+	TODO: check
+CVE-2021-43562 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...)
+	TODO: check
+CVE-2021-43561 (An XSS issue was discovered in the google_for_jobs (aka Google for Job ...)
+	TODO: check
 CVE-2021-43560
 	RESERVED
 CVE-2021-43559
@@ -113,8 +117,8 @@ CVE-2021-43525
 	RESERVED
 CVE-2021-43524
 	RESERVED
-CVE-2021-43523
-	RESERVED
+CVE-2021-43523 (In uClibc and uClibc-ng before 1.0.39, incorrect handling of special c ...)
+	TODO: check
 CVE-2021-43522
 	RESERVED
 CVE-2021-3939
@@ -515,7 +519,7 @@ CVE-2021-43341
 	RESERVED
 CVE-2021-43340
 	RESERVED
-CVE-2021-43339 (In Ericsson Network Location MPS GMPC21, it is possible to inject comm ...)
+CVE-2021-43339 (In Ericsson Network Location MPS GMPC21, it is possible for an authent ...)
 	NOT-FOR-US: Ericsson
 CVE-2021-43338 (In Ericsson Network Location MPS GMPC21, it is possible to creates a n ...)
 	NOT-FOR-US: Ericsson
@@ -1959,8 +1963,8 @@ CVE-2021-43138
 	RESERVED
 CVE-2021-43137
 	RESERVED
-CVE-2021-43136
-	RESERVED
+CVE-2021-43136 (An authentication bypass issue in FormaLMS <= 2.4.4 allows an attac ...)
+	TODO: check
 CVE-2021-43135
 	RESERVED
 CVE-2021-43134
@@ -5480,8 +5484,8 @@ CVE-2021-42113
 	RESERVED
 CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...)
 	- limesurvey <itp> (bug #472802)
-CVE-2021-42111
-	RESERVED
+CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...)
+	TODO: check
 CVE-2021-42110
 	RESERVED
 CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
@@ -5624,8 +5628,8 @@ CVE-2021-42064
 	RESERVED
 CVE-2021-42063
 	RESERVED
-CVE-2021-42062
-	RESERVED
+CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization checks f ...)
+	TODO: check
 CVE-2021-42061
 	RESERVED
 CVE-2021-3868
@@ -7134,10 +7138,10 @@ CVE-2021-41429
 	RESERVED
 CVE-2021-41428
 	REJECTED
-CVE-2021-41427
-	RESERVED
-CVE-2021-41426
-	RESERVED
+CVE-2021-41427 (Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) v ...)
+	TODO: check
+CVE-2021-41426 (Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery ( ...)
+	TODO: check
 CVE-2021-41425
 	RESERVED
 CVE-2021-41424
@@ -8042,8 +8046,8 @@ CVE-2021-41040
 	RESERVED
 CVE-2021-41039
 	RESERVED
-CVE-2021-41038
-	RESERVED
+CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior  ...)
+	TODO: check
 CVE-2021-41037
 	RESERVED
 CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...)
@@ -9258,16 +9262,16 @@ CVE-2021-40523 (In Contiki 3.0, Telnet option negotiation is mishandled. During
 	NOT-FOR-US: Contiki
 CVE-2021-40522
 	RESERVED
-CVE-2021-40521
-	RESERVED
-CVE-2021-40520
-	RESERVED
-CVE-2021-40519
-	RESERVED
-CVE-2021-40518
-	RESERVED
-CVE-2021-40517
-	RESERVED
+CVE-2021-40521 (Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Executi ...)
+	TODO: check
+CVE-2021-40520 (Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials ...)
+	TODO: check
+CVE-2021-40519 (Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database  ...)
+	TODO: check
+CVE-2021-40518 (Airangel HSMX Gateway devices through 5.2.04 allow CSRF. ...)
+	TODO: check
+CVE-2021-40517 (Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored C ...)
+	TODO: check
 CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers to cause a denial of serv ...)
 	{DLA-2770-1}
 	- weechat 3.2.1-1 (bug #993803)
@@ -9318,14 +9322,14 @@ CVE-2021-3765 (validator.js is vulnerable to Inefficient Regular Expression Comp
 	[stretch] - validator.js <postponed> (Minor issue, ReDOS, partial fix, no rdeps)
 	NOTE: https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1 (13.7.0)
 	NOTE: partial fix, only applies to chars==null
-CVE-2021-40504
-	RESERVED
-CVE-2021-40503
-	RESERVED
-CVE-2021-40502
-	RESERVED
-CVE-2021-40501
-	RESERVED
+CVE-2021-40504 (A certain template role in SAP NetWeaver Application Server for ABAP a ...)
+	TODO: check
+CVE-2021-40503 (An information disclosure vulnerability exists in SAP GUI for Windows  ...)
+	TODO: check
+CVE-2021-40502 (SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not pe ...)
+	TODO: check
+CVE-2021-40501 (SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not p ...)
+	TODO: check
 CVE-2021-40500 (SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - ...)
 	NOT-FOR-US: SAP
 CVE-2021-40499 (Client-side printing services SAP Cloud Print Manager and SAPSprint fo ...)
@@ -11681,8 +11685,8 @@ CVE-2021-39476
 	RESERVED
 CVE-2021-39475
 	RESERVED
-CVE-2021-39474
-	RESERVED
+CVE-2021-39474 (Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported a ...)
+	TODO: check
 CVE-2021-39473
 	RESERVED
 CVE-2021-39472
@@ -12564,57 +12568,57 @@ CVE-2021-39156 (Istio is an open source platform for providing a uniform way to
 CVE-2021-39155 (Istio is an open source platform for providing a uniform way to integr ...)
 	NOT-FOR-US: Istio
 CVE-2021-39154 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68
 	NOTE: https://x-stream.github.io/CVE-2021-39154.html
 CVE-2021-39153 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v
 	NOTE: https://x-stream.github.io/CVE-2021-39153.html
 CVE-2021-39152 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2
 	NOTE: https://x-stream.github.io/CVE-2021-39152.html
 CVE-2021-39151 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4
 	NOTE: https://x-stream.github.io/CVE-2021-39151.html
 CVE-2021-39150 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp
 	NOTE: https://x-stream.github.io/CVE-2021-39150.html
 CVE-2021-39149 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x
 	NOTE: https://x-stream.github.io/CVE-2021-39149.html
 CVE-2021-39148 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2
 	NOTE: https://x-stream.github.io/CVE-2021-39148.html
 CVE-2021-39147 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc
 	NOTE: https://x-stream.github.io/CVE-2021-39147.html
 CVE-2021-39146 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f
 	NOTE: https://x-stream.github.io/CVE-2021-39146.html
 CVE-2021-39145 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v
 	NOTE: https://x-stream.github.io/CVE-2021-39145.html
 CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
 	NOTE: https://x-stream.github.io/CVE-2021-39144.html
@@ -12623,17 +12627,17 @@ CVE-2021-39143
 CVE-2021-39142
 	RESERVED
 CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2
 	NOTE: https://x-stream.github.io/CVE-2021-39141.html
 CVE-2021-39140 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc
 	NOTE: https://x-stream.github.io/CVE-2021-39140.html
 CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back again ...)
-	{DLA-2769-1}
+	{DSA-5004-1 DLA-2769-1}
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44
 	NOTE: https://x-stream.github.io/CVE-2021-39139.html
@@ -13147,8 +13151,8 @@ CVE-2021-38889
 	RESERVED
 CVE-2021-38888
 	RESERVED
-CVE-2021-38887
-	RESERVED
+CVE-2021-38887 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
+	TODO: check
 CVE-2021-38886
 	RESERVED
 CVE-2021-38885
@@ -16156,6 +16160,7 @@ CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown ob
 CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...)
 	NOT-FOR-US: next.js
 CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...)
+	{DLA-2816-1}
 	- icinga2 2.13.1-1
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2
 	NOTE: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/
@@ -16686,7 +16691,7 @@ CVE-2021-37473 (In NavigateCMS version 2.9.4 and below, function in `product.php
 	NOT-FOR-US: NavigateCMS
 CVE-2021-37472
 	RESERVED
-CVE-2021-37471 (A restricted shell escape sequence is possible on Cradlepoint IBR900-6 ...)
+CVE-2021-37471 (Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulne ...)
 	NOT-FOR-US: Cradlepoint
 CVE-2021-37470 (In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists  ...)
 	NOT-FOR-US: NCH
@@ -23392,8 +23397,8 @@ CVE-2021-34600
 	RESERVED
 CVE-2021-34599
 	RESERVED
-CVE-2021-34598
-	RESERVED
+CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
+	TODO: check
 CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation Suite of ...)
 	NOT-FOR-US: Phoenix Contact
 CVE-2021-34596 (A crafted request may cause a read access to an uninitialized pointer  ...)
@@ -23424,8 +23429,8 @@ CVE-2021-34584 (Crafted web server requests can be utilised to read partial stac
 	NOT-FOR-US: CODESYS
 CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer overflow and ...)
 	NOT-FOR-US: CODESYS
-CVE-2021-34582
-	RESERVED
+CVE-2021-34582 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
+	TODO: check
 CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in  ...)
 	NOT-FOR-US: WAGO
 CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can  ...)
@@ -25278,8 +25283,7 @@ CVE-2021-33793 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an
 	NOT-FOR-US: Foxit Reader
 CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...)
 	NOT-FOR-US: Foxit
-CVE-2021-3572 [Don't split git references on unicode separators #9827]
-	RESERVED
+CVE-2021-3572 (A flaw was found in python-pip in the way it handled Unicode separator ...)
 	- python-pip 20.3.4-2
 	[buster] - python-pip <no-dsa> (Minor issue)
 	[stretch] - python-pip <postponed> (Minor issue. Fix along with next DLA)
@@ -27925,6 +27929,7 @@ CVE-2021-32745 (Collabora Online is a collaborative online office suite. A refle
 CVE-2021-32744 (Collabora Online is a collaborative online office suite. In versions p ...)
 	NOT-FOR-US: Collabora Online
 CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...)
+	{DLA-2816-1}
 	[experimental] - icinga2 2.12.5-1~exp1
 	- icinga2 2.12.5-1 (bug #991494)
 	NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
@@ -27940,6 +27945,7 @@ CVE-2021-32740 (Addressable is an alternative implementation to the URI implemen
 	NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
 	NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
 CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...)
+	{DLA-2816-1}
 	[experimental] - icinga2 2.12.5-1~exp1
 	- icinga2 2.12.5-1 (bug #991494)
 	NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
@@ -29818,12 +29824,12 @@ CVE-2021-32025
 	RESERVED
 CVE-2021-32024
 	RESERVED
-CVE-2021-32023
-	RESERVED
-CVE-2021-32022
-	RESERVED
-CVE-2021-32021
-	RESERVED
+CVE-2021-32023 (An elevation of privilege vulnerability in the message broker of Black ...)
+	TODO: check
+CVE-2021-32022 (A low privileged delete vulnerability using CEF RPC server of BlackBer ...)
+	TODO: check
+CVE-2021-32021 (A denial of service vulnerability in the message broker of BlackBerry  ...)
+	TODO: check
 CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insuffici ...)
 	NOT-FOR-US: kernel in Amazon Web Services FreeRTOS
 CVE-2021-32019 (There is missing input validation of host names displayed in OpenWrt b ...)
@@ -30298,8 +30304,8 @@ CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted mes
 	NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799
 CVE-2021-31854
 	RESERVED
-CVE-2021-31853
-	RESERVED
+CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...)
+	TODO: check
 CVE-2021-31852
 	RESERVED
 CVE-2021-31851
@@ -30983,6 +30989,7 @@ CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0
 CVE-2021-31608
 	RESERVED
 CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...)
+	{DLA-2815-1}
 	- salt 3002.6+dfsg1-2 (bug #987496)
 	NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
 CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to  ...)
@@ -42439,11 +42446,11 @@ CVE-2021-27041 (A maliciously crafted DWG file can be used to write beyond the a
 	NOT-FOR-US: Autodesk
 CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond allocated  ...)
 	NOT-FOR-US: Autodesk
-CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 20 ...)
+CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017,  ...)
 	NOT-FOR-US: Autodesk
-CVE-2021-27038 (A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 201 ...)
+CVE-2021-27038 (A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2 ...)
 	NOT-FOR-US: Autodesk
-CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 201 ...)
+CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2 ...)
 	NOT-FOR-US: Autodesk
 CVE-2021-27036 (A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design R ...)
 	NOT-FOR-US: Autodesk
@@ -43651,8 +43658,8 @@ CVE-2021-3382 (Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1
 	- gitea <removed>
 CVE-2021-3381
 	RESERVED
-CVE-2021-3380
-	RESERVED
+CVE-2021-3380 (Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRM ...)
+	TODO: check
 CVE-2021-26548
 	RESERVED
 CVE-2021-26547
@@ -45157,10 +45164,10 @@ CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored
 	NOT-FOR-US: PiranhaCMS
 CVE-2021-25976
 	RESERVED
-CVE-2021-25975
-	RESERVED
-CVE-2021-25974
-	RESERVED
+CVE-2021-25975 (In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a  ...)
+	TODO: check
+CVE-2021-25974 (In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A us ...)
+	TODO: check
 CVE-2021-25973 (In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Cont ...)
 	NOT-FOR-US: Publify
 CVE-2021-25972 (In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-S ...)
@@ -46058,6 +46065,7 @@ CVE-2020-36201 (An issue was discovered in certain Xerox WorkCentre products. Th
 CVE-2019-25015 (LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafte ...)
 	NOT-FOR-US: LuCI in OpenWrt
 CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt-api' ...)
+	{DLA-2815-1}
 	- salt 3002.5+dfsg1-1 (bug #983632)
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 t ...)
@@ -47048,15 +47056,19 @@ CVE-2021-25286
 CVE-2021-25285
 	RESERVED
 CVE-2021-25284 (An issue was discovered in through SaltStack Salt before 3002.5. salt. ...)
+	{DLA-2815-1}
 	- salt 3002.5+dfsg1-1 (bug #983632)
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2021-25283 (An issue was discovered in through SaltStack Salt before 3002.5. The j ...)
+	{DLA-2815-1}
 	- salt 3002.5+dfsg1-1 (bug #983632)
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2021-25282 (An issue was discovered in through SaltStack Salt before 3002.5. The s ...)
+	{DLA-2815-1}
 	- salt 3002.5+dfsg1-1 (bug #983632)
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2021-25281 (An issue was discovered in through SaltStack Salt before 3002.5. salt- ...)
+	{DLA-2815-1}
 	- salt 3002.5+dfsg1-1 (bug #983632)
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2021-XXXX [SQL Server LIMIT / OFFSET SQL Injection]
@@ -47308,6 +47320,7 @@ CVE-2021-3150 (A cross-site scripting (XSS) vulnerability on the Delete Personal
 CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ ...)
 	NOT-FOR-US: Netshield NANO devices
 CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...)
+	{DLA-2815-1}
 	- salt 3002.5+dfsg1-1 (bug #983632)
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2021-3147
@@ -49496,6 +49509,7 @@ CVE-2021-3146 (The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows
 CVE-2021-3145 (In Ionic Identity Vault before 5, a local root attacker on an Android  ...)
 	NOT-FOR-US: Ionic Identity Vault
 CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...)
+	{DLA-2815-1}
 	- salt 3002.5+dfsg1-1 (bug #983632)
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2021-3143
@@ -51727,24 +51741,24 @@ CVE-2021-3066
 	RESERVED
 CVE-2021-3065
 	RESERVED
-CVE-2021-3064
-	RESERVED
-CVE-2021-3063
-	RESERVED
-CVE-2021-3062
-	RESERVED
-CVE-2021-3061
-	RESERVED
-CVE-2021-3060
-	RESERVED
-CVE-2021-3059
-	RESERVED
-CVE-2021-3058
-	RESERVED
+CVE-2021-3064 (A memory corruption vulnerability exists in Palo Alto Networks GlobalP ...)
+	TODO: check
+CVE-2021-3063 (An improper handling of exceptional conditions vulnerability exists in ...)
+	TODO: check
+CVE-2021-3062 (An improper access control vulnerability in PAN-OS software enables an ...)
+	TODO: check
+CVE-2021-3061 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+	TODO: check
+CVE-2021-3060 (An OS command injection vulnerability in the Simple Certificate Enroll ...)
+	TODO: check
+CVE-2021-3059 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+	TODO: check
+CVE-2021-3058 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+	TODO: check
 CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo Alto Ne ...)
 	NOT-FOR-US: Palo Alto Networks
-CVE-2021-3056
-	RESERVED
+CVE-2021-3056 (A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalP ...)
+	TODO: check
 CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2021-3054 (A time-of-check to time-of-use (TOCTOU) race condition vulnerability i ...)
@@ -54356,8 +54370,8 @@ CVE-2021-22050
 	RESERVED
 CVE-2021-22049
 	RESERVED
-CVE-2021-22048
-	RESERVED
+CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...)
+	TODO: check
 CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older  ...)
 	NOT-FOR-US: Spring Data REST
 CVE-2021-22046
@@ -57043,6 +57057,7 @@ CVE-2020-35664 (An issue was discovered in Acronis Cyber Protect before 15 Updat
 CVE-2020-35663
 	RESERVED
 CVE-2020-35662 (In SaltStack Salt before 3002.5, when authenticating to services using ...)
+	{DLA-2815-1}
 	- salt 3002.5+dfsg1-1 (bug #983632)
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2020-35661
@@ -65710,6 +65725,7 @@ CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as
 CVE-2020-28973 (The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to p ...)
 	NOT-FOR-US: ABUS Secvest wireless alarm system FUAA50000
 CVE-2020-28972 (In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsp ...)
+	{DLA-2815-1}
 	- salt 3002.5+dfsg1-1 (bug #983632)
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2020-26235 (In Rust time crate from version 0.2.7 and before version 0.2.23, unix- ...)
@@ -70227,6 +70243,7 @@ CVE-2020-28245
 CVE-2020-28244
 	RESERVED
 CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The minion's  ...)
+	{DLA-2815-1}
 	- salt 3002.5+dfsg1-1 (bug #983632)
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...)
@@ -70456,8 +70473,8 @@ CVE-2020-28139 (SourceCodester Online Clothing Store 1.0 is affected by a cross-
 	NOT-FOR-US: SourceCodester Online Clothing Store
 CVE-2020-28138 (SourceCodester Online Clothing Store 1.0 is affected by a SQL Injectio ...)
 	NOT-FOR-US: SourceCodester Online Clothing Store
-CVE-2020-28137
-	RESERVED
+CVE-2020-28137 (Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, al ...)
+	TODO: check
 CVE-2020-28136 (An Arbitrary File Upload is discovered in SourceCodester Tourism Manag ...)
 	NOT-FOR-US: SourceCodester Tourism Management System
 CVE-2020-28135
@@ -107859,8 +107876,8 @@ CVE-2020-12490
 	RESERVED
 CVE-2020-12489
 	RESERVED
-CVE-2020-12488
-	RESERVED
+CVE-2020-12488 (The attacker can access the sensitive information stored within the jo ...)
+	TODO: check
 CVE-2020-12487
 	RESERVED
 CVE-2020-12486



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/668915cc6c712d0b76b73c4513adb482327e0dff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/668915cc6c712d0b76b73c4513adb482327e0dff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211110/eae03386/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list