[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 24 Apr 2021 01:10:41 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
feab9026 by security tracker role at 2021-04-24T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2021-31791 (In Hardware Sentry KM before 10.0.01 for BMC PATROL, a 
cleartext passw ...)
+       TODO: check
+CVE-2021-31790
+       RESERVED
+CVE-2021-31789
+       RESERVED
+CVE-2021-31788
+       RESERVED
+CVE-2021-31787
+       RESERVED
+CVE-2021-31786
+       RESERVED
+CVE-2021-31785
+       RESERVED
+CVE-2021-31784
+       RESERVED
+CVE-2021-31783
+       RESERVED
+CVE-2021-31782
+       RESERVED
+CVE-2021-31781
+       RESERVED
+CVE-2021-31780 (In app/Model/MispObject.php in MISP 2.4.141, an incorrect 
sharing grou ...)
+       TODO: check
+CVE-2021-31779
+       RESERVED
+CVE-2021-31778
+       RESERVED
+CVE-2021-31777
+       RESERVED
+CVE-2019-25030
+       RESERVED
+CVE-2019-25029
+       RESERVED
 CVE-2021-XXXX [SA-CORE-2021-002]
        - drupal7 <removed>
        [stretch] - drupal7 7.52-2+deb9u15
@@ -390,10 +424,10 @@ CVE-2021-31586
        RESERVED
 CVE-2021-31585
        RESERVED
-CVE-2021-31584
-       RESERVED
-CVE-2021-31583
-       RESERVED
+CVE-2021-31584 (Sipwise C5 NGCP CSC through CE_m39.3.1 allows call/click2dial 
CSRF att ...)
+       TODO: check
+CVE-2021-31583 (Sipwise C5 NGCP CSC through CE_m39.3.1 has multiple 
authenticated stor ...)
+       TODO: check
 CVE-2021-31582
        RESERVED
 CVE-2021-31581
@@ -5819,8 +5853,8 @@ CVE-2021-29160
        RESERVED
 CVE-2021-29159
        RESERVED
-CVE-2021-29158
-       RESERVED
+CVE-2021-29158 (Sonatype Nexus Repository Manager 3 Pro up to and including 
3.30.0 has ...)
+       TODO: check
 CVE-2021-29157
        RESERVED
 CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the 
Webfinger ...)
@@ -13747,10 +13781,10 @@ CVE-2021-3199 (Directory traversal with remote code 
execution can occur in /uplo
        NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2021-3198
        RESERVED
-CVE-2021-25899
-       RESERVED
-CVE-2021-25898
-       RESERVED
+CVE-2021-25899 (An issue was discovered in svc-login.php in Void Aural Rec 
Monitor 9.0 ...)
+       TODO: check
+CVE-2021-25898 (An issue was discovered in svc-login.php in Void Aural Rec 
Monitor 9.0 ...)
+       TODO: check
 CVE-2021-25897
        RESERVED
 CVE-2021-25896
@@ -29216,7 +29250,7 @@ CVE-2020-35316
        RESERVED
 CVE-2020-35315
        RESERVED
-CVE-2020-35314 (An OS command injection vulnerability in the 
installUpdateThemePluginA ...)
+CVE-2020-35314 (A remote code execution vulnerability in the 
installUpdateThemePluginA ...)
        NOT-FOR-US: WonderCMS
 CVE-2020-35313 (A server-side request forgery (SSRF) vulnerability in the 
addCustomThe ...)
        NOT-FOR-US: WonderCMS
@@ -30353,7 +30387,7 @@ CVE-2021-2162 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compon
        - mysql-5.7 <removed>
        - mysql-8.0 <unfixed> (bug #987325)
 CVE-2021-2161 (Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM 
Enterpr ...)
-       {DSA-4899-1}
+       {DSA-4899-1 DLA-2634-1}
        - openjdk-17 17~19-1
        - openjdk-11 11.0.11+9-1
        - openjdk-8 <removed>
@@ -61169,8 +61203,8 @@ CVE-2020-17544
        RESERVED
 CVE-2020-17543
        RESERVED
-CVE-2020-17542
-       RESERVED
+CVE-2020-17542 (Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote 
attackers to ...)
+       TODO: check
 CVE-2020-17541
        RESERVED
 CVE-2020-17540
@@ -89675,12 +89709,12 @@ CVE-2020-7038
        RESERVED
 CVE-2020-7037
        RESERVED
-CVE-2020-7036
-       RESERVED
-CVE-2020-7035
-       RESERVED
-CVE-2020-7034
-       RESERVED
+CVE-2020-7036 (An XML External Entities (XXE)vulnerability in Callback Assist 
could a ...)
+       TODO: check
+CVE-2020-7035 (An XML External Entities (XXE)vulnerability in the web-based 
user inte ...)
+       TODO: check
+CVE-2020-7034 (A command injection vulnerability in Avaya Session Border 
Controller f ...)
+       TODO: check
 CVE-2020-7033 (A Cross Site Scripting (XSS) Vulnerability on the Unified 
Portal Clien ...)
        NOT-FOR-US: Avaya
 CVE-2020-7032 (An XML external entity (XXE) vulnerability in Avaya WebLM admin 
interf ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feab90263c42793ad286992616a235e61eecfb15

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feab90263c42793ad286992616a235e61eecfb15
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to