Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5803952d by security tracker role at 2021-05-17T20:10:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,25 @@ +CVE-2021-3554 + RESERVED +CVE-2021-3553 + RESERVED +CVE-2021-3552 + RESERVED +CVE-2021-33043 + RESERVED +CVE-2021-33042 + RESERVED +CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...) + TODO: check +CVE-2021-33040 + RESERVED +CVE-2021-33039 + RESERVED +CVE-2021-33038 + RESERVED +CVE-2021-33037 + RESERVED +CVE-2021-33036 + RESERVED CVE-2021-33035 RESERVED CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...) @@ -864,10 +886,10 @@ CVE-2021-32620 RESERVED CVE-2021-32619 RESERVED -CVE-2021-32618 - RESERVED -CVE-2021-32617 - RESERVED +CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...) + TODO: check +CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + TODO: check CVE-2021-32616 RESERVED CVE-2021-3549 @@ -1250,14 +1272,14 @@ CVE-2021-32458 RESERVED CVE-2021-32457 RESERVED -CVE-2021-32456 - RESERVED -CVE-2021-32455 - RESERVED -CVE-2021-32454 - RESERVED -CVE-2021-32453 - RESERVED +CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...) + TODO: check +CVE-2021-32455 (SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access ...) + TODO: check +CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded passwor ...) + TODO: check +CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...) + TODO: check CVE-2021-3540 RESERVED CVE-2021-32452 @@ -1358,10 +1380,10 @@ CVE-2021-32405 RESERVED CVE-2021-32404 RESERVED -CVE-2021-32403 - RESERVED -CVE-2021-32402 - RESERVED +CVE-2021-32403 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...) + TODO: check +CVE-2021-32402 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...) + TODO: check CVE-2021-32401 RESERVED CVE-2021-32400 @@ -2502,8 +2524,7 @@ CVE-2021-3526 RESERVED CVE-2021-3525 RESERVED -CVE-2021-3524 [ceph object gateway: radosgw: CRLF injection] - RESERVED +CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...) - ceph <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674 CVE-2021-3523 @@ -3086,10 +3107,10 @@ CVE-2021-31730 RESERVED CVE-2021-31729 RESERVED -CVE-2021-31728 - RESERVED -CVE-2021-31727 - RESERVED +CVE-2021-31728 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...) + TODO: check +CVE-2021-31727 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...) + TODO: check CVE-2021-31726 (Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_ ...) NOT-FOR-US: Akuvox CVE-2021-31725 @@ -6542,8 +6563,7 @@ CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/issues/108 CVE-2021-3484 RESERVED -CVE-2021-3483 - RESERVED +CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...) - linux 5.10.28-1 NOTE: https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...) @@ -7588,8 +7608,8 @@ CVE-2021-29749 RESERVED CVE-2021-29748 RESERVED -CVE-2021-29747 - RESERVED +CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) + TODO: check CVE-2021-29746 RESERVED CVE-2021-29745 @@ -9284,28 +9304,28 @@ CVE-2021-29055 RESERVED CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...) NOT-FOR-US: Papoo -CVE-2021-29053 - RESERVED -CVE-2021-29052 - RESERVED -CVE-2021-29051 - RESERVED +CVE-2021-29053 (Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Lif ...) + TODO: check +CVE-2021-29052 (The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Life ...) + TODO: check +CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's Asset P ...) + TODO: check CVE-2021-29050 RESERVED CVE-2021-29049 RESERVED -CVE-2021-29048 - RESERVED +CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout module's page a ...) + TODO: check CVE-2021-29047 (The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Li ...) NOT-FOR-US: Liferay -CVE-2021-29046 - RESERVED -CVE-2021-29045 - RESERVED -CVE-2021-29044 - RESERVED -CVE-2021-29043 - RESERVED +CVE-2021-29046 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...) + TODO: check +CVE-2021-29045 (Cross-site scripting (XSS) vulnerability in the Redirect module's redi ...) + TODO: check +CVE-2021-29044 (Cross-site scripting (XSS) vulnerability in the Site module's membersh ...) + TODO: check +CVE-2021-29043 (The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Lif ...) + TODO: check CVE-2021-29042 RESERVED CVE-2021-29041 (Denial-of-service (DoS) vulnerability in the Multi-Factor Authenticati ...) @@ -9342,10 +9362,10 @@ CVE-2021-29026 (A cross-site scripting (XSS) vulnerability in Bitweaver version NOT-FOR-US: Bitweaver CVE-2021-29025 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) NOT-FOR-US: Bitweaver -CVE-2021-29024 - RESERVED -CVE-2021-29023 - RESERVED +CVE-2021-29024 (In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticat ...) + TODO: check +CVE-2021-29023 (InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset ...) + TODO: check CVE-2021-29022 (In InvoicePlane 1.5.11, the upload feature discloses the full path of ...) NOT-FOR-US: InvoicePlane CVE-2021-29021 @@ -12437,8 +12457,8 @@ CVE-2021-27736 (FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via NOT-FOR-US: fusionauth-samlv2 CVE-2021-27735 RESERVED -CVE-2021-27734 - RESERVED +CVE-2021-27734 (Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSe ...) + TODO: check CVE-2021-27733 (In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via ...) NOT-FOR-US: JetBrains CVE-2021-27732 @@ -13297,8 +13317,8 @@ CVE-2021-27344 RESERVED CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...) NOT-FOR-US: SerenityOS -CVE-2021-27342 - RESERVED +CVE-2021-27342 (An authentication brute-force protection mechanism bypass in telnetd i ...) + TODO: check CVE-2021-27341 RESERVED CVE-2021-27340 @@ -18507,8 +18527,8 @@ CVE-2021-25266 RESERVED CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...) NOT-FOR-US: Sophos Connect Client -CVE-2021-25264 - RESERVED +CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...) + TODO: check CVE-2021-25263 RESERVED CVE-2021-25262 @@ -20438,16 +20458,16 @@ CVE-2021-24329 RESERVED CVE-2021-24328 RESERVED -CVE-2021-24327 - RESERVED -CVE-2021-24326 - RESERVED -CVE-2021-24325 - RESERVED -CVE-2021-24324 - RESERVED -CVE-2021-24323 - RESERVED +CVE-2021-24327 (The SEO Redirection Plugin – 301 Redirect Manager WordPress plug ...) + TODO: check +CVE-2021-24326 (The tab parameter of the settings page of the All 404 Redirect to Home ...) + TODO: check +CVE-2021-24325 (The tab parameter of the settings page of the 404 SEO Redirection Word ...) + TODO: check +CVE-2021-24324 (The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF c ...) + TODO: check +CVE-2021-24323 (When taxes are enabled, the "Additional tax classes" field was not pro ...) + TODO: check CVE-2021-24322 RESERVED CVE-2021-24321 @@ -20462,10 +20482,10 @@ CVE-2021-24317 RESERVED CVE-2021-24316 RESERVED -CVE-2021-24315 - RESERVED -CVE-2021-24314 - RESERVED +CVE-2021-24315 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...) + TODO: check +CVE-2021-24314 (The Goto WordPress theme before 2.1 did not sanitise, validate of esca ...) + TODO: check CVE-2021-24313 RESERVED CVE-2021-24312 @@ -20494,30 +20514,30 @@ CVE-2021-24301 RESERVED CVE-2021-24300 RESERVED -CVE-2021-24299 - RESERVED +CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426 provid ...) + TODO: check CVE-2021-24298 RESERVED CVE-2021-24297 RESERVED CVE-2021-24296 RESERVED -CVE-2021-24295 - RESERVED +CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind SQL Inj ...) + TODO: check CVE-2021-24294 RESERVED CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plugin be ...) NOT-FOR-US: NextGEN Gallery Pro WordPress plugin -CVE-2021-24292 - RESERVED +CVE-2021-24292 (The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy A ...) + TODO: check CVE-2021-24291 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...) NOT-FOR-US: Photo Gallery by 10Web / Mobile-Friendly Image Gallery WordPress plugin -CVE-2021-24290 - RESERVED -CVE-2021-24289 - RESERVED -CVE-2021-24288 - RESERVED +CVE-2021-24290 (There are several endpoints in the Store Locator Plus for WordPress pl ...) + TODO: check +CVE-2021-24289 (There is functionality in the Store Locator Plus for WordPress plugin ...) + TODO: check +CVE-2021-24288 (When subscribing using AcyMailing, the 'redirect' parameter isn't prop ...) + TODO: check CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies, Change ...) NOT-FOR-US: WordPress plugin CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress plugin befor ...) @@ -22621,8 +22641,8 @@ CVE-2021-23386 RESERVED CVE-2021-23385 RESERVED -CVE-2021-23384 - RESERVED +CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...) + TODO: check CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ...) - node-handlebars 3:4.7.6+~4.1.0-2 [buster] - node-handlebars <no-dsa> (Minor issue; can be fixed via point release) @@ -23718,7 +23738,7 @@ CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cros CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...) - nextcloud-server <itp> (bug #941708) CVE-2021-22876 (curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Pr ...) - {DSA-4881-1} + {DSA-4881-1 DLA-2664-1} - curl 7.74.0-1.2 (bug #986269) NOTE: https://curl.se/docs/CVE-2021-22876.html NOTE: Fixed by: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c @@ -36026,8 +36046,8 @@ CVE-2020-29207 RESERVED CVE-2020-29206 RESERVED -CVE-2020-29205 - RESERVED +CVE-2020-29205 (XSS in signup form in Project Worlds Online Examination System 1.0 all ...) + TODO: check CVE-2020-29204 (XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-charact ...) NOT-FOR-US: XXL-JOB CVE-2020-29203 (struct2json before 2020-11-18 is affected by a Buffer Overflow because ...) @@ -49544,10 +49564,10 @@ CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c i NOTE: https://github.com/libass/libass/issues/422 NOTE: https://github.com/libass/libass/issues/423 NOTE: https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e799 (0.15.0) -CVE-2020-24993 - RESERVED -CVE-2020-24992 - RESERVED +CVE-2020-24993 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...) + TODO: check +CVE-2020-24992 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...) + TODO: check CVE-2020-24991 RESERVED CVE-2020-24990 (An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing ...) @@ -56127,20 +56147,20 @@ CVE-2020-21821 RESERVED CVE-2020-21820 RESERVED -CVE-2020-21819 - RESERVED -CVE-2020-21818 - RESERVED -CVE-2020-21817 - RESERVED -CVE-2020-21816 - RESERVED -CVE-2020-21815 - RESERVED -CVE-2020-21814 - RESERVED -CVE-2020-21813 - RESERVED +CVE-2020-21819 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) + TODO: check +CVE-2020-21818 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) + TODO: check +CVE-2020-21817 (A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via ...) + TODO: check +CVE-2020-21816 (A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) + TODO: check +CVE-2020-21815 (A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via ou ...) + TODO: check +CVE-2020-21814 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) + TODO: check +CVE-2020-21813 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) + TODO: check CVE-2020-21812 RESERVED CVE-2020-21811 @@ -74783,8 +74803,8 @@ CVE-2020-13669 RESERVED CVE-2020-13668 RESERVED -CVE-2020-13667 - RESERVED +CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces allows an att ...) + TODO: check CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...) {DLA-2458-1} - drupal7 <removed> @@ -99483,10 +99503,10 @@ CVE-2020-4672 (IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross- NOT-FOR-US: IBM CVE-2020-4671 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...) NOT-FOR-US: IBM -CVE-2020-4670 - RESERVED -CVE-2020-4669 - RESERVED +CVE-2020-4670 (IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis ...) + TODO: check +CVE-2020-4669 (IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB ...) + TODO: check CVE-2020-4668 RESERVED CVE-2020-4667 (IBM Engineering Requirements Quality Assistant On-Premises could allow ...) @@ -124806,8 +124826,8 @@ CVE-2019-14829 (A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 - moodle <removed> CVE-2019-14828 (A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6 ...) - moodle <removed> -CVE-2019-14827 - RESERVED +CVE-2019-14827 (A vulnerability was found in Moodle where javaScript injection was pos ...) + TODO: check CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ...) - freeipa <unfixed> (bug #940913) [buster] - freeipa <no-dsa> (Minor issue) @@ -451632,8 +451652,8 @@ CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0 - mysql-dfsg-4.1 <removed> CVE-2007-5968 REJECTED -CVE-2007-5967 - RESERVED +CVE-2007-5967 (A flaw in Mozilla's embedded certificate code might allow web sites to ...) + TODO: check CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in ...) {DSA-1436-1} - linux-2.6 2.6.23-2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5803952d7d7aa36e376eb2b177ed18493da9269c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5803952d7d7aa36e376eb2b177ed18493da9269c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits