Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2fbc450e by security tracker role at 2021-03-18T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,345 @@
+CVE-2021-28830
+ RESERVED
+CVE-2021-28829
+ RESERVED
+CVE-2021-28828
+ RESERVED
+CVE-2021-28827
+ RESERVED
+CVE-2021-28826
+ RESERVED
+CVE-2021-28825
+ RESERVED
+CVE-2021-28824
+ RESERVED
+CVE-2021-28823
+ RESERVED
+CVE-2021-28822
+ RESERVED
+CVE-2021-28821
+ RESERVED
+CVE-2021-28820
+ RESERVED
+CVE-2021-28819
+ RESERVED
+CVE-2021-28818
+ RESERVED
+CVE-2021-28817
+ RESERVED
+CVE-2021-28816
+ RESERVED
+CVE-2021-28815
+ RESERVED
+CVE-2021-28814
+ RESERVED
+CVE-2021-28813
+ RESERVED
+CVE-2021-28812
+ RESERVED
+CVE-2021-28811
+ RESERVED
+CVE-2021-28810
+ RESERVED
+CVE-2021-28809
+ RESERVED
+CVE-2021-28808
+ RESERVED
+CVE-2021-28807
+ RESERVED
+CVE-2021-28806
+ RESERVED
+CVE-2021-28805
+ RESERVED
+CVE-2021-28804
+ RESERVED
+CVE-2021-28803
+ RESERVED
+CVE-2021-28802
+ RESERVED
+CVE-2021-28801
+ RESERVED
+CVE-2021-28800
+ RESERVED
+CVE-2021-28799
+ RESERVED
+CVE-2021-28798
+ RESERVED
+CVE-2021-28797
+ RESERVED
+CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in
transformers. ...)
+ TODO: check
+CVE-2021-28795
+ RESERVED
+CVE-2021-28794 (The unofficial ShellCheck extension before 0.13.4 for Visual
Studio Co ...)
+ TODO: check
+CVE-2021-28793
+ RESERVED
+CVE-2021-28792 (The unofficial Swift Development Environment extension before
2.12.1 f ...)
+ TODO: check
+CVE-2021-28791 (The unofficial SwiftFormat extension before 1.3.7 for Visual
Studio Co ...)
+ TODO: check
+CVE-2021-28790 (The unofficial SwiftLint extension before 1.4.5 for Visual
Studio Code ...)
+ TODO: check
+CVE-2021-28789 (The unofficial apple/swift-format extension before 1.1.2 for
Visual St ...)
+ TODO: check
+CVE-2021-28788
+ RESERVED
+CVE-2021-28787
+ RESERVED
+CVE-2021-28786
+ RESERVED
+CVE-2021-28785
+ RESERVED
+CVE-2021-28784
+ RESERVED
+CVE-2021-28783
+ RESERVED
+CVE-2021-28782
+ RESERVED
+CVE-2021-28781
+ RESERVED
+CVE-2021-28780
+ RESERVED
+CVE-2021-28779
+ RESERVED
+CVE-2021-28778
+ RESERVED
+CVE-2021-28777
+ RESERVED
+CVE-2021-28776
+ RESERVED
+CVE-2021-28775
+ RESERVED
+CVE-2021-28774
+ RESERVED
+CVE-2021-28773
+ RESERVED
+CVE-2021-28772
+ RESERVED
+CVE-2021-28771
+ RESERVED
+CVE-2021-28770
+ RESERVED
+CVE-2021-28769
+ RESERVED
+CVE-2021-28768
+ RESERVED
+CVE-2021-28767
+ RESERVED
+CVE-2021-28766
+ RESERVED
+CVE-2021-28765
+ RESERVED
+CVE-2021-28764
+ RESERVED
+CVE-2021-28763
+ RESERVED
+CVE-2021-28762
+ RESERVED
+CVE-2021-28761
+ RESERVED
+CVE-2021-28760
+ RESERVED
+CVE-2021-28759
+ RESERVED
+CVE-2021-28758
+ RESERVED
+CVE-2021-28757
+ RESERVED
+CVE-2021-28756
+ RESERVED
+CVE-2021-28755
+ RESERVED
+CVE-2021-28754
+ RESERVED
+CVE-2021-28753
+ RESERVED
+CVE-2021-28752
+ RESERVED
+CVE-2021-28751
+ RESERVED
+CVE-2021-28750
+ RESERVED
+CVE-2021-28749
+ RESERVED
+CVE-2021-28748
+ RESERVED
+CVE-2021-28747
+ RESERVED
+CVE-2021-28746
+ RESERVED
+CVE-2021-28745
+ RESERVED
+CVE-2021-28744
+ RESERVED
+CVE-2021-28743
+ RESERVED
+CVE-2021-28742
+ RESERVED
+CVE-2021-28741
+ RESERVED
+CVE-2021-28740
+ RESERVED
+CVE-2021-28739
+ RESERVED
+CVE-2021-28738
+ RESERVED
+CVE-2021-28737
+ RESERVED
+CVE-2021-28736
+ RESERVED
+CVE-2021-28735
+ RESERVED
+CVE-2021-28734
+ RESERVED
+CVE-2021-28733
+ RESERVED
+CVE-2021-28732
+ RESERVED
+CVE-2021-28731
+ RESERVED
+CVE-2021-28730
+ RESERVED
+CVE-2021-28729
+ RESERVED
+CVE-2021-28728
+ RESERVED
+CVE-2021-28727
+ RESERVED
+CVE-2021-28726
+ RESERVED
+CVE-2021-28725
+ RESERVED
+CVE-2021-28724
+ RESERVED
+CVE-2021-28723
+ RESERVED
+CVE-2021-28722
+ RESERVED
+CVE-2021-28721
+ RESERVED
+CVE-2021-28720
+ RESERVED
+CVE-2021-28719
+ RESERVED
+CVE-2021-28718
+ RESERVED
+CVE-2021-28717
+ RESERVED
+CVE-2021-28716
+ RESERVED
+CVE-2021-28715
+ RESERVED
+CVE-2021-28714
+ RESERVED
+CVE-2021-28713
+ RESERVED
+CVE-2021-28712
+ RESERVED
+CVE-2021-28711
+ RESERVED
+CVE-2021-28710
+ RESERVED
+CVE-2021-28709
+ RESERVED
+CVE-2021-28708
+ RESERVED
+CVE-2021-28707
+ RESERVED
+CVE-2021-28706
+ RESERVED
+CVE-2021-28705
+ RESERVED
+CVE-2021-28704
+ RESERVED
+CVE-2021-28703
+ RESERVED
+CVE-2021-28702
+ RESERVED
+CVE-2021-28701
+ RESERVED
+CVE-2021-28700
+ RESERVED
+CVE-2021-28699
+ RESERVED
+CVE-2021-28698
+ RESERVED
+CVE-2021-28697
+ RESERVED
+CVE-2021-28696
+ RESERVED
+CVE-2021-28695
+ RESERVED
+CVE-2021-28694
+ RESERVED
+CVE-2021-28693
+ RESERVED
+CVE-2021-28692
+ RESERVED
+CVE-2021-28691
+ RESERVED
+CVE-2021-28690
+ RESERVED
+CVE-2021-28689
+ RESERVED
+CVE-2021-28688
+ RESERVED
+CVE-2021-28686
+ RESERVED
+CVE-2021-28685
+ RESERVED
+CVE-2021-28684
+ RESERVED
+CVE-2021-28683
+ RESERVED
+CVE-2021-28682
+ RESERVED
+CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS
Connectio ...)
+ TODO: check
+CVE-2021-28680
+ RESERVED
+CVE-2021-28679
+ RESERVED
+CVE-2021-28678
+ RESERVED
+CVE-2021-28677
+ RESERVED
+CVE-2021-28676
+ RESERVED
+CVE-2021-28675
+ RESERVED
+CVE-2021-28674
+ RESERVED
+CVE-2021-28673
+ RESERVED
+CVE-2021-28672
+ RESERVED
+CVE-2021-28671
+ RESERVED
+CVE-2021-28670
+ RESERVED
+CVE-2021-28669
+ RESERVED
+CVE-2021-28668
+ RESERVED
+CVE-2021-28667 (StackStorm before 3.4.1, in some situations, has an infinite
loop that ...)
+ TODO: check
+CVE-2021-28666
+ RESERVED
+CVE-2021-28665
+ RESERVED
+CVE-2021-28664
+ RESERVED
+CVE-2021-28663
+ RESERVED
+CVE-2021-28662
+ RESERVED
+CVE-2021-28661
+ RESERVED
CVE-2021-3449
RESERVED
CVE-2021-28687 [HVM soft-reset crashes toolstack]
+ RESERVED
- xen <unfixed>
[buster] - xen <not-affected> (Vulnerable code introduced later)
[stretch] - xen <not-affected> (Vulnerable code introduced later)
@@ -54,7 +393,7 @@ CVE-2021-28646
RESERVED
CVE-2021-28645
RESERVED
-CVE-2017-20002 (The Debian shadow package before 4.5-1 for Shadow incorrectly
lists pt ...)
+CVE-2017-20002 (The Debian shadow package before 1:4.5-1 for Shadow
incorrectly lists ...)
{DLA-2596-1}
- shadow 1:4.5-1 (bug #914957)
NOTE: Introduced in attempt to address #830255 in 1:4.4-2
@@ -519,14 +858,14 @@ CVE-2021-28422
RESERVED
CVE-2021-28421
RESERVED
-CVE-2021-28420
- RESERVED
-CVE-2021-28419
- RESERVED
-CVE-2021-28418
- RESERVED
-CVE-2021-28417
- RESERVED
+CVE-2021-28420 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows
remote at ...)
+ TODO: check
+CVE-2021-28419 (The "order_col" parameter in archive.php of SEO Panel 4.8.0 is
vulnera ...)
+ TODO: check
+CVE-2021-28418 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows
remote at ...)
+ TODO: check
+CVE-2021-28417 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows
remote at ...)
+ TODO: check
CVE-2021-28416
RESERVED
CVE-2021-28415
@@ -1144,8 +1483,8 @@ CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786
NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1173485
-CVE-2021-28145
- RESERVED
+CVE-2021-28145 (Concrete CMS (formerly concrete5) before 8.5.5 allows remote
authentic ...)
+ TODO: check
CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows
remote a ...)
NOT-FOR-US: D-Link
CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows
authenticated ...)
@@ -1168,8 +1507,8 @@ CVE-2021-28135
RESERVED
CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote
attacke ...)
NOT-FOR-US: Clipper
-CVE-2021-28133
- RESERVED
+CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private
informat ...)
+ TODO: check
CVE-2021-3427
RESERVED
CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows
unauthenticated ...)
@@ -2307,8 +2646,8 @@ CVE-2021-27658
RESERVED
CVE-2021-27657
RESERVED
-CVE-2021-27656
- RESERVED
+CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior
could a ...)
+ TODO: check
CVE-2021-27655
RESERVED
CVE-2021-27654
@@ -3080,8 +3419,8 @@ CVE-2021-27308
RESERVED
CVE-2021-27307
RESERVED
-CVE-2021-27306
- RESERVED
+CVE-2021-27306 (An improper access control vulnerability in the JWT plugin in
Kong Gat ...)
+ TODO: check
CVE-2021-27305
RESERVED
CVE-2021-27304
@@ -3908,8 +4247,8 @@ CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler
function in lib/ytnef.c al
NOTE:
https://github.com/Yeraze/ytnef/commit/f2380a53fb84d370eaf6e6c3473062c54c57fac7
CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through
0.5.0, when ...)
NOT-FOR-US: ReplaySorcery
-CVE-2021-26935
- RESERVED
+CVE-2021-26935 (In WoWonder < 3.1, remote attackers can gain access to the
database ...)
+ TODO: check
CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through
5.10.16, as u ...)
- linux <unfixed> (unimportant)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5679,16 +6018,16 @@ CVE-2021-26239
RESERVED
CVE-2021-26238
RESERVED
-CVE-2021-26237
- RESERVED
-CVE-2021-26236
- RESERVED
-CVE-2021-26235
- RESERVED
-CVE-2021-26234
- RESERVED
-CVE-2021-26233
- RESERVED
+CVE-2021-26237 (FastStone Image Viewer <= 7.5 is affected by a user mode
write acce ...)
+ TODO: check
+CVE-2021-26236 (FastStone Image Viewer v.<= 7.5 is affected by a
Stack-based Buffer ...)
+ TODO: check
+CVE-2021-26235 (FastStone Image Viewer <= 7.5 is affected by a user mode
write acce ...)
+ TODO: check
+CVE-2021-26234 (FastStone Image Viewer <= 7.5 is affected by a user mode
write acce ...)
+ TODO: check
+CVE-2021-26233 (FastStone Image Viewer <= 7.5 is affected by a user mode
write acce ...)
+ TODO: check
CVE-2021-26232
RESERVED
CVE-2021-26231
@@ -5721,10 +6060,10 @@ CVE-2021-26218
RESERVED
CVE-2021-26217
RESERVED
-CVE-2021-26216
- RESERVED
-CVE-2021-26215
- RESERVED
+CVE-2021-26216 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF)
in out. ...)
+ TODO: check
+CVE-2021-26215 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF)
in out. ...)
+ TODO: check
CVE-2021-26214
RESERVED
CVE-2021-26213
@@ -10427,60 +10766,60 @@ CVE-2021-24151
RESERVED
CVE-2021-24150
RESERVED
-CVE-2021-24149
- RESERVED
-CVE-2021-24148
- RESERVED
-CVE-2021-24147
- RESERVED
-CVE-2021-24146
- RESERVED
-CVE-2021-24145
- RESERVED
-CVE-2021-24144
- RESERVED
-CVE-2021-24143
- RESERVED
-CVE-2021-24142
- RESERVED
-CVE-2021-24141
- RESERVED
-CVE-2021-24140
- RESERVED
-CVE-2021-24139
- RESERVED
-CVE-2021-24138
- RESERVED
-CVE-2021-24137
- RESERVED
-CVE-2021-24136
- RESERVED
-CVE-2021-24135
- RESERVED
-CVE-2021-24134
- RESERVED
-CVE-2021-24133
- RESERVED
-CVE-2021-24132
- RESERVED
-CVE-2021-24131
- RESERVED
-CVE-2021-24130
- RESERVED
-CVE-2021-24129
- RESERVED
-CVE-2021-24128
- RESERVED
-CVE-2021-24127
- RESERVED
-CVE-2021-24126
- RESERVED
-CVE-2021-24125
- RESERVED
-CVE-2021-24124
- RESERVED
-CVE-2021-24123
- RESERVED
+CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress
plugin, ...)
+ TODO: check
+CVE-2021-24148 (A business logic issue in the MStore API WordPress plugin,
versions be ...)
+ TODO: check
+CVE-2021-24147 (Unvalidated input and lack of output encoding in the Modern
Events Cal ...)
+ TODO: check
+CVE-2021-24146 (Lack of authorisation checks in the Modern Events Calendar
Lite WordPr ...)
+ TODO: check
+CVE-2021-24145 (Arbitrary file upload in the Modern Events Calendar Lite
WordPress plu ...)
+ TODO: check
+CVE-2021-24144 (Unvalidated input in the Contact Form 7 Database Addon plugin,
version ...)
+ TODO: check
+CVE-2021-24143 (Unvalidated input in the AccessPress Social Icons plugin,
versions bef ...)
+ TODO: check
+CVE-2021-24142 (Unvaludated input in the 301 Redirects - Easy Redirect Manager
WordPre ...)
+ TODO: check
+CVE-2021-24141 (Unvaludated input in the Advanced Database Cleaner plugin,
versions be ...)
+ TODO: check
+CVE-2021-24140 (Unvalidated input in the Ajax Load More WordPress plugin,
versions bef ...)
+ TODO: check
+CVE-2021-24139 (Unvalidated input in the Photo Gallery (10Web Photo Gallery)
WordPress ...)
+ TODO: check
+CVE-2021-24138 (Unvalidated input in the AdRotate WordPress plugin, versions
before 5. ...)
+ TODO: check
+CVE-2021-24137 (Unvalidated input in the Blog2Social WordPress plugin,
versions before ...)
+ TODO: check
+CVE-2021-24136 (Unvalidated input and lack of output encoding in the
Testimonials Widg ...)
+ TODO: check
+CVE-2021-24135 (Unvalidated input and lack of output encoding in the WP
Customer Revie ...)
+ TODO: check
+CVE-2021-24134 (Unvalidated input and lack of output encoding in the Constant
Contact ...)
+ TODO: check
+CVE-2021-24133 (Lack of CSRF checks in the ActiveCampaign WordPress plugin,
versions b ...)
+ TODO: check
+CVE-2021-24132 (The Slider by 10Web WordPress plugin, versions before 1.2.36,
in the b ...)
+ TODO: check
+CVE-2021-24131 (Unvalidated input in the Anti-Spam by CleanTalk WordPress
plugin, vers ...)
+ TODO: check
+CVE-2021-24130 (Unvalidated input in the WP Google Map Plugin WordPress
plugin, versio ...)
+ TODO: check
+CVE-2021-24129 (Unvalidated input and lack of output encoding in the Themify
Portfolio ...)
+ TODO: check
+CVE-2021-24128 (Unvalidated input and lack of output encoding in the Team
Members Word ...)
+ TODO: check
+CVE-2021-24127 (Unvalidated input and lack of output encoding in the
ThirstyAffiliates ...)
+ TODO: check
+CVE-2021-24126 (Unvalidated input and lack of output encoding in the Envira
Gallery Li ...)
+ TODO: check
+CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress
plugin, ve ...)
+ TODO: check
+CVE-2021-24124 (Unvalidated input and lack of output encoding in the WP
Shieldon WordP ...)
+ TODO: check
+CVE-2021-24123 (Arbitrary file upload in the PowerPress WordPress plugin,
versions bef ...)
+ TODO: check
CVE-2021-24122 (When serving resources from a network location using the NTFS
file sys ...)
{DLA-2594-1}
- tomcat9 9.0.40-1 (unimportant)
@@ -10516,8 +10855,8 @@ CVE-2021-3143
RESERVED
CVE-2021-3142
REJECTED
-CVE-2021-3141
- RESERVED
+CVE-2021-3141 (In Unisys Stealth (core) before 6.0.025.0, the Keycloak
password is st ...)
+ TODO: check
CVE-2021-24121
RESERVED
CVE-2021-24120
@@ -12209,8 +12548,8 @@ CVE-2021-23361
RESERVED
CVE-2021-23360
RESERVED
-CVE-2021-23359
- RESERVED
+CVE-2021-23359 (This affects all versions of package port-killer. If
(attacker-control ...)
+ TODO: check
CVE-2021-23358
RESERVED
CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway
are vul ...)
@@ -12259,7 +12598,7 @@ CVE-2021-23339 (This affects all versions before
10.1.14 and from 10.2.0 to 10.2
NOT-FOR-US: com.typesafe.akka:akka-http-core
CVE-2021-23338 (This affects all versions of package qlib. The workflow
function in cl ...)
NOT-FOR-US: qlib
-CVE-2021-23337 (All versions of package lodash; all versions of package
org.fujion.web ...)
+CVE-2021-23337 (Lodash versions prior to 4.17.21 are vulnerable to Command
Injection v ...)
- node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086)
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by
security support)
NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724
@@ -13248,8 +13587,8 @@ CVE-2021-22850 (HGiga EIP product lacks ineffective
access control in certain pa
NOT-FOR-US: HGiga EIP
CVE-2021-22849 (Hyweb HyCMS-J1 backend editing function does not filter
special charac ...)
NOT-FOR-US: Hyweb HyCMS-J1
-CVE-2021-22848
- RESERVED
+CVE-2021-22848 (HGiga MailSherlock contains a SQL Injection. Remote attackers
can inje ...)
+ TODO: check
CVE-2021-22847 (Hyweb HyCMS-J1's API fail to filter POST request parameters.
Remote at ...)
NOT-FOR-US: Hyweb HyCMS-J1
CVE-2021-22846
@@ -13768,8 +14107,8 @@ CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and
prior is vulnerable due
NOT-FOR-US: BB-ESWGP506-2SFP-T
CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a
stack-bas ...)
NOT-FOR-US: Fatek FvDesigner
-CVE-2021-22665
- RESERVED
+CVE-2021-22665 (Rockwell Automation DriveTools SP v5.13 and below and Drives
AOP v4.12 ...)
+ TODO: check
CVE-2021-22664
RESERVED
CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper
validation of u ...)
@@ -15909,16 +16248,16 @@ CVE-2021-21629
RESERVED
CVE-2021-21628
RESERVED
-CVE-2021-21627
- RESERVED
-CVE-2021-21626
- RESERVED
-CVE-2021-21625
- RESERVED
-CVE-2021-21624
- RESERVED
-CVE-2021-21623
- RESERVED
+CVE-2021-21627 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Libvirt A ...)
+ TODO: check
+CVE-2021-21626 (Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does
not per ...)
+ TODO: check
+CVE-2021-21625 (Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does
not per ...)
+ TODO: check
+CVE-2021-21624 (An incorrect permission check in Jenkins Role-based
Authorization Stra ...)
+ TODO: check
+CVE-2021-21623 (An incorrect permission check in Jenkins Matrix Authorization
Strategy ...)
+ TODO: check
CVE-2021-21622 (Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier
does no ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21621 (Jenkins Support Core Plugin 2.72 and earlier provides the
serialized u ...)
@@ -17652,8 +17991,8 @@ CVE-2021-21385
RESERVED
CVE-2021-21384
RESERVED
-CVE-2021-21383
- RESERVED
+CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js
before versi ...)
+ TODO: check
CVE-2021-21382
RESERVED
CVE-2021-21380
@@ -19460,14 +19799,14 @@ CVE-2021-20680
RESERVED
CVE-2021-20679
RESERVED
-CVE-2021-20678
- RESERVED
+CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro
versions prior ...)
+ TODO: check
CVE-2021-20677
RESERVED
-CVE-2021-20676
- RESERVED
-CVE-2021-20675
- RESERVED
+CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0,
type B ( ...)
+ TODO: check
+CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0,
type B ( ...)
+ TODO: check
CVE-2021-20674 (Untrusted search path vulnerability in Installer of
MagicConnect Clien ...)
NOT-FOR-US: MagicConnect client
CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of
GROWI (v4.2 ...)
@@ -19548,28 +19887,28 @@ CVE-2021-20636 (Cross-site request forgery (CSRF)
vulnerability in LOGITEC LAN-W
NOT-FOR-US: LOGITEC
CVE-2021-20635 (Improper restriction of excessive authentication attempts in
LOGITEC L ...)
NOT-FOR-US: LOGITEC
-CVE-2021-20634
- RESERVED
-CVE-2021-20633
- RESERVED
-CVE-2021-20632
- RESERVED
-CVE-2021-20631
- RESERVED
-CVE-2021-20630
- RESERVED
-CVE-2021-20629
- RESERVED
-CVE-2021-20628
- RESERVED
-CVE-2021-20627
- RESERVED
-CVE-2021-20626
- RESERVED
-CVE-2021-20625
- RESERVED
-CVE-2021-20624
- RESERVED
+CVE-2021-20634 (Improper access control vulnerability in Custom App of Cybozu
Office 1 ...)
+ TODO: check
+CVE-2021-20633 (Improper access control vulnerability in Cabinet of Cybozu
Office 10.0 ...)
+ TODO: check
+CVE-2021-20632 (Improper access control vulnerability in Bulletin Board of
Cybozu Offi ...)
+ TODO: check
+CVE-2021-20631 (Improper input validation vulnerability in Custom App of
Cybozu Office ...)
+ TODO: check
+CVE-2021-20630 (Improper access control vulnerability in Phone Messages of
Cybozu Offi ...)
+ TODO: check
+CVE-2021-20629 (Cross-site scripting vulnerability in E-mail of Cybozu Office
10.0.0 t ...)
+ TODO: check
+CVE-2021-20628 (Cross-site scripting vulnerability in Address Book of Cybozu
Office 10 ...)
+ TODO: check
+CVE-2021-20627 (Cross-site scripting vulnerability in Address Book of Cybozu
Office 10 ...)
+ TODO: check
+CVE-2021-20626 (Improper access control vulnerability in Workflow of Cybozu
Office 10. ...)
+ TODO: check
+CVE-2021-20625 (Improper access control vulnerability in Bulletin Board of
Cybozu Offi ...)
+ TODO: check
+CVE-2021-20624 (Improper access control vulnerability in Scheduler of Cybozu
Office 10 ...)
+ TODO: check
CVE-2021-20623 (Video Insight VMS versions prior to 7.8 allows a remote
attacker to ex ...)
NOT-FOR-US: Video Insight VMS
CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware
Ver1.0.2 ...)
@@ -27857,7 +28196,7 @@ CVE-2020-28502 (This affects the package xmlhttprequest
before 1.7.0; all versio
NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
CVE-2020-28501
RESERVED
-CVE-2020-28500 (All versions of package lodash; all versions of package
org.fujion.web ...)
+CVE-2020-28500 (Lodash versions prior to 4.17.21 are vulnerable to Regular
Expression ...)
- node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086)
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by
security support)
NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1018905
@@ -31134,8 +31473,7 @@ CVE-2020-27828 (There's a flaw in jasper's jpc encoder
in versions prior to 2.0.
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/252
NOTE: https://github.com/jasper-software/jasper/pull/253
-CVE-2020-27827 [lldp: avoid memory leak from bad packets]
- RESERVED
+CVE-2020-27827 (A flaw was found in multiple versions of OpenvSwitch.
Specially crafte ...)
{DSA-4836-1 DLA-2571-1}
- lldpd 1.0.8-1
[buster] - lldpd <no-dsa> (Minor issue)
@@ -35561,8 +35899,8 @@ CVE-2020-26157 (Leanote Desktop through 2.6.2 allows
XSS because a note's title
NOT-FOR-US: Leanote Desktop
CVE-2020-26156
REJECTED
-CVE-2020-26155
- RESERVED
+CVE-2020-26155 (Multiple files and folders in Utimaco SecurityServer 4.20.0.4
and 4.31 ...)
+ TODO: check
CVE-2020-26153
RESERVED
CVE-2020-26152
@@ -38178,6 +38516,7 @@ CVE-2020-25098
RESERVED
CVE-2020-25097
RESERVED
+ {DLA-2598-1}
- squid <unfixed> (bug #985068)
- squid3 <removed>
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
@@ -56388,7 +56727,7 @@ CVE-2020-16232
RESERVED
CVE-2020-16231
RESERVED
-CVE-2020-16230 (The WADashboard component of WebAccess/SCADA may allow an
attacker to ...)
+CVE-2020-16230 (WebAccess/SCADA Versions 9.0 and prior are vulnerable to
cross-site sc ...)
NOT-FOR-US: HMS Networks
CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
Process ...)
NOT-FOR-US: Advantech WebAccess
@@ -60818,8 +61157,8 @@ CVE-2020-14518 (Philips DreamMapper, Version 2.24 and
prior. Information written
NOT-FOR-US: Philips DreamMapper
CVE-2020-14517 (Protocol encryption can be easily broken for CodeMeter (All
versions p ...)
NOT-FOR-US: CodeMeter
-CVE-2020-14516
- RESERVED
+CVE-2020-14516 (In Rockwell Automation FactoryTalk Services Platform Versions
6.10.00 ...)
+ TODO: check
CVE-2020-14515 (CodeMeter (All versions prior to 6.90 when using CmActLicense
update f ...)
NOT-FOR-US: CodeMeter
CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus
traffic ca ...)
@@ -102500,16 +102839,16 @@ CVE-2019-18237
RESERVED
CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC
Editor Ver ...)
NOT-FOR-US: PLC Editor
-CVE-2019-18235
- RESERVED
+CVE-2019-18235 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior has
insufficient ...)
+ TODO: check
CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL
injection ...)
NOT-FOR-US: Equinox Control Expert
-CVE-2019-18233
- RESERVED
+CVE-2019-18233 (In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and
prior, the ...)
+ TODO: check
CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to
7.101(only ...)
NOT-FOR-US: SafeNet Sentinel LDK License Manager
-CVE-2019-18231
- RESERVED
+CVE-2019-18231 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins
and passwo ...)
+ TODO: check
CVE-2019-18230 (Honeywell equIP and Performance series IP cameras, multiple
versions, ...)
NOT-FOR-US: Honeywell
CVE-2019-18229 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of
sanitizati ...)
@@ -145456,8 +145795,7 @@ CVE-2019-3869 (When running Tower before 3.4.3 on
OpenShift or Kubernetes, appli
NOT-FOR-US: Ansible Tower
CVE-2019-3868 (Keycloak up to version 6.0.0 allows the end user token (access
or id t ...)
NOT-FOR-US: Keycloak
-CVE-2019-3867
- RESERVED
+CVE-2019-3867 (A vulnerability was found in the Quay web application. Sessions
in the ...)
NOT-FOR-US: OpenShift (web-cosnole issue specific to OpenShift only)
CVE-2019-3866 (An information-exposure vulnerability was discovered where
openstack-m ...)
- python-oslo.utils 3.41.3-1 (low; bug #946060)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fbc450e2f29caddc0a0235b3dbeb5a0ad37c1f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fbc450e2f29caddc0a0235b3dbeb5a0ad37c1f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
