Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b6824b56 by security tracker role at 2021-04-27T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3518
+ RESERVED
+CVE-2021-3517
+ RESERVED
+CVE-2021-3516
+ RESERVED
+CVE-2021-3515
+ RESERVED
+CVE-2021-3514
+ RESERVED
CVE-2021-31829
RESERVED
CVE-2021-31828
@@ -88,6 +98,7 @@ CVE-2020-36325 (An issue was discovered in Jansson through
2.13.1. Due to a pars
- jansson <unfixed>
NOTE: https://github.com/akheron/jansson/issues/548
CVE-2021-31826 (Shibboleth Service Provider 3.x before 3.2.2 is prone to a
NULL pointe ...)
+ {DSA-4905-1}
- shibboleth-sp <unfixed> (bug #987608)
NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt
NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927
@@ -155,6 +166,8 @@ CVE-2019-25030
CVE-2019-25029
RESERVED
CVE-2020-13672 [SA-CORE-2021-002]
+ RESERVED
+ {DLA-2637-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2021-002
CVE-2021-31776
@@ -2499,8 +2512,8 @@ CVE-2021-30644
RESERVED
CVE-2021-30643
RESERVED
-CVE-2021-30642
- RESERVED
+CVE-2021-30642 (An input validation flaw in the Symantec Security Analytics
web UI 7.2 ...)
+ TODO: check
CVE-2020-36323 (In the standard library in Rust before 1.52.0, there is an
optimizatio ...)
- rustc <unfixed>
NOTE: https://github.com/rust-lang/rust/issues/80335
@@ -2584,8 +2597,8 @@ CVE-2018-25007 (Missing check in UIDL request handler in
com.vaadin:flow-server
NOT-FOR-US: Vaadin
CVE-2017-20003
REJECTED
-CVE-2021-30638
- RESERVED
+CVE-2021-30638 (Information Exposure vulnerability in context asset handling
of Apache ...)
+ TODO: check
CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or
Descript ...)
NOT-FOR-US: htmly
CVE-2021-30636
@@ -4771,10 +4784,10 @@ CVE-2021-29669
RESERVED
CVE-2021-29668
RESERVED
-CVE-2021-29667
- RESERVED
-CVE-2021-29666
- RESERVED
+CVE-2021-29667 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through
5.1.0.2 is ...)
+ TODO: check
+CVE-2021-29666 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through
5.1.0.2 is ...)
+ TODO: check
CVE-2021-29665
RESERVED
CVE-2021-29664
@@ -6060,8 +6073,8 @@ CVE-2021-29135
RESERVED
CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to
CSRF when ...)
NOT-FOR-US: HID OMNIKEY 5427 and OMNIKEY 5127 readers
-CVE-2021-3464
- RESERVED
+CVE-2021-3464 (A DLL search path vulnerability was reported in Lenovo
PCManager, prio ...)
+ TODO: check
CVE-2021-3463 (A null pointer dereference vulnerability in Lenovo Power
Management Dr ...)
NOT-FOR-US: Lenovo
CVE-2021-3462 (A privilege escalation vulnerability in Lenovo Power Management
Driver ...)
@@ -6461,8 +6474,8 @@ CVE-2021-3453
RESERVED
CVE-2021-3452
RESERVED
-CVE-2021-3451
- RESERVED
+CVE-2021-3451 (A denial of service vulnerability was reported in Lenovo
PCManager, pr ...)
+ TODO: check
CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security
checks of ...)
- openssl 1.1.1k-1
[buster] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h)
@@ -7963,12 +7976,12 @@ CVE-2021-28273
RESERVED
CVE-2021-28272
RESERVED
-CVE-2021-28271
- RESERVED
+CVE-2021-28271 (Soyal Technologies SOYAL 701Server 9.0.1 suffers from an
elevation of ...)
+ TODO: check
CVE-2021-28270
RESERVED
-CVE-2021-28269
- RESERVED
+CVE-2021-28269 (Soyal Technology 701Client 9.0.1 is vulnerable to Insecure
permissions ...)
+ TODO: check
CVE-2021-28268
RESERVED
CVE-2021-28267
@@ -8350,8 +8363,7 @@ CVE-2021-28127
RESERVED
CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG)
before 3.1 ...)
NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
-CVE-2021-28125
- RESERVED
+CVE-2021-28125 (Apache Superset up to and including 1.0.1 allowed for the
creation of ...)
NOT-FOR-US: Apache Superset
CVE-2021-28124 (A man-in-the-middle vulnerability in Cohesity DataPlatform
support cha ...)
NOT-FOR-US: Cohesity DataPlatform support channel
@@ -9877,8 +9889,8 @@ CVE-2021-27482
RESERVED
CVE-2021-27481
RESERVED
-CVE-2021-27480
- RESERVED
+CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are
vulnera ...)
+ TODO: check
CVE-2021-27479
RESERVED
CVE-2021-27478
@@ -21133,16 +21145,16 @@ CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and
prior is vulnerable to a sta
NOT-FOR-US: Fatek FvDesigner
CVE-2021-22665 (Rockwell Automation DriveTools SP v5.13 and below and Drives
AOP v4.12 ...)
NOT-FOR-US: Rockwell Automation
-CVE-2021-22664
- RESERVED
+CVE-2021-22664 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an
out-of-bounds ...)
+ TODO: check
CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper
validation of u ...)
NOT-FOR-US: Cscape
CVE-2021-22662 (A use after free issue has been identified in Fatek FvDesigner
Version ...)
NOT-FOR-US: Fatek FvDesigner
CVE-2021-22661 (Changing the password on the module webpage does not require
the user ...)
NOT-FOR-US: ProSoft Technology
-CVE-2021-22660
- RESERVED
+CVE-2021-22660 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an
out-of-bounds ...)
+ TODO: check
CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may
allow a ...)
NOT-FOR-US: Rockwell Automation
CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable
to a SQL ...)
@@ -27231,10 +27243,10 @@ CVE-2021-20552
RESERVED
CVE-2021-20551
RESERVED
-CVE-2021-20550
- RESERVED
-CVE-2021-20549
- RESERVED
+CVE-2021-20550 (IBM Content Navigator 3.0.CD is vulnerable to cross-site
scripting. Th ...)
+ TODO: check
+CVE-2021-20549 (IBM Content Navigator 3.0.CD is vulnerable to cross-site
scripting. Th ...)
+ TODO: check
CVE-2021-20548
RESERVED
CVE-2021-20547
@@ -27435,8 +27447,8 @@ CVE-2021-20450
RESERVED
CVE-2021-20449
RESERVED
-CVE-2021-20448
- RESERVED
+CVE-2021-20448 (IBM Content Navigator 3.0.CD is vulnerable to cross-site
scripting. Th ...)
+ TODO: check
CVE-2021-20447 (IBM Jazz Foundation Products are vulnerable to cross-site
scripting. T ...)
NOT-FOR-US: IBM
CVE-2021-20446 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to
cross-site ...)
@@ -28628,8 +28640,8 @@ CVE-2020-35544
RESERVED
CVE-2020-35543
RESERVED
-CVE-2020-35542
- RESERVED
+CVE-2020-35542 (Unisys Data Exchange Management Studio through 5.0.34 doesn't
sanitize ...)
+ TODO: check
CVE-2020-35541
RESERVED
CVE-2020-35540
@@ -52386,14 +52398,14 @@ CVE-2020-22003
RESERVED
CVE-2020-22002
RESERVED
-CVE-2020-22001
- RESERVED
-CVE-2020-22000
- RESERVED
+CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass
vulnerabili ...)
+ TODO: check
+CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command
executio ...)
+ TODO: check
CVE-2020-21999
RESERVED
-CVE-2020-21998
- RESERVED
+CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET
parameter ...)
+ TODO: check
CVE-2020-21997
RESERVED
CVE-2020-21996
@@ -52410,12 +52422,12 @@ CVE-2020-21991
RESERVED
CVE-2020-21990
RESERVED
-CVE-2020-21989
- RESERVED
+CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery
(CSRF). ...)
+ TODO: check
CVE-2020-21988
RESERVED
-CVE-2020-21987
- RESERVED
+CVE-2020-21987 (HomeAutomation 3.3.2 is affected by persistent Cross Site
Scripting (X ...)
+ TODO: check
CVE-2020-21986
RESERVED
CVE-2020-21985
@@ -61399,8 +61411,7 @@ CVE-2020-17519 (A change introduced in Apache Flink
1.11.0 (and released in 1.11
NOT-FOR-US: Apache Flink
CVE-2020-17518 (Apache Flink 1.5.1 introduced a REST handler that allows you
to write ...)
NOT-FOR-US: Apache Flink
-CVE-2020-17517
- RESERVED
+CVE-2020-17517 (The S3 buckets and keys in a secure Apache Ozone Cluster must
be inacc ...)
NOT-FOR-US: Apache Ozone
CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19,
3.0.0 to 3 ...)
- cassandra <itp> (bug #585905)
@@ -95456,8 +95467,8 @@ CVE-2020-4983 (IBM Spectrum LSF 10.1 and IBM Spectrum
LSF Suite 10.2 could allow
NOT-FOR-US: IBM
CVE-2020-4982
RESERVED
-CVE-2020-4981
- RESERVED
+CVE-2020-4981 (IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local
privile ...)
+ TODO: check
CVE-2020-4980
RESERVED
CVE-2020-4979
@@ -293509,7 +293520,7 @@ CVE-2016-2393 (Lenovo Fingerprint Manager before
8.01.57 and Touch Fingerprint b
NOT-FOR-US: Lenovo
CVE-2016-2389 (Directory traversal vulnerability in the GetFileList function
in the S ...)
NOT-FOR-US: SAP
-CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4
allows remot ...)
+CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver AS JAVA
7.4 allo ...)
NOT-FOR-US: SAP
CVE-2016-2387 (Multiple cross-site scripting (XSS) vulnerabilities in the Java
Proxy ...)
NOT-FOR-US: SAP
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6824b56e45a683bccaf9a10debf033c00f37196
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6824b56e45a683bccaf9a10debf033c00f37196
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
