[Git][security-tracker-team/security-tracker][master] automatic update

Fri, 23 Jul 2021 13:10:41 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5435793d by security tracker role at 2021-07-23T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-37424
+       RESERVED
+CVE-2021-37423
+       RESERVED
+CVE-2021-37422
+       RESERVED
+CVE-2021-37421
+       RESERVED
+CVE-2021-37420
+       RESERVED
+CVE-2021-37419
+       RESERVED
+CVE-2021-37418
+       RESERVED
+CVE-2021-37417
+       RESERVED
+CVE-2021-37416
+       RESERVED
+CVE-2021-37415
+       RESERVED
+CVE-2021-37414
+       RESERVED
+CVE-2021-37413
+       RESERVED
+CVE-2021-37412
+       RESERVED
+CVE-2021-37411
+       RESERVED
+CVE-2021-3665
+       RESERVED
+CVE-2021-3664
+       RESERVED
+CVE-2021-26250
+       RESERVED
+CVE-2021-23208
+       RESERVED
+CVE-2021-23183
+       RESERVED
 CVE-2021-XXXX [Remote Information Disclosure]
        - prosody 0.11.9-2
        NOTE: https://prosody.im/security/advisory_20210722/
@@ -25247,8 +25285,8 @@ CVE-2021-26801
        RESERVED
 CVE-2021-26800
        RESERVED
-CVE-2021-26799
-       RESERVED
+CVE-2021-26799 (Cross Site Scripting (XSS) vulnerability in admin/files/edit 
in Omeka  ...)
+       TODO: check
 CVE-2021-26798
        RESERVED
 CVE-2021-26797 (An access control vulnerability in Hame SD1 Wi-Fi firmware 
<=V.2014 ...)
@@ -27993,10 +28031,10 @@ CVE-2021-25793
        RESERVED
 CVE-2021-25792
        RESERVED
-CVE-2021-25791
-       RESERVED
-CVE-2021-25790
-       RESERVED
+CVE-2021-25791 (Multiple stored cross site scripting (XSS) vulnerabilities in 
the "Upd ...)
+       TODO: check
+CVE-2021-25790 (Multiple stored cross site scripting (XSS) vulnerabilities in 
the "Reg ...)
+       TODO: check
 CVE-2021-25789
        RESERVED
 CVE-2021-25788
@@ -29246,8 +29284,8 @@ CVE-2021-25275 (SolarWinds Orion Platform before 
2020.2.4, as used by various So
        NOT-FOR-US: SolarWinds
 CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before 
2020.2.4 use ...)
        NOT-FOR-US: SolarWinds
-CVE-2021-3159
-       RESERVED
+CVE-2021-3159 (A stored cross site scripting (XSS) vulnerability in the 
/sys/attachme ...)
+       TODO: check
 CVE-2021-25273
        RESERVED
 CVE-2021-25272
@@ -29400,22 +29438,22 @@ CVE-2021-25210 (Arbitrary file upload vulnerability 
in SourceCodester Alumni Man
        NOT-FOR-US: SourceCodester Alumni Management System
 CVE-2021-25209 (SQL injection vulnerability in SourceCodester Theme Park 
Ticketing Sys ...)
        NOT-FOR-US: SourceCodester Theme Park Ticketing System
-CVE-2021-25208
-       RESERVED
-CVE-2021-25207
-       RESERVED
-CVE-2021-25206
-       RESERVED
+CVE-2021-25208 (Arbitrary file upload vulnerability in SourceCodester Travel 
Managemen ...)
+       TODO: check
+CVE-2021-25207 (Arbitrary file upload vulnerability in SourceCodester 
E-Commerce Websi ...)
+       TODO: check
+CVE-2021-25206 (Arbitrary file upload vulnerability in SourceCodester 
Responsive Order ...)
+       TODO: check
 CVE-2021-25205 (SQL injection vulnerability in SourceCodester E-Commerce 
Website V 1.0 ...)
        NOT-FOR-US: SourceCodester
-CVE-2021-25204
-       RESERVED
-CVE-2021-25203
-       RESERVED
+CVE-2021-25204 (Cross-site scripting (XSS) vulnerability in SourceCodester 
E-Commerce  ...)
+       TODO: check
+CVE-2021-25203 (Arbitrary file upload vulnerability in Victor CMS v 1.0 allows 
attacke ...)
+       TODO: check
 CVE-2021-25202 (SQL injection vulnerability in SourceCodester Sales and 
Inventory Syst ...)
        NOT-FOR-US: SourceCodester Sales and Inventory System
-CVE-2021-25201
-       RESERVED
+CVE-2021-25201 (SQL injection vulnerability in Learning Management System v 
1.0 allows ...)
+       TODO: check
 CVE-2021-25200
        RESERVED
 CVE-2021-25199
@@ -33320,8 +33358,8 @@ CVE-2021-23414
        RESERVED
 CVE-2021-23413
        RESERVED
-CVE-2021-23412
-       RESERVED
+CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command 
Injection ...)
+       TODO: check
 CVE-2021-23411 (All versions of package anchorme are vulnerable to Cross-site 
Scriptin ...)
        TODO: check
 CVE-2021-23410 (All versions of package msgpack are vulnerable to 
Deserialization of U ...)
@@ -40322,7 +40360,7 @@ CVE-2021-21045 (Acrobat Reader DC versions versions 
2020.013.20074 (and earlier)
        NOT-FOR-US: Adobe
 CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and 
earlier), 2020 ...)
        NOT-FOR-US: Adobe
-CVE-2021-21043 (Acrobat InDesign version 16.0 (and earlier) is affected by an 
Out-of-b ...)
+CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a 
Reflected Cross ...)
        NOT-FOR-US: Adobe
 CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 
2020.001.3001 ...)
        NOT-FOR-US: Adobe
@@ -41796,8 +41834,8 @@ CVE-2021-20335 (For MongoDB Ops Manager <= 4.2.24 
with multiple OM applicatio
        NOT-FOR-US: MongoDB Ops Manager
 CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine 
where M ...)
        NOT-FOR-US: MongoDB Compass
-CVE-2021-20333
-       RESERVED
+CVE-2021-20333 (Sending specially crafted commands to a MongoDB Server may 
result in a ...)
+       TODO: check
 CVE-2021-20332
        RESERVED
 CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously 
publish eve ...)
@@ -85003,8 +85041,8 @@ CVE-2020-14033 (An issue was discovered in 
janus-gateway (aka Janus WebRTC Serve
        - janus 0.10.2-1
        NOTE: https://github.com/meetecho/janus-gateway/pull/2229
        NOTE: 
https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80
-CVE-2020-14032
-       RESERVED
+CVE-2020-14032 (ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege 
escalation via ...)
+       TODO: check
 CVE-2020-14031 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. The ou ...)
        NOT-FOR-US: Ozeki NG SMS Gateway
 CVE-2020-14030 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. It sto ...)
@@ -101677,6 +101715,7 @@ CVE-2020-8161 (A directory traversal vulnerability 
exists in rack < 2.2.0 tha
 CVE-2020-8160 (MendixSSO <= 2.1.1 contains endpoints that make use of the 
openid h ...)
        NOT-FOR-US: MendixSSO
 CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < 
v1.2.1 th ...)
+       {DLA-2719-1}
        - ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
        [buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
        NOTE: 
https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
@@ -151461,7 +151500,7 @@ CVE-2019-9985
 CVE-2019-9984
        RESERVED
 CVE-2019-9983
-       RESERVED
+       REJECTED
 CVE-2019-9982
        RESERVED
 CVE-2019-9981



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5435793d84b3140c4a28ae753c4670df39c55f45

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5435793d84b3140c4a28ae753c4670df39c55f45
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to