Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a60e246f by security tracker role at 2021-04-28T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-3522
+ RESERVED
+CVE-2021-3521
+ RESERVED
+CVE-2021-3520
+ RESERVED
+CVE-2021-31869
+ RESERVED
+CVE-2021-31868
+ RESERVED
+CVE-2021-31867
+ RESERVED
CVE-2021-3519
RESERVED
CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker
to lear ...)
@@ -794,8 +806,7 @@ CVE-2021-31518
RESERVED
CVE-2021-31517
RESERVED
-CVE-2021-3508 [infinite loop in get_xref_linear_skipped() in pdf.c]
- RESERVED
+CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an
infinit ...)
- pdfresurrect <unfixed> (unimportant)
NOTE: https://github.com/enferex/pdfresurrect/issues/17
NOTE:
https://github.com/enferex/pdfresurrect/commit/7e35d1806e111fd28610ccc86bb33f54792ac370
@@ -3732,14 +3743,14 @@ CVE-2021-30171
RESERVED
CVE-2021-30170
RESERVED
-CVE-2021-30169
- RESERVED
-CVE-2021-30168
- RESERVED
-CVE-2021-30167
- RESERVED
-CVE-2021-30166
- RESERVED
+CVE-2021-30169 (The sensitive information of webcam device is not properly
protected. ...)
+ TODO: check
+CVE-2021-30168 (The sensitive information of webcam device is not properly
protected. ...)
+ TODO: check
+CVE-2021-30167 (The manage users profile services of the network camera device
allows ...)
+ TODO: check
+CVE-2021-30166 (The NTP Server configuration function of the IP camera device
is not v ...)
+ TODO: check
CVE-2021-30165 (The default administrator account & password of the EDIMAX
wireles ...)
NOT-FOR-US: EDIMAX
CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers
to bypass ...)
@@ -5334,8 +5345,8 @@ CVE-2021-29484
RESERVED
CVE-2021-29483
RESERVED
-CVE-2021-29482
- RESERVED
+CVE-2021-29482 (xz is a compression and decompression library focusing on the
xz forma ...)
+ TODO: check
CVE-2021-29481
RESERVED
CVE-2021-29480
@@ -5616,10 +5627,10 @@ CVE-2021-29390
RESERVED
CVE-2021-29389
RESERVED
-CVE-2021-29388
- RESERVED
-CVE-2021-29387
- RESERVED
+CVE-2021-29388 (A stored cross-site scripting (XSS) vulnerability in
SourceCodester Bu ...)
+ TODO: check
+CVE-2021-29387 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Sourceco ...)
+ TODO: check
CVE-2021-29386
RESERVED
CVE-2021-29385
@@ -6119,8 +6130,8 @@ CVE-2021-29161
RESERVED
CVE-2021-29160
RESERVED
-CVE-2021-29159
- RESERVED
+CVE-2021-29159 (A cross-site scripting (XSS) vulnerability has been discovered
in Nexu ...)
+ TODO: check
CVE-2021-29158 (Sonatype Nexus Repository Manager 3 Pro up to and including
3.30.0 has ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2021-29157
@@ -9647,8 +9658,8 @@ CVE-2021-27650
RESERVED
CVE-2021-27649
RESERVED
-CVE-2021-27648
- RESERVED
+CVE-2021-27648 (Externally controlled reference to a resource in another
sphere in qua ...)
+ TODO: check
CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core
in Synolo ...)
NOT-FOR-US: Synology
CVE-2021-27646 (Use After Free vulnerability in iscsi_snapshot_comm_core in
Synology D ...)
@@ -15771,22 +15782,22 @@ CVE-2021-25156 (A remote arbitrary directory create
vulnerability was discovered
NOT-FOR-US: Aruba
CVE-2021-25155 (A remote arbitrary file modification vulnerability was
discovered in s ...)
NOT-FOR-US: Aruba
-CVE-2021-25154
- RESERVED
-CVE-2021-25153
- RESERVED
+CVE-2021-25154 (A remote escalation of privilege vulnerability was discovered
in Aruba ...)
+ TODO: check
+CVE-2021-25153 (A remote SQL injection vulnerability was discovered in Aruba
AirWave M ...)
+ TODO: check
CVE-2021-25152
RESERVED
-CVE-2021-25151
- RESERVED
+CVE-2021-25151 (A remote insecure deserialization vulnerability was discovered
in Arub ...)
+ TODO: check
CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was
discovered ...)
NOT-FOR-US: Aruba
CVE-2021-25149 (A remote buffer overflow vulnerability was discovered in some
Aruba In ...)
NOT-FOR-US: Aruba
CVE-2021-25148 (A remote arbitrary file modification vulnerability was
discovered in s ...)
NOT-FOR-US: Aruba
-CVE-2021-25147
- RESERVED
+CVE-2021-25147 (A remote authentication restriction bypass vulnerability was
discovere ...)
+ TODO: check
CVE-2021-25146 (A remote execution of arbitrary commands vulnerability was
discovered ...)
NOT-FOR-US: Aruba
CVE-2021-25145 (A remote unauthorized disclosure of information vulnerability
was disc ...)
@@ -19665,8 +19676,8 @@ CVE-2021-23366
RESERVED
CVE-2021-23365 (The package github.com/tyktechnologies/tyk-identity-broker
before 1.1. ...)
TODO: check
-CVE-2021-23364
- RESERVED
+CVE-2021-23364 (The package browserslist from 4.0.0 and before 4.16.5 are
vulnerable t ...)
+ TODO: check
CVE-2021-23363 (This affects the package kill-by-port before 0.0.2. If
(attacker-contr ...)
NOT-FOR-US: Node kill-by-port
CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to
Regular Exp ...)
@@ -21560,8 +21571,8 @@ CVE-2021-22516
RESERVED
CVE-2021-22515
RESERVED
-CVE-2021-22514
- RESERVED
+CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro
Focus Applic ...)
+ TODO: check
CVE-2021-22513 (Missing Authorization vulnerability in Micro Focus Application
Automat ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-22512 (Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus
Applica ...)
@@ -21803,8 +21814,8 @@ CVE-2021-22395
RESERVED
CVE-2021-22394
RESERVED
-CVE-2021-22393
- RESERVED
+CVE-2021-22393 (There is a denial of service vulnerability in some versions of
CloudEn ...)
+ TODO: check
CVE-2021-22392
RESERVED
CVE-2021-22391
@@ -21925,18 +21936,18 @@ CVE-2021-22334
RESERVED
CVE-2021-22333
RESERVED
-CVE-2021-22332
- RESERVED
-CVE-2021-22331
- RESERVED
-CVE-2021-22330
- RESERVED
+CVE-2021-22332 (There is a pointer double free vulnerability in some versions
of Cloud ...)
+ TODO: check
+CVE-2021-22331 (There is a JavaScript injection vulnerability in certain
Huawei smartp ...)
+ TODO: check
+CVE-2021-22330 (There is an out of bounds write vulnerability in Huawei
Smartphone HUA ...)
+ TODO: check
CVE-2021-22329
RESERVED
CVE-2021-22328
RESERVED
-CVE-2021-22327
- RESERVED
+CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei
smart phone ...)
+ TODO: check
CVE-2021-22326
RESERVED
CVE-2021-22325
@@ -52561,18 +52572,18 @@ CVE-2020-21998 (In HomeAutomation 3.3.2 input passed
via the 'redirect' GET para
NOT-FOR-US: HomeAutomation
CVE-2020-21997
RESERVED
-CVE-2020-21996
- RESERVED
+CVE-2020-21996 (AVE DOMINAplus <=1.10.x suffers from an unauthenticated
reboot comm ...)
+ TODO: check
CVE-2020-21995
RESERVED
-CVE-2020-21994
- RESERVED
-CVE-2020-21993
- RESERVED
+CVE-2020-21994 (AVE DOMINAplus <=1.10.x suffers from clear-text credentials
disclos ...)
+ TODO: check
+CVE-2020-21993 (In WEMS Limited Enterprise Manager 2.58, input passed to the
GET param ...)
+ TODO: check
CVE-2020-21992
RESERVED
-CVE-2020-21991
- RESERVED
+CVE-2020-21991 (AVE DOMINAplus <=1.10.x suffers from an authentication
bypass vulne ...)
+ TODO: check
CVE-2020-21990
RESERVED
CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery
(CSRF). ...)
@@ -60535,14 +60546,14 @@ CVE-2020-18024
RESERVED
CVE-2020-18023
RESERVED
-CVE-2020-18022
- RESERVED
+CVE-2020-18022 (Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier
allows r ...)
+ TODO: check
CVE-2020-18021
RESERVED
-CVE-2020-18020
- RESERVED
-CVE-2020-18019
- RESERVED
+CVE-2020-18020 (SQL Injection in PHPSHE Mall System v1.7 allows remote
attackers to ex ...)
+ TODO: check
+CVE-2020-18019 (SQL Injection in Xinhu OA System v1.8.3 allows remote
attackers to obt ...)
+ TODO: check
CVE-2020-18018
RESERVED
CVE-2020-18017
@@ -60581,8 +60592,8 @@ CVE-2020-18001
RESERVED
CVE-2020-18000
RESERVED
-CVE-2020-17999
- RESERVED
+CVE-2020-17999 (Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote
attackers to ...)
+ TODO: check
CVE-2020-17998
RESERVED
CVE-2020-17997
@@ -89682,8 +89693,8 @@ CVE-2020-7125 (A remote escalation of privilege
vulnerability was discovered in
NOT-FOR-US: Aruba
CVE-2020-7124 (A remote unauthorized access vulnerability was discovered in
Aruba Air ...)
NOT-FOR-US: Aruba
-CVE-2020-7123
- RESERVED
+CVE-2020-7123 (A local escalation of privilege vulnerability was discovered in
Aruba ...)
+ TODO: check
CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches
Series ...)
NOT-FOR-US: Aruba
CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches
Series ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a60e246fe00d1b78afa609941fc7ac10af7fbea7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a60e246fe00d1b78afa609941fc7ac10af7fbea7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
