[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 25 May 2021 13:11:42 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4e3aad17 by security tracker role at 2021-05-25T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-3565
+       RESERVED
 CVE-2021-33564
        RESERVED
 CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password 
strength po ...)
@@ -291,8 +293,8 @@ CVE-2021-33427
        RESERVED
 CVE-2021-33426
        RESERVED
-CVE-2021-33425
-       RESERVED
+CVE-2021-33425 (A stored cross-site scripting (XSS) vulnerability was 
discovered in th ...)
+       TODO: check
 CVE-2021-33424
        RESERVED
 CVE-2021-33423
@@ -1963,12 +1965,12 @@ CVE-2021-32642
        RESERVED
 CVE-2021-32641
        RESERVED
-CVE-2021-32640
-       RESERVED
+CVE-2021-32640 (ws is an open source WebSocket client and server library for 
Node.js.  ...)
+       TODO: check
 CVE-2021-32639
        RESERVED
-CVE-2021-32638
-       RESERVED
+CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code 
scanning o ...)
+       TODO: check
 CVE-2021-32637
        RESERVED
 CVE-2021-32636
@@ -7739,26 +7741,26 @@ CVE-2021-30197
        RESERVED
 CVE-2021-30196
        RESERVED
-CVE-2021-30195
-       RESERVED
-CVE-2021-30194
-       RESERVED
-CVE-2021-30193
-       RESERVED
-CVE-2021-30192
-       RESERVED
-CVE-2021-30191
-       RESERVED
-CVE-2021-30190
-       RESERVED
-CVE-2021-30189
-       RESERVED
-CVE-2021-30188
-       RESERVED
-CVE-2021-30187
-       RESERVED
-CVE-2021-30186
-       RESERVED
+CVE-2021-30195 (CODESYS V2 runtime system before 2.4.7.55 has Improper Input 
Validatio ...)
+       TODO: check
+CVE-2021-30194 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds 
Read. ...)
+       TODO: check
+CVE-2021-30193 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds 
Write. ...)
+       TODO: check
+CVE-2021-30192 (CODESYS V2 Web-Server before 1.1.9.20 has an Improperly 
Implemented Se ...)
+       TODO: check
+CVE-2021-30191 (CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy 
without Chec ...)
+       TODO: check
+CVE-2021-30190 (CODESYS V2 Web-Server before 1.1.9.20 has Improper Access 
Control. ...)
+       TODO: check
+CVE-2021-30189 (CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer 
Overflo ...)
+       TODO: check
+CVE-2021-30188 (CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based 
Buffer  ...)
+       TODO: check
+CVE-2021-30187 (CODESYS V2 runtime system SP before 2.4.7.55 has Improper 
Neutralizati ...)
+       TODO: check
+CVE-2021-30186 (CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based 
Buffer O ...)
+       TODO: check
 CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host 
header in a ...)
        NOT-FOR-US: CERN Indico
 CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via 
crafted ...)
@@ -8918,8 +8920,8 @@ CVE-2021-29710
        RESERVED
 CVE-2021-29709
        RESERVED
-CVE-2021-29708
-       RESERVED
+CVE-2021-29708 (IBM Spectrum Scale 5.1.0.1 could allow a local with access to 
the GUI  ...)
+       TODO: check
 CVE-2021-29707
        RESERVED
 CVE-2021-29706
@@ -8944,8 +8946,8 @@ CVE-2021-29697
        RESERVED
 CVE-2021-29696
        RESERVED
-CVE-2021-29695
-       RESERVED
+CVE-2021-29695 (IBM Host firmware for LC-class Systems could allow a remote 
attacker t ...)
+       TODO: check
 CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker 
than expec ...)
        NOT-FOR-US: IBM
 CVE-2021-29693
@@ -10211,28 +10213,28 @@ CVE-2021-29213
        RESERVED
 CVE-2021-29212
        RESERVED
-CVE-2021-29211
-       RESERVED
-CVE-2021-29210
-       RESERVED
-CVE-2021-29209
-       RESERVED
-CVE-2021-29208
-       RESERVED
-CVE-2021-29207
-       RESERVED
-CVE-2021-29206
-       RESERVED
-CVE-2021-29205
-       RESERVED
-CVE-2021-29204
-       RESERVED
+CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out ...)
+       TODO: check
+CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered 
in HPE I ...)
+       TODO: check
+CVE-2021-29209 (A remote dom xss, crlf injection vulnerability was discovered 
in HPE I ...)
+       TODO: check
+CVE-2021-29208 (A remote dom xss, crlf injection vulnerability was discovered 
in HPE I ...)
+       TODO: check
+CVE-2021-29207 (A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out ...)
+       TODO: check
+CVE-2021-29206 (A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out ...)
+       TODO: check
+CVE-2021-29205 (A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out ...)
+       TODO: check
+CVE-2021-29204 (A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out ...)
+       TODO: check
 CVE-2021-29203 (A security vulnerability has been identified in the HPE 
Edgeline Infra ...)
        NOT-FOR-US: HPE
-CVE-2021-29202
-       RESERVED
-CVE-2021-29201
-       RESERVED
+CVE-2021-29202 (A local buffer overflow vulnerability was discovered in HPE 
Integrated ...)
+       TODO: check
+CVE-2021-29201 (A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out ...)
+       TODO: check
 CVE-2021-29200 (Apache OFBiz has unsafe deserialization prior to 17.12.07 
version An u ...)
        NOT-FOR-US: Apache OFBiz
 CVE-2021-29199
@@ -13542,12 +13544,12 @@ CVE-2021-27825
        RESERVED
 CVE-2021-27824
        RESERVED
-CVE-2021-27823
-       RESERVED
+CVE-2021-27823 (An information disclosure vulnerability was discovered in 
/index.class ...)
+       TODO: check
 CVE-2021-27822
        RESERVED
-CVE-2021-27821
-       RESERVED
+CVE-2021-27821 (The Web Interface for OpenWRT LuCI version 19.07 and lower has 
been di ...)
+       TODO: check
 CVE-2021-27820
        RESERVED
 CVE-2021-27819
@@ -14111,8 +14113,8 @@ CVE-2021-27564 (A stored XSS issue exists in Appspace 
6.2.4. After a user is aut
        NOT-FOR-US: Appspace
 CVE-2021-27563
        RESERVED
-CVE-2021-27562
-       RESERVED
+CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may 
trigger a syst ...)
+       TODO: check
 CVE-2021-27561
        RESERVED
 CVE-2021-27560
@@ -17979,12 +17981,12 @@ CVE-2021-25948
        RESERVED
 CVE-2021-25947
        RESERVED
-CVE-2021-25946
-       RESERVED
+CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 
0.0.1 throu ...)
+       TODO: check
 CVE-2021-25945
        RESERVED
-CVE-2021-25944
-       RESERVED
+CVE-2021-25944 (Prototype pollution vulnerability in 'deep-defaults' versions 
1.0.0 th ...)
+       TODO: check
 CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0 
through 1.6. ...)
        NOT-FOR-US: Node 101
 CVE-2021-25942
@@ -18001,10 +18003,10 @@ CVE-2021-25937
        RESERVED
 CVE-2021-25936
        RESERVED
-CVE-2021-25935
-       RESERVED
-CVE-2021-25934
-       RESERVED
+CVE-2021-25935 (In OpenNMS Horizon, versions opennms-17.0.0-1 through 
opennms-27.1.0-1 ...)
+       TODO: check
+CVE-2021-25934 (In OpenNMS Horizon, versions opennms-18.0.0-1 through 
opennms-27.1.0-1 ...)
+       TODO: check
 CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through 
opennms-27.1.0 ...)
        NOT-FOR-US: OpenNMS
 CVE-2021-25932
@@ -22750,8 +22752,7 @@ CVE-2021-23939
        RESERVED
 CVE-2021-23938
        RESERVED
-CVE-2021-23937
-       RESERVED
+CVE-2021-23937 (A DNS proxy and possible amplification attack vulnerability in 
WebClie ...)
        NOT-FOR-US: Apache Wicket
 CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to 
a bypas ...)
        NOT-FOR-US: Discourse
@@ -27716,14 +27717,14 @@ CVE-2021-21662
        RESERVED
 CVE-2021-21661
        RESERVED
-CVE-2021-21660
-       RESERVED
-CVE-2021-21659
-       RESERVED
-CVE-2021-21658
-       RESERVED
-CVE-2021-21657
-       RESERVED
+CVE-2021-21660 (Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not 
sanitize  ...)
+       TODO: check
+CVE-2021-21659 (Jenkins URLTrigger Plugin 0.48 and earlier does not configure 
its XML  ...)
+       TODO: check
+CVE-2021-21658 (Jenkins Nuget Plugin 1.0 and earlier does not configure its 
XML parser ...)
+       TODO: check
+CVE-2021-21657 (Jenkins Filesystem Trigger Plugin 0.40 and earlier does not 
configure  ...)
+       TODO: check
 CVE-2021-21656 (Jenkins Xcode integration Plugin 2.0.14 and earlier does not 
configure ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2021-21655 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
P4 Plugin ...)
@@ -33124,8 +33125,8 @@ CVE-2021-20098
        RESERVED
 CVE-2021-20097
        RESERVED
-CVE-2021-20096
-       RESERVED
+CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a 
remote atta ...)
+       TODO: check
 CVE-2021-20095 (Relative Path Traversal in Babel 2.9.0 allows an attacker to 
load arbi ...)
        - python-babel 2.8.0+dfsg.1-7 (bug #987824)
        NOTE: https://www.tenable.com/security/research/tra-2021-14
@@ -60246,20 +60247,20 @@ CVE-2020-20453
        RESERVED
 CVE-2020-20452
        RESERVED
-CVE-2020-20451
-       RESERVED
-CVE-2020-20450
-       RESERVED
+CVE-2020-20451 (Denial of Service issue in FFmpeg 4.2 due to resource 
management error ...)
+       TODO: check
+CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer dereference passed as 
argument  ...)
+       TODO: check
 CVE-2020-20449
        RESERVED
-CVE-2020-20448
-       RESERVED
+CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via 
libavcodec/rate ...)
+       TODO: check
 CVE-2020-20447
        RESERVED
-CVE-2020-20446
-       RESERVED
-CVE-2020-20445
-       RESERVED
+CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via 
libavcodec/aacpsy ...)
+       TODO: check
+CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via 
libavcodec/lpc.h, ...)
+       TODO: check
 CVE-2020-20444
        RESERVED
 CVE-2020-20443
@@ -88546,12 +88547,12 @@ CVE-2020-9454 (A CSRF vulnerability in the 
RegistrationMagic plugin through 4.6.
        NOT-FOR-US: RegistrationMagic plugin for WordPress
 CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows 
local  ...)
        NOT-FOR-US: Epson
-CVE-2020-9452
-       RESERVED
-CVE-2020-9451
-       RESERVED
-CVE-2020-9450
-       RESERVED
+CVE-2020-9452 (An issue was discovered in Acronis True Image 2020 24.5.22510. 
anti_ra ...)
+       TODO: check
+CVE-2020-9451 (An issue was discovered in Acronis True Image 2020 24.5.22510. 
anti_ra ...)
+       TODO: check
+CVE-2020-9450 (An issue was discovered in Acronis True Image 2020 24.5.22510. 
anti_ra ...)
+       TODO: check
 CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, 
BlaB!  ...)
        NOT-FOR-US: BlaB!
 CVE-2020-9448
@@ -100544,8 +100545,8 @@ CVE-2020-4841 (IBM Security Secret Server 10.6 could 
allow a remote attacker to
        NOT-FOR-US: IBM
 CVE-2020-4840 (IBM Security Secret Server 10.6 could allow a remote attacker 
to condu ...)
        NOT-FOR-US: IBM
-CVE-2020-4839
-       RESERVED
+CVE-2020-4839 (IBM Host firmware for LC-class Systems is vulnerable to a stack 
based  ...)
+       TODO: check
 CVE-2020-4838 (IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to 
stored cross ...)
        NOT-FOR-US: IBM
 CVE-2020-4837



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e3aad17b2a990badaa94668a16c64ded35a54f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e3aad17b2a990badaa94668a16c64ded35a54f9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to