Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
510037c4 by security tracker role at 2021-07-16T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2021-36767
+ RESERVED
+CVE-2021-36766
+ RESERVED
+CVE-2021-36765
+ RESERVED
+CVE-2021-36764
+ RESERVED
+CVE-2021-36763
+ RESERVED
+CVE-2021-36762
+ RESERVED
+CVE-2021-36761
+ RESERVED
+CVE-2021-36760
+ RESERVED
+CVE-2021-36759
+ RESERVED
+CVE-2021-3651
+ RESERVED
CVE-2021-36758 (1Password Connect server before 1.2 is missing validation
checks, perm ...)
NOT-FOR-US: 1Password
CVE-2021-36757
@@ -20,8 +40,8 @@ CVE-2021-36749
RESERVED
CVE-2021-3650
RESERVED
-CVE-2021-3649
- RESERVED
+CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression
Complexity ...)
+ TODO: check
CVE-2021-36748
RESERVED
CVE-2021-36747
@@ -43,8 +63,8 @@ CVE-2021-36741
RESERVED
CVE-2021-3648
RESERVED
-CVE-2021-3647
- RESERVED
+CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site ...)
+ TODO: check
CVE-2021-3646
RESERVED
CVE-2021-3645
@@ -1813,10 +1833,10 @@ CVE-2021-35964
RESERVED
CVE-2021-35963
RESERVED
-CVE-2021-35962
- RESERVED
-CVE-2021-35961
- RESERVED
+CVE-2021-35962 (Specific page parameters in Dr. ID Door Access Control and
Personnel A ...)
+ TODO: check
+CVE-2021-35961 (Dr. ID Door Access Control and Personnel Attendance Management
system ...)
+ TODO: check
CVE-2021-35960
RESERVED
CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in
the folde ...)
@@ -8991,8 +9011,8 @@ CVE-2021-32771
RESERVED
CVE-2021-32770 (Gatsby is a framework for building websites. The
gatsby-source-wordpre ...)
NOT-FOR-US: Gatsby
-CVE-2021-32769
- RESERVED
+CVE-2021-32769 (Micronaut is a JVM-based, full stack Java framework designed
for build ...)
+ TODO: check
CVE-2021-32768
RESERVED
CVE-2021-32767
@@ -9031,8 +9051,7 @@ CVE-2021-32751
RESERVED
CVE-2021-32750 (MuWire is a file publishing and networking tool that protects
the iden ...)
NOT-FOR-US: MuWire
-CVE-2021-32749
- RESERVED
+CVE-2021-32749 (fail2ban is a daemon to ban hosts that cause multiple
authentication e ...)
- fail2ban 0.11.2-2
[buster] - fail2ban <no-dsa> (Minor issue, can be fixed in point
release)
NOTE:
https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
@@ -20560,8 +20579,8 @@ CVE-2021-28116 (Squid through 4.14 and 5.x through
5.0.5, in some configurations
NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=5131
CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via
the com ...)
NOT-FOR-US: MyBB addon
-CVE-2021-28114
- RESERVED
+CVE-2021-28114 (Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a
namespace co ...)
+ TODO: check
CVE-2021-28113 (A command injection vulnerability in the cookieDomain and
relayDomain ...)
NOT-FOR-US: Okta Access Gateway
CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code
on a deb ...)
@@ -20767,10 +20786,10 @@ CVE-2021-28056
RESERVED
CVE-2021-28055 (An issue was discovered in Centreon-Web in Centreon Platform
20.10.0. ...)
- centreon-web <itp> (bug #913903)
-CVE-2021-28054
- RESERVED
-CVE-2021-28053
- RESERVED
+CVE-2021-28054 (An issue was discovered in Centreon-Web in Centreon Platform
20.10.0. ...)
+ TODO: check
+CVE-2021-28053 (An issue was discovered in Centreon-Web in Centreon Platform
20.10.0. ...)
+ TODO: check
CVE-2021-28052
RESERVED
CVE-2021-28051
@@ -35299,16 +35318,16 @@ CVE-2021-21822 (A use-after-free vulnerability exists
in the JavaScript engine o
NOT-FOR-US: Foxit
CVE-2021-21821 (A stack-based buffer overflow vulnerability exists in the PDF
process_ ...)
NOT-FOR-US: Accusoft ImageGear
-CVE-2021-21820
- RESERVED
-CVE-2021-21819
- RESERVED
-CVE-2021-21818
- RESERVED
-CVE-2021-21817
- RESERVED
-CVE-2021-21816
- RESERVED
+CVE-2021-21820 (A hard-coded password vulnerability exists in the Libcli Test
Environm ...)
+ TODO: check
+CVE-2021-21819 (A code execution vulnerability exists in the Libcli Test
Environment f ...)
+ TODO: check
+CVE-2021-21818 (A hard-coded password vulnerability exists in the Zebra IP
Routing Man ...)
+ TODO: check
+CVE-2021-21817 (An information disclosure vulnerability exists in the Zebra IP
Routing ...)
+ TODO: check
+CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog
functiona ...)
+ TODO: check
CVE-2021-21815
RESERVED
CVE-2021-21814
@@ -35335,18 +35354,18 @@ CVE-2021-21806 (An exploitable use-after-free
vulnerability exists in WebKitGTK
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
CVE-2021-21805
RESERVED
-CVE-2021-21804
- RESERVED
-CVE-2021-21803
- RESERVED
-CVE-2021-21802
- RESERVED
-CVE-2021-21801
- RESERVED
-CVE-2021-21800
- RESERVED
-CVE-2021-21799
- RESERVED
+CVE-2021-21804 (A local file inclusion (LFI) vulnerability exists in the
options.php s ...)
+ TODO: check
+CVE-2021-21803 (This vulnerability is present in device_graph_page.php script,
which i ...)
+ TODO: check
+CVE-2021-21802 (This vulnerability is present in device_graph_page.php script,
which i ...)
+ TODO: check
+CVE-2021-21801 (This vulnerability is present in device_graph_page.php script,
which i ...)
+ TODO: check
+CVE-2021-21800 (Cross-site scripting vulnerabilities exist in the ssh_form.php
script ...)
+ TODO: check
+CVE-2021-21799 (Cross-site scripting vulnerabilities exist in the
telnet_form.php scri ...)
+ TODO: check
CVE-2021-21798
RESERVED
CVE-2021-21797
@@ -47022,8 +47041,8 @@ CVE-2021-1424
RESERVED
CVE-2021-1423 (A vulnerability in the implementation of a CLI command in Cisco
Airone ...)
NOT-FOR-US: Cisco
-CVE-2021-1422
- RESERVED
+CVE-2021-1422 (A vulnerability in the software cryptography module of Cisco
Adaptive ...)
+ TODO: check
CVE-2021-1421 (A vulnerability in Cisco Enterprise NFV Infrastructure Software
(NFVIS ...)
NOT-FOR-US: Cisco
CVE-2021-1420 (A vulnerability in certain web pages of Cisco Webex Meetings
could all ...)
@@ -108538,8 +108557,8 @@ CVE-2020-4982
RESERVED
CVE-2020-4981 (IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local
privile ...)
NOT-FOR-US: IBM
-CVE-2020-4980
- RESERVED
+CVE-2020-4980 (IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for
protecting da ...)
+ TODO: check
CVE-2020-4979 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure
inter-deployment ...)
NOT-FOR-US: IBM
CVE-2020-4978
@@ -108856,8 +108875,8 @@ CVE-2020-4823
RESERVED
CVE-2020-4822
RESERVED
-CVE-2020-4821
- RESERVED
+CVE-2020-4821 (IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change
Data Ca ...)
+ TODO: check
CVE-2020-4820 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to
cross-site ...)
NOT-FOR-US: IBM
CVE-2020-4819
@@ -109151,8 +109170,8 @@ CVE-2020-4677
RESERVED
CVE-2020-4676
RESERVED
-CVE-2020-4675
- RESERVED
+CVE-2020-4675 (IBM InfoSphere Master Data Management Server 11.6 is vulnerable
to cro ...)
+ TODO: check
CVE-2020-4674 (IBM Workload Automation 9.5 stores the server path in URLs that
could ...)
NOT-FOR-US: IBM
CVE-2020-4673 (IBM Workload Automation 9.5 stores sensitive information in
HTML comme ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510037c4b33e0721f2dc90b90565ec84acdb9ad1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510037c4b33e0721f2dc90b90565ec84acdb9ad1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
