Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf4dcf3d by security tracker role at 2021-07-13T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2021-36736
+ RESERVED
+CVE-2021-36735
+ RESERVED
+CVE-2021-36734
+ RESERVED
+CVE-2021-36733
+ RESERVED
+CVE-2021-36732
+ RESERVED
+CVE-2021-36731
+ RESERVED
+CVE-2021-36730
+ RESERVED
+CVE-2021-36729
+ RESERVED
+CVE-2021-36728
+ RESERVED
+CVE-2021-36727
+ RESERVED
CVE-2021-XXXX [Varnish VSV00007]
- varnish <unfixed> (bug #991040)
NOTE: https://varnish-cache.org/security/VSV00007.html
@@ -720,8 +740,8 @@ CVE-2021-36378
CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the
hostname ...)
- fossil 1:2.15.2-1
NOTE:
https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036
-CVE-2021-36376
- RESERVED
+CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an
executable's path ...)
+ TODO: check
CVE-2021-36375
RESERVED
CVE-2021-36374
@@ -1072,8 +1092,8 @@ CVE-2021-36216
RESERVED
CVE-2021-36215
RESERVED
-CVE-2021-36214
- RESERVED
+CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script
with speci ...)
+ TODO: check
CVE-2021-36213
RESERVED
CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows
stored X ...)
@@ -1268,14 +1288,14 @@ CVE-2021-36126 (An issue was discovered in the
AbuseFilter extension in MediaWik
CVE-2021-36125 (An issue was discovered in the CentralAuth extension in
MediaWiki thro ...)
NOT-FOR-US: CentralAuth MediaWiki extension
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
-CVE-2021-36124
- RESERVED
-CVE-2021-36123
- RESERVED
-CVE-2021-36122
- RESERVED
-CVE-2021-36121
- RESERVED
+CVE-2021-36124 (An issue was discovered in Echo ShareCare 8.15.5. It does not
perform ...)
+ TODO: check
+CVE-2021-36123 (An issue was discovered in Echo ShareCare 8.15.5. The
TextReader featu ...)
+ TODO: check
+CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The
UnzipFile featur ...)
+ TODO: check
+CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The
file-upload feat ...)
+ TODO: check
CVE-2021-3633
RESERVED
CVE-2021-36120
@@ -1341,8 +1361,7 @@ CVE-2021-36091
CVE-2021-3632
RESERVED
NOT-FOR-US: Keycloak
-CVE-2021-36090
- RESERVED
+CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be
made to ...)
- libcommons-compress-java <unfixed> (bug #991041)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4
CVE-2020-36416 (A stored cross scripting (XSS) vulnerability in CMS Made
Simple 2.2.14 ...)
@@ -1739,8 +1758,8 @@ CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are
vulnerable to XSS in the
NOT-FOR-US: Plone
CVE-2021-35958 (** DISPUTED ** TensorFlow through 2.5.0 allows attackers to
overwrite ...)
- tensorflow <itp> (bug #804612)
-CVE-2021-35957
- RESERVED
+CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2
does not a ...)
+ TODO: check
CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of
AKCP se ...)
NOT-FOR-US: AKCP sensorProbe
CVE-2021-35955
@@ -2673,16 +2692,13 @@ CVE-2021-35519
RESERVED
CVE-2021-35518
RESERVED
-CVE-2021-35517
- RESERVED
+CVE-2021-35517 (When reading a specially crafted TAR archive, Compress can be
made to ...)
- libcommons-compress-java <unfixed> (bug #991041)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3
-CVE-2021-35516
- RESERVED
+CVE-2021-35516 (When reading a specially crafted 7Z archive, Compress can be
made to a ...)
- libcommons-compress-java <unfixed> (bug #991041)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2
-CVE-2021-35515
- RESERVED
+CVE-2021-35515 (When reading a specially crafted 7Z archive, the construction
of the l ...)
- libcommons-compress-java <unfixed> (bug #991041)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1
CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection
via the t ...)
@@ -4833,8 +4849,8 @@ CVE-2021-34554
RESERVED
CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a
remote au ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
-CVE-2021-34552
- RESERVED
+CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library)
through 1.1. ...)
+ TODO: check
CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution
if lang ...)
- libphp-phpmailer <not-affected> (Windows-specific)
CVE-2021-34550 (An issue was discovered in Tor before 0.4.6.5, aka
TROVE-2021-006. The ...)
@@ -5319,92 +5335,92 @@ CVE-2021-34335
RESERVED
CVE-2021-34334
RESERVED
-CVE-2021-34333
- RESERVED
-CVE-2021-34332
- RESERVED
-CVE-2021-34331
- RESERVED
-CVE-2021-34330
- RESERVED
-CVE-2021-34329
- RESERVED
-CVE-2021-34328
- RESERVED
-CVE-2021-34327
- RESERVED
-CVE-2021-34326
- RESERVED
-CVE-2021-34325
- RESERVED
-CVE-2021-34324
- RESERVED
-CVE-2021-34323
- RESERVED
-CVE-2021-34322
- RESERVED
-CVE-2021-34321
- RESERVED
-CVE-2021-34320
- RESERVED
-CVE-2021-34319
- RESERVED
-CVE-2021-34318
- RESERVED
-CVE-2021-34317
- RESERVED
-CVE-2021-34316
- RESERVED
-CVE-2021-34315
- RESERVED
-CVE-2021-34314
- RESERVED
-CVE-2021-34313
- RESERVED
-CVE-2021-34312
- RESERVED
-CVE-2021-34311
- RESERVED
-CVE-2021-34310
- RESERVED
-CVE-2021-34309
- RESERVED
-CVE-2021-34308
- RESERVED
-CVE-2021-34307
- RESERVED
-CVE-2021-34306
- RESERVED
-CVE-2021-34305
- RESERVED
-CVE-2021-34304
- RESERVED
-CVE-2021-34303
- RESERVED
-CVE-2021-34302
- RESERVED
-CVE-2021-34301
- RESERVED
-CVE-2021-34300
- RESERVED
-CVE-2021-34299
- RESERVED
-CVE-2021-34298
- RESERVED
-CVE-2021-34297
- RESERVED
-CVE-2021-34296
- RESERVED
-CVE-2021-34295
- RESERVED
-CVE-2021-34294
- RESERVED
-CVE-2021-34293
- RESERVED
-CVE-2021-34292
- RESERVED
-CVE-2021-34291
- RESERVED
+CVE-2021-34333 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34332 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34331 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34330 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34329 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34328 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34327 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34326 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34325 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34324 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34323 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34322 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34321 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34320 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34319 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34318 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34317 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34316 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34315 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34314 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34313 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34312 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34311 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34310 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34309 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34308 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34307 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34306 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34305 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34304 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34303 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34302 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34301 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34300 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34299 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34298 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34297 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34296 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34295 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34294 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34293 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34292 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
+CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions
< V13.2) ...)
+ TODO: check
CVE-2021-3586
RESERVED
NOT-FOR-US: Maistra
@@ -6536,6 +6552,7 @@ CVE-2021-3571 (A flaw was found in the ptp4l program of
the linuxptp package. Wh
NOTE:
https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20
(v3.1.1)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1
CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package.
A missi ...)
+ {DSA-4938-1}
- linuxptp 3.1-2.1 (bug #990748)
NOTE:
https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab
(master)
NOTE:
https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca
(v3.1.1)
@@ -6737,26 +6754,26 @@ CVE-2021-33720
RESERVED
CVE-2021-33719
RESERVED
-CVE-2021-33718
- RESERVED
+CVE-2021-33718 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
+ TODO: check
CVE-2021-33717
RESERVED
CVE-2021-33716
RESERVED
-CVE-2021-33715
- RESERVED
-CVE-2021-33714
- RESERVED
-CVE-2021-33713
- RESERVED
+CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All
versions < ...)
+ TODO: check
+CVE-2021-33714 (A vulnerability has been identified in JT Utilities (All
versions < ...)
+ TODO: check
+CVE-2021-33713 (A vulnerability has been identified in JT Utilities (All
versions < ...)
+ TODO: check
CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All
version ...)
NOT-FOR-US: Mendix SAML Module
-CVE-2021-33711
- RESERVED
-CVE-2021-33710
- RESERVED
-CVE-2021-33709
- RESERVED
+CVE-2021-33711 (A vulnerability has been identified in Teamcenter Active
Workspace V4 ...)
+ TODO: check
+CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active
Workspace V4 ...)
+ TODO: check
+CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active
Workspace V4 ...)
+ TODO: check
CVE-2021-33708
RESERVED
CVE-2021-33707
@@ -7034,8 +7051,8 @@ CVE-2021-3566
RESERVED
CVE-2021-33579
RESERVED
-CVE-2021-33578
- RESERVED
+CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection
vulnerabilities ...)
+ TODO: check
CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The
requirement for t ...)
NOT-FOR-US: Cleo LexiCom
CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the
AS2 messag ...)
@@ -10990,14 +11007,14 @@ CVE-2021-31897 (In JetBrains WebStorm before 2021.1,
code execution without user
NOT-FOR-US: JetBrains
CVE-2021-31896
RESERVED
-CVE-2021-31895
- RESERVED
-CVE-2021-31894
- RESERVED
-CVE-2021-31893
- RESERVED
-CVE-2021-31892
- RESERVED
+CVE-2021-31895 (A vulnerability has been identified in RUGGEDCOM ROS M2100
(All versio ...)
+ TODO: check
+CVE-2021-31894 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and
earlier ...)
+ TODO: check
+CVE-2021-31893 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and
earlier ...)
+ TODO: check
+CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse
MyCondition ( ...)
+ TODO: check
CVE-2021-31891
RESERVED
CVE-2021-31890
@@ -11344,8 +11361,7 @@ CVE-2021-31811 (In Apache PDFBox, a carefully crafted
PDF file can trigger an Ou
- libpdfbox2-java <unfixed>
- libpdfbox-java <undetermined>
NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2
-CVE-2021-31810 [Trusting FTP PASV responses vulnerability in Net::FTP]
- RESERVED
+CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through
2.7.3, an ...)
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
@@ -12799,24 +12815,24 @@ CVE-2021-31227
RESERVED
CVE-2021-31226
RESERVED
-CVE-2021-31225
- RESERVED
-CVE-2021-31224
- RESERVED
-CVE-2021-31223
- RESERVED
-CVE-2021-31222
- RESERVED
-CVE-2021-31221
- RESERVED
-CVE-2021-31220
- RESERVED
+CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not
currentl ...)
+ TODO: check
+CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing
security pol ...)
+ TODO: check
+CVE-2021-31223 (SES Evolution before 2.1.0 allows reading some parts of a
security pol ...)
+ TODO: check
+CVE-2021-31222 (SES Evolution before 2.1.0 allows updating some parts of a
security po ...)
+ TODO: check
+CVE-2021-31221 (SES Evolution before 2.1.0 allows deleting some parts of a
security po ...)
+ TODO: check
+CVE-2021-31220 (SES Evolution before 2.1.0 allows modifying security policies
by lever ...)
+ TODO: check
CVE-2021-31219
RESERVED
CVE-2021-31218
RESERVED
-CVE-2021-31217
- RESERVED
+CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200,
insecure ...)
+ TODO: check
CVE-2021-31216
RESERVED
CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x
before 20.11. ...)
@@ -18028,9 +18044,9 @@ CVE-2021-29108
RESERVED
CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS
Server Man ...)
NOT-FOR-US: ArcGIS Server Manager
-CVE-2021-29106 (A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS
Server ...)
+CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri
ArcGIS Se ...)
NOT-FOR-US: ArcGIS Server
-CVE-2021-29105 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS
Server Ser ...)
+CVE-2021-29105 (A stored Cross Site Scripting (XSS) vulnerability in Esri
ArcGIS Serve ...)
NOT-FOR-US: ArcGIS Server Services Directory
CVE-2021-29104 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS
Server Man ...)
NOT-FOR-US: ArcGIS Server Manager
@@ -26551,8 +26567,8 @@ CVE-2021-25673 (A vulnerability has been identified in
SIMATIC S7-PLCSIM V5.4 (A
NOT-FOR-US: Siemens
CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password
Appstore ...)
NOT-FOR-US: Mendix Forgot Password Appstore module
-CVE-2021-25671
- RESERVED
+CVE-2021-25671 (A vulnerability has been identified in RWG1.M12 (All versions
< V1. ...)
+ TODO: check
CVE-2021-25670 (A vulnerability has been identified in Tecnomatix RobotExpert
(All ver ...)
NOT-FOR-US: Tecnomatix RobotExpert (Siemens)
CVE-2021-25669 (A vulnerability has been identified in SCALANCE X200-4P IRT
(All versi ...)
@@ -33815,8 +33831,8 @@ CVE-2021-22442
RESERVED
CVE-2021-22441
RESERVED
-CVE-2021-22440
- RESERVED
+CVE-2021-22440 (There is a path traversal vulnerability in some Huawei
products. The v ...)
+ TODO: check
CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice
V200R006C ...)
NOT-FOR-US: Huawei
CVE-2021-22438
@@ -33897,8 +33913,8 @@ CVE-2021-22401
RESERVED
CVE-2021-22400
RESERVED
-CVE-2021-22399
- RESERVED
+CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS
vulnerabil ...)
+ TODO: check
CVE-2021-22398
RESERVED
CVE-2021-22397
@@ -34327,7 +34343,7 @@ CVE-2021-22196 (An issue has been discovered in GitLab
CE/EE affecting all versi
- gitlab <unfixed>
CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0
and earl ...)
NOT-FOR-US: gitlab-vscode-extension
-CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled
session keys ...)
+CVE-2021-22194 (In all versions of GitLab, marshalled session keys were being
stored i ...)
- gitlab <unfixed>
CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
@@ -34760,8 +34776,7 @@ CVE-2021-22002
RESERVED
CVE-2021-22001
RESERVED
-CVE-2021-22000
- RESERVED
+CVE-2021-22000 (VMware Thinapp version 5.x prior to 5.2.10 contain a DLL
hijacking vul ...)
NOT-FOR-US: VMware
CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware
Remote Conso ...)
NOT-FOR-US: VMware
@@ -34771,11 +34786,9 @@ CVE-2021-21997 (VMware Tools for Windows (11.x.y prior
to 11.3.0) contains a den
NOT-FOR-US: VMware
CVE-2021-21996
RESERVED
-CVE-2021-21995
- RESERVED
+CVE-2021-21995 (OpenSLP as used in ESXi has a denial-of-service vulnerability
due a he ...)
NOT-FOR-US: VMware
-CVE-2021-21994
- RESERVED
+CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an
authenticatio ...)
NOT-FOR-US: VMware
CVE-2021-21993
RESERVED
@@ -35168,6 +35181,7 @@ CVE-2021-21808 (A memory corruption vulnerability
exists in the PNG png_palette_
CVE-2021-21807 (An integer overflow vulnerability exists in the DICOM
parse_dicom_meta ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21806 (An exploitable use-after-free vulnerability exists in
WebKitGTK browse ...)
+ {DSA-4877-1}
- webkit2gtk 2.30.6-1
- wpewebkit 2.30.6-1
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
@@ -39509,12 +39523,12 @@ CVE-2021-20597
RESERVED
CVE-2021-20596
RESERVED
-CVE-2021-20595
- RESERVED
+CVE-2021-20595 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
+ TODO: check
CVE-2021-20594
RESERVED
-CVE-2021-20593
- RESERVED
+CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in
Mitsubishi Ele ...)
+ TODO: check
CVE-2021-20592
RESERVED
CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi
Electric ...)
@@ -39851,12 +39865,12 @@ CVE-2021-20426 (IBM Security Guardium 11.2 contains
hard-coded credentials, such
NOT-FOR-US: IBM
CVE-2021-20425
RESERVED
-CVE-2021-20424
- RESERVED
-CVE-2021-20423
- RESERVED
-CVE-2021-20422
- RESERVED
+CVE-2021-20424 (IBM Cloud Pak for Applications 4.3 could allow a remote
attacker to ob ...)
+ TODO: check
+CVE-2021-20423 (IBM Cloud Pak for Applications 4.3 could allow an
authenticated user g ...)
+ TODO: check
+CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive
informatio ...)
+ TODO: check
CVE-2021-20421
RESERVED
CVE-2021-20420
@@ -39961,26 +39975,26 @@ CVE-2021-20371 (IBM Jazz Foundation and IBM
Engineering products could allow a r
NOT-FOR-US: IBM
CVE-2021-20370
RESERVED
-CVE-2021-20369
- RESERVED
-CVE-2021-20368
- RESERVED
+CVE-2021-20369 (IBM Cloud Pak for Applications 4.3 uses weaker than expected
cryptogra ...)
+ TODO: check
+CVE-2021-20368 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site
scripti ...)
+ TODO: check
CVE-2021-20367
RESERVED
-CVE-2021-20366
- RESERVED
-CVE-2021-20365
- RESERVED
-CVE-2021-20364
- RESERVED
-CVE-2021-20363
- RESERVED
-CVE-2021-20362
- RESERVED
-CVE-2021-20361
- RESERVED
-CVE-2021-20360
- RESERVED
+CVE-2021-20366 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site
scripti ...)
+ TODO: check
+CVE-2021-20365 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site
scripti ...)
+ TODO: check
+CVE-2021-20364 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site
scripti ...)
+ TODO: check
+CVE-2021-20363 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site
scripti ...)
+ TODO: check
+CVE-2021-20362 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site
scripti ...)
+ TODO: check
+CVE-2021-20361 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site
scripti ...)
+ TODO: check
+CVE-2021-20360 (IBM Cloud Pak for Applications 4.3 uses weaker than expected
cryptogra ...)
+ TODO: check
CVE-2021-20359 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business
Automatio ...)
NOT-FOR-US: IBM
CVE-2021-20358 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores
potentially s ...)
@@ -48179,8 +48193,8 @@ CVE-2020-28402 (An improper authorization vulnerability
exists in Star Practice
NOT-FOR-US: Star Practice Management Web
CVE-2020-28401 (An improper authorization vulnerability exists in Star
Practice Manage ...)
NOT-FOR-US: Star Practice Management Web
-CVE-2020-28400
- RESERVED
+CVE-2020-28400 (A vulnerability has been identified in Development/Evaluation
Kits for ...)
+ TODO: check
CVE-2020-28399
RESERVED
CVE-2020-28398
@@ -55769,8 +55783,8 @@ CVE-2020-26156
REJECTED
CVE-2020-26155 (Multiple files and folders in Utimaco SecurityServer 4.20.0.4
and 4.31 ...)
NOT-FOR-US: Utimaco SecurityServer
-CVE-2020-26153
- RESERVED
+CVE-2020-26153 (A cross-site scripting (XSS) vulnerability in
wp-content/plugins/event ...)
+ TODO: check
CVE-2020-26152
RESERVED
CVE-2020-26151
@@ -63207,8 +63221,8 @@ CVE-2020-22909
RESERVED
CVE-2020-22908
RESERVED
-CVE-2020-22907
- RESERVED
+CVE-2020-22907 (Stack overflow vulnerability in function jsi_evalcode_sub in
jsish bef ...)
+ TODO: check
CVE-2020-22906
RESERVED
CVE-2020-22905
@@ -63249,16 +63263,16 @@ CVE-2020-22888
RESERVED
CVE-2020-22887
RESERVED
-CVE-2020-22886
- RESERVED
-CVE-2020-22885
- RESERVED
-CVE-2020-22884
- RESERVED
+CVE-2020-22886 (Buffer overflow vulnerability in function jsG_markobject in
jsgc.c in ...)
+ TODO: check
+CVE-2020-22885 (Buffer overflow vulnerability in mujs before 1.0.8 due to
recursion in ...)
+ TODO: check
+CVE-2020-22884 (Buffer overflow vulnerability in function jsvGetStringChars in
Espruin ...)
+ TODO: check
CVE-2020-22883
RESERVED
-CVE-2020-22882
- RESERVED
+CVE-2020-22882 (Issue was discovered in the fxParserTree function in moddable,
allows ...)
+ TODO: check
CVE-2020-22881
RESERVED
CVE-2020-22880
@@ -63269,14 +63283,14 @@ CVE-2020-22878
RESERVED
CVE-2020-22877
RESERVED
-CVE-2020-22876
- RESERVED
-CVE-2020-22875
- RESERVED
-CVE-2020-22874
- RESERVED
-CVE-2020-22873
- RESERVED
+CVE-2020-22876 (Buffer Overflow vulnerability in quickjs.c in QuickJS, allows
remote a ...)
+ TODO: check
+CVE-2020-22875 (Integer overflow vulnerability in function Jsi_ObjSetLength in
jsish b ...)
+ TODO: check
+CVE-2020-22874 (Integer overflow vulnerability in function Jsi_ObjArraySizer
in jsish ...)
+ TODO: check
+CVE-2020-22873 (Buffer overflow vulnerability in function NumberToPrecisionCmd
in jsis ...)
+ TODO: check
CVE-2020-22872
RESERVED
CVE-2020-22871
@@ -68657,12 +68671,12 @@ CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable
tree) suffers from a memor
NOT-FOR-US: Mikrotik RouterOs
CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a
divison by ...)
NOT-FOR-US: Mikrotik RouterOs
-CVE-2020-20252
- RESERVED
+CVE-2020-20252 (Mikrotik RouterOs before stable version 6.47 suffers from a
memory cor ...)
+ TODO: check
CVE-2020-20251
RESERVED
-CVE-2020-20250
- RESERVED
+CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a
memory cor ...)
+ TODO: check
CVE-2020-20249
RESERVED
CVE-2020-20248
@@ -218792,9 +218806,9 @@ CVE-2018-4842 (A vulnerability has been identified in
SCALANCE X-200IRT switch f
NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All
versions < ...)
NOT-FOR-US: TIM
-CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All
versions & ...)
+CVE-2018-4840 (A vulnerability has been identified in DIGSI 4 (All versions
< V4.9 ...)
NOT-FOR-US: Siemens
-CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All
versions & ...)
+CVE-2018-4839 (A vulnerability has been identified in DIGSI 4 (All versions
< V4.9 ...)
NOT-FOR-US: Siemens
CVE-2018-4838 (A vulnerability has been identified in EN100 Ethernet module
IEC 61850 ...)
NOT-FOR-US: Siemens
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf4dcf3d3d79fb2ccd1dcc68d68963132de36d05
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf4dcf3d3d79fb2ccd1dcc68d68963132de36d05
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
