Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c66879bd by security tracker role at 2021-06-10T20:10:33+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,55 @@ +CVE-2021-3596 + RESERVED +CVE-2021-3595 + RESERVED +CVE-2021-3594 + RESERVED +CVE-2021-3593 + RESERVED +CVE-2021-3592 + RESERVED +CVE-2021-34558 + RESERVED +CVE-2021-34556 + RESERVED +CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial ...) + TODO: check +CVE-2021-34554 + RESERVED +CVE-2021-34553 + RESERVED +CVE-2021-34552 + RESERVED +CVE-2021-34551 + RESERVED +CVE-2021-34550 + RESERVED +CVE-2021-34549 + RESERVED +CVE-2021-34548 + RESERVED +CVE-2021-34547 (PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user a ...) + TODO: check +CVE-2021-34546 (An unauthenticated attacker with physical access to a computer with Ne ...) + TODO: check +CVE-2021-34545 + RESERVED +CVE-2021-34544 + RESERVED +CVE-2021-34543 + RESERVED +CVE-2021-34542 + RESERVED +CVE-2021-34541 + RESERVED +CVE-2021-34540 + RESERVED +CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...) + TODO: check +CVE-2021-34538 + RESERVED +CVE-2019-25046 (The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11 ...) + TODO: check CVE-2021-34537 RESERVED CVE-2021-34536 @@ -354,8 +406,8 @@ CVE-2021-34365 RESERVED CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow XSS via ...) TODO: check -CVE-2021-34363 - RESERVED +CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows Path ...) + TODO: check CVE-2021-34362 RESERVED CVE-2021-34361 @@ -3366,8 +3418,8 @@ CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3 CVE-2021-33032 RESERVED -CVE-2021-33031 - RESERVED +CVE-2021-33031 (In LabCup before <v2_next_18022, it is possible to use the save API ...) + TODO: check CVE-2021-33030 RESERVED CVE-2021-33029 @@ -5757,10 +5809,10 @@ CVE-2021-32000 RESERVED CVE-2021-31999 RESERVED -CVE-2021-31998 - RESERVED -CVE-2021-31997 - RESERVED +CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) + TODO: check +CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...) + TODO: check CVE-2021-31996 (An issue was discovered in the algorithmica crate through 2021-03-07 f ...) NOT-FOR-US: Rust crate algorithmica CVE-2021-3529 (A flaw was found in noobaa-core in versions before 5.7.0. This flaw re ...) @@ -5897,12 +5949,12 @@ CVE-2021-31931 RESERVED CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...) NOT-FOR-US: Concerto -CVE-2021-31929 - RESERVED -CVE-2021-31928 - RESERVED -CVE-2021-31927 - RESERVED +CVE-2021-31929 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any auth ...) + TODO: check +CVE-2021-31928 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any auth ...) + TODO: check +CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in Annex Clou ...) + TODO: check CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1. ...) NOT-FOR-US: CubeCoders AMP CVE-2021-31925 @@ -6184,10 +6236,10 @@ CVE-2021-31842 RESERVED CVE-2021-31841 RESERVED -CVE-2021-31840 - RESERVED -CVE-2021-31839 - RESERVED +CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...) + TODO: check +CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent for Window ...) + TODO: check CVE-2021-31838 RESERVED CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...) @@ -6684,10 +6736,10 @@ CVE-2021-31661 RESERVED CVE-2021-31660 RESERVED -CVE-2021-31659 - RESERVED -CVE-2021-31658 - RESERVED +CVE-2021-31659 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is v ...) + TODO: check +CVE-2021-31658 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is a ...) + TODO: check CVE-2021-31657 RESERVED CVE-2021-31656 @@ -6924,8 +6976,8 @@ CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation) NOT-FOR-US: Wowza Streaming Engine CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01 (in a default installation) has ...) NOT-FOR-US: Wowza Streaming Engine -CVE-2021-31538 - RESERVED +CVE-2021-31538 (LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allo ...) + TODO: check CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (a ...) NOT-FOR-US: SIS-REWE Go CVE-2021-31536 @@ -7036,7 +7088,7 @@ CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/no [stretch] - linux <ignored> (f2fs is not supportable) NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2 NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuch...@huawei.com/ -CVE-2021-34557 [Disconnecting a video output can cause XScreenSaver to crash and unlock] +CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than ten dis ...) - xscreensaver 5.45+dfsg1-2 (bug #989508) NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/2 @@ -7431,9 +7483,9 @@ CVE-2021-31345 RESERVED CVE-2021-31344 RESERVED -CVE-2021-31343 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) +CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020 before 2020 ...) TODO: check -CVE-2021-31342 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) +CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020 before 20 ...) TODO: check CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...) NOT-FOR-US: Mendix Database Replication @@ -8966,8 +9018,7 @@ CVE-2021-3496 (A heap-based buffer overflow was found in jhead in version 3.06 i NOTE: https://github.com/Matthias-Wandel/jhead/issues/33 NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0 NOTE: Crash in CLI tool, no security impact -CVE-2021-30641 - RESERVED +CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behav ...) [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 @@ -16439,7 +16490,7 @@ CVE-2021-27614 (SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, NOT-FOR-US: SAP CVE-2021-27613 (Under certain conditions, SAP Business One Chef cookbook, version - 9. ...) NOT-FOR-US: SAP -CVE-2021-27612 (In specific situations SAP GUI for Windows, versions - 7.60, 7.70 forw ...) +CVE-2021-27612 (In specific situations SAP GUI for Windows, versions - 7.60 PL10, 7.70 ...) NOT-FOR-US: SAP CVE-2021-27611 (SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a hig ...) NOT-FOR-US: SAP @@ -17035,12 +17086,12 @@ CVE-2021-27349 (Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a NOT-FOR-US: WooCommerce CVE-2021-27348 RESERVED -CVE-2021-27347 - RESERVED +CVE-2021-27347 (Use after free in lzma_decompress_buf function in stream.c in Irzip 0. ...) + TODO: check CVE-2021-27346 RESERVED -CVE-2021-27345 - RESERVED +CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stream.c i ...) + TODO: check CVE-2021-27344 RESERVED CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...) @@ -18566,14 +18617,12 @@ CVE-2021-26693 RESERVED CVE-2021-26692 RESERVED -CVE-2021-26691 - RESERVED +CVE-2021-26691 (In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted Ses ...) [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691 NOTE: https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b -CVE-2021-26690 - RESERVED +CVE-2021-26690 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie ...) [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690 @@ -20416,10 +20465,10 @@ CVE-2021-25951 RESERVED CVE-2021-25950 RESERVED -CVE-2021-25949 - RESERVED -CVE-2021-25948 - RESERVED +CVE-2021-25949 (Prototype pollution vulnerability in ‘set-getter’ version ...) + TODO: check +CVE-2021-25948 (Prototype pollution vulnerability in ‘expand-hash’ version ...) + TODO: check CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1 ...) NOT-FOR-US: Node nestie CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...) @@ -22032,8 +22081,8 @@ CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a clu NOT-FOR-US: MISP CVE-2021-25323 (The default setting of MISP 2.4.136 did not enable the requirements (a ...) NOT-FOR-US: MISP -CVE-2021-25322 - RESERVED +CVE-2021-25322 (A UNIX Symbolic Link (Symlink) Following vulnerability in python-Hyper ...) + TODO: check CVE-2021-25321 RESERVED CVE-2021-25320 @@ -26905,12 +26954,12 @@ CVE-2021-3043 RESERVED CVE-2021-3042 RESERVED -CVE-2021-3041 - RESERVED -CVE-2021-3040 - RESERVED -CVE-2021-3039 - RESERVED +CVE-2021-3041 (A local privilege escalation vulnerability exists in the Palo Alto Net ...) + TODO: check +CVE-2021-3040 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...) + TODO: check +CVE-2021-3039 (An information exposure through log file vulnerability exists in the P ...) + TODO: check CVE-2021-3038 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...) NOT-FOR-US: Palo Alto Networks CVE-2021-3037 (An information exposure through log file vulnerability exists in Palo ...) @@ -27157,12 +27206,12 @@ CVE-2021-23026 RESERVED CVE-2021-23025 RESERVED -CVE-2021-23024 - RESERVED -CVE-2021-23023 - RESERVED -CVE-2021-23022 - RESERVED +CVE-2021-23024 (On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG ...) + TODO: check +CVE-2021-23023 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a ...) + TODO: check +CVE-2021-23022 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, t ...) + TODO: check CVE-2021-23021 (The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/co ...) NOT-FOR-US: NGINX Controller CVE-2021-23020 (The NAAS 3.x before 3.10.0 API keys were generated using an insecure p ...) @@ -30030,10 +30079,10 @@ CVE-2021-21738 RESERVED CVE-2021-21737 RESERVED -CVE-2021-21736 - RESERVED -CVE-2021-21735 - RESERVED +CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...) + TODO: check +CVE-2021-21735 (A ZTE product has an information leak vulnerability. Due to improper p ...) + TODO: check CVE-2021-21734 (Some PON MDU devices of ZTE stored sensitive information in plaintext, ...) NOT-FOR-US: ZTE CVE-2021-21733 (The management system of ZXCDN is impacted by the information leak vul ...) @@ -30177,23 +30226,17 @@ CVE-2021-21668 RESERVED CVE-2021-21667 RESERVED -CVE-2021-21666 - RESERVED +CVE-2021-21666 (Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query paramete ...) NOT-FOR-US: Jenkins plugin -CVE-2021-21665 - RESERVED +CVE-2021-21665 (A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs ...) NOT-FOR-US: Jenkins plugin -CVE-2021-21664 - RESERVED +CVE-2021-21664 (An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10 ...) NOT-FOR-US: Jenkins plugin -CVE-2021-21663 - RESERVED +CVE-2021-21663 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 ...) NOT-FOR-US: Jenkins plugin -CVE-2021-21662 - RESERVED +CVE-2021-21662 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0. ...) NOT-FOR-US: Jenkins plugin -CVE-2021-21661 - RESERVED +CVE-2021-21661 (Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform perm ...) NOT-FOR-US: Jenkins plugin CVE-2021-21660 (Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize ...) NOT-FOR-US: Jenkins plugin @@ -34723,8 +34766,8 @@ CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publi NOT-FOR-US: MongoDB C# Driver CVE-2021-20330 RESERVED -CVE-2021-20329 - RESERVED +CVE-2021-20329 (Specific cstrings input may not be properly validated in the MongoDB G ...) + TODO: check CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...) - mongo-java-driver <not-affected> (Vulnerable code introduce later) NOTE: https://jira.mongodb.org/browse/JAVA-4017 @@ -34852,8 +34895,7 @@ CVE-2021-20294 (A flaw was found in binutils readelf 2.35 program. An attacker w - binutils <unfixed> (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26929 NOTE: binutils not covered by security support -CVE-2021-20293 - RESERVED +CVE-2021-20293 (A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ...) - resteasy <undetermined> - resteasy3.0 <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942819 @@ -35626,8 +35668,8 @@ CVE-2021-20083 (Improperly Controlled Modification of Object Prototype Attribute NOT-FOR-US: jquery-plugin-query-object CVE-2021-20082 RESERVED -CVE-2021-20081 - RESERVED +CVE-2021-20081 (Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus ...) + TODO: check CVE-2021-20080 (Insufficient output sanitization in ManageEngine ServiceDesk Plus befo ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2021-20079 @@ -36128,8 +36170,7 @@ CVE-2020-35454 (The Taidii Diibear Android application 2.4.0 and all its derivat NOT-FOR-US: Taidii Diibear Android application CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorre ...) NOT-FOR-US: HashiCorp Vault -CVE-2020-35452 - RESERVED +CVE-2020-35452 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest ...) [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452 @@ -52317,8 +52358,8 @@ CVE-2020-25469 RESERVED CVE-2020-25468 RESERVED -CVE-2020-25467 - RESERVED +CVE-2020-25467 (A null pointer dereference was discovered lzo_decompress_buf in stream ...) + TODO: check CVE-2020-25466 (A SSRF vulnerability exists in the downloadimage interface of CRMEB 3. ...) NOT-FOR-US: CRMEB CVE-2020-25465 (Null Pointer Dereference. in xObjectBindingFromExpression at moddable/ ...) @@ -54111,26 +54152,26 @@ CVE-2020-24673 (In S+ Operations and S+ Historian, a successful SQL injection ex NOT-FOR-US: ABB CVE-2020-24672 RESERVED -CVE-2020-24671 - RESERVED +CVE-2020-24671 (Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL ...) + TODO: check CVE-2020-24670 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...) NOT-FOR-US: Hitachi CVE-2020-24669 (The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x c ...) NOT-FOR-US: Hitachi -CVE-2020-24668 - RESERVED -CVE-2020-24667 - RESERVED +CVE-2020-24668 (Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulner ...) + TODO: check +CVE-2020-24667 (Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL ...) + TODO: check CVE-2020-24666 (The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x conta ...) NOT-FOR-US: Hitachi CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...) NOT-FOR-US: Hitachi CVE-2020-24664 (The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...) NOT-FOR-US: Hitachi -CVE-2020-24663 - RESERVED -CVE-2020-24662 - RESERVED +CVE-2020-24663 (Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnera ...) + TODO: check +CVE-2020-24662 (SmartStream Transaction Lifecycle Management (TLM) Reconciliation Prem ...) + TODO: check CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate verificati ...) - geary 3.38.0.1-1 [buster] - geary <no-dsa> (Minor issue) @@ -77968,8 +78009,7 @@ CVE-2020-13952 (In the course of work on the open source project it was discover NOT-FOR-US: Apache Superset CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeetings 4. ...) NOT-FOR-US: Apache OpenMeetings -CVE-2020-13950 - RESERVED +CVE-2020-13950 (Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be mad ...) [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950 @@ -78011,8 +78051,7 @@ CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager NOT-FOR-US: Apache NiFi CVE-2020-13939 REJECTED -CVE-2020-13938 - RESERVED +CVE-2020-13938 (Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users c ...) - apache2 <not-affected> (Only affects Apache on Windows) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13938 CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2 ...) @@ -120320,8 +120359,7 @@ CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.4 NOTE: https://github.com/apache/tomcat/commit/b191a0d9cf06f4e04257c221bfe41d2b108a9cc8 (7.0.100) CVE-2019-17568 REJECTED -CVE-2019-17567 - RESERVED +CVE-2019-17567 (Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configu ...) [experimental] - apache2 2.4.48-1 - apache2 <unfixed> NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-17567 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c66879bd90abb31362fcd960548a35a8ca5a8da7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c66879bd90abb31362fcd960548a35a8ca5a8da7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits