Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4e3aad17 by security tracker role at 2021-05-25T20:10:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,5 @@ +CVE-2021-3565 + RESERVED CVE-2021-33564 RESERVED CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password strength po ...) @@ -291,8 +293,8 @@ CVE-2021-33427 RESERVED CVE-2021-33426 RESERVED -CVE-2021-33425 - RESERVED +CVE-2021-33425 (A stored cross-site scripting (XSS) vulnerability was discovered in th ...) + TODO: check CVE-2021-33424 RESERVED CVE-2021-33423 @@ -1963,12 +1965,12 @@ CVE-2021-32642 RESERVED CVE-2021-32641 RESERVED -CVE-2021-32640 - RESERVED +CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js. ...) + TODO: check CVE-2021-32639 RESERVED -CVE-2021-32638 - RESERVED +CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code scanning o ...) + TODO: check CVE-2021-32637 RESERVED CVE-2021-32636 @@ -7739,26 +7741,26 @@ CVE-2021-30197 RESERVED CVE-2021-30196 RESERVED -CVE-2021-30195 - RESERVED -CVE-2021-30194 - RESERVED -CVE-2021-30193 - RESERVED -CVE-2021-30192 - RESERVED -CVE-2021-30191 - RESERVED -CVE-2021-30190 - RESERVED -CVE-2021-30189 - RESERVED -CVE-2021-30188 - RESERVED -CVE-2021-30187 - RESERVED -CVE-2021-30186 - RESERVED +CVE-2021-30195 (CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validatio ...) + TODO: check +CVE-2021-30194 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. ...) + TODO: check +CVE-2021-30193 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. ...) + TODO: check +CVE-2021-30192 (CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Se ...) + TODO: check +CVE-2021-30191 (CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Chec ...) + TODO: check +CVE-2021-30190 (CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. ...) + TODO: check +CVE-2021-30189 (CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflo ...) + TODO: check +CVE-2021-30188 (CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer ...) + TODO: check +CVE-2021-30187 (CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralizati ...) + TODO: check +CVE-2021-30186 (CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer O ...) + TODO: check CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...) NOT-FOR-US: CERN Indico CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...) @@ -8918,8 +8920,8 @@ CVE-2021-29710 RESERVED CVE-2021-29709 RESERVED -CVE-2021-29708 - RESERVED +CVE-2021-29708 (IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI ...) + TODO: check CVE-2021-29707 RESERVED CVE-2021-29706 @@ -8944,8 +8946,8 @@ CVE-2021-29697 RESERVED CVE-2021-29696 RESERVED -CVE-2021-29695 - RESERVED +CVE-2021-29695 (IBM Host firmware for LC-class Systems could allow a remote attacker t ...) + TODO: check CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expec ...) NOT-FOR-US: IBM CVE-2021-29693 @@ -10211,28 +10213,28 @@ CVE-2021-29213 RESERVED CVE-2021-29212 RESERVED -CVE-2021-29211 - RESERVED -CVE-2021-29210 - RESERVED -CVE-2021-29209 - RESERVED -CVE-2021-29208 - RESERVED -CVE-2021-29207 - RESERVED -CVE-2021-29206 - RESERVED -CVE-2021-29205 - RESERVED -CVE-2021-29204 - RESERVED +CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + TODO: check +CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...) + TODO: check +CVE-2021-29209 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...) + TODO: check +CVE-2021-29208 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...) + TODO: check +CVE-2021-29207 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + TODO: check +CVE-2021-29206 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + TODO: check +CVE-2021-29205 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + TODO: check +CVE-2021-29204 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + TODO: check CVE-2021-29203 (A security vulnerability has been identified in the HPE Edgeline Infra ...) NOT-FOR-US: HPE -CVE-2021-29202 - RESERVED -CVE-2021-29201 - RESERVED +CVE-2021-29202 (A local buffer overflow vulnerability was discovered in HPE Integrated ...) + TODO: check +CVE-2021-29201 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + TODO: check CVE-2021-29200 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version An u ...) NOT-FOR-US: Apache OFBiz CVE-2021-29199 @@ -13542,12 +13544,12 @@ CVE-2021-27825 RESERVED CVE-2021-27824 RESERVED -CVE-2021-27823 - RESERVED +CVE-2021-27823 (An information disclosure vulnerability was discovered in /index.class ...) + TODO: check CVE-2021-27822 RESERVED -CVE-2021-27821 - RESERVED +CVE-2021-27821 (The Web Interface for OpenWRT LuCI version 19.07 and lower has been di ...) + TODO: check CVE-2021-27820 RESERVED CVE-2021-27819 @@ -14111,8 +14113,8 @@ CVE-2021-27564 (A stored XSS issue exists in Appspace 6.2.4. After a user is aut NOT-FOR-US: Appspace CVE-2021-27563 RESERVED -CVE-2021-27562 - RESERVED +CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may trigger a syst ...) + TODO: check CVE-2021-27561 RESERVED CVE-2021-27560 @@ -17979,12 +17981,12 @@ CVE-2021-25948 RESERVED CVE-2021-25947 RESERVED -CVE-2021-25946 - RESERVED +CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...) + TODO: check CVE-2021-25945 RESERVED -CVE-2021-25944 - RESERVED +CVE-2021-25944 (Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 th ...) + TODO: check CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6. ...) NOT-FOR-US: Node 101 CVE-2021-25942 @@ -18001,10 +18003,10 @@ CVE-2021-25937 RESERVED CVE-2021-25936 RESERVED -CVE-2021-25935 - RESERVED -CVE-2021-25934 - RESERVED +CVE-2021-25935 (In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1 ...) + TODO: check +CVE-2021-25934 (In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1 ...) + TODO: check CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) NOT-FOR-US: OpenNMS CVE-2021-25932 @@ -22750,8 +22752,7 @@ CVE-2021-23939 RESERVED CVE-2021-23938 RESERVED -CVE-2021-23937 - RESERVED +CVE-2021-23937 (A DNS proxy and possible amplification attack vulnerability in WebClie ...) NOT-FOR-US: Apache Wicket CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypas ...) NOT-FOR-US: Discourse @@ -27716,14 +27717,14 @@ CVE-2021-21662 RESERVED CVE-2021-21661 RESERVED -CVE-2021-21660 - RESERVED -CVE-2021-21659 - RESERVED -CVE-2021-21658 - RESERVED -CVE-2021-21657 - RESERVED +CVE-2021-21660 (Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize ...) + TODO: check +CVE-2021-21659 (Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML ...) + TODO: check +CVE-2021-21658 (Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser ...) + TODO: check +CVE-2021-21657 (Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure ...) + TODO: check CVE-2021-21656 (Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2021-21655 (A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin ...) @@ -33124,8 +33125,8 @@ CVE-2021-20098 RESERVED CVE-2021-20097 RESERVED -CVE-2021-20096 - RESERVED +CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a remote atta ...) + TODO: check CVE-2021-20095 (Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbi ...) - python-babel 2.8.0+dfsg.1-7 (bug #987824) NOTE: https://www.tenable.com/security/research/tra-2021-14 @@ -60246,20 +60247,20 @@ CVE-2020-20453 RESERVED CVE-2020-20452 RESERVED -CVE-2020-20451 - RESERVED -CVE-2020-20450 - RESERVED +CVE-2020-20451 (Denial of Service issue in FFmpeg 4.2 due to resource management error ...) + TODO: check +CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer dereference passed as argument ...) + TODO: check CVE-2020-20449 RESERVED -CVE-2020-20448 - RESERVED +CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/rate ...) + TODO: check CVE-2020-20447 RESERVED -CVE-2020-20446 - RESERVED -CVE-2020-20445 - RESERVED +CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy ...) + TODO: check +CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, ...) + TODO: check CVE-2020-20444 RESERVED CVE-2020-20443 @@ -88546,12 +88547,12 @@ CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6. NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local ...) NOT-FOR-US: Epson -CVE-2020-9452 - RESERVED -CVE-2020-9451 - RESERVED -CVE-2020-9450 - RESERVED +CVE-2020-9452 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) + TODO: check +CVE-2020-9451 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) + TODO: check +CVE-2020-9450 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) + TODO: check CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB! ...) NOT-FOR-US: BlaB! CVE-2020-9448 @@ -100544,8 +100545,8 @@ CVE-2020-4841 (IBM Security Secret Server 10.6 could allow a remote attacker to NOT-FOR-US: IBM CVE-2020-4840 (IBM Security Secret Server 10.6 could allow a remote attacker to condu ...) NOT-FOR-US: IBM -CVE-2020-4839 - RESERVED +CVE-2020-4839 (IBM Host firmware for LC-class Systems is vulnerable to a stack based ...) + TODO: check CVE-2020-4838 (IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross ...) NOT-FOR-US: IBM CVE-2020-4837 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e3aad17b2a990badaa94668a16c64ded35a54f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e3aad17b2a990badaa94668a16c64ded35a54f9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits