Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c9b26780 by security tracker role at 2021-11-09T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-43557
+ RESERVED
+CVE-2021-3941
+ RESERVED
+CVE-2021-3940
+ RESERVED
CVE-2021-43556
RESERVED
CVE-2021-43555
@@ -86,8 +92,8 @@ CVE-2021-43521
RESERVED
CVE-2021-43520
RESERVED
-CVE-2021-43519
- RESERVED
+CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter
5.1.0~5.4.4 a ...)
+ TODO: check
CVE-2021-43518
RESERVED
CVE-2021-43517
@@ -192,8 +198,8 @@ CVE-2021-43468
RESERVED
CVE-2021-43467
RESERVED
-CVE-2021-43466
- RESERVED
+CVE-2021-43466 (In the thymeleaf-spring5:3.0.12 component, thymeleaf combined
with spe ...)
+ TODO: check
CVE-2021-43465
RESERVED
CVE-2021-43464
@@ -353,7 +359,7 @@ CVE-2021-43393
RESERVED
CVE-2021-43392
RESERVED
-CVE-2021-43396 (In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc)
2.34, re ...)
+CVE-2021-43396 (** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C
Library (aka ...)
- glibc <unfixed> (bug #998622)
[buster] - glibc <not-affected> (Vulnerable code not present)
[stretch] - glibc <not-affected> (Vulnerable code not present)
@@ -1765,54 +1771,54 @@ CVE-2021-3920
RESERVED
CVE-2021-3919
RESERVED
-CVE-2021-43203
- RESERVED
+CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the
OAuth2 a ...)
+ TODO: check
CVE-2021-43202
RESERVED
-CVE-2021-43201
- RESERVED
-CVE-2021-43200
- RESERVED
-CVE-2021-43199
- RESERVED
-CVE-2021-43198
- RESERVED
-CVE-2021-43197
- RESERVED
-CVE-2021-43196
- RESERVED
-CVE-2021-43195
- RESERVED
-CVE-2021-43194
- RESERVED
-CVE-2021-43193
- RESERVED
-CVE-2021-43192
- RESERVED
-CVE-2021-43191
- RESERVED
-CVE-2021-43190
- RESERVED
-CVE-2021-43189
- RESERVED
-CVE-2021-43188
- RESERVED
-CVE-2021-43187
- RESERVED
-CVE-2021-43186
- RESERVED
-CVE-2021-43185
- RESERVED
-CVE-2021-43184
- RESERVED
-CVE-2021-43183
- RESERVED
-CVE-2021-43182
- RESERVED
-CVE-2021-43181
- RESERVED
-CVE-2021-43180
- RESERVED
+CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project
could t ...)
+ TODO: check
+CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in
the Agent ...)
+ TODO: check
+CVE-2021-43199 (In JetBrains TeamCity before 2021.1.2, permission checks in
the Create ...)
+ TODO: check
+CVE-2021-43198 (In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
...)
+ TODO: check
+CVE-2021-43197 (In JetBrains TeamCity before 2021.1.2, email notifications
could inclu ...)
+ TODO: check
+CVE-2021-43196 (In JetBrains TeamCity before 2021.1, information disclosure
via the Do ...)
+ TODO: check
+CVE-2021-43195 (In JetBrains TeamCity before 2021.1.2, some HTTP security
headers were ...)
+ TODO: check
+CVE-2021-43194 (In JetBrains TeamCity before 2021.1.2, user enumeration was
possible. ...)
+ TODO: check
+CVE-2021-43193 (In JetBrains TeamCity before 2021.1.2, remote code execution
via the a ...)
+ TODO: check
+CVE-2021-43192 (In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme
hijacking i ...)
+ TODO: check
+CVE-2021-43191 (JetBrains YouTrack Mobile before 2021.2, is missing the
security scree ...)
+ TODO: check
+CVE-2021-43190 (In JetBrains YouTrack Mobile before 2021.2, task hijacking on
Android ...)
+ TODO: check
+CVE-2021-43189 (In JetBrains YouTrack Mobile before 2021.2, access token
protection on ...)
+ TODO: check
+CVE-2021-43188 (In JetBrains YouTrack Mobile before 2021.2, access token
protection on ...)
+ TODO: check
+CVE-2021-43187 (In JetBrains YouTrack Mobile before 2021.2, the client-side
cache on i ...)
+ TODO: check
+CVE-2021-43186 (JetBrains YouTrack before 2021.3.24402 is vulnerable to stored
XSS. ...)
+ TODO: check
+CVE-2021-43185 (JetBrains YouTrack before 2021.3.23639 is vulnerable to Host
header in ...)
+ TODO: check
+CVE-2021-43184 (In JetBrains YouTrack before 2021.3.21051, stored XSS is
possible. ...)
+ TODO: check
+CVE-2021-43183 (In JetBrains Hub before 2021.1.13690, the authentication
throttling me ...)
+ TODO: check
+CVE-2021-43182 (In JetBrains Hub before 2021.1.13415, a DoS via user
information is po ...)
+ TODO: check
+CVE-2021-43181 (In JetBrains Hub before 2021.1.13690, stored XSS is possible.
...)
+ TODO: check
+CVE-2021-43180 (In JetBrains Hub before 2021.1.13690, information disclosure
via avata ...)
+ TODO: check
CVE-2021-43179
RESERVED
CVE-2021-43178
@@ -1825,12 +1831,12 @@ CVE-2021-43175
RESERVED
CVE-2021-3918
RESERVED
-CVE-2021-43174
- RESERVED
-CVE-2021-43173
- RESERVED
-CVE-2021-43172
- RESERVED
+CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including
0.10.1, suppo ...)
+ TODO: check
+CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can
be dela ...)
+ TODO: check
+CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a
chain of RRD ...)
+ TODO: check
CVE-2021-3917
RESERVED
CVE-2021-43171
@@ -1947,8 +1953,8 @@ CVE-2021-43116
RESERVED
CVE-2021-43115
RESERVED
-CVE-2021-43114
- RESERVED
+CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI
CA publis ...)
+ TODO: check
CVE-2021-43113
RESERVED
CVE-2021-43112
@@ -2802,6 +2808,8 @@ CVE-2021-42745
CVE-2021-3895
RESERVED
CVE-2021-23192 [dcerpc requests don't check all fragments against the first
auth_state]
+ RESERVED
+ {DSA-5003-1}
- samba <unfixed>
[buster] - samba <not-affected> (Vulnerable code introduced later)
[stretch] - samba <not-affected> (Vulnerable code introduced later)
@@ -5666,18 +5674,18 @@ CVE-2021-42028
RESERVED
CVE-2021-42027
RESERVED
-CVE-2021-42026
- RESERVED
-CVE-2021-42025
- RESERVED
+CVE-2021-42026 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
+ TODO: check
+CVE-2021-42025 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
+ TODO: check
CVE-2021-42024
RESERVED
CVE-2021-42023
RESERVED
CVE-2021-42022
RESERVED
-CVE-2021-42021
- RESERVED
+CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA
Server ( ...)
+ TODO: check
CVE-2021-42020
RESERVED
CVE-2021-42019
@@ -5688,8 +5696,8 @@ CVE-2021-42017
RESERVED
CVE-2021-42016
RESERVED
-CVE-2021-42015
- RESERVED
+CVE-2021-42015 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
+ TODO: check
CVE-2021-42014
RESERVED
CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP
Server 2.4 ...)
@@ -6824,17 +6832,17 @@ CVE-2021-41540 (A vulnerability has been identified in
Solid Edge SE2021 (All ve
NOT-FOR-US: Siemens
CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
NOT-FOR-US: Siemens
-CVE-2021-41538 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+CVE-2021-41538 (A vulnerability has been identified in NX 1953 Series (All
versions &l ...)
NOT-FOR-US: Siemens
CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
NOT-FOR-US: Siemens
-CVE-2021-41535 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+CVE-2021-41535 (A vulnerability has been identified in NX 1953 Series (All
versions &l ...)
NOT-FOR-US: Siemens
-CVE-2021-41534 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+CVE-2021-41534 (A vulnerability has been identified in NX 1980 Series (All
versions &l ...)
NOT-FOR-US: Siemens
-CVE-2021-41533 (A vulnerability has been identified in Solid Edge SE2021 (All
versions ...)
+CVE-2021-41533 (A vulnerability has been identified in NX 1980 Series (All
versions &l ...)
NOT-FOR-US: Siemens
CVE-2021-41532
RESERVED
@@ -9567,12 +9575,12 @@ CVE-2021-40368
RESERVED
CVE-2021-40367
RESERVED
-CVE-2021-40366
- RESERVED
+CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWM
module) (A ...)
+ TODO: check
CVE-2021-40365
RESERVED
-CVE-2021-40364
- RESERVED
+CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and
earlier ...)
+ TODO: check
CVE-2021-40363
RESERVED
CVE-2021-40362
@@ -9581,10 +9589,10 @@ CVE-2021-40361
RESERVED
CVE-2021-40360
RESERVED
-CVE-2021-40359
- RESERVED
-CVE-2021-40358
- RESERVED
+CVE-2021-40359 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and
earlier ...)
+ TODO: check
+CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and
earlier ...)
+ TODO: check
CVE-2021-40357 (A vulnerability has been identified in Teamcenter Active
Workspace V4. ...)
NOT-FOR-US: Siemens
CVE-2021-40356 (A vulnerability has been identified in Teamcenter V12.4 (All
versions ...)
@@ -10117,6 +10125,8 @@ CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~
pastes, a different vulne
CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in
the Any2 ...)
NOT-FOR-US: Apache Any23
CVE-2021-3738 [crash in dsdb stack]
+ RESERVED
+ {DSA-5003-1}
- samba <unfixed>
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
@@ -17209,8 +17219,8 @@ CVE-2021-37209
RESERVED
CVE-2021-37208
RESERVED
-CVE-2021-37207
- RESERVED
+CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3
(All ve ...)
+ TODO: check
CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with
CPU vari ...)
NOT-FOR-US: Siemens
CVE-2021-37205
@@ -19054,8 +19064,8 @@ CVE-2021-36411
RESERVED
CVE-2021-36410
RESERVED
-CVE-2021-3641
- RESERVED
+CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following')
vulnera ...)
+ TODO: check
CVE-2021-36409
RESERVED
CVE-2021-36408
@@ -20983,7 +20993,7 @@ CVE-2021-35604 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
- mysql-8.0 <unfixed>
- mysql-5.7 <removed>
CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
- {DSA-5000-1}
+ {DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -21016,11 +21026,12 @@ CVE-2021-35590 (Vulnerability in the MySQL Cluster
product of Oracle MySQL (comp
CVE-2021-35589 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
NOT-FOR-US: Oracle
CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
+ {DLA-2814-1}
- openjdk-8 8u312-b07-1
CVE-2021-35587
RESERVED
CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
- {DSA-5000-1}
+ {DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -21039,7 +21050,7 @@ CVE-2021-35580 (Vulnerability in the Oracle
Applications Manager product of Orac
CVE-2021-35579
RESERVED
CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
- {DSA-5000-1}
+ {DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -21064,18 +21075,18 @@ CVE-2021-35569 (Vulnerability in the Oracle
Applications Manager product of Orac
CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
NOT-FOR-US: Oracle
CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
- {DSA-5000-1}
+ {DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of
Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
- {DSA-5000-1}
+ {DSA-5000-1 DLA-2814-1}
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
- {DSA-5000-1}
+ {DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -21084,14 +21095,14 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping
Execution product of Oracle
CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
- {DSA-5000-1}
+ {DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE
(component: Dep ...)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
- {DSA-5000-1}
+ {DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -21100,7 +21111,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS
component of Oracle Database Ser
CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database
Server. S ...)
NOT-FOR-US: Oracle
CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
- {DSA-5000-1}
+ {DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
@@ -21115,7 +21126,7 @@ CVE-2021-35552 (Vulnerability in the Oracle WebLogic
Server product of Oracle Fu
CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle
Database Serve ...)
NOT-FOR-US: Oracle
CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
- {DSA-5000-1}
+ {DSA-5000-1 DLA-2814-1}
- openjdk-11 11.0.13+8-1
- openjdk-8 8u312-b07-1
CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
@@ -30057,26 +30068,26 @@ CVE-2021-31892 (A vulnerability has been identified
in SINUMERIK Analyse MyCondi
NOT-FOR-US: Siemens
CVE-2021-31891 (A vulnerability has been identified in Desigo CC (All versions
with OI ...)
NOT-FOR-US: Siemens
-CVE-2021-31890
- RESERVED
-CVE-2021-31889
- RESERVED
-CVE-2021-31888
- RESERVED
-CVE-2021-31887
- RESERVED
-CVE-2021-31886
- RESERVED
-CVE-2021-31885
- RESERVED
-CVE-2021-31884
- RESERVED
-CVE-2021-31883
- RESERVED
-CVE-2021-31882
- RESERVED
-CVE-2021-31881
- RESERVED
+CVE-2021-31890 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
+CVE-2021-31889 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
+CVE-2021-31888 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
+CVE-2021-31887 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
+CVE-2021-31886 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
+CVE-2021-31885 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
+CVE-2021-31884 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
+CVE-2021-31883 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
+CVE-2021-31882 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
+CVE-2021-31881 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
CVE-2021-31880
RESERVED
CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header
upon a ...)
@@ -31603,12 +31614,12 @@ CVE-2021-31347 (An issue was discovered in libezxml.a
in ezXML 0.8.6. The functi
[bullseye] - netcdf-parallel <no-dsa> (Minor issue)
[buster] - netcdf-parallel <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/27/
-CVE-2021-31346
- RESERVED
-CVE-2021-31345
- RESERVED
-CVE-2021-31344
- RESERVED
+CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
+CVE-2021-31345 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
+CVE-2021-31344 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+ TODO: check
CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020
before 2020 ...)
NOT-FOR-US: Solid Edge
CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020
before 20 ...)
@@ -41553,7 +41564,7 @@ CVE-2021-27395 (A vulnerability has been identified in
SIMATIC Process Historian
NOT-FOR-US: Siemens
CVE-2021-27394 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
NOT-FOR-US: Mendix Applications (Siemens)
-CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
+CVE-2021-27393 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-27392 (A vulnerability has been identified in Siveillance Video Open
Network ...)
NOT-FOR-US: Siveillance
@@ -42366,11 +42377,11 @@ CVE-2021-27038 (A Type Confusion vulnerability in
Autodesk 2018, 2017, 2013, 201
NOT-FOR-US: Autodesk
CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk 2018,
2017, 201 ...)
NOT-FOR-US: Autodesk
-CVE-2021-27036 (A maliciously crafted PDF, PICT or TIFF file can be used to
write beyo ...)
+CVE-2021-27036 (A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk
Design R ...)
NOT-FOR-US: Autodesk
-CVE-2021-27035 (A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk
2018, 2 ...)
+CVE-2021-27035 (A maliciously crafted TIFF, PICT, TGA, or DWF files in
Autodesk Design ...)
NOT-FOR-US: Autodesk
-CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT or
TIFF fi ...)
+CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT,
PCX, RCL ...)
NOT-FOR-US: Autodesk
CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute
arbitra ...)
NOT-FOR-US: Autodesk
@@ -45998,7 +46009,7 @@ CVE-2021-3190 (The async-git package before 1.13.2 for
Node.js allows OS Command
NOT-FOR-US: Node async-git
CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All
versions ...)
NOT-FOR-US: Solid Edge (Siemens)
-CVE-2021-25677 (A vulnerability has been identified in Nucleus 4 (All versions
< V4 ...)
+CVE-2021-25677 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224
(V6.3), SCALAN ...)
NOT-FOR-US: Siemens
@@ -46024,9 +46035,9 @@ CVE-2021-25666 (A vulnerability has been identified in
SCALANCE W780 and W740 (I
NOT-FOR-US: Siemens
CVE-2021-25665 (A vulnerability has been identified in Simcenter STAR-CCM+
Viewer (All ...)
NOT-FOR-US: Siemens
-CVE-2021-25664 (A vulnerability has been identified in Nucleus 4 (All versions
< V4 ...)
+CVE-2021-25664 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2021-25663 (A vulnerability has been identified in Nucleus 4 (All versions
< V4 ...)
+CVE-2021-25663 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort
Outdoor Pan ...)
NOT-FOR-US: Siemens
@@ -60760,8 +60771,8 @@ CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS)
with firmware version 3.00
NOT-FOR-US: Telus Wi-Fi Hub
CVE-2021-20120 (The administration web interface for the Arris Surfboard
SB8200 lacks ...)
NOT-FOR-US: Arris Surfboard SB8200
-CVE-2021-20119
- RESERVED
+CVE-2021-20119 (The password change utility for the Arris SurfBoard SB8200 can
have sa ...)
+ TODO: check
CVE-2021-20118 (Nessus Agent 8.3.0 and earlier was found to contain a local
privilege ...)
NOT-FOR-US: Nessus Agent
CVE-2021-20117 (Nessus Agent 8.3.0 and earlier was found to contain a local
privilege ...)
@@ -68140,8 +68151,8 @@ CVE-2020-28421 (CA Unified Infrastructure Management
20.1 and earlier contains a
NOT-FOR-US: CA Unified Infrastructure Management
CVE-2020-28420
RESERVED
-CVE-2020-28419
- RESERVED
+CVE-2020-28419 (During installation with certain driver software or
application packag ...)
+ TODO: check
CVE-2020-28418
RESERVED
CVE-2020-28417
@@ -68213,7 +68224,7 @@ CVE-2020-28390 (A vulnerability has been identified in
Opcenter Execution Core (
NOT-FOR-US: Siemens
CVE-2020-28389
RESERVED
-CVE-2020-28388 (A vulnerability has been identified in Nucleus NET (All
versions < ...)
+CVE-2020-28388 (A vulnerability has been identified in Capital VSTAR (All
versions), N ...)
NOT-FOR-US: Siemens
CVE-2020-28387 (A vulnerability has been identified in Solid Edge SE2020 (All
Versions ...)
NOT-FOR-US: Siemens
@@ -71774,11 +71785,11 @@ CVE-2020-27739 (A Weak Session Management
vulnerability in Citadel WebCit throug
- webcit <removed> (bug #973385)
[buster] - webcit <ignored> (Minor issue)
[stretch] - webcit <ignored> (Minor issue)
-CVE-2020-27738 (A vulnerability has been identified in Nucleus 4 (All versions
< V4 ...)
+CVE-2020-27738 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27737 (A vulnerability has been identified in Nucleus 4 (All versions
< V4 ...)
+CVE-2020-27737 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27736 (A vulnerability has been identified in Nucleus 4 (All versions
< V4 ...)
+CVE-2020-27736 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary
IFRAME ele ...)
NOT-FOR-US: Wing FTP
@@ -73784,7 +73795,7 @@ CVE-2020-27011
RESERVED
CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro
InterScan We ...)
NOT-FOR-US: Trend Micro
-CVE-2020-27009 (A vulnerability has been identified in Nucleus NET (All
versions < ...)
+CVE-2020-27009 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
@@ -76888,11 +76899,15 @@ CVE-2020-25723 (A reachable assertion issue was found
in the USB EHCI emulation
[buster] - qemu <postponed> (Fix along in future DSA)
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6
(v5.2.0-rc0)
CVE-2020-25722 [AD DC UPN vs samAccountName not checked]
+ RESERVED
+ {DSA-5003-1}
- samba <unfixed>
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14564
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://www.samba.org/samba/security/CVE-2020-25722.html
CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers
(eg objectSid)]
+ RESERVED
+ {DSA-5003-1}
- samba <unfixed>
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14557
@@ -76900,16 +76915,22 @@ CVE-2020-25721 [[Kerberos acceptors need easy access
to stable AD identifiers (e
CVE-2020-25720
RESERVED
CVE-2020-25719 [AD DC Username based races when no PAC is given]
+ RESERVED
+ {DSA-5003-1}
- samba <unfixed>
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14561
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://www.samba.org/samba/security/CVE-2020-25719.html
CVE-2020-25718 [An RODC can issue (forge) administrator tickets to other
servers]
+ RESERVED
+ {DSA-5003-1}
- samba <unfixed>
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14558
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html
CVE-2020-25717 [A user on the domain can become root on domain members]
+ RESERVED
+ {DSA-5003-1}
- samba <unfixed>
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
@@ -98766,7 +98787,7 @@ CVE-2020-15797 (A vulnerability has been identified in
DCA Vantage Analyzer (All
NOT-FOR-US: DCA Vantage Analyzer
CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open
Controlle ...)
NOT-FOR-US: Siemens
-CVE-2020-15795 (A vulnerability has been identified in Nucleus NET (All
versions < ...)
+CVE-2020-15795 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All
versions). ...)
NOT-FOR-US: Desigo Insight
@@ -115768,12 +115789,12 @@ CVE-2020-10056 (A vulnerability has been identified
in License Management Utilit
NOT-FOR-US: Siemens
CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x),
Desigo CC (V3 ...)
NOT-FOR-US: Desigo
-CVE-2020-10054
- RESERVED
-CVE-2020-10053
- RESERVED
-CVE-2020-10052
- RESERVED
+CVE-2020-10054 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
+ TODO: check
+CVE-2020-10053 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
+ TODO: check
+CVE-2020-10052 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
+ TODO: check
CVE-2020-10051 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
NOT-FOR-US: Siemens
CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
@@ -139716,16 +139737,16 @@ CVE-2019-18918
RESERVED
CVE-2019-18917 (A potential security vulnerability has been identified for
certain HP ...)
NOT-FOR-US: HP
-CVE-2019-18916
- RESERVED
+CVE-2019-18916 (A potential security vulnerability has been identified for HP
LaserJet ...)
+ TODO: check
CVE-2019-18915 (A potential security vulnerability has been identified with
certain ve ...)
NOT-FOR-US: HP System Event Utility
-CVE-2019-18914
- RESERVED
+CVE-2019-18914 (A potential security vulnerability has been identified for
certain HP ...)
+ TODO: check
CVE-2019-18913 (A potential security vulnerability with pre-boot DMA may allow
unautho ...)
NOT-FOR-US: Generic UEFI hardware/software issue
-CVE-2019-18912
- RESERVED
+CVE-2019-18912 (A potential security vulnerability has been identified for
certain HP ...)
+ TODO: check
CVE-2019-18911
RESERVED
CVE-2019-18910 (The Citrix Receiver wrapper function does not safely handle
user suppl ...)
@@ -150320,8 +150341,8 @@ CVE-2019-16242 (On TCL Alcatel Cingular Flip 2
B9HUAH1 devices, there is an engi
NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
CVE-2019-16241 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN
authentication can ...)
NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
-CVE-2019-16240
- RESERVED
+CVE-2019-16240 (A Buffer Overflow and Information Disclosure issue exists in
HP Office ...)
+ TODO: check
CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer
Overflow ...)
{DSA-4607-1 DLA-1945-1}
- openconnect 8.02-1.1 (bug #940871)
@@ -328178,6 +328199,8 @@ CVE-2016-2125 (It was found that Samba before
versions 4.5.3, 4.4.8, 4.3.13 alwa
NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
NOTE: Patch (with some more) here:
https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
CVE-2016-2124 [SMB1 client connections can be downgraded to plaintext
authentication]
+ RESERVED
+ {DSA-5003-1}
- samba <unfixed>
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12444
NOTE: https://www.samba.org/samba/security/CVE-2016-2124.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9b26780bb92bc7f78a86f3a278d062c54ea5844
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9b26780bb92bc7f78a86f3a278d062c54ea5844
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
