Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 49e27f49 by security tracker role at 2021-04-08T20:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,37 @@ +CVE-2021-30475 + RESERVED +CVE-2021-30474 + RESERVED +CVE-2021-30473 + RESERVED +CVE-2021-30472 + RESERVED +CVE-2021-30471 + RESERVED +CVE-2021-30470 + RESERVED +CVE-2021-30469 + RESERVED +CVE-2021-30468 + RESERVED +CVE-2021-30467 + RESERVED +CVE-2021-30466 + RESERVED +CVE-2021-30465 + RESERVED +CVE-2021-30464 + RESERVED +CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges by creati ...) + TODO: check +CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate privileges ...) + TODO: check +CVE-2021-30461 + RESERVED +CVE-2021-30460 + RESERVED +CVE-2021-30459 + RESERVED CVE-2021-30458 RESERVED CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) @@ -760,14 +794,14 @@ CVE-2021-30116 RESERVED CVE-2021-30115 RESERVED -CVE-2021-30114 - RESERVED -CVE-2021-30113 - RESERVED -CVE-2021-30112 - RESERVED -CVE-2021-30111 - RESERVED +CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...) + TODO: check +CVE-2021-30113 (A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Even ...) + TODO: check +CVE-2021-30112 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...) + TODO: check +CVE-2021-30111 (A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Eve ...) + TODO: check CVE-2021-30110 RESERVED CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under c ...) @@ -3387,10 +3421,10 @@ CVE-2021-28927 (The text-to-speech engine in libretro RetroArch for Windows 0.11 TODO: check CVE-2021-28926 RESERVED -CVE-2021-28925 - RESERVED -CVE-2021-28924 - RESERVED +CVE-2021-28925 (SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 vi ...) + TODO: check +CVE-2021-28924 (Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the ...) + TODO: check CVE-2021-28923 RESERVED CVE-2021-28922 @@ -3878,10 +3912,10 @@ CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such tha - linux <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-371.html NOTE: https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432 -CVE-2021-28686 - RESERVED -CVE-2021-28685 - RESERVED +CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...) + TODO: check +CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...) + TODO: check CVE-2021-28684 RESERVED CVE-2021-28683 @@ -5632,8 +5666,8 @@ CVE-2021-27947 (SQL Injection vulnerability in MyBB before 1.8.26 via the Copy F NOT-FOR-US: MyBB CVE-2021-27946 (SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. ...) NOT-FOR-US: MyBB -CVE-2021-27945 - RESERVED +CVE-2021-27945 (The Squirro Insights Engine was affected by a Reflected Cross-Site Scr ...) + TODO: check CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as u ...) - linux 5.10.24-1 (unimportant) [buster] - linux <not-affected> (Vulnerable code introduced later) @@ -6595,8 +6629,8 @@ CVE-2021-27524 RESERVED CVE-2021-27523 RESERVED -CVE-2021-27522 - RESERVED +CVE-2021-27522 (Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability ...) + TODO: check CVE-2021-27521 RESERVED CVE-2021-27520 (A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote att ...) @@ -9520,8 +9554,8 @@ CVE-2021-3330 RESERVED CVE-2021-3329 RESERVED -CVE-2021-3328 - RESERVED +CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...) + TODO: check CVE-2021-3327 (Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_t ...) NOT-FOR-US: Ovation Dynamic Content CVE-2021-26294 (An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail ...) @@ -18171,8 +18205,8 @@ CVE-2021-22509 RESERVED CVE-2021-22508 RESERVED -CVE-2021-22507 - RESERVED +CVE-2021-22507 (Authentication bypass vulnerability in Micro Focus Operations Bridge M ...) + TODO: check CVE-2021-22506 (Advance configuration exposing Information Leakage vulnerability in Mi ...) NOT-FOR-US: Micro Focus CVE-2021-22505 @@ -18562,8 +18596,8 @@ CVE-2021-22314 (There is a local privilege escalation vulnerability in some vers NOT-FOR-US: Huawei CVE-2021-22313 RESERVED -CVE-2021-22312 - RESERVED +CVE-2021-22312 (There is a memory leak vulnerability in some Huawei products. An authe ...) + TODO: check CVE-2021-22311 (There is an improper permission assignment vulnerability in Huawei Man ...) NOT-FOR-US: Huawei CVE-2021-22310 (There is an information leakage vulnerability in some huawei products. ...) @@ -18997,8 +19031,8 @@ CVE-2021-22117 RESERVED CVE-2021-22116 RESERVED -CVE-2021-22115 - RESERVED +CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service broker cre ...) + TODO: check CVE-2021-22114 (Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versio ...) TODO: check CVE-2021-22113 (Applications using the “Sensitive Headers” functionality i ...) @@ -19290,8 +19324,8 @@ CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page i NOT-FOR-US: MikroTik RouterOS CVE-2021-3013 RESERVED -CVE-2021-3012 - RESERVED +CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...) + TODO: check CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...) NOT-FOR-US: NXP CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS) vulnerabiliti ...) @@ -19699,6 +19733,7 @@ CVE-2021-21774 CVE-2021-21773 (An out-of-bounds write vulnerability exists in the TIFF header count-p ...) NOT-FOR-US: ImageGear CVE-2021-21772 (A use-after-free vulnerability exists in the NMR::COpcPackageReader::r ...) + {DSA-4887-1} - lib3mf 1.8.1+ds-4 (bug #985092) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226 CVE-2021-21771 @@ -24036,8 +24071,8 @@ CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnera NOT-FOR-US: IBM CVE-2021-20481 RESERVED -CVE-2021-20480 - RESERVED +CVE-2021-20480 (IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to se ...) + TODO: check CVE-2021-20479 RESERVED CVE-2021-20478 @@ -29959,7 +29994,7 @@ CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may enc CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...) NOT-FOR-US: installer of Kaspersky Anti-Ransomware Tool (KART) CVE-2020-36193 (Tar.php in Archive_Tar through 1.4.11 allows write operations with Dir ...) - {DLA-2530-1} + {DLA-2621-1 DLA-2530-1} - drupal7 <removed> - php-pear 1:1.10.12+submodules+notgz+20210212-1 (bug #980428) NOTE: https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916 @@ -45855,8 +45890,8 @@ CVE-2020-23541 RESERVED CVE-2020-23540 RESERVED -CVE-2020-23539 - RESERVED +CVE-2020-23539 (An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that ...) + TODO: check CVE-2020-23538 RESERVED CVE-2020-23537 @@ -46081,8 +46116,8 @@ CVE-2020-23428 RESERVED CVE-2020-23427 RESERVED -CVE-2020-23426 - RESERVED +CVE-2020-23426 (zzcms 201910 contains an access control vulnerability through escalati ...) + TODO: check CVE-2020-23425 RESERVED CVE-2020-23424 @@ -66649,8 +66684,8 @@ CVE-2020-14106 RESERVED CVE-2020-14105 RESERVED -CVE-2020-14104 - RESERVED +CVE-2020-14104 (A RACE CONDITION on XQBACKUP causes a decompression path error on Xiao ...) + TODO: check CVE-2020-14103 RESERVED CVE-2020-14102 (There is command injection when ddns processes the hostname, which cau ...) @@ -66659,8 +66694,8 @@ CVE-2020-14101 (The data collection SDK of the router web management interface c NOT-FOR-US: Xiaomi CVE-2020-14100 (In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 ...) NOT-FOR-US: Xiaomi -CVE-2020-14099 - RESERVED +CVE-2020-14099 (On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root versi ...) + TODO: check CVE-2020-14098 (The login verification can be bypassed by using the problem that the t ...) NOT-FOR-US: Xiaomi CVE-2020-14097 (Wrong nginx configuration, causing specific paths to be downloaded wit ...) @@ -82298,15 +82333,15 @@ CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random p NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 NOTE: https://github.com/canonical/cloud-init/pull/204 CVE-2020-8630 - RESERVED + REJECTED CVE-2020-8629 - RESERVED + REJECTED CVE-2020-8628 - RESERVED + REJECTED CVE-2020-8627 - RESERVED + REJECTED CVE-2020-8626 - RESERVED + REJECTED CVE-2020-8625 (BIND servers are vulnerable if they are running an affected version an ...) {DSA-4857-1 DLA-2568-1} - bind9 1:9.16.12-1 (bug #983004) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49e27f49ada5f931d5cddb85176f4088c3ae7670 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49e27f49ada5f931d5cddb85176f4088c3ae7670 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits