Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37bc4fd5 by security tracker role at 2021-07-01T20:10:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3632
+ RESERVED
+CVE-2021-36090
+ RESERVED
+CVE-2020-36416
+ RESERVED
+CVE-2020-36415
+ RESERVED
+CVE-2020-36414
+ RESERVED
+CVE-2020-36413
+ RESERVED
+CVE-2020-36412
+ RESERVED
+CVE-2020-36411
+ RESERVED
+CVE-2020-36410
+ RESERVED
+CVE-2020-36409
+ RESERVED
+CVE-2020-36408
+ RESERVED
CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in
grk::File ...)
- libgrokj2k <unfixed> (bug #990525)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
@@ -82,9 +104,9 @@ CVE-2020-36396
CVE-2020-36395
RESERVED
CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in
asn1_item_pr ...)
- - libressl <itp> (bug #754513)
+ - libressl <itp> (bug #754513)
CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read
in do_p ...)
- - libressl <itp> (bug #754513)
+ - libressl <itp> (bug #754513)
CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds
write durin ...)
- unrar-nonfree <unfixed> (bug #990541)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
@@ -1662,10 +1684,10 @@ CVE-2021-35339
RESERVED
CVE-2021-35338
RESERVED
-CVE-2021-35337
- RESERVED
-CVE-2021-35336
- RESERVED
+CVE-2021-35337 (Sourcecodester Phone Shop Sales Managements System 1.0 is
vulnerable t ...)
+ TODO: check
+CVE-2021-35336 (Tieline IP Audio Gateway 2.6.4.8 and below is affected by
Incorrect Ac ...)
+ TODO: check
CVE-2021-35335
RESERVED
CVE-2021-35334
@@ -7509,12 +7531,12 @@ CVE-2021-32733
RESERVED
CVE-2021-32732
RESERVED
-CVE-2021-32731
- RESERVED
-CVE-2021-32730
- RESERVED
-CVE-2021-32729
- RESERVED
+CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
CVE-2021-32728
RESERVED
CVE-2021-32727
@@ -9851,8 +9873,8 @@ CVE-2021-31815 (GAEN (aka Google/Apple Exposure
Notifications) through 2021-04-2
NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications)
CVE-2021-31814
RESERVED
-CVE-2021-31813
- RESERVED
+CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is
vulnerable to S ...)
+ TODO: check
CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an
infinite ...)
- libpdfbox2-java <unfixed>
- libpdfbox-java <undetermined>
@@ -18081,10 +18103,10 @@ CVE-2021-28426
RESERVED
CVE-2021-28425
RESERVED
-CVE-2021-28424
- RESERVED
-CVE-2021-28423
- RESERVED
+CVE-2021-28424 (A stored cross-site scripting (XSS) vulnerability in Teachers
Record M ...)
+ TODO: check
+CVE-2021-28423 (Multiple SQL Injection vulnerabilities in Teachers Record
Management S ...)
+ TODO: check
CVE-2021-28422
RESERVED
CVE-2021-28421 (FluidSynth 2.1.7 contains a use after free vulnerability in
sfloader/f ...)
@@ -18809,8 +18831,8 @@ CVE-2021-28129
RESERVED
CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing
of one's ...)
NOT-FOR-US: Strapi
-CVE-2021-28127
- RESERVED
+CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A
brute-forc ...)
+ TODO: check
CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG)
before 3.1 ...)
NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
CVE-2021-28125 (Apache Superset up to and including 1.0.1 allowed for the
creation of ...)
@@ -19958,10 +19980,10 @@ CVE-2021-27663
RESERVED
CVE-2021-27662
RESERVED
-CVE-2021-27661
- RESERVED
-CVE-2021-27660
- RESERVED
+CVE-2021-27661 (Successful exploitation of this vulnerability could give an
authentica ...)
+ TODO: check
+CVE-2021-27660 (An insecure client auto update feature in C-CURE 9000 can
allow remote ...)
+ TODO: check
CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate,
filter, ...)
NOT-FOR-US: exacqVision Web Service
CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently
validate, f ...)
@@ -20353,8 +20375,8 @@ CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior
to 2.2,The affected produc
NOT-FOR-US: ZOLL Defibrillator Dashboard
CVE-2021-27478
RESERVED
-CVE-2021-27477
- RESERVED
+CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU,
2PORT-EFR, Plus ...)
+ TODO: check
CVE-2021-27476
RESERVED
CVE-2021-27475
@@ -32416,16 +32438,16 @@ CVE-2021-22349 (There is an Input Verification
Vulnerability in Huawei Smartphon
NOT-FOR-US: Huawei
CVE-2021-22348 (There is a Memory Buffer Improper Operation Limit
Vulnerability in Hua ...)
NOT-FOR-US: Huawei
-CVE-2021-22347
- RESERVED
+CVE-2021-22347 (There is an Improper Access Control vulnerability in Huawei
Smartphone ...)
+ TODO: check
CVE-2021-22346 (There is an Improper Permission Management Vulnerability in
Huawei Sma ...)
NOT-FOR-US: Huawei
CVE-2021-22345 (There is an Input Verification Vulnerability in Huawei
Smartphone. Suc ...)
NOT-FOR-US: Huawei
-CVE-2021-22344
- RESERVED
-CVE-2021-22343
- RESERVED
+CVE-2021-22344 (There is an Improper Access Control vulnerability in Huawei
Smartphone ...)
+ TODO: check
+CVE-2021-22343 (There is a Configuration Defect vulnerability in Huawei
Smartphone. Su ...)
+ TODO: check
CVE-2021-22342 (There is an information leak vulnerability in Huawei products.
A modul ...)
NOT-FOR-US: Huawei
CVE-2021-22341 (There is a memory leak vulnerability in Huawei products. A
resource ma ...)
@@ -51314,10 +51336,10 @@ CVE-2020-27364
RESERVED
CVE-2020-27363
RESERVED
-CVE-2020-27362
- RESERVED
-CVE-2020-27361
- RESERVED
+CVE-2020-27362 (An issue exists within the SSH console of Akkadian
Provisioning Manage ...)
+ TODO: check
+CVE-2020-27361 (An issue exists within Akkadian Provisioning Manager 4.50.02
which all ...)
+ TODO: check
CVE-2020-27360
RESERVED
CVE-2020-27359 (A cross-site scripting (XSS) issue in REDCap 8.11.6 through
9.x before ...)
@@ -95637,8 +95659,8 @@ CVE-2020-9160
RESERVED
CVE-2020-9159
RESERVED
-CVE-2020-9158
- RESERVED
+CVE-2020-9158 (There is a Missing Cryptographic Step vulnerability in Huawei
Smartpho ...)
+ TODO: check
CVE-2020-9157
RESERVED
CVE-2020-9156
@@ -106765,8 +106787,8 @@ CVE-2020-4937 (IBM Sterling B2B Integrator Standard
Edition 5.2.0.0 through 6.0.
NOT-FOR-US: IBM
CVE-2020-4936
RESERVED
-CVE-2020-4935
- RESERVED
+CVE-2020-4935 (IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is
vulnerab ...)
+ TODO: check
CVE-2020-4934 (IBM Content Navigator 3.0.CD could allow a remote attacker to
traverse ...)
NOT-FOR-US: IBM
CVE-2020-4933 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is
vulnerabl ...)
@@ -106831,8 +106853,8 @@ CVE-2020-4904 (IBM Financial Transaction Manager for
SWIFT Services for Multipla
NOT-FOR-US: IBM
CVE-2020-4903 (IBM API Connect V10 and V2018 could allow an attacker who has
intercep ...)
NOT-FOR-US: IBM
-CVE-2020-4902
- RESERVED
+CVE-2020-4902 (IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is
vulner ...)
+ TODO: check
CVE-2020-4901 (IBM Robotic Process Automation with Automation Anywhere 11.0
could all ...)
NOT-FOR-US: IBM
CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially
sensitive ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37bc4fd5ef6f8621d62283d43ee805beb7eb7000
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37bc4fd5ef6f8621d62283d43ee805beb7eb7000
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
