Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ac37867a by security tracker role at 2021-07-26T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-37538
+ RESERVED
+CVE-2021-37537
+ RESERVED
+CVE-2021-37536
+ RESERVED
+CVE-2021-37535
+ RESERVED
+CVE-2021-37534 (app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored
XSS when ...)
+ TODO: check
+CVE-2021-37533
+ RESERVED
+CVE-2021-37532
+ RESERVED
+CVE-2021-37531
+ RESERVED
CVE-2021-37530
RESERVED
CVE-2021-37529
@@ -102,18 +118,18 @@ CVE-2021-37480
RESERVED
CVE-2021-37479
RESERVED
-CVE-2021-37478
- RESERVED
-CVE-2021-37477
- RESERVED
-CVE-2021-37476
- RESERVED
-CVE-2021-37475
- RESERVED
+CVE-2021-37478 (In NavigateCMS version 2.9.4 and below, function `block` is
vulnerable ...)
+ TODO: check
+CVE-2021-37477 (In NavigateCMS version 2.9.4 and below, function in
`structure.php` is ...)
+ TODO: check
+CVE-2021-37476 (In NavigateCMS version 2.9.4 and below, function in
`product.php` is v ...)
+ TODO: check
+CVE-2021-37475 (In NavigateCMS version 2.9.4 and below, function in
`templates.php` is ...)
+ TODO: check
CVE-2021-37474
RESERVED
-CVE-2021-37473
- RESERVED
+CVE-2021-37473 (In NavigateCMS version 2.9.4 and below, function in
`product.php` is v ...)
+ TODO: check
CVE-2021-37472
RESERVED
CVE-2021-37471
@@ -240,8 +256,8 @@ CVE-2021-37411
RESERVED
CVE-2021-3665
RESERVED
-CVE-2021-3664
- RESERVED
+CVE-2021-3664 (url-parse is vulnerable to URL Redirection to Untrusted Site
...)
+ TODO: check
CVE-2021-26250
RESERVED
CVE-2021-23208
@@ -279,12 +295,12 @@ CVE-2021-37396
RESERVED
CVE-2021-37395
RESERVED
-CVE-2021-37394
- RESERVED
-CVE-2021-37393
- RESERVED
-CVE-2021-37392
- RESERVED
+CVE-2021-37394 (In RPCMS v1.8 and below, attackers can interact with API and
change va ...)
+ TODO: check
+CVE-2021-37393 (In RPCMS v1.8 and below, the "nickname" variable is not
properly sanit ...)
+ TODO: check
+CVE-2021-37392 (In RPCMS v1.8 and below, the "nickname" variable is not
properly sanit ...)
+ TODO: check
CVE-2021-37391
RESERVED
CVE-2021-37390
@@ -2091,8 +2107,8 @@ CVE-2021-36565
RESERVED
CVE-2021-36564
RESERVED
-CVE-2021-36563
- RESERVED
+CVE-2021-36563 (The CheckMK management web console (versions 1.5.0 to 2.0.0)
does not ...)
+ TODO: check
CVE-2021-36562
RESERVED
CVE-2021-36561
@@ -5551,8 +5567,8 @@ CVE-2021-35032
RESERVED
CVE-2021-35031
RESERVED
-CVE-2021-35030
- RESERVED
+CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8
firmwar ...)
+ TODO: check
CVE-2021-35029 (An authentication bypasss vulnerability in the web-based
management in ...)
NOT-FOR-US: Zyxel
CVE-2021-35028
@@ -8762,8 +8778,8 @@ CVE-2021-33631
RESERVED
CVE-2021-33630
RESERVED
-CVE-2021-33629
- RESERVED
+CVE-2021-33629 (isula-build before 0.9.5-8 can cause a program crash, when
building co ...)
+ TODO: check
CVE-2021-33628
RESERVED
CVE-2021-33627
@@ -10706,14 +10722,14 @@ CVE-2021-32794
RESERVED
CVE-2021-32793
RESERVED
-CVE-2021-32792
- RESERVED
-CVE-2021-32791
- RESERVED
-CVE-2021-32790
- RESERVED
-CVE-2021-32789
- RESERVED
+CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
+ TODO: check
+CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
+ TODO: check
+CVE-2021-32790 (Woocommerce is an open source eCommerce plugin for WordPress.
An SQL i ...)
+ TODO: check
+CVE-2021-32789 (woocommerce-gutenberg-products-block is a feature plugin for
WooCommer ...)
+ TODO: check
CVE-2021-32788
RESERVED
CVE-2021-32787
@@ -11090,8 +11106,8 @@ CVE-2021-32633 (Zope is an open-source web application
server. In Zope versions
NOT-FOR-US: Zope
CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are
vulnera ...)
NOT-FOR-US: Pajbot
-CVE-2021-32631
- RESERVED
+CVE-2021-32631 (Common is a package of common modules that can be accessed by
NIMBLE s ...)
+ TODO: check
CVE-2021-32630 (Admidio is a free, open source user management system for
websites of ...)
NOT-FOR-US: Admidio
CVE-2021-32629 (Cranelift is an open-source code generator maintained by
Bytecode Alli ...)
@@ -11156,6 +11172,7 @@ CVE-2021-32611 (A NULL pointer dereference
vulnerability exists in eXcall_api.c
NOTE:
http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054
CVE-2021-32610
RESERVED
+ {DLA-2721-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2021-004
CVE-2021-32609
@@ -14538,10 +14555,10 @@ CVE-2021-31294
RESERVED
CVE-2021-31293
RESERVED
-CVE-2021-31292
- RESERVED
-CVE-2021-31291
- RESERVED
+CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3
allows att ...)
+ TODO: check
+CVE-2021-31291 (A heap-based buffer overflow vulnerability in jp2image.cpp of
Exiv2 0. ...)
+ TODO: check
CVE-2021-31290
RESERVED
CVE-2021-31289
@@ -18315,8 +18332,8 @@ CVE-2021-29786
RESERVED
CVE-2021-29785
RESERVED
-CVE-2021-29784
- RESERVED
+CVE-2021-29784 (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote
attacker t ...)
+ TODO: check
CVE-2021-29783
RESERVED
CVE-2021-29782
@@ -18343,16 +18360,16 @@ CVE-2021-29772
RESERVED
CVE-2021-29771
RESERVED
-CVE-2021-29770
- RESERVED
-CVE-2021-29769
- RESERVED
+CVE-2021-29770 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0,
4.3.1, and 4. ...)
+ TODO: check
+CVE-2021-29769 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0,
4.3.1, and 4. ...)
+ TODO: check
CVE-2021-29768
RESERVED
-CVE-2021-29767
- RESERVED
-CVE-2021-29766
- RESERVED
+CVE-2021-29767 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2
could allow ...)
+ TODO: check
+CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0,
4.3.1, and 4. ...)
+ TODO: check
CVE-2021-29765
RESERVED
CVE-2021-29764
@@ -25478,8 +25495,8 @@ CVE-2021-26825 (An integer overflow issue exists in
Godot Engine up to v3.2 that
NOTE: https://github.com/godotengine/godot/pull/45701
NOTE:
https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a
(master)
NOTE:
https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8
(3.2)
-CVE-2021-26824
- RESERVED
+CVE-2021-26824 (DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible
to impro ...)
+ TODO: check
CVE-2021-26823
RESERVED
CVE-2021-26822 (Teachers Record Management System 1.0 is affected by a SQL
injection v ...)
@@ -28254,14 +28271,14 @@ CVE-2021-25806
RESERVED
CVE-2021-25805
RESERVED
-CVE-2021-25804
- RESERVED
-CVE-2021-25803
- RESERVED
-CVE-2021-25802
- RESERVED
-CVE-2021-25801
- RESERVED
+CVE-2021-25804 (A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC
Media Pl ...)
+ TODO: check
+CVE-2021-25803 (A buffer overflow vulnerability in the
vlc_input_attachment_New compon ...)
+ TODO: check
+CVE-2021-25802 (A buffer overflow vulnerability in the AVI_ExtractSubtitle
component o ...)
+ TODO: check
+CVE-2021-25801 (A buffer overflow vulnerability in the __Parse_indx component
of Video ...)
+ TODO: check
CVE-2021-25800
RESERVED
CVE-2021-25799
@@ -36513,8 +36530,8 @@ CVE-2021-22146 (All versions of Elastic Cloud
Enterprise has the Elasticsearch &
NOT-FOR-US: Elastic Cloud
CVE-2021-22145 (A memory disclosure vulnerability was identified in
Elasticsearch 7.10 ...)
- elasticsearch <removed>
-CVE-2021-22144
- RESERVED
+CVE-2021-22144 (In Elasticsearch versions before 7.13.3 and 6.8.17 an
uncontrolled rec ...)
+ TODO: check
CVE-2021-22143
RESERVED
CVE-2021-22142
@@ -41636,8 +41653,8 @@ CVE-2021-20562
RESERVED
CVE-2021-20561
RESERVED
-CVE-2021-20560
- RESERVED
+CVE-2021-20560 (IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and
1.5.0.2 ...)
+ TODO: check
CVE-2021-20559 (IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to
cross-site scrip ...)
NOT-FOR-US: IBM
CVE-2021-20558
@@ -41894,10 +41911,10 @@ CVE-2021-20433
RESERVED
CVE-2021-20432 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses
Cross-Origin Reso ...)
NOT-FOR-US: IBM
-CVE-2021-20431
- RESERVED
-CVE-2021-20430
- RESERVED
+CVE-2021-20431 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does
not inv ...)
+ TODO: check
+CVE-2021-20430 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0,
4.3.1, and 4. ...)
+ TODO: check
CVE-2021-20429 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could
disclose ...)
NOT-FOR-US: IBM
CVE-2021-20428 (IBM Security Guardium 11.2 could allow a remote attacker to
obtain sen ...)
@@ -42082,8 +42099,8 @@ CVE-2021-20339
RESERVED
CVE-2021-20338 (IBM Jazz Foundation and IBM Engineering products are
vulnerable to cro ...)
NOT-FOR-US: IBM
-CVE-2021-20337
- RESERVED
+CVE-2021-20337 (IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA
uses weak ...)
+ TODO: check
CVE-2021-20336 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored
cross-sit ...)
NOT-FOR-US: IBM
CVE-2021-20335 (For MongoDB Ops Manager <= 4.2.24 with multiple OM
application serv ...)
@@ -88851,8 +88868,8 @@ CVE-2020-12683 (Katyshop2 before 2.12 has multiple
stored XSS issues. ...)
NOT-FOR-US: Katyshop2
CVE-2020-12682
RESERVED
-CVE-2020-12681
- RESERVED
+CVE-2020-12681 (Missing TLS certificate validation on 3xLogic Infinias eIDC32
devices ...)
+ TODO: check
CVE-2020-12680 (** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866
allows loca ...)
NOT-FOR-US: Avira Free Antivirus
CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the
Mitel Shor ...)
@@ -111246,8 +111263,8 @@ CVE-2020-4625 (IBM Cloud Pak for Security
1.3.0.1(CP4S) could allow a remote att
NOT-FOR-US: IBM
CVE-2020-4624 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than
expected cr ...)
NOT-FOR-US: IBM
-CVE-2020-4623
- RESERVED
+CVE-2020-4623 (IBM i2 iBase 8.9.13 could allow a local authenticated attacker
to exec ...)
+ TODO: check
CVE-2020-4622 (IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded
credentials, su ...)
NOT-FOR-US: IBM
CVE-2020-4621 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated
user t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac37867a9af5005da382ec2a682988c94aa537bd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac37867a9af5005da382ec2a682988c94aa537bd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
