Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
100208dd by security tracker role at 2021-05-14T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -439,16 +439,16 @@ CVE-2021-32822
RESERVED
CVE-2021-32821
RESERVED
-CVE-2021-32820
- RESERVED
-CVE-2021-32819
- RESERVED
-CVE-2021-32818
- RESERVED
-CVE-2021-32817
- RESERVED
-CVE-2021-32816
- RESERVED
+CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express.
Express-ha ...)
+ TODO: check
+CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that
works o ...)
+ TODO: check
+CVE-2021-32818 (haml-coffee is a JavaScript templating solution. haml-coffee
mixes pur ...)
+ TODO: check
+CVE-2021-32817 (express-hbs is an Express handlebars template engine.
express-hbs mixe ...)
+ TODO: check
+CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for
the Pro ...)
+ TODO: check
CVE-2021-32815
RESERVED
CVE-2021-32814
@@ -857,8 +857,7 @@ CVE-2021-32614 [read in memcpy() for up to 204 bytes in
fill_mishblk()]
RESERVED
- dmg2img <unfixed>
NOTE: https://github.com/Lekensteyn/dmg2img/issues/11
-CVE-2021-32613 [double free in pyc parse via creafted file]
- RESERVED
+CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability
in the p ...)
- radare2 <unfixed>
NOTE: https://github.com/radareorg/radare2/issues/18679
NOTE:
https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc
@@ -6483,8 +6482,8 @@ CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to
execute arbitrary code via c
[stretch] - gnuchess <postponed> (Minor issue in a game; can be fixed
in next update)
NOTE:
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
NOTE:
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html
-CVE-2021-30183
- RESERVED
+CVE-2021-30183 (Cleartext storage of sensitive information in multiple
versions of Oct ...)
+ TODO: check
CVE-2021-30182
RESERVED
CVE-2021-30181
@@ -8098,8 +8097,8 @@ CVE-2021-29514
RESERVED
CVE-2021-29513
RESERVED
-CVE-2021-29512
- RESERVED
+CVE-2021-29512 (TensorFlow is an end-to-end open source platform for machine
learning. ...)
+ TODO: check
CVE-2021-29511 (evm is a pure Rust implementation of Ethereum Virtual Machine.
Prior t ...)
TODO: check
CVE-2021-29510 (Pydantic is a data validation and settings management using
Python typ ...)
@@ -16621,12 +16620,12 @@ CVE-2021-25945
RESERVED
CVE-2021-25944
RESERVED
-CVE-2021-25943
- RESERVED
+CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0
through 1.6. ...)
+ TODO: check
CVE-2021-25942
RESERVED
-CVE-2021-25941
- RESERVED
+CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions
1.0.0 th ...)
+ TODO: check
CVE-2021-25940
RESERVED
CVE-2021-25939
@@ -20467,36 +20466,36 @@ CVE-2021-24293 (In the eCommerce module of the
NextGEN Gallery Pro WordPress plu
NOT-FOR-US: NextGEN Gallery Pro WordPress plugin
CVE-2021-24292
RESERVED
-CVE-2021-24291
- RESERVED
+CVE-2021-24291 (The Photo Gallery by 10Web – Mobile-Friendly Image
Gallery WordP ...)
+ TODO: check
CVE-2021-24290
RESERVED
CVE-2021-24289
RESERVED
CVE-2021-24288
RESERVED
-CVE-2021-24287
- RESERVED
-CVE-2021-24286
- RESERVED
-CVE-2021-24285
- RESERVED
-CVE-2021-24284
- RESERVED
-CVE-2021-24283
- RESERVED
-CVE-2021-24282
- RESERVED
-CVE-2021-24281
- RESERVED
-CVE-2021-24280
- RESERVED
-CVE-2021-24279
- RESERVED
-CVE-2021-24278
- RESERVED
-CVE-2021-24277
- RESERVED
+CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies,
Change ...)
+ TODO: check
+CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress
plugin befor ...)
+ TODO: check
+CVE-2021-24285 (The request_list_request AJAX call of the Car Seller - Auto
Classified ...)
+ TODO: check
+CVE-2021-24284 (The Kaswara Modern VC Addons WordPress plugin through 3.0.1
allows una ...)
+ TODO: check
+CVE-2021-24283 (The tab GET parameter of the settings page is not sanitised or
escaped ...)
+ TODO: check
+CVE-2021-24282 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, a ...)
+ TODO: check
+CVE-2021-24281 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, a ...)
+ TODO: check
+CVE-2021-24280 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, a ...)
+ TODO: check
+CVE-2021-24279 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, l ...)
+ TODO: check
+CVE-2021-24278 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, u ...)
+ TODO: check
+CVE-2021-24277 (The RSS for Yandex Turbo WordPress plugin before 1.30 did not
properly ...)
+ TODO: check
CVE-2021-24276 (The Contact Form by Supsystic WordPress plugin before 1.7.15
did not s ...)
NOT-FOR-US: Supsystic WordPress plugin
CVE-2021-24275 (The Popup by Supsystic WordPress plugin before 1.10.5 did not
sanitise ...)
@@ -20659,22 +20658,22 @@ CVE-2021-24197 (The wpDataTables – Tables &
Table Charts premium WordP
NOT-FOR-US: WordPress plugin
CVE-2021-24196 (The Social Slider Widget WordPress plugin before 1.8.5 allowed
Authent ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24195
- RESERVED
-CVE-2021-24194
- RESERVED
-CVE-2021-24193
- RESERVED
-CVE-2021-24192
- RESERVED
-CVE-2021-24191
- RESERVED
-CVE-2021-24190
- RESERVED
-CVE-2021-24189
- RESERVED
-CVE-2021-24188
- RESERVED
+CVE-2021-24195 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24194 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24193 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24192 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24191 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24190 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24189 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
+ TODO: check
+CVE-2021-24188 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
+ TODO: check
CVE-2021-24187 (The setting page of the SEO Redirection Plugin - 301 Redirect
Manager ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24186 (The tutor_answering_quiz_question/get_answer_by_id function
pair from ...)
@@ -30376,10 +30375,10 @@ CVE-2021-20567
RESERVED
CVE-2021-20566
RESERVED
-CVE-2021-20565
- RESERVED
-CVE-2021-20564
- RESERVED
+CVE-2021-20565 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1,
1.6.0.0, ...)
+ TODO: check
+CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1,
1.6.0.0, ...)
+ TODO: check
CVE-2021-20563
RESERVED
CVE-2021-20562
@@ -30648,8 +30647,8 @@ CVE-2021-20431
RESERVED
CVE-2021-20430
RESERVED
-CVE-2021-20429
- RESERVED
+CVE-2021-20429 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could
disclose ...)
+ TODO: check
CVE-2021-20428
RESERVED
CVE-2021-20427
@@ -30720,12 +30719,12 @@ CVE-2021-20395
RESERVED
CVE-2021-20394
RESERVED
-CVE-2021-20393
- RESERVED
-CVE-2021-20392
- RESERVED
-CVE-2021-20391
- RESERVED
+CVE-2021-20393 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could
allow a r ...)
+ TODO: check
+CVE-2021-20392 (IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is
vulnerable t ...)
+ TODO: check
+CVE-2021-20391 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows
web page ...)
+ TODO: check
CVE-2021-20390
RESERVED
CVE-2021-20389
@@ -44071,6 +44070,7 @@ CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to
9.4.34.v20201102, 10.0.0.a
CVE-2020-27217 (In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol
adapter does ...)
NOT-FOR-US: Eclipse Hono
CVE-2020-27216 (In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930,
10.0.0.alpha1 thr ...)
+ {DLA-2661-1}
- jetty9 9.4.33-1
- jetty8 <removed>
- jetty <removed>
@@ -44149,10 +44149,10 @@ CVE-2020-27187 (An issue was discovered in KDE
Partition Manager 4.1.0 before 4.
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1890199
CVE-2020-27186
RESERVED
-CVE-2020-27185
- RESERVED
-CVE-2020-27184
- RESERVED
+CVE-2020-27185 (Cleartext transmission of sensitive information via Moxa
Service in NP ...)
+ TODO: check
+CVE-2020-27184 (The NPort IA5000A Series devices use Telnet as one of the
network devi ...)
+ TODO: check
CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in
konzept-ix p ...)
NOT-FOR-US: konzept-ix publiXone
CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in
konzept-ix publ ...)
@@ -44234,10 +44234,10 @@ CVE-2020-27153 (In BlueZ before 5.55, a double free
was found in the gatttool di
[buster] - bluez <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1884817
NOTE:
https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
-CVE-2020-27150
- RESERVED
-CVE-2020-27149
- RESERVED
+CVE-2020-27150 (In multiple versions of NPort IA5000A Series, the result of
exporting ...)
+ TODO: check
+CVE-2020-27149 (By exploiting a vulnerability in NPort IA5150A/IA5250A Series
before v ...)
+ TODO: check
CVE-2020-27148 (The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data
Exchange ...)
NOT-FOR-US: TIBCO
CVE-2020-27147 (The REST API component of TIBCO Software Inc.'s TIBCO
PartnerExpress c ...)
@@ -44501,8 +44501,8 @@ CVE-2020-27022
RESERVED
CVE-2020-27021 (In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a
possible o ...)
NOT-FOR-US: Android
-CVE-2020-27020
- RESERVED
+CVE-2020-27020 (Password generator feature in Kaspersky Password Manager was
not compl ...)
+ TODO: check
CVE-2020-27019 (Trend Micro InterScan Messaging Security Virtual Appliance
(IMSVA) 9.1 ...)
NOT-FOR-US: Trend Micro
CVE-2020-27018 (Trend Micro InterScan Messaging Security Virtual Appliance
(IMSVA) 9.1 ...)
@@ -52326,12 +52326,12 @@ CVE-2020-23693
RESERVED
CVE-2020-23692
RESERVED
-CVE-2020-23691
- RESERVED
+CVE-2020-23691 (YFCMF v2.3.1 has a Remote Command Execution (RCE)
vulnerability in the ...)
+ TODO: check
CVE-2020-23690
RESERVED
-CVE-2020-23689
- RESERVED
+CVE-2020-23689 (In YFCMF v2.3.1, there is a stored XSS vulnerability in the
comments s ...)
+ TODO: check
CVE-2020-23688
RESERVED
CVE-2020-23687
@@ -63402,10 +63402,10 @@ CVE-2020-18169
RESERVED
CVE-2020-18168
RESERVED
-CVE-2020-18167
- RESERVED
-CVE-2020-18166
- RESERVED
+CVE-2020-18167 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote
attackers t ...)
+ TODO: check
+CVE-2020-18166 (Unrestricted File Upload in LAOBANCMS v2.0 allows remote
attackers to ...)
+ TODO: check
CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote
attackers t ...)
NOT-FOR-US: LAOBANCMS
CVE-2020-18164
@@ -98786,12 +98786,12 @@ CVE-2020-4989
RESERVED
CVE-2020-4988 (Loopback 8.0.0 contains a vulnerability that could allow an
attacker t ...)
NOT-FOR-US: IBM
-CVE-2020-4987 (IBM FlashSystem 900 1.5.2.9 and 1.6.1.3 user management GUI is
vulnera ...)
+CVE-2020-4987 (The IBM FlashSystem 900 user management GUI is vulnerable to
stored cr ...)
NOT-FOR-US: IBM
CVE-2020-4986
RESERVED
-CVE-2020-4985
- RESERVED
+CVE-2020-4985 (IBM Planning Analytics Local 2.0 could allow an attacker to
obtain sen ...)
+ TODO: check
CVE-2020-4984
RESERVED
CVE-2020-4983 (IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could
allow a us ...)
@@ -99138,8 +99138,8 @@ CVE-2020-4813
RESERVED
CVE-2020-4812
RESERVED
-CVE-2020-4811
- RESERVED
+CVE-2020-4811 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1,
1.6.0.0, ...)
+ TODO: check
CVE-2020-4810
RESERVED
CVE-2020-4809
@@ -139069,6 +139069,7 @@ CVE-2019-10249 (All Xtext & Xtend versions prior
to 2.18.0 were built using
CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build
artifacts fo ...)
NOT-FOR-US: Eclipse Vorto
CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26
and older, ...)
+ {DLA-2661-1}
[experimental] - jetty9 9.4.18-1
- jetty9 9.4.18-2 (bug #928444)
[buster] - jetty9 <no-dsa> (Minor issue)
@@ -139093,6 +139094,7 @@ CVE-2019-10243 (In Eclipse Kura versions up to 4.0.0,
Kura exposes the underlyin
CVE-2019-10242 (In Eclipse Kura versions up to 4.0.0, the SkinServlet did not
checked ...)
NOT-FOR-US: Eclipse Kura
CVE-2019-10241 (In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older,
and 9.4.1 ...)
+ {DLA-2661-1}
[experimental] - jetty9 9.4.18-1
- jetty9 9.4.18-2 (bug #928444)
[buster] - jetty9 <no-dsa> (Minor issue)
@@ -186881,6 +186883,7 @@ CVE-2018-12538 (In Eclipse Jetty versions 9.4.0
through 9.4.8, when using the op
CVE-2018-12537 (In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer
response header ...)
NOT-FOR-US: Eclipse Vertx
CVE-2018-12536 (In Eclipse Jetty Server, all 9.x versions, on webapps deployed
using d ...)
+ {DLA-2661-1}
- jetty9 9.2.25-1 (low; bug #902774)
- jetty8 <removed>
[jessie] - jetty8 <ignored> (Harmless information leak)
@@ -245507,7 +245510,7 @@ CVE-2017-9726 (The Ins_MDRP function in
base/ttinterp.c in Artifex Ghostscript G
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b
(ghostpdl-9.22rc1)
CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in
util/security/Pass ...)
- {DLA-1021-1 DLA-1020-1}
+ {DLA-2661-1 DLA-1021-1 DLA-1020-1}
- jetty9 9.2.22-1 (bug #864898)
- jetty8 <removed>
[jessie] - jetty8 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100208dd6112769c88d9f5e18b439969b57e3ac5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100208dd6112769c88d9f5e18b439969b57e3ac5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
