[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 6 21:10:32 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fa58a1cf by security tracker role at 2021-04-06T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2021-3484
+ RESERVED
+CVE-2021-3483
+ RESERVED
+CVE-2021-30177
+ RESERVED
+CVE-2021-30176
+ RESERVED
+CVE-2021-30175
+ RESERVED
+CVE-2021-30174
+ RESERVED
+CVE-2021-30173
+ RESERVED
+CVE-2021-30172
+ RESERVED
+CVE-2021-30171
+ RESERVED
+CVE-2021-30170
+ RESERVED
+CVE-2021-30169
+ RESERVED
+CVE-2021-30168
+ RESERVED
+CVE-2021-30167
+ RESERVED
+CVE-2021-30166
+ RESERVED
+CVE-2021-30165
+ RESERVED
+CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...)
+ TODO: check
+CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...)
+ TODO: check
+CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...)
+ TODO: check
+CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...)
+ TODO: check
+CVE-2021-26948
+ RESERVED
+CVE-2021-26259
+ RESERVED
+CVE-2021-26252
+ RESERVED
+CVE-2021-23206
+ RESERVED
+CVE-2021-23191
+ RESERVED
+CVE-2021-23180
+ RESERVED
+CVE-2021-23165
+ RESERVED
+CVE-2021-23158
+ RESERVED
+CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...)
+ TODO: check
+CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...)
+ TODO: check
+CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...)
+ TODO: check
+CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...)
+ TODO: check
+CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...)
+ TODO: check
CVE-2021-30160
RESERVED
CVE-2021-30159
@@ -27,8 +91,8 @@ CVE-2021-30148
RESERVED
CVE-2021-30147
RESERVED
-CVE-2021-30146
- RESERVED
+CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...)
+ TODO: check
CVE-2021-30145
RESERVED
CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...)
@@ -39,8 +103,8 @@ CVE-2021-30142
RESERVED
CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...)
NOT-FOR-US: Friendica
-CVE-2021-30140
- RESERVED
+CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...)
+ TODO: check
CVE-2021-30139
RESERVED
CVE-2021-30138
@@ -59,8 +123,8 @@ CVE-2021-30132
RESERVED
CVE-2021-30131
RESERVED
-CVE-2021-30130
- RESERVED
+CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...)
+ TODO: check
CVE-2021-30129
RESERVED
CVE-2021-30128
@@ -227,10 +291,10 @@ CVE-2021-30048
RESERVED
CVE-2021-30047
RESERVED
-CVE-2021-30046
- RESERVED
-CVE-2021-30045
- RESERVED
+CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...)
+ TODO: check
+CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...)
+ TODO: check
CVE-2021-30044
RESERVED
CVE-2021-30043
@@ -1102,10 +1166,10 @@ CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/0217ed2848e8538bcf9172d97ed2eeb4a26041bb
-CVE-2020-36285
- RESERVED
-CVE-2020-36284
- RESERVED
+CVE-2020-36285 (Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Impro ...)
+ TODO: check
+CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper ...)
+ TODO: check
CVE-2021-3480
RESERVED
CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...)
@@ -2234,8 +2298,7 @@ CVE-2021-29138
RESERVED
CVE-2021-29137
RESERVED
-CVE-2021-29136
- RESERVED
+CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers to overw ...)
- umoci 0.4.7+ds-1
NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v
NOTE: https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 (v0.4.7)
@@ -2815,8 +2878,8 @@ CVE-2021-28876
RESERVED
CVE-2021-28875
RESERVED
-CVE-2021-28874
- RESERVED
+CVE-2021-28874 (SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contai ...)
+ TODO: check
CVE-2021-28873
RESERVED
CVE-2021-28872
@@ -3198,8 +3261,7 @@ CVE-2021-28690
RESERVED
CVE-2021-28689
RESERVED
-CVE-2021-28688 [blkback driver may leak persistent grants]
- RESERVED
+CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such that subs ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-371.html
NOTE: https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432
@@ -3279,8 +3341,7 @@ CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.
NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7
CVE-2021-28659
RESERVED
-CVE-2021-28658
- RESERVED
+CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, ...)
- python-django 2:2.2.20-1 (bug #986447)
NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main)
@@ -4335,12 +4396,12 @@ CVE-2021-28175 (The Radius configuration function in ASUS BMC’s firmware W
NOT-FOR-US: ASUS
CVE-2021-28174
RESERVED
-CVE-2021-28173
- RESERVED
-CVE-2021-28172
- RESERVED
-CVE-2021-28171
- RESERVED
+CVE-2021-28173 (The file upload function of Vangene deltaFlow E-platform does not perf ...)
+ TODO: check
+CVE-2021-28172 (There is a Path Traversal vulnerability in the file download function ...)
+ TODO: check
+CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...)
+ TODO: check
CVE-2021-28170
RESERVED
CVE-2021-28169
@@ -4458,8 +4519,8 @@ CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows re
NOT-FOR-US: D-Link
CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated ...)
NOT-FOR-US: D-Link
-CVE-2021-28142
- RESERVED
+CVE-2021-28142 (CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." ...)
+ TODO: check
CVE-2021-28141 (** DISPUTED ** An issue was discovered in Progress Telerik UI for ASP. ...)
NOT-FOR-US: Telerik
CVE-2021-28140
@@ -4685,8 +4746,8 @@ CVE-2021-28077
RESERVED
CVE-2021-28076
RESERVED
-CVE-2021-28075
- RESERVED
+CVE-2021-28075 (iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulner ...)
+ TODO: check
CVE-2021-28074
RESERVED
CVE-2021-28073
@@ -5555,10 +5616,10 @@ CVE-2021-27700
RESERVED
CVE-2021-27699
RESERVED
-CVE-2021-27698
- RESERVED
-CVE-2021-27697
- RESERVED
+CVE-2021-27698 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/g ...)
+ TODO: check
+CVE-2021-27697 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gn ...)
+ TODO: check
CVE-2021-27696
RESERVED
CVE-2021-27695 (Multiple stored cross-site scripting (XSS) vulnerabilities in openMAIN ...)
@@ -6307,8 +6368,8 @@ CVE-2021-27359
RESERVED
CVE-2021-27358 (The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unaut ...)
- grafana <removed>
-CVE-2021-27357
- RESERVED
+CVE-2021-27357 (RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/g ...)
+ TODO: check
CVE-2021-27356
RESERVED
CVE-2021-27355
@@ -6340,8 +6401,8 @@ CVE-2021-27345
RESERVED
CVE-2021-27344
RESERVED
-CVE-2021-27343
- RESERVED
+CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...)
+ TODO: check
CVE-2021-27342
RESERVED
CVE-2021-27341
@@ -7530,8 +7591,8 @@ CVE-2021-26835
RESERVED
CVE-2021-26834
RESERVED
-CVE-2021-26833
- RESERVED
+CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...)
+ TODO: check
CVE-2021-26832
RESERVED
CVE-2021-26831
@@ -14055,10 +14116,10 @@ CVE-2021-24029 (A packet of death scenario is possible in mvfst via a specially
NOT-FOR-US: mvfst
CVE-2021-24028
RESERVED
-CVE-2021-24027
- RESERVED
-CVE-2021-24026
- RESERVED
+CVE-2021-24027 (A cache configuration issue prior to WhatsApp for Android v2.21.4.18 a ...)
+ TODO: check
+CVE-2021-24026 (A missing bounds check within the audio decoding pipeline for WhatsApp ...)
+ TODO: check
CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote functi ...)
- hhvm <removed>
CVE-2021-24024
@@ -14192,6 +14253,7 @@ CVE-2021-23981 (A texture upload of a Pixel Buffer Object could have confused th
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23981
CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False]
RESERVED
+ {DLA-2620-1}
- python-bleach <unfixed> (bug #986251)
NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1689399
@@ -20977,8 +21039,8 @@ CVE-2021-21425
RESERVED
CVE-2021-21424
RESERVED
-CVE-2021-21423
- RESERVED
+CVE-2021-21423 (`projen` is a project generation tool that synthesizes project configu ...)
+ TODO: check
CVE-2021-21422
RESERVED
CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications that a ...)
@@ -21553,130 +21615,170 @@ CVE-2021-21200
RESERVED
CVE-2021-21199
RESERVED
+ {DSA-4886-1}
- chromium 89.0.4389.114-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21198
RESERVED
+ {DSA-4886-1}
- chromium 89.0.4389.114-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21197
RESERVED
+ {DSA-4886-1}
- chromium 89.0.4389.114-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21196
RESERVED
+ {DSA-4886-1}
- chromium 89.0.4389.114-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21195
RESERVED
+ {DSA-4886-1}
- chromium 89.0.4389.114-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21194
RESERVED
+ {DSA-4886-1}
- chromium 89.0.4389.114-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21193 (Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed ...)
+ {DSA-4886-1}
- chromium 89.0.4389.90-1 (bug #985142)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21192 (Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389 ...)
+ {DSA-4886-1}
- chromium 89.0.4389.90-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21191 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowe ...)
+ {DSA-4886-1}
- chromium 89.0.4389.90-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21190 (Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 al ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21189 (Insufficient policy enforcement in payments in Google Chrome prior to ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21188 (Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21187 (Insufficient data validation in URL formatting in Google Chrome prior ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21186 (Insufficient policy enforcement in QR scanning in Google Chrome on iOS ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21185 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21184 (Inappropriate implementation in performance APIs in Google Chrome prio ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21183 (Inappropriate implementation in performance APIs in Google Chrome prio ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21182 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21181 (Side-channel information leakage in autofill in Google Chrome prior to ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21180 (Use after free in tab search in Google Chrome prior to 89.0.4389.72 al ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21179 (Use after free in Network Internals in Google Chrome on Linux prior to ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21178 (Inappropriate implementation in Compositing in Google Chrome on Linux ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21177 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21176 (Inappropriate implementation in full screen mode in Google Chrome prio ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21175 (Inappropriate implementation in Site isolation in Google Chrome prior ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21174 (Inappropriate implementation in Referrer in Google Chrome prior to 89. ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21173 (Side-channel information leakage in Network Internals in Google Chrome ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21172 (Insufficient policy enforcement in File System API in Google Chrome on ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21171 (Incorrect security UI in TabStrip and Navigation in Google Chrome on A ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21170 (Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21169 (Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389. ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21168 (Insufficient policy enforcement in appcache in Google Chrome prior to ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21167 (Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 all ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21166 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21165 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21164 (Insufficient data validation in Chrome on iOS in Google Chrome on iOS ...)
- chromium <not-affected> (MacOS specific)
CVE-2021-21163 (Insufficient data validation in Reader Mode in Google Chrome on iOS pr ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21162 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowe ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21161 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21160 (Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.7 ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21159 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...)
+ {DSA-4886-1}
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21158
@@ -23601,8 +23703,8 @@ CVE-2021-20336 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cro
NOT-FOR-US: IBM
CVE-2021-20335 (For MongoDB Ops Manager 4.2.X with multiple OM application servers, th ...)
NOT-FOR-US: MongoDB Ops Manager
-CVE-2021-20334
- RESERVED
+CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine where M ...)
+ TODO: check
CVE-2021-20333
RESERVED
CVE-2021-20332
@@ -45119,8 +45221,8 @@ CVE-2020-23535
RESERVED
CVE-2020-23534 (A server-side request forgery (SSRF) vulnerability in Upgrade.php of g ...)
NOT-FOR-US: gopeak masterlab
-CVE-2020-23533
- RESERVED
+CVE-2020-23533 (Union Pay up to 1.2.0, for web based versions contains a CWE-347: Impr ...)
+ TODO: check
CVE-2020-23532
RESERVED
CVE-2020-23531
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa58a1cfc075da7e1748d91395933211b3bf7eaf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa58a1cfc075da7e1748d91395933211b3bf7eaf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210406/f3f5524b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list