Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ddbe70f8 by security tracker role at 2021-04-06T08:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2021-30160
+ RESERVED
+CVE-2021-30159
+ RESERVED
+CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
+ TODO: check
+CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
+ TODO: check
+CVE-2021-30156
+ RESERVED
+CVE-2021-30155
+ RESERVED
+CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x
through ...)
+ TODO: check
+CVE-2021-30153
+ RESERVED
+CVE-2021-30152
+ RESERVED
+CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the
queue n ...)
+ TODO: check
+CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...)
+ TODO: check
+CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...)
+ TODO: check
+CVE-2021-30148
+ RESERVED
+CVE-2021-30147
+ RESERVED
+CVE-2021-30146
+ RESERVED
+CVE-2021-30145
+ RESERVED
+CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote
low-privileg ...)
+ TODO: check
+CVE-2021-30143
+ RESERVED
+CVE-2021-30142
+ RESERVED
+CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica
through 202 ...)
+ TODO: check
+CVE-2021-30140
+ RESERVED
+CVE-2021-30139
+ RESERVED
+CVE-2021-30138
+ RESERVED
+CVE-2021-30137
+ RESERVED
+CVE-2021-30136
+ RESERVED
+CVE-2021-30135
+ RESERVED
+CVE-2021-30134
+ RESERVED
+CVE-2021-30133
+ RESERVED
+CVE-2021-30132
+ RESERVED
+CVE-2021-30131
+ RESERVED
+CVE-2021-30130
+ RESERVED
CVE-2021-30129
RESERVED
CVE-2021-30128
@@ -374,6 +436,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel
before 5.11.3 when a
[buster] - linux 4.19.181-1
NOTE:
https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
CVE-2021-3482 [heap-based buffer overflow in Jp2Image::readMetadata() in
jp2image.cpp]
+ RESERVED
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/1522
CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted
svg file]
@@ -4190,76 +4253,76 @@ CVE-2021-28210 [unlimited FV recursion, round 2]
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1743
NOTE: https://github.com/tianocore/edk2/pull/1137
NOTE:
https://github.com/tianocore/edk2/commit/47343af30435302c087027177613412a1a83e919
-CVE-2021-28209
- RESERVED
-CVE-2021-28208
- RESERVED
-CVE-2021-28207
- RESERVED
-CVE-2021-28206
- RESERVED
-CVE-2021-28205
- RESERVED
-CVE-2021-28204
- RESERVED
-CVE-2021-28203
- RESERVED
-CVE-2021-28202
- RESERVED
-CVE-2021-28201
- RESERVED
-CVE-2021-28200
- RESERVED
-CVE-2021-28199
- RESERVED
-CVE-2021-28198
- RESERVED
-CVE-2021-28197
- RESERVED
-CVE-2021-28196
- RESERVED
-CVE-2021-28195
- RESERVED
-CVE-2021-28194
- RESERVED
-CVE-2021-28193
- RESERVED
-CVE-2021-28192
- RESERVED
-CVE-2021-28191
- RESERVED
-CVE-2021-28190
- RESERVED
-CVE-2021-28189
- RESERVED
-CVE-2021-28188
- RESERVED
-CVE-2021-28187
- RESERVED
-CVE-2021-28186
- RESERVED
-CVE-2021-28185
- RESERVED
-CVE-2021-28184
- RESERVED
-CVE-2021-28183
- RESERVED
-CVE-2021-28182
- RESERVED
-CVE-2021-28181
- RESERVED
-CVE-2021-28180
- RESERVED
-CVE-2021-28179
- RESERVED
-CVE-2021-28178
- RESERVED
-CVE-2021-28177
- RESERVED
-CVE-2021-28176
- RESERVED
-CVE-2021-28175
- RESERVED
+CVE-2021-28209 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28208 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28207 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28206 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28205 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28204 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28203 (The Web Set Media Image function in ASUS BMC’s firmware
Web mana ...)
+ TODO: check
+CVE-2021-28202 (The Service configuration-2 function in ASUS BMC’s
firmware Web ...)
+ TODO: check
+CVE-2021-28201 (The Service configuration-1 function in ASUS BMC’s
firmware Web ...)
+ TODO: check
+CVE-2021-28200 (The CD media configuration function in ASUS BMC’s
firmware Web m ...)
+ TODO: check
+CVE-2021-28199 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28198 (The Firmware protocol configuration function in ASUS
BMC’s firmw ...)
+ TODO: check
+CVE-2021-28197 (The Active Directory configuration function in ASUS
BMC’s firmwa ...)
+ TODO: check
+CVE-2021-28196 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28195 (The Radius configuration function in ASUS BMC’s firmware
Web man ...)
+ TODO: check
+CVE-2021-28194 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28193 (The SMTP configuration function in ASUS BMC’s firmware
Web manag ...)
+ TODO: check
+CVE-2021-28192 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28191 (The Firmware update function in ASUS BMC’s firmware Web
manageme ...)
+ TODO: check
+CVE-2021-28190 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28189 (The SMTP configuration function in ASUS BMC’s firmware
Web manag ...)
+ TODO: check
+CVE-2021-28188 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28187 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28186 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28185 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28184 (The Active Directory configuration function in ASUS
BMC’s firmwa ...)
+ TODO: check
+CVE-2021-28183 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28182 (The Web Service configuration function in ASUS BMC’s
firmware We ...)
+ TODO: check
+CVE-2021-28181 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28180 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28179 (The specific function in ASUS BMC’s firmware Web
management page ...)
+ TODO: check
+CVE-2021-28178 (The UEFI configuration function in ASUS BMC’s firmware
Web manag ...)
+ TODO: check
+CVE-2021-28177 (The LDAP configuration function in ASUS BMC’s firmware
Web manag ...)
+ TODO: check
+CVE-2021-28176 (The DNS configuration function in ASUS BMC’s firmware
Web manage ...)
+ TODO: check
+CVE-2021-28175 (The Radius configuration function in ASUS BMC’s firmware
Web man ...)
+ TODO: check
CVE-2021-28174
RESERVED
CVE-2021-28173
@@ -23580,19 +23643,16 @@ CVE-2021-20310
RESERVED
CVE-2021-20309
RESERVED
-CVE-2021-20308
- RESERVED
+CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow
attackers ...)
- htmldoc <unfixed>
NOTE: https://github.com/michaelrsweet/htmldoc/issues/423
-CVE-2021-20307
- RESERVED
+CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in
libpano1 ...)
- libpano13 2.9.20~rc3+dfsg-1 (bug #985249)
[buster] - libpano13 2.9.19+dfsg-3+deb10u1
NOTE:
https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/
CVE-2021-20306
RESERVED
-CVE-2021-20305 [Out of Bound memory access in signature verification]
- RESERVED
+CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where
several Net ...)
- nettle 3.7.2-1 (bug #985652)
NOTE:
https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical:
@@ -52939,10 +52999,10 @@ CVE-2020-19598
RESERVED
CVE-2020-19597
RESERVED
-CVE-2020-19596
- RESERVED
-CVE-2020-19595
- RESERVED
+CVE-2020-19596 (Buffer overflow vulnerability in Core FTP Server v1.2 Build
583, via a ...)
+ TODO: check
+CVE-2020-19595 (Buffer overflow vulnerability in Core FTP Server v2 Build 697,
via a c ...)
+ TODO: check
CVE-2020-19594
RESERVED
CVE-2020-19593
@@ -57292,8 +57352,8 @@ CVE-2020-17455
RESERVED
CVE-2020-17454 (WSO2 API Manager 3.1.0 and earlier has reflected XSS on the
"publisher ...)
NOT-FOR-US: WSO2 API Manager
-CVE-2020-17453
- RESERVED
+CVE-2020-17453 (WSO2 Management Console through 5.10 allows XSS via the
carbon/admin/l ...)
+ TODO: check
CVE-2020-17452 (flatCore before 1.5.7 allows upload and execution of a .php
file by an ...)
NOT-FOR-US: flatCore CMS
CVE-2020-17451 (flatCore before 1.5.7 allows XSS by an admin via the
acp/acp.php?tn=pa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddbe70f860d956dff118117c3085bd5b0726354b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddbe70f860d956dff118117c3085bd5b0726354b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
