Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
732909f4 by security tracker role at 2021-04-30T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3528
+ RESERVED
+CVE-2021-3527
+ RESERVED
+CVE-2021-3526
+ RESERVED
+CVE-2021-3525
+ RESERVED
+CVE-2021-3524
+ RESERVED
CVE-2021-3523
RESERVED
CVE-2021-31921
@@ -1568,10 +1578,10 @@ CVE-2021-31234
RESERVED
CVE-2021-31233
RESERVED
-CVE-2021-31232
- RESERVED
-CVE-2021-31231
- RESERVED
+CVE-2021-31232 (The Alertmanager in CNCF Cortex before 1.8.1 has a local file
disclosu ...)
+ TODO: check
+CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1
and Metric ...)
+ TODO: check
CVE-2021-31230
RESERVED
CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The
function ezx ...)
@@ -4317,7 +4327,7 @@ CVE-2021-29999 (An issue was discovered in Wind River
VxWorks through 6.8. There
NOT-FOR-US: Wind River VxWorks
CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5.
There is a p ...)
NOT-FOR-US: Wind River VxWorks
-CVE-2021-29997 (XML External Entity Resolution (XXE) in Helix ALM. The XML
Import func ...)
+CVE-2021-29997 (An issue was discovered in Wind River VxWorks 7 before 21.03.
A specia ...)
NOT-FOR-US: Helix ALM
CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command
execution. ...)
NOT-FOR-US: marktext
@@ -5471,8 +5481,8 @@ CVE-2021-29488
RESERVED
CVE-2021-29487
RESERVED
-CVE-2021-29486
- RESERVED
+CVE-2021-29486 (cumulative-distribution-function is an open source npm library
used wh ...)
+ TODO: check
CVE-2021-29485
RESERVED
CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the
developmen ...)
@@ -5544,10 +5554,10 @@ CVE-2021-29466 (Discord-Recon is a bot for the Discord
chat service. In versions
NOT-FOR-US: Discord-Recon
CVE-2021-29465 (Discord-Recon is a bot for the Discord chat service. Versions
of Disco ...)
NOT-FOR-US: Discord-Recon
-CVE-2021-29464
- RESERVED
-CVE-2021-29463
- RESERVED
+CVE-2021-29464 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ TODO: check
+CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
+ TODO: check
CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of
UPnP de ...)
- pupnp-1.8 <unfixed> (bug #987326)
- libupnp <removed>
@@ -6726,8 +6736,8 @@ CVE-2021-28961
(applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in t
NOT-FOR-US: DDNS package for OpenWrt
CVE-2021-28960
RESERVED
-CVE-2021-28959
- RESERVED
+CVE-2021-28959 (Zoho ManageEngine Eventlog Analyzer through 12147 is
vulnerable to una ...)
+ TODO: check
CVE-2021-28958
RESERVED
CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial
vscode-sass-lint (aka S ...)
@@ -11746,8 +11756,8 @@ CVE-2021-26809 (PHPGurukul Car Rental Project version
2.0 suffers from a remote
NOT-FOR-US: PHPGurukul Car Rental Project
CVE-2021-26808
RESERVED
-CVE-2021-26807
- RESERVED
+CVE-2021-26807 (GalaxyClient version 2.0.28.9 loads unsigned DLLs such as
zlib1.dll, l ...)
+ TODO: check
CVE-2021-26806
RESERVED
CVE-2021-26805 (Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a
Denial o ...)
@@ -23773,14 +23783,14 @@ CVE-2021-21539
RESERVED
CVE-2021-21538
RESERVED
-CVE-2021-21537
- RESERVED
-CVE-2021-21536
- RESERVED
-CVE-2021-21535
- RESERVED
-CVE-2021-21534
- RESERVED
+CVE-2021-21537 (Dell Hybrid Client versions prior to 1.5 contain an
information exposu ...)
+ TODO: check
+CVE-2021-21536 (Dell Hybrid Client versions prior to 1.5 contain an
information exposu ...)
+ TODO: check
+CVE-2021-21535 (Dell Hybrid Client versions prior to 1.5 contain a missing
authenticat ...)
+ TODO: check
+CVE-2021-21534 (Dell Hybrid Client versions prior to 1.5 contain an
information exposu ...)
+ TODO: check
CVE-2021-21533 (Wyse Management Suite versions up to 3.2 contains a
vulnerability wher ...)
NOT-FOR-US: Wyse Management Suite
CVE-2021-21532 (Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper
manageme ...)
@@ -27658,8 +27668,8 @@ CVE-2021-20517
RESERVED
CVE-2021-20516
RESERVED
-CVE-2021-20515
- RESERVED
+CVE-2021-20515 (IBM Informix Dynamic Server 14.10 is vulnerable to a stack
based buffe ...)
+ TODO: check
CVE-2021-20514
RESERVED
CVE-2021-20513
@@ -28038,8 +28048,8 @@ CVE-2021-20328 (Specific versions of the Java driver
that support client-side fi
NOTE: Fixed by:
https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption
module doe ...)
NOT-FOR-US: Node mongodb-client-encryption
-CVE-2021-20326
- RESERVED
+CVE-2021-20326 (A user authorized to performing a specific type of find query
may trig ...)
+ TODO: check
CVE-2021-20325
RESERVED
CVE-2021-20324
@@ -28283,8 +28293,7 @@ CVE-2021-20267
[stretch] - neutron <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/neutron/+bug/1902917
NOTE: https://review.opendev.org/c/openstack/neutron/+/776599
-CVE-2021-20266
- RESERVED
+CVE-2021-20266 (A flaw was found in RPM's hdrblobInit() in lib/header.c. This
flaw all ...)
- rpm <unfixed> (bug #985308)
[bullseye] - rpm <no-dsa> (Minor issue)
[buster] - rpm <no-dsa> (Minor issue)
@@ -40531,8 +40540,8 @@ CVE-2020-27521
RESERVED
CVE-2020-27520
RESERVED
-CVE-2020-27519
- RESERVED
+CVE-2020-27519 (Pritunl Client v1.2.2550.20 contains a local privilege
escalation vuln ...)
+ TODO: check
CVE-2020-27518
RESERVED
CVE-2020-27517
@@ -46719,8 +46728,8 @@ CVE-2020-24920
RESERVED
CVE-2020-24919
RESERVED
-CVE-2020-24918
- RESERVED
+CVE-2020-24918 (A buffer overflow in the RTSP service of the Ambarella Oryx
RTSP Serve ...)
+ TODO: check
CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to
DraftAjaxA ...)
NOT-FOR-US: osTicket
CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7
is vulner ...)
@@ -67471,8 +67480,8 @@ CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected
by Cross Site Scripting (
NOT-FOR-US: baserCMS
CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting
(XSS) v ...)
NOT-FOR-US: baserCMS
-CVE-2020-15153
- RESERVED
+CVE-2020-15153 (Ampache before version 4.2.2 allows unauthenticated users to
perform S ...)
+ TODO: check
CVE-2020-15152 (ftp-srv is an npm package which is a modern and extensible FTP
server ...)
NOT-FOR-US: Node ftp-srv
CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows
attackers to cir ...)
@@ -88531,8 +88540,7 @@ CVE-2020-7733 (The package ua-parser-js before 0.7.22
are vulnerable to Regular
NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226
CVE-2020-7732
RESERVED
-CVE-2020-7731
- RESERVED
+CVE-2020-7731 (This affects all versions of package
github.com/russellhaering/gosaml2 ...)
- golang-github-russellhaering-gosaml2 <itp> (bug #948190)
NOTE: https://github.com/russellhaering/gosaml2/issues/59
NOTE:
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302
@@ -97728,8 +97736,8 @@ CVE-2020-4041 (In Bolt CMS before version 3.7.1, the
filename of uploaded files
NOT-FOR-US: Bolt CMS
CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the
preview ge ...)
NOT-FOR-US: Bolt CMS
-CVE-2020-4039
- RESERVED
+CVE-2020-4039 (SUSI.AI is an intelligent Open Source personal assistant.
SUSI.AI Serv ...)
+ TODO: check
CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before
versio ...)
NOT-FOR-US: Node graphql-playground-html
CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0,
users ...)
@@ -105167,8 +105175,7 @@ CVE-2020-1722 (A flaw was found in all ipa versions
4.x.x through 4.8.0. When se
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793071
NOTE:
https://pagure.io/freeipa/c/dbf5df4a66b68f62a9e063c43a30b46e539c603b (master)
NOTE:
https://pagure.io/freeipa/c/089a393581aa249ddec66ce1455fff4951cdb827 (ipa-4-8)
-CVE-2020-1721
- RESERVED
+CVE-2020-1721 (A flaw was found in the Key Recovery Authority (KRA) Agent
Service in ...)
- dogtag-pki 10.9.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579
NOTE:
https://github.com/dogtagpki/pki/commit/b3514113c867c9394dd84e313c55dc66f3e846b6
(v10.9.0-a2)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732909f4d69c7b1cf82474d1afbf9ce73e147863
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732909f4d69c7b1cf82474d1afbf9ce73e147863
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
