Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
81d7e7a1 by security tracker role at 2021-05-20T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1764,12 +1764,12 @@ CVE-2021-32634
RESERVED
CVE-2021-32633
RESERVED
-CVE-2021-32632
- RESERVED
+CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are
vulnera ...)
+ TODO: check
CVE-2021-32631
RESERVED
-CVE-2021-32630
- RESERVED
+CVE-2021-32630 (Admidio is a free, open source user management system for
websites of ...)
+ TODO: check
CVE-2021-32629
RESERVED
CVE-2021-32628
@@ -3012,8 +3012,7 @@ CVE-2021-3537 (A vulnerability found in libxml2 in
versions before 2.9.11 shows
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/245
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61
-CVE-2021-3536
- RESERVED
+CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final
while crea ...)
- wildfly <itp> (bug #752018)
CVE-2021-3535
RESERVED
@@ -8695,28 +8694,28 @@ CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0
through 10.1.7 uses weaker than
NOT-FOR-US: IBM
CVE-2021-29693
RESERVED
-CVE-2021-29692
- RESERVED
-CVE-2021-29691
- RESERVED
+CVE-2021-29692 (IBM Security Identity Manager 7.0.2 could allow a remote
attacker to o ...)
+ TODO: check
+CVE-2021-29691 (IBM Security Identity Manager 7.0.2 contains hard-coded
credentials, s ...)
+ TODO: check
CVE-2021-29690
RESERVED
CVE-2021-29689
RESERVED
-CVE-2021-29688
- RESERVED
-CVE-2021-29687
- RESERVED
-CVE-2021-29686
- RESERVED
+CVE-2021-29688 (IBM Security Identity Manager 7.0.2 could allow a remote
attacker to o ...)
+ TODO: check
+CVE-2021-29687 (IBM Security Identity Manager 7.0.2 could allow a remote user
to enume ...)
+ TODO: check
+CVE-2021-29686 (IBM Security Identity Manager 7.0.2 could allow an
authenticated user ...)
+ TODO: check
CVE-2021-29685
RESERVED
CVE-2021-29684
RESERVED
-CVE-2021-29683
- RESERVED
-CVE-2021-29682
- RESERVED
+CVE-2021-29683 (IBM Security Identity Manager 7.0.2 stores user credentials in
plain c ...)
+ TODO: check
+CVE-2021-29682 (IBM Security Identity Manager 7.0.2 could allow a remote
attacker to o ...)
+ TODO: check
CVE-2021-29681
RESERVED
CVE-2021-29680
@@ -8799,8 +8798,8 @@ CVE-2021-29661 (Softing AG OPC Toolbox through
4.10.1.13035 allows /en/diag_valu
NOT-FOR-US: Softing AG OPC Toolbox
CVE-2021-29660 (A Cross-Site Request Forgery (CSRF) vulnerability in
en/cfg_setpwd.htm ...)
NOT-FOR-US: Softing AG OPC Toolbox
-CVE-2021-29659
- RESERVED
+CVE-2021-29659 (ownCloud 10.7 has an incorrect access control vulnerability,
leading t ...)
+ TODO: check
CVE-2021-29658 (The unofficial vscode-rufo extension before 0.0.4 for Visual
Studio Co ...)
NOT-FOR-US: vscode-rufo extension for Visual Studio Code
CVE-2021-29657 [KVM: SVM: load control fields from VMCB12 before checking them]
@@ -8844,8 +8843,7 @@ CVE-2020-36285 (Union Pay up to 3.3.12, for iOS mobile
apps, contains a CWE-347:
NOT-FOR-US: Union Pay
CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347:
Improper ...)
NOT-FOR-US: Union Pay
-CVE-2021-3480
- RESERVED
+CVE-2021-3480 (A flaw was found in slapi-nis in versions before 0.56.7. A NULL
pointe ...)
- slapi-nis <unfixed> (bug #988736)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1944640
NOTE:
https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master
@@ -9853,8 +9851,7 @@ CVE-2021-29260
RESERVED
CVE-2021-29259
RESERVED
-CVE-2021-29258
- RESERVED
+CVE-2021-29258 (An issue was discovered in Envoy 1.14.0. There is a remotely
exploitab ...)
- envoyproxy <itp> (bug #987544)
CVE-2021-29257
RESERVED
@@ -10637,16 +10634,16 @@ CVE-2021-28908
RESERVED
CVE-2021-28907
RESERVED
-CVE-2021-28906
- RESERVED
-CVE-2021-28905
- RESERVED
-CVE-2021-28904
- RESERVED
-CVE-2021-28903
- RESERVED
-CVE-2021-28902
- RESERVED
+CVE-2021-28906 (In function read_yin_leaf() in libyang <= v1.0.225, it
doesn't chec ...)
+ TODO: check
+CVE-2021-28905 (In function lys_node_free() in libyang <= v1.0.225, it
asserts that ...)
+ TODO: check
+CVE-2021-28904 (In function ext_get_plugin() in libyang <= v1.0.225, it
doesn't che ...)
+ TODO: check
+CVE-2021-28903 (A stack overflow in libyang <= v1.0.225 can cause a denial
of servi ...)
+ TODO: check
+CVE-2021-28902 (In function read_yin_container() in libyang <= v1.0.225, it
doesn't ...)
+ TODO: check
CVE-2021-28901
RESERVED
CVE-2021-28900
@@ -11126,11 +11123,9 @@ CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS
GPUTweak II before 2.3.0.3
NOT-FOR-US: ASUS
CVE-2021-28684
RESERVED
-CVE-2021-28683
- RESERVED
+CVE-2021-28683 (An issue was discovered in Envoy through 1.71.1. There is a
remotely e ...)
- envoyproxy <itp> (bug #987544)
-CVE-2021-28682
- RESERVED
+CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a
remotely e ...)
- envoyproxy <itp> (bug #987544)
CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS
Connectio ...)
NOT-FOR-US: Pion WebRTC
@@ -12195,8 +12190,8 @@ CVE-2021-3440
RESERVED
CVE-2021-3439
RESERVED
-CVE-2021-3438
- RESERVED
+CVE-2021-3438 (A potential buffer overflow in the software drivers for certain
HP Las ...)
+ TODO: check
CVE-2021-3437
RESERVED
CVE-2021-3436
@@ -12512,10 +12507,10 @@ CVE-2021-28114
RESERVED
CVE-2021-28113 (A command injection vulnerability in the cookieDomain and
relayDomain ...)
NOT-FOR-US: Okta Access Gateway
-CVE-2021-28112
- RESERVED
-CVE-2021-28111
- RESERVED
+CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code
on a deb ...)
+ TODO: check
+CVE-2021-28111 (Draeger X-Dock Firmware before 03.00.13 has Hard-Coded
Credentials, le ...)
+ TODO: check
CVE-2021-28110 (/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before
3.1.27. ...)
NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
CVE-2021-28109 (TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php
reflected C ...)
@@ -12526,8 +12521,7 @@ CVE-2021-28374 (The Debian courier-authlib package
before 0.71.1-2 for Courier A
[buster] - courier-authlib <no-dsa> (Minor issue)
NOTE: Re-introduction of #378571 while migrating from
debian/permissions to
NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2.
-CVE-2021-3426 [Running `pydoc -p` allows other local users to extract
arbitrary files. The `/getfile?key=path` URL allows to read arbitrary file on
the filesystem.]
- RESERVED
+CVE-2021-3426 (There's a flaw in Python 3's pydoc. A local or adjacent
attacker who d ...)
{DLA-2619-1}
[experimental] - python3.9 3.9.3-1
- python3.9 <unfixed>
@@ -12913,8 +12907,8 @@ CVE-2021-27958
RESERVED
CVE-2021-27957
RESERVED
-CVE-2021-27956
- RESERVED
+CVE-2021-27956 (Zoho ManageEngine ADSelfService Plus before 6104 allows stored
XSS on ...)
+ TODO: check
CVE-2020-36255 (An issue was discovered in IdentityModel (aka
ScottBrady.IdentityModel ...)
NOT-FOR-US: ScottBrady.IdentityModel
CVE-2019-25025 (The activerecord-session_store (aka Active Record Session
Store) compo ...)
@@ -14031,28 +14025,28 @@ CVE-2021-27469
RESERVED
CVE-2021-27468
RESERVED
-CVE-2021-27467
- RESERVED
+CVE-2021-27467 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
+ TODO: check
CVE-2021-27466
RESERVED
-CVE-2021-27465
- RESERVED
+CVE-2021-27465 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
+ TODO: check
CVE-2021-27464
RESERVED
-CVE-2021-27463
- RESERVED
+CVE-2021-27463 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
+ TODO: check
CVE-2021-27462
RESERVED
-CVE-2021-27461
- RESERVED
+CVE-2021-27461 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
+ TODO: check
CVE-2021-27460
RESERVED
-CVE-2021-27459
- RESERVED
+CVE-2021-27459 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
+ TODO: check
CVE-2021-27458 (If Ethernet communication of the JTEKT Corporation TOYOPUC
product ser ...)
NOT-FOR-US: JTEKT Corporation TOYOPUC
-CVE-2021-27457
- RESERVED
+CVE-2021-27457 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
+ TODO: check
CVE-2021-27456
RESERVED
CVE-2021-27455
@@ -14097,12 +14091,12 @@ CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and
prior is vulnerable to cross-si
NOT-FOR-US: WebAccess/SCADA
CVE-2021-27435
RESERVED
-CVE-2021-27434
- RESERVED
+CVE-2021-27434 (Products with Unified Automation .NET based OPC UA
Client/Server SDK B ...)
+ TODO: check
CVE-2021-27433
RESERVED
-CVE-2021-27432
- RESERVED
+CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48
and OPC U ...)
+ TODO: check
CVE-2021-27431
RESERVED
CVE-2021-27430
@@ -16954,8 +16948,8 @@ CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2,
stored XSS on a tests page
NOT-FOR-US: JetBrains
CVE-2021-3314
RESERVED
-CVE-2021-3313
- RESERVED
+CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting
(XSS) ...)
+ TODO: check
CVE-2021-3312
RESERVED
CVE-2021-3311 (An issue was discovered in October through build 471. It
reactivates a ...)
@@ -17720,16 +17714,16 @@ CVE-2021-25935
RESERVED
CVE-2021-25934
RESERVED
-CVE-2021-25933
- RESERVED
+CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through
opennms-27.1.0 ...)
+ TODO: check
CVE-2021-25932
RESERVED
-CVE-2021-25931
- RESERVED
-CVE-2021-25930
- RESERVED
-CVE-2021-25929
- RESERVED
+CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through
opennms-27.1.0 ...)
+ TODO: check
+CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through
opennms-27.1.0 ...)
+ TODO: check
+CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through
opennms-27.1.0 ...)
+ TODO: check
CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0
through ...)
NOT-FOR-US: Node safe-obj
CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions
2.0.0 throug ...)
@@ -23659,8 +23653,8 @@ CVE-2021-23388
RESERVED
CVE-2021-23387
RESERVED
-CVE-2021-23386
- RESERVED
+CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates
buffers w ...)
+ TODO: check
CVE-2021-23385
RESERVED
CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are
vulnerable to ...)
@@ -30314,8 +30308,8 @@ CVE-2020-35582 (A stored cross-site scripting (XSS)
issue in Envira Gallery Lite
NOT-FOR-US: Envira Gallery Lite
CVE-2020-35581 (A stored cross-site scripting (XSS) issue in Envira Gallery
Lite befor ...)
NOT-FOR-US: Envira Gallery Lite
-CVE-2020-35580
- RESERVED
+CVE-2020-35580 (A local file inclusion vulnerability in the FileServlet in all
SearchB ...)
+ TODO: check
CVE-2020-35579 (tindy2013 subconverter 0.6.4 has a
/sub?target=%TARGET%&url=%URL%& ...)
NOT-FOR-US: tindy2013
CVE-2020-35578 (An issue was discovered in the Manage Plugins page in Nagios
XI before ...)
@@ -51911,10 +51905,10 @@ CVE-2020-24398
RESERVED
CVE-2020-24397 (An issue was discovered in the client side of Zoho
ManageEngine Deskto ...)
NOT-FOR-US: Zoho ManageEngine Desktop Central
-CVE-2020-24396
- RESERVED
-CVE-2020-24395
- RESERVED
+CVE-2020-24396 (homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive
SSH key ...)
+ TODO: check
+CVE-2020-24395 (The USB firmware update script of homee Brain Cube v2 (2.28.2
and 2.28 ...)
+ TODO: check
CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS
server) ca ...)
- linux 5.7.6-1 (bug #962254)
[buster] - linux 4.19.131-1
@@ -58124,8 +58118,8 @@ CVE-2020-21347
RESERVED
CVE-2020-21346
RESERVED
-CVE-2020-21345
- RESERVED
+CVE-2020-21345 (Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via
post publis ...)
+ TODO: check
CVE-2020-21344
RESERVED
CVE-2020-21343
@@ -58700,16 +58694,16 @@ CVE-2020-21059
RESERVED
CVE-2020-21058
RESERVED
-CVE-2020-21057
- RESERVED
-CVE-2020-21056
- RESERVED
-CVE-2020-21055
- RESERVED
-CVE-2020-21054
- RESERVED
-CVE-2020-21053
- RESERVED
+CVE-2020-21057 (Directory Traversal vulnerability in FusionPBX 4.5.7, which
allows a r ...)
+ TODO: check
+CVE-2020-21056 (Directory Traversal vulnerability exists in FusionPBX 4.5.7,
which all ...)
+ TODO: check
+CVE-2020-21055 (A Directory Traversal vulnerability exists in FusionPBX 4.5.7
allows m ...)
+ TODO: check
+CVE-2020-21054 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7
allows rem ...)
+ TODO: check
+CVE-2020-21053 (Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX
4.5.7 al ...)
+ TODO: check
CVE-2020-21052
RESERVED
CVE-2020-21051
@@ -70617,8 +70611,8 @@ CVE-2020-15524
CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through
3.8.4rc1, ...)
- python3.8 <not-affected> (Python on Windows)
- python2.7 <not-affected> (Python on Windows)
-CVE-2020-15522
- RESERVED
+CVE-2020-15522 (Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7,
BC-FJA bef ...)
+ TODO: check
CVE-2020-15521 (Zoho ManageEngine Applications Manager before 14 build 14730
has no pr ...)
NOT-FOR-US: Zoho
CVE-2020-15520
@@ -100178,8 +100172,8 @@ CVE-2020-4852
RESERVED
CVE-2020-4851 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through
5.1.0.2 cou ...)
NOT-FOR-US: IBM
-CVE-2020-4850
- RESERVED
+CVE-2020-4850 (IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud
Tiering c ...)
+ TODO: check
CVE-2020-4849 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix
7 could ...)
NOT-FOR-US: IBM
CVE-2020-4848 (IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could
allow a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d7e7a12ff2a19202c20ffd5c879af543d395e7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d7e7a12ff2a19202c20ffd5c879af543d395e7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
