Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
026d7e45 by security tracker role at 2021-05-05T20:10:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,126 @@
-CVE-2021-32055 [out-of-bounds read in situations where an IMAP sequence set
ends with a comma]
+CVE-2021-3536
+ RESERVED
+CVE-2021-3535
+ RESERVED
+CVE-2021-32061
+ RESERVED
+CVE-2021-32060
+ RESERVED
+CVE-2021-32059
+ RESERVED
+CVE-2021-32058
+ RESERVED
+CVE-2021-32057
+ RESERVED
+CVE-2021-32056
+ RESERVED
+CVE-2021-32054
+ RESERVED
+CVE-2021-32053
+ RESERVED
+CVE-2021-32052
+ RESERVED
+CVE-2021-32051
+ RESERVED
+CVE-2021-32050
+ RESERVED
+CVE-2021-32049
+ RESERVED
+CVE-2021-32048
+ RESERVED
+CVE-2021-32047
+ RESERVED
+CVE-2021-32046
+ RESERVED
+CVE-2021-32045
+ RESERVED
+CVE-2021-32044
+ RESERVED
+CVE-2021-32043
+ RESERVED
+CVE-2021-32042
+ RESERVED
+CVE-2021-32041
+ RESERVED
+CVE-2021-32040
+ RESERVED
+CVE-2021-32039
+ RESERVED
+CVE-2021-32038
+ RESERVED
+CVE-2021-32037
+ RESERVED
+CVE-2021-32036
+ RESERVED
+CVE-2021-32035
+ RESERVED
+CVE-2021-32034
+ RESERVED
+CVE-2021-32033
+ RESERVED
+CVE-2021-32032
+ RESERVED
+CVE-2021-32031
+ RESERVED
+CVE-2020-36362
+ RESERVED
+CVE-2020-36361
+ RESERVED
+CVE-2020-36360
+ RESERVED
+CVE-2020-36359
+ RESERVED
+CVE-2020-36358
+ RESERVED
+CVE-2020-36357
+ RESERVED
+CVE-2020-36356
+ RESERVED
+CVE-2020-36355
+ RESERVED
+CVE-2020-36354
+ RESERVED
+CVE-2020-36353
+ RESERVED
+CVE-2020-36352
+ RESERVED
+CVE-2020-36351
+ RESERVED
+CVE-2020-36350
+ RESERVED
+CVE-2020-36349
+ RESERVED
+CVE-2020-36348
+ RESERVED
+CVE-2020-36347
+ RESERVED
+CVE-2020-36346
+ RESERVED
+CVE-2020-36345
+ RESERVED
+CVE-2020-36344
+ RESERVED
+CVE-2020-36343
+ RESERVED
+CVE-2020-36342
+ RESERVED
+CVE-2020-36341
+ RESERVED
+CVE-2020-36340
+ RESERVED
+CVE-2020-36339
+ RESERVED
+CVE-2020-36338
+ RESERVED
+CVE-2020-36337
+ RESERVED
+CVE-2020-36336
+ RESERVED
+CVE-2020-36335
+ RESERVED
+CVE-2016-20010 (EWWW Image Optimizer before 2.8.5 allows remote command
execution beca ...)
+ TODO: check
+CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25
through ...)
- mutt <unfixed> (bug #988106)
[buster] - mutt <not-affected> (Vulnerable code introduced later)
[stretch] - mutt <not-affected> (Vulnerable code introduced later)
@@ -642,8 +764,8 @@ CVE-2021-31802 (NETGEAR R7000 1.0.11.116 devices have a
heap-based Buffer Overfl
NOT-FOR-US: Netgear
CVE-2021-31801
RESERVED
-CVE-2021-31800
- RESERVED
+CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py
in Impac ...)
+ TODO: check
CVE-2021-31799
RESERVED
CVE-2021-31798
@@ -1156,8 +1278,7 @@ CVE-2021-31544
RESERVED
CVE-2021-31543
RESERVED
-CVE-2021-31542
- RESERVED
+CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before
3.2.1, M ...)
- python-django 2:2.2.21-1 (bug #988053)
NOTE:
https://www.djangoproject.com/weblog/2021/may/04/security-releases/
NOTE:
https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3
(main)
@@ -1166,7 +1287,7 @@ CVE-2021-31541
RESERVED
CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default
installation) has i ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2021-31539 (Wowza Streaming Engine through 4.8.5 (in a default
installation) has c ...)
+CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01 (in a default
installation) has ...)
NOT-FOR-US: Wowza Streaming Engine
CVE-2021-31538
RESERVED
@@ -1225,10 +1346,10 @@ CVE-2021-31520
RESERVED
CVE-2021-31519
RESERVED
-CVE-2021-31518
- RESERVED
-CVE-2021-31517
- RESERVED
+CVE-2021-31518 (Trend Micro Home Network Security 6.5.599 and earlier is
vulnerable to ...)
+ TODO: check
+CVE-2021-31517 (Trend Micro Home Network Security 6.5.599 and earlier is
vulnerable to ...)
+ TODO: check
CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an
infinit ...)
- pdfresurrect <unfixed> (unimportant)
NOTE: https://github.com/enferex/pdfresurrect/issues/17
@@ -5796,8 +5917,8 @@ CVE-2021-29491
RESERVED
CVE-2021-29490
RESERVED
-CVE-2021-29489
- RESERVED
+CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG.
In Highch ...)
+ TODO: check
CVE-2021-29488
RESERVED
CVE-2021-29487
@@ -6442,18 +6563,18 @@ CVE-2021-29252
RESERVED
CVE-2021-29251 (BTCPay Server before 1.0.7.1 mishandles the policy setting in
which us ...)
NOT-FOR-US: BTCPay Server
-CVE-2021-29250
- RESERVED
+CVE-2021-29250 (BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site
Scripti ...)
+ TODO: check
CVE-2021-29249 (BTCPay Server before 1.0.6.0, when the payment button is used,
has a p ...)
NOT-FOR-US: BTCPay Server
-CVE-2021-29248
- RESERVED
-CVE-2021-29247
- RESERVED
-CVE-2021-29246
- RESERVED
-CVE-2021-29245
- RESERVED
+CVE-2021-29248 (BTCPay Server through 1.0.7.0 could allow a remote attacker to
obtain ...)
+ TODO: check
+CVE-2021-29247 (BTCPay Server through 1.0.7.0 could allow a remote attacker to
obtain ...)
+ TODO: check
+CVE-2021-29246 (BTCPay Server through 1.0.7.0 suffers from directory
traversal, which ...)
+ TODO: check
+CVE-2021-29245 (BTCPay Server through 1.0.7.0 uses a weak method Next to
produce pseud ...)
+ TODO: check
CVE-2021-29244
RESERVED
CVE-2021-29243
@@ -6767,8 +6888,8 @@ CVE-2021-29102
RESERVED
CVE-2021-29101
RESERVED
-CVE-2021-29100
- RESERVED
+CVE-2021-29100 (A path traversal vulnerability exists in Esri ArcGIS Earth
versions 1. ...)
+ TODO: check
CVE-2021-29099
RESERVED
CVE-2021-29098 (Multiple uninitialized pointer vulnerabilities when parsing a
speciall ...)
@@ -15818,14 +15939,12 @@ CVE-2021-25321
RESERVED
CVE-2021-25320
RESERVED
-CVE-2021-25319
- RESERVED
+CVE-2021-25319 (A Incorrect Default Permissions vulnerability in the packaging
of virt ...)
- virtualbox <not-affected> (openSUSE specific security issue in the
openSUSE packaging)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/2
CVE-2021-25318
RESERVED
-CVE-2021-25317
- RESERVED
+CVE-2021-25317 (A Incorrect Default Permissions vulnerability in the packaging
of cups ...)
- cups <not-affected> (In Debian /var/log/cups is owned by root:root)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1949119
CVE-2021-25316 (A Insecure Temporary File vulnerability in s390-tools of SUSE
Linux En ...)
@@ -28278,16 +28397,16 @@ CVE-2021-20403 (IBM Security Verify Information Queue
1.0.6 and 1.0.7 is vulnera
NOT-FOR-US: IBM
CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could
allow a re ...)
NOT-FOR-US: IBM
-CVE-2021-20401
- RESERVED
+CVE-2021-20401 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials,
such as a ...)
+ TODO: check
CVE-2021-20400
RESERVED
CVE-2021-20399
RESERVED
CVE-2021-20398
RESERVED
-CVE-2021-20397
- RESERVED
+CVE-2021-20397 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site
scripting. Thi ...)
+ TODO: check
CVE-2021-20396
RESERVED
CVE-2021-20395
@@ -28728,8 +28847,7 @@ CVE-2021-20255 (A stack overflow via an infinite
recursion vulnerability was fou
[buster] - qemu <postponed> (Minor issue)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
-CVE-2021-20254 [Negative idmap cache entries can cause incorrect group entries
in the Samba file server process token]
- RESERVED
+CVE-2021-20254 (A flaw was found in samba. The Samba smbd file server must map
Windows ...)
- samba <unfixed> (bug #987811)
[buster] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2021-20254.html
@@ -38967,45 +39085,46 @@ CVE-2020-28027
RESERVED
CVE-2020-28026
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28025
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by:
https://git.exim.org/exim.git/commit/80a47a2c9633437d4ceebd214cd44abfbd4f4543
(exim-4_70_RC3)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28024
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28023
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by:
https://git.exim.org/exim.git/commit/18481de384caecff421f23f715be916403f5d0ee
(exim-4_88_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28022
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by:
https://git.exim.org/exim.git/commit/d7a2c8337f7b615763d4429ab27653862756b6fb
(exim-4_89_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28021
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28020
RESERVED
+ {DLA-2650-1}
- exim4 4.92~RC5-1
NOTE: Fixed by:
https://git.exim.org/exim.git/commit/56ac062a3ff94fc4e1bbfc2293119c079a4e980b
(exim-4.92-RC5)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28019
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: Introduced by:
https://git.exim.org/exim.git/commit/7e3ce68e68ab9b8906a637d352993abf361554e2
(exim-4_88_RC1)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
@@ -39019,7 +39138,7 @@ CVE-2020-28018
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28017
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28016
@@ -39031,27 +39150,27 @@ CVE-2020-28016
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28015
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28014
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28013
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28012
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28011
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28010
@@ -39063,17 +39182,17 @@ CVE-2020-28010
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28009
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28008
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-28007
RESERVED
- {DSA-4912-1}
+ {DSA-4912-1 DLA-2650-1}
- exim4 4.94.2-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
CVE-2020-25692 (A NULL pointer dereference was found in OpenLDAP server and
was fixed ...)
@@ -72269,18 +72388,15 @@ CVE-2020-13668
RESERVED
CVE-2020-13667
RESERVED
-CVE-2020-13666 [SA-CORE-2020-007]
- RESERVED
+CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX
API doe ...)
{DLA-2458-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2020-007
NOTE:
https://github.com/drupal/drupal/commit/cd3721550d988240ef6e682bd1cae2939c6e9e5a
-CVE-2020-13665
- RESERVED
+CVE-2020-13665 (Access bypass vulnerability in Drupal Core allows JSON:API
when JSON:A ...)
- drupal7 <not-affected> (Drupal 7 not affected)
NOTE: https://www.drupal.org/sa-core-2020-006
-CVE-2020-13664
- RESERVED
+CVE-2020-13664 (Arbitrary PHP code execution vulnerability in Drupal Core
under certai ...)
- drupal7 <not-affected> (Drupal 7 not affected)
NOTE: https://www.drupal.org/sa-core-2020-005
CVE-2020-13663 [Drupal SA 2020-004]
@@ -72486,8 +72602,7 @@ CVE-2020-13594 (The Bluetooth Low Energy (BLE)
controller implementation in Espr
NOT-FOR-US: Espressif
CVE-2020-13593 (The Bluetooth Low Energy Secure Manager Protocol (SMP)
implementation ...)
NOT-FOR-US: Espressif
-CVE-2020-13662 [Drupal SA 2020-003]
- RESERVED
+CVE-2020-13662 (Open Redirect vulnerability in Drupal Core allows a user to be
tricked ...)
{DSA-4693-1 DLA-2250-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2020-003
@@ -85863,9 +85978,9 @@ CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows
Intent Scheme Hijacking.[a
NOT-FOR-US: OpenSearch Web browser
CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP
authentication by ...)
NOT-FOR-US: OpenVPN Access Server
-CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the
logout.jsp ti ...)
+CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or
higher, allow ...)
NOT-FOR-US: Fiserv Accurate Reconciliation
-CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source
or Des ...)
+CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or
higher, allow ...)
NOT-FOR-US: Fiserv Accurate Reconciliation
CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program
Launche ...)
NOT-FOR-US: Radeon AMD User Experience Program Launcher
@@ -96276,8 +96391,8 @@ CVE-2020-5015 (IBM Elastic Storage System 6.0.0 through
6.0.1.2 and IBM Elastic
NOT-FOR-US: IBM
CVE-2020-5014 (IBM DataPower Gateway V10 and V2018 could allow a local
attacker with ...)
NOT-FOR-US: IBM
-CVE-2020-5013
- RESERVED
+CVE-2020-5013 (IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External
Entity In ...)
+ TODO: check
CVE-2020-5012
RESERVED
CVE-2020-5011
@@ -96316,8 +96431,8 @@ CVE-2020-4995 (IBM Security Identity Governance and
Intelligence 5.2.6 does not
NOT-FOR-US: IBM
CVE-2020-4994
RESERVED
-CVE-2020-4993
- RESERVED
+CVE-2020-4993 (IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying
signature ...)
+ TODO: check
CVE-2020-4992
RESERVED
CVE-2020-4991
@@ -96344,8 +96459,8 @@ CVE-2020-4981 (IBM Spectrum Scale 5.0.4.1 through
5.1.0.3 could allow a local pr
NOT-FOR-US: IBM
CVE-2020-4980
RESERVED
-CVE-2020-4979
- RESERVED
+CVE-2020-4979 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure
inter-deployment ...)
+ TODO: check
CVE-2020-4978
RESERVED
CVE-2020-4977
@@ -96438,14 +96553,14 @@ CVE-2020-4934 (IBM Content Navigator 3.0.CD could
allow a remote attacker to tra
NOT-FOR-US: IBM
CVE-2020-4933 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is
vulnerabl ...)
NOT-FOR-US: IBM
-CVE-2020-4932
- RESERVED
+CVE-2020-4932 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials,
such as a ...)
+ TODO: check
CVE-2020-4931 (IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow
an authe ...)
NOT-FOR-US: IBM
CVE-2020-4930
RESERVED
-CVE-2020-4929
- RESERVED
+CVE-2020-4929 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site
scripting. Thi ...)
+ TODO: check
CVE-2020-4928 (IBM Cloud Pak System 2.3 could allow a local privileged
attacker to up ...)
NOT-FOR-US: IBM
CVE-2020-4927
@@ -96536,8 +96651,8 @@ CVE-2020-4885
RESERVED
CVE-2020-4884 (IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores
user c ...)
NOT-FOR-US: IBM
-CVE-2020-4883
- RESERVED
+CVE-2020-4883 (IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive
information about ...)
+ TODO: check
CVE-2020-4882 (IBM Planning Analytics 2.0 could be vulnerable to a Server-Side
Reques ...)
NOT-FOR-US: IBM
CVE-2020-4881 (IBM Planning Analytics 2.0 could allow a remote attacker to
obtain sen ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/026d7e4531207aed861e0b83e483c64de4ed7522
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/026d7e4531207aed861e0b83e483c64de4ed7522
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
