Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 81d7e7a1 by security tracker role at 2021-05-20T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1764,12 +1764,12 @@ CVE-2021-32634 RESERVED CVE-2021-32633 RESERVED -CVE-2021-32632 - RESERVED +CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...) + TODO: check CVE-2021-32631 RESERVED -CVE-2021-32630 - RESERVED +CVE-2021-32630 (Admidio is a free, open source user management system for websites of ...) + TODO: check CVE-2021-32629 RESERVED CVE-2021-32628 @@ -3012,8 +3012,7 @@ CVE-2021-3537 (A vulnerability found in libxml2 in versions before 2.9.11 shows NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/245 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61 -CVE-2021-3536 - RESERVED +CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final while crea ...) - wildfly <itp> (bug #752018) CVE-2021-3535 RESERVED @@ -8695,28 +8694,28 @@ CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than NOT-FOR-US: IBM CVE-2021-29693 RESERVED -CVE-2021-29692 - RESERVED -CVE-2021-29691 - RESERVED +CVE-2021-29692 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...) + TODO: check +CVE-2021-29691 (IBM Security Identity Manager 7.0.2 contains hard-coded credentials, s ...) + TODO: check CVE-2021-29690 RESERVED CVE-2021-29689 RESERVED -CVE-2021-29688 - RESERVED -CVE-2021-29687 - RESERVED -CVE-2021-29686 - RESERVED +CVE-2021-29688 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...) + TODO: check +CVE-2021-29687 (IBM Security Identity Manager 7.0.2 could allow a remote user to enume ...) + TODO: check +CVE-2021-29686 (IBM Security Identity Manager 7.0.2 could allow an authenticated user ...) + TODO: check CVE-2021-29685 RESERVED CVE-2021-29684 RESERVED -CVE-2021-29683 - RESERVED -CVE-2021-29682 - RESERVED +CVE-2021-29683 (IBM Security Identity Manager 7.0.2 stores user credentials in plain c ...) + TODO: check +CVE-2021-29682 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...) + TODO: check CVE-2021-29681 RESERVED CVE-2021-29680 @@ -8799,8 +8798,8 @@ CVE-2021-29661 (Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_valu NOT-FOR-US: Softing AG OPC Toolbox CVE-2021-29660 (A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.htm ...) NOT-FOR-US: Softing AG OPC Toolbox -CVE-2021-29659 - RESERVED +CVE-2021-29659 (ownCloud 10.7 has an incorrect access control vulnerability, leading t ...) + TODO: check CVE-2021-29658 (The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Co ...) NOT-FOR-US: vscode-rufo extension for Visual Studio Code CVE-2021-29657 [KVM: SVM: load control fields from VMCB12 before checking them] @@ -8844,8 +8843,7 @@ CVE-2020-36285 (Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: NOT-FOR-US: Union Pay CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper ...) NOT-FOR-US: Union Pay -CVE-2021-3480 - RESERVED +CVE-2021-3480 (A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointe ...) - slapi-nis <unfixed> (bug #988736) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1944640 NOTE: https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master @@ -9853,8 +9851,7 @@ CVE-2021-29260 RESERVED CVE-2021-29259 RESERVED -CVE-2021-29258 - RESERVED +CVE-2021-29258 (An issue was discovered in Envoy 1.14.0. There is a remotely exploitab ...) - envoyproxy <itp> (bug #987544) CVE-2021-29257 RESERVED @@ -10637,16 +10634,16 @@ CVE-2021-28908 RESERVED CVE-2021-28907 RESERVED -CVE-2021-28906 - RESERVED -CVE-2021-28905 - RESERVED -CVE-2021-28904 - RESERVED -CVE-2021-28903 - RESERVED -CVE-2021-28902 - RESERVED +CVE-2021-28906 (In function read_yin_leaf() in libyang <= v1.0.225, it doesn't chec ...) + TODO: check +CVE-2021-28905 (In function lys_node_free() in libyang <= v1.0.225, it asserts that ...) + TODO: check +CVE-2021-28904 (In function ext_get_plugin() in libyang <= v1.0.225, it doesn't che ...) + TODO: check +CVE-2021-28903 (A stack overflow in libyang <= v1.0.225 can cause a denial of servi ...) + TODO: check +CVE-2021-28902 (In function read_yin_container() in libyang <= v1.0.225, it doesn't ...) + TODO: check CVE-2021-28901 RESERVED CVE-2021-28900 @@ -11126,11 +11123,9 @@ CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 NOT-FOR-US: ASUS CVE-2021-28684 RESERVED -CVE-2021-28683 - RESERVED +CVE-2021-28683 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...) - envoyproxy <itp> (bug #987544) -CVE-2021-28682 - RESERVED +CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...) - envoyproxy <itp> (bug #987544) CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...) NOT-FOR-US: Pion WebRTC @@ -12195,8 +12190,8 @@ CVE-2021-3440 RESERVED CVE-2021-3439 RESERVED -CVE-2021-3438 - RESERVED +CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...) + TODO: check CVE-2021-3437 RESERVED CVE-2021-3436 @@ -12512,10 +12507,10 @@ CVE-2021-28114 RESERVED CVE-2021-28113 (A command injection vulnerability in the cookieDomain and relayDomain ...) NOT-FOR-US: Okta Access Gateway -CVE-2021-28112 - RESERVED -CVE-2021-28111 - RESERVED +CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a deb ...) + TODO: check +CVE-2021-28111 (Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, le ...) + TODO: check CVE-2021-28110 (/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27. ...) NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG) CVE-2021-28109 (TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected C ...) @@ -12526,8 +12521,7 @@ CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier A [buster] - courier-authlib <no-dsa> (Minor issue) NOTE: Re-introduction of #378571 while migrating from debian/permissions to NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2. -CVE-2021-3426 [Running `pydoc -p` allows other local users to extract arbitrary files. The `/getfile?key=path` URL allows to read arbitrary file on the filesystem.] - RESERVED +CVE-2021-3426 (There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ...) {DLA-2619-1} [experimental] - python3.9 3.9.3-1 - python3.9 <unfixed> @@ -12913,8 +12907,8 @@ CVE-2021-27958 RESERVED CVE-2021-27957 RESERVED -CVE-2021-27956 - RESERVED +CVE-2021-27956 (Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on ...) + TODO: check CVE-2020-36255 (An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel ...) NOT-FOR-US: ScottBrady.IdentityModel CVE-2019-25025 (The activerecord-session_store (aka Active Record Session Store) compo ...) @@ -14031,28 +14025,28 @@ CVE-2021-27469 RESERVED CVE-2021-27468 RESERVED -CVE-2021-27467 - RESERVED +CVE-2021-27467 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + TODO: check CVE-2021-27466 RESERVED -CVE-2021-27465 - RESERVED +CVE-2021-27465 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + TODO: check CVE-2021-27464 RESERVED -CVE-2021-27463 - RESERVED +CVE-2021-27463 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + TODO: check CVE-2021-27462 RESERVED -CVE-2021-27461 - RESERVED +CVE-2021-27461 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + TODO: check CVE-2021-27460 RESERVED -CVE-2021-27459 - RESERVED +CVE-2021-27459 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + TODO: check CVE-2021-27458 (If Ethernet communication of the JTEKT Corporation TOYOPUC product ser ...) NOT-FOR-US: JTEKT Corporation TOYOPUC -CVE-2021-27457 - RESERVED +CVE-2021-27457 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + TODO: check CVE-2021-27456 RESERVED CVE-2021-27455 @@ -14097,12 +14091,12 @@ CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-si NOT-FOR-US: WebAccess/SCADA CVE-2021-27435 RESERVED -CVE-2021-27434 - RESERVED +CVE-2021-27434 (Products with Unified Automation .NET based OPC UA Client/Server SDK B ...) + TODO: check CVE-2021-27433 RESERVED -CVE-2021-27432 - RESERVED +CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC U ...) + TODO: check CVE-2021-27431 RESERVED CVE-2021-27430 @@ -16954,8 +16948,8 @@ CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page NOT-FOR-US: JetBrains CVE-2021-3314 RESERVED -CVE-2021-3313 - RESERVED +CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) ...) + TODO: check CVE-2021-3312 RESERVED CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...) @@ -17720,16 +17714,16 @@ CVE-2021-25935 RESERVED CVE-2021-25934 RESERVED -CVE-2021-25933 - RESERVED +CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) + TODO: check CVE-2021-25932 RESERVED -CVE-2021-25931 - RESERVED -CVE-2021-25930 - RESERVED -CVE-2021-25929 - RESERVED +CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) + TODO: check +CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) + TODO: check +CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) + TODO: check CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...) NOT-FOR-US: Node safe-obj CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...) @@ -23659,8 +23653,8 @@ CVE-2021-23388 RESERVED CVE-2021-23387 RESERVED -CVE-2021-23386 - RESERVED +CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...) + TODO: check CVE-2021-23385 RESERVED CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...) @@ -30314,8 +30308,8 @@ CVE-2020-35582 (A stored cross-site scripting (XSS) issue in Envira Gallery Lite NOT-FOR-US: Envira Gallery Lite CVE-2020-35581 (A stored cross-site scripting (XSS) issue in Envira Gallery Lite befor ...) NOT-FOR-US: Envira Gallery Lite -CVE-2020-35580 - RESERVED +CVE-2020-35580 (A local file inclusion vulnerability in the FileServlet in all SearchB ...) + TODO: check CVE-2020-35579 (tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%& ...) NOT-FOR-US: tindy2013 CVE-2020-35578 (An issue was discovered in the Manage Plugins page in Nagios XI before ...) @@ -51911,10 +51905,10 @@ CVE-2020-24398 RESERVED CVE-2020-24397 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...) NOT-FOR-US: Zoho ManageEngine Desktop Central -CVE-2020-24396 - RESERVED -CVE-2020-24395 - RESERVED +CVE-2020-24396 (homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH key ...) + TODO: check +CVE-2020-24395 (The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28 ...) + TODO: check CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) ca ...) - linux 5.7.6-1 (bug #962254) [buster] - linux 4.19.131-1 @@ -58124,8 +58118,8 @@ CVE-2020-21347 RESERVED CVE-2020-21346 RESERVED -CVE-2020-21345 - RESERVED +CVE-2020-21345 (Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publis ...) + TODO: check CVE-2020-21344 RESERVED CVE-2020-21343 @@ -58700,16 +58694,16 @@ CVE-2020-21059 RESERVED CVE-2020-21058 RESERVED -CVE-2020-21057 - RESERVED -CVE-2020-21056 - RESERVED -CVE-2020-21055 - RESERVED -CVE-2020-21054 - RESERVED -CVE-2020-21053 - RESERVED +CVE-2020-21057 (Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a r ...) + TODO: check +CVE-2020-21056 (Directory Traversal vulnerability exists in FusionPBX 4.5.7, which all ...) + TODO: check +CVE-2020-21055 (A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows m ...) + TODO: check +CVE-2020-21054 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows rem ...) + TODO: check +CVE-2020-21053 (Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 al ...) + TODO: check CVE-2020-21052 RESERVED CVE-2020-21051 @@ -70617,8 +70611,8 @@ CVE-2020-15524 CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, ...) - python3.8 <not-affected> (Python on Windows) - python2.7 <not-affected> (Python on Windows) -CVE-2020-15522 - RESERVED +CVE-2020-15522 (Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA bef ...) + TODO: check CVE-2020-15521 (Zoho ManageEngine Applications Manager before 14 build 14730 has no pr ...) NOT-FOR-US: Zoho CVE-2020-15520 @@ -100178,8 +100172,8 @@ CVE-2020-4852 RESERVED CVE-2020-4851 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 cou ...) NOT-FOR-US: IBM -CVE-2020-4850 - RESERVED +CVE-2020-4850 (IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering c ...) + TODO: check CVE-2020-4849 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could ...) NOT-FOR-US: IBM CVE-2020-4848 (IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d7e7a12ff2a19202c20ffd5c879af543d395e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d7e7a12ff2a19202c20ffd5c879af543d395e7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits