Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9548ba9 by security tracker role at 2021-08-06T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,15 @@
-CVE-2021-38149
+CVE-2021-38154
RESERVED
+CVE-2021-38153
+ RESERVED
+CVE-2021-38152 (index.php/appointment/insert_patient_add_appointment in
Chikitsa Patie ...)
+ TODO: check
+CVE-2021-38151 (index.php/appointment/todos in Chikitsa Patient Management
System 2.0. ...)
+ TODO: check
+CVE-2021-38150
+ RESERVED
+CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System
2.0.0 a ...)
+ TODO: check
CVE-2021-38148
RESERVED
CVE-2021-38147
@@ -22,10 +32,10 @@ CVE-2021-38139
RESERVED
CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE:
the vend ...)
NOT-FOR-US: OneNav
-CVE-2021-38137
- RESERVED
-CVE-2021-38136
- RESERVED
+CVE-2021-38137 (Corero SecureWatch Managed Services 9.7.2.0020 does not
correctly chec ...)
+ TODO: check
+CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by
a Path T ...)
+ TODO: check
CVE-2021-3688
RESERVED
CVE-2021-38135
@@ -1275,36 +1285,36 @@ CVE-2021-37556 (A SQL injection vulnerability in
reporting export in Centreon be
- centreon-web <itp> (bug #913903)
CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a
shell a ...)
NOT-FOR-US: TX9 Automatic Food Dispenser
-CVE-2021-37554
- RESERVED
-CVE-2021-37553
- RESERVED
-CVE-2021-37552
- RESERVED
-CVE-2021-37551
- RESERVED
-CVE-2021-37550
- RESERVED
-CVE-2021-37549
- RESERVED
-CVE-2021-37548
- RESERVED
-CVE-2021-37547
- RESERVED
-CVE-2021-37546
- RESERVED
-CVE-2021-37545
- RESERVED
-CVE-2021-37544
- RESERVED
-CVE-2021-37543
- RESERVED
-CVE-2021-37542
- RESERVED
-CVE-2021-37541
- RESERVED
-CVE-2021-37540
- RESERVED
+CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see
boards wit ...)
+ TODO: check
+CVE-2021-37553 (In JetBrains YouTrack before 2021.2.16363, an insecure PRNG
was used. ...)
+ TODO: check
+CVE-2021-37552 (In JetBrains YouTrack before 2021.2.17925, stored XSS was
possible. ...)
+ TODO: check
+CVE-2021-37551 (In JetBrains YouTrack before 2021.2.16363, system user
passwords were ...)
+ TODO: check
+CVE-2021-37550 (In JetBrains YouTrack before 2021.2.16363, time-unsafe
comparisons wer ...)
+ TODO: check
+CVE-2021-37549 (In JetBrains YouTrack before 2021.1.11111, sandboxing in
workflows was ...)
+ TODO: check
+CVE-2021-37548 (In JetBrains TeamCity before 2021.1, passwords in cleartext
sometimes ...)
+ TODO: check
+CVE-2021-37547 (In JetBrains TeamCity before 2020.2.4, insufficient checks
during file ...)
+ TODO: check
+CVE-2021-37546 (In JetBrains TeamCity before 2021.1, an insecure key
generation mechan ...)
+ TODO: check
+CVE-2021-37545 (In JetBrains TeamCity before 2021.1.1, insufficient
authentication che ...)
+ TODO: check
+CVE-2021-37544 (In JetBrains TeamCity before 2020.2.4, there was an insecure
deseriali ...)
+ TODO: check
+CVE-2021-37543 (In JetBrains RubyMine before 2021.1.1, code execution without
user con ...)
+ TODO: check
+CVE-2021-37542 (In JetBrains TeamCity before 2020.2.3, XSS was possible. ...)
+ TODO: check
+CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the
password r ...)
+ TODO: check
+CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially
insufficient CSP f ...)
+ TODO: check
CVE-2021-37539
RESERVED
CVE-2021-3666
@@ -1631,8 +1641,8 @@ CVE-2021-37390
RESERVED
CVE-2021-37389
RESERVED
-CVE-2021-37388
- RESERVED
+CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr
paramet ...)
+ TODO: check
CVE-2021-37387
RESERVED
CVE-2021-37386
@@ -1645,8 +1655,8 @@ CVE-2021-37383
RESERVED
CVE-2021-37382
RESERVED
-CVE-2021-37381
- RESERVED
+CVE-2021-37381 (Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers
can access ...)
+ TODO: check
CVE-2021-37380
RESERVED
CVE-2021-37379
@@ -2917,8 +2927,8 @@ CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS
through 2.72, root acc
NOT-FOR-US: Victron Energy Venus OS
CVE-2021-36796
RESERVED
-CVE-2021-36795
- RESERVED
+CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow
privilege esc ...)
+ TODO: check
CVE-2021-36794
RESERVED
CVE-2021-36793
@@ -3183,14 +3193,14 @@ CVE-2021-36710
RESERVED
CVE-2021-36709
RESERVED
-CVE-2021-36708
- RESERVED
-CVE-2021-36707
- RESERVED
-CVE-2021-36706
- RESERVED
-CVE-2021-36705
- RESERVED
+CVE-2021-36708 (In ProLink PRC2402M V1.0.18 and older, the set_sys_init
function in th ...)
+ TODO: check
+CVE-2021-36707 (In ProLink PRC2402M V1.0.18 and older, the set_ledonoff
function in th ...)
+ TODO: check
+CVE-2021-36706 (In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd
function in the ...)
+ TODO: check
+CVE-2021-36705 (In ProLink PRC2402M V1.0.18 and older, the set_TR069 function
in the a ...)
+ TODO: check
CVE-2021-36704
RESERVED
CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of
"dashbo ...)
@@ -3691,10 +3701,10 @@ CVE-2021-36457
RESERVED
CVE-2021-36456
RESERVED
-CVE-2021-36455
- RESERVED
-CVE-2021-36454
- RESERVED
+CVE-2021-36455 (SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via
the quick ...)
+ TODO: check
+CVE-2021-36454 (Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate
Cms 2.9 ...)
+ TODO: check
CVE-2021-36453
RESERVED
CVE-2021-36452
@@ -3917,8 +3927,8 @@ CVE-2021-36353
RESERVED
CVE-2021-36352
RESERVED
-CVE-2021-36351
- RESERVED
+CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital
Information ...)
+ TODO: check
CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function]
RESERVED
- linux <unfixed>
@@ -4243,8 +4253,8 @@ CVE-2021-36211
RESERVED
CVE-2021-36210
RESERVED
-CVE-2021-36209
- RESERVED
+CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was
possible du ...)
+ TODO: check
CVE-2021-36208
RESERVED
CVE-2021-36207
@@ -6344,8 +6354,8 @@ CVE-2021-35314
RESERVED
CVE-2021-35313
RESERVED
-CVE-2021-35312
- RESERVED
+CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica
Prodigy v1.7. ...)
+ TODO: check
CVE-2021-35311
RESERVED
CVE-2021-35310
@@ -10181,7 +10191,7 @@ CVE-2021-33631
RESERVED
CVE-2021-33630
RESERVED
-CVE-2021-33629 (isula-build before 0.9.5-8 can cause a program crash, when
building co ...)
+CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when
building co ...)
NOT-FOR-US: isula-build
CVE-2021-33628
RESERVED
@@ -12637,8 +12647,8 @@ CVE-2021-32599
RESERVED
CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers
('HTTP Re ...)
NOT-FOR-US: FortiGuard
-CVE-2021-32597
- RESERVED
+CVE-2021-32597 (Multiple improper neutralization of input during web page
generation ( ...)
+ TODO: check
CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in
the pas ...)
NOT-FOR-US: FortiPortal
CVE-2021-32595
@@ -12657,8 +12667,8 @@ CVE-2021-32589
RESERVED
CVE-2021-32588
RESERVED
-CVE-2021-32587
- RESERVED
+CVE-2021-32587 (An improper access control vulnerability in FortiManager and
FortiAnal ...)
+ TODO: check
CVE-2021-32586
RESERVED
CVE-2021-32585
@@ -26547,10 +26557,10 @@ CVE-2021-27001
RESERVED
CVE-2021-27000
RESERVED
-CVE-2021-26999
- RESERVED
-CVE-2021-26998
- RESERVED
+CVE-2021-26999 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive
information ...)
+ TODO: check
+CVE-2021-26998 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive
information ...)
+ TODO: check
CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior
to 11.7 ...)
NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior
to 11.7 ...)
@@ -27510,8 +27520,8 @@ CVE-2021-26608
RESERVED
CVE-2021-26607
RESERVED
-CVE-2021-26606
- RESERVED
+CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security
could allow ...)
+ TODO: check
CVE-2021-26605 (An improper input validation vulnerability in the service of
ezPDFRead ...)
NOT-FOR-US: ezPDFReader
CVE-2021-26604
@@ -37705,8 +37715,8 @@ CVE-2021-22297
RESERVED
CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local
attackers ...)
NOT-FOR-US: HarmonyOS
-CVE-2021-22295
- RESERVED
+CVE-2021-22295 (A component of the HarmonyOS has a permission bypass
vulnerability. Lo ...)
+ TODO: check
CVE-2021-22294 (A component API of the HarmonyOS 2.0 has a permission bypass
vulnerabi ...)
NOT-FOR-US: HarmonyOS
CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of
HTTP reque ...)
@@ -43143,16 +43153,16 @@ CVE-2021-20600
RESERVED
CVE-2021-20599
RESERVED
-CVE-2021-20598
- RESERVED
-CVE-2021-20597
- RESERVED
+CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in
Mitsubis ...)
+ TODO: check
+CVE-2021-20597 (Insufficiently Protected Credentials vulnerability in
Mitsubishi Elect ...)
+ TODO: check
CVE-2021-20596 (NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware
version ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20595 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20594
- RESERVED
+CVE-2021-20594 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in
Mitsubishi Ele ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20592 (Missing synchronization vulnerability in GOT2000 series GT27
model com ...)
@@ -68172,8 +68182,8 @@ CVE-2020-22332
RESERVED
CVE-2020-22331
RESERVED
-CVE-2020-22330
- RESERVED
+CVE-2020-22330 (Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via
the titl ...)
+ TODO: check
CVE-2020-22329
RESERVED
CVE-2020-22328
@@ -75655,10 +75665,10 @@ CVE-2020-18696
RESERVED
CVE-2020-18695
RESERVED
-CVE-2020-18694
- RESERVED
-CVE-2020-18693
- RESERVED
+CVE-2020-18694 (Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows
remote att ...)
+ TODO: check
+CVE-2020-18693 (Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote
attacker ...)
+ TODO: check
CVE-2020-18692
RESERVED
CVE-2020-18691
@@ -87064,7 +87074,7 @@ CVE-2020-14016 (An issue was discovered in Navigate CMS
2.9 r1433. The forgot-pa
NOT-FOR-US: Navigate CMS
CVE-2020-14015 (An issue was discovered in Navigate CMS 2.9 r1433. When
performing a p ...)
NOT-FOR-US: Navigate CMS
-CVE-2020-14014 (An issue was discovered in Navigate CMS 2.9 r1433. The query
parameter ...)
+CVE-2020-14014 (An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The
query p ...)
NOT-FOR-US: Navigate CMS
CVE-2020-14013
RESERVED
@@ -187988,7 +187998,8 @@ CVE-2018-17257
REJECTED
CVE-2018-17256 (Persistent cross-site scripting (XSS) vulnerability in Umbraco
CMS 7.1 ...)
NOT-FOR-US: Umbraco CMS
-CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid
parameter. ...)
+CVE-2018-17255
+ REJECTED
NOT-FOR-US: Navigate CMS
CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL
Injection via th ...)
NOT-FOR-US: JCK Editor component for Joomla!
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9548ba93387ce150087ce1f078bff71813ac42f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9548ba93387ce150087ce1f078bff71813ac42f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
