[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 31 May 2021 13:10:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
883e8a4e by security tracker role at 2021-05-31T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-3571
+       RESERVED
+CVE-2021-3570
+       RESERVED
+CVE-2020-36382
+       RESERVED
 CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code 
execution becau ...)
        TODO: check
 CVE-2021-33789
@@ -8384,10 +8390,10 @@ CVE-2021-30182
        RESERVED
 CVE-2021-30181 (Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing 
which wi ...)
        NOT-FOR-US: Apache Dubbo
-CVE-2021-30180
-       RESERVED
-CVE-2021-30179
-       RESERVED
+CVE-2021-30180 (Apache Dubbo prior to 2.7.9 support Tag routing which will 
enable a cu ...)
+       TODO: check
+CVE-2021-30179 (Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports 
generic call ...)
+       TODO: check
 CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, 
as used b ...)
        - file-roller 3.38.1-1
        [buster] - file-roller <no-dsa> (Minor issue)
@@ -9619,8 +9625,8 @@ CVE-2021-29667 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 
and 5.1.0 through 5.1.0
        NOT-FOR-US: IBM
 CVE-2021-29666 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 
5.1.0.2 is  ...)
        NOT-FOR-US: IBM
-CVE-2021-29665
-       RESERVED
+CVE-2021-29665 (IBM Security Verify Access 20.07 is vulnerable to a stack 
based buffer ...)
+       TODO: check
 CVE-2021-29664
        RESERVED
 CVE-2020-36305
@@ -19536,8 +19542,8 @@ CVE-2021-25642
        RESERVED
 CVE-2021-25641 (Each Apache Dubbo server will set a serialization id to tell 
the clien ...)
        NOT-FOR-US: Apache Dubbo
-CVE-2021-25640
-       RESERVED
+CVE-2021-25640 (In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of 
parseURL method ...)
+       TODO: check
 CVE-2021-25639
        RESERVED
 CVE-2021-25638
@@ -24560,8 +24566,8 @@ CVE-2021-23390
        RESERVED
 CVE-2021-23389
        RESERVED
-CVE-2021-23388
-       RESERVED
+CVE-2021-23388 (The package forms before 1.2.1, from 1.3.0 and before 1.3.2 
are vulner ...)
+       TODO: check
 CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open 
Redirec ...)
        NOT-FOR-US: Node trailing-slash
 CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates 
buffers w ...)
@@ -32363,8 +32369,8 @@ CVE-2021-20587 (Heap-based buffer overflow 
vulnerability in Mitsubishi Electric
        NOT-FOR-US: Mitsubishi
 CVE-2021-20586 (Resource management errors vulnerability in a robot controller 
of MELF ...)
        NOT-FOR-US: Mitsubishi
-CVE-2021-20585
-       RESERVED
+CVE-2021-20585 (IBM Security Verify Access 20.07 could disclose sensitive 
information  ...)
+       TODO: check
 CVE-2021-20584
        RESERVED
 CVE-2021-20583
@@ -32381,10 +32387,10 @@ CVE-2021-20578
        RESERVED
 CVE-2021-20577 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is 
vulnerable to ...)
        NOT-FOR-US: IBM
-CVE-2021-20576
-       RESERVED
-CVE-2021-20575
-       RESERVED
+CVE-2021-20576 (IBM Security Verify Access 20.07 could allow a remote attacker 
to send ...)
+       TODO: check
+CVE-2021-20575 (IBM Security Verify Access 20.07 allows web pages to be stored 
locally ...)
+       TODO: check
 CVE-2021-20574
        RESERVED
 CVE-2021-20573
@@ -86308,8 +86314,8 @@ CVE-2020-10668 (The web application exposed by the 
Canon Oce Colorwave 500 4.0.0
        NOT-FOR-US: Canon
 CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 
4.0.0.0 pri ...)
        NOT-FOR-US: Canon
-CVE-2020-10666
-       RESERVED
+CVE-2020-10666 (The restapps (aka Rest Phone apps) module for Sangoma FreePBX 
and PBXa ...)
+       TODO: check
 CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary 
OS comman ...)
        - libperlspeak-perl <removed> (bug #954238)
        [jessie] - libperlspeak-perl <end-of-life> (Not supported in jessie LTS)
@@ -101746,8 +101752,8 @@ CVE-2020-4563
        RESERVED
 CVE-2020-4562 (IBM Planning Analytics 2.0 could allow a remote attacker to 
obtain sen ...)
        NOT-FOR-US: IBM
-CVE-2020-4561
-       RESERVED
+CVE-2020-4561 (IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of 
all co ...)
+       TODO: check
 CVE-2020-4560 (IBM Financial Transaction Manager 3.2.4 is vulnerable to 
cross-site sc ...)
        NOT-FOR-US: IBM
 CVE-2020-4559 (IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to 
cause a de ...)
@@ -101828,8 +101834,8 @@ CVE-2020-4522 (IBM Jazz Team Server based 
Applications are vulnerable to cross-s
        NOT-FOR-US: IBM
 CVE-2020-4521 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a 
remote authe ...)
        NOT-FOR-US: IBM
-CVE-2020-4520
-       RESERVED
+CVE-2020-4520 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote 
attacker to in ...)
+       TODO: check
 CVE-2020-4519
        RESERVED
 CVE-2020-4518
@@ -102160,8 +102166,8 @@ CVE-2020-4356
        RESERVED
 CVE-2020-4355 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
        NOT-FOR-US: IBM
-CVE-2020-4354
-       RESERVED
+CVE-2020-4354 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site 
scripti ...)
+       TODO: check
 CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the 
device  ...)
        NOT-FOR-US: IBM
 CVE-2020-4352 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a 
privilege esc ...)
@@ -102268,8 +102274,8 @@ CVE-2020-4302 (IBM Cognos Analytics 11.0 and 11.1 
could allow a remote attacker
        NOT-FOR-US: IBM
 CVE-2020-4301
        RESERVED
-CVE-2020-4300
-       RESERVED
+CVE-2020-4300 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML 
External En ...)
+       TODO: check
 CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 
6.0.3.1 c ...)
        NOT-FOR-US: IBM
 CVE-2020-4298 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is 
vulnerable t ...)
@@ -156900,8 +156906,8 @@ CVE-2019-4732 (IBM SDK, Java Technology Edition 
Version 7.0.0.0 through 7.0.10.5
        NOT-FOR-US: IBM
 CVE-2019-4731 (IBM MQ Appliance 9.1.4.CD could allow a local attacker to 
obtain highl ...)
        NOT-FOR-US: IBM
-CVE-2019-4730
-       RESERVED
+CVE-2019-4730 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML 
External En ...)
+       TODO: check
 CVE-2019-4729 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote 
attacker to ob ...)
        NOT-FOR-US: IBM
 CVE-2019-4728 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 
5.2.6.5_2 ...)
@@ -156912,12 +156918,12 @@ CVE-2019-4726 (IBM Sterling B2B Integrator Standard 
Edition 5.2.0.0 through 5.2.
        NOT-FOR-US: IBM
 CVE-2019-4725 (IBM Security Access Manager Appliance 9.0 is vulnerable to 
cross-site  ...)
        NOT-FOR-US: IBM
-CVE-2019-4724
-       RESERVED
-CVE-2019-4723
-       RESERVED
-CVE-2019-4722
-       RESERVED
+CVE-2019-4724 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote 
attacker to ob ...)
+       TODO: check
+CVE-2019-4723 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote 
attacker to ob ...)
+       TODO: check
+CVE-2019-4722 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote 
attacker to ob ...)
+       TODO: check
 CVE-2019-4721
        RESERVED
 CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
vulnerable  ...)
@@ -157054,8 +157060,8 @@ CVE-2019-4655 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 
9.1.0.3, 9.1.1, 9.1.2, and 9.1.
        NOT-FOR-US: IBM
 CVE-2019-4654 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or 
incorrectly va ...)
        NOT-FOR-US: IBM
-CVE-2019-4653
-       RESERVED
+CVE-2019-4653 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site 
scripti ...)
+       TODO: check
 CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure 
file per ...)
        NOT-FOR-US: IBM Spectrum Protect Plus
 CVE-2019-4651 (IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL 
injectio ...)
@@ -157418,8 +157424,8 @@ CVE-2019-4473 (Multiple binaries in IBM SDK, Java 
Technology Edition 7, 7R, and
        NOT-FOR-US: IBM
 CVE-2019-4472
        RESERVED
-CVE-2019-4471
-       RESERVED
+CVE-2019-4471 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote 
attacker to ob ...)
+       TODO: check
 CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site 
scriptin ...)
        NOT-FOR-US: IBM
 CVE-2019-4469



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/883e8a4ec6aafe61112f3112cad59c87daafa996

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/883e8a4ec6aafe61112f3112cad59c87daafa996
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to