[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 26 21:10:36 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5b9e5a4a by security tracker role at 2021-04-26T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,38 @@
+CVE-2021-31815
+ RESERVED
+CVE-2021-31814
+ RESERVED
+CVE-2021-31813
+ RESERVED
+CVE-2021-31812
+ RESERVED
+CVE-2021-31811
+ RESERVED
+CVE-2021-31810
+ RESERVED
+CVE-2021-31809
+ RESERVED
+CVE-2021-31808
+ RESERVED
+CVE-2021-31807
+ RESERVED
+CVE-2021-31806
+ RESERVED
+CVE-2021-31805
+ RESERVED
+CVE-2020-36325 (An issue was discovered in Jansson through 2.13.1. Due to a parsing er ...)
+ TODO: check
CVE-2021-XXXX [Session recovery feature contains a null pointer deference]
- shibboleth-sp <unfixed> (bug #987608)
NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt
NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927
NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=5a47c3b9378f4c49392dd4d15189b70956f9f2ec
-CVE-2021-31804
- RESERVED
-CVE-2021-31803
- RESERVED
-CVE-2021-31802
- RESERVED
+CVE-2021-31804 (LeoCAD before 21.03 sometimes allows a use-after-free during the openi ...)
+ TODO: check
+CVE-2021-31803 (cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SE ...)
+ TODO: check
+CVE-2021-31802 (NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow tha ...)
+ TODO: check
CVE-2021-31801
RESERVED
CVE-2021-31800
@@ -43,10 +67,10 @@ CVE-2021-31786
RESERVED
CVE-2021-31785
RESERVED
-CVE-2021-31784
- RESERVED
-CVE-2021-31783
- RESERVED
+CVE-2021-31784 (An out-of-bounds write vulnerability exists in the file-reading proced ...)
+ TODO: check
+CVE-2021-31783 (show_default.php in the LocalFilesEditor extension before 11.4.0.1 for ...)
+ TODO: check
CVE-2021-31782
RESERVED
CVE-2021-31781
@@ -327,8 +351,8 @@ CVE-2021-31648
RESERVED
CVE-2021-31647
RESERVED
-CVE-2021-31646
- RESERVED
+CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...)
+ TODO: check
CVE-2021-31645
RESERVED
CVE-2021-31644
@@ -2411,7 +2435,7 @@ CVE-2021-30643
RESERVED
CVE-2021-30642
RESERVED
-CVE-2020-36323 (In the standard library in Rust before 1.50.3, there is an optimizatio ...)
+CVE-2020-36323 (In the standard library in Rust before 1.52.0, there is an optimizatio ...)
- rustc <unfixed>
NOTE: https://github.com/rust-lang/rust/issues/80335
NOTE: https://github.com/rust-lang/rust/pull/81728
@@ -2460,7 +2484,7 @@ CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when parsing
NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0
NOTE: Introduced by: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/f279bc5336dda19741a5996a108da42dd3201366
CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in error cod ...)
- {DSA-4900-1}
+ {DSA-4900-1 DLA-2640-1}
[experimental] - gst-plugins-good1.0 1.18.4-1
- gst-plugins-good1.0 1.18.4-2 (bug #986910)
NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html
@@ -2766,8 +2790,7 @@ CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Com
NOT-FOR-US: vscode-ghc-simple extension for Visual Studio Code
CVE-2021-3495
RESERVED
-CVE-2021-3494
- RESERVED
+CVE-2021-3494 (A smart proxy that provides a restful API to various sub-systems of th ...)
- foreman <itp> (bug #663101)
CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly vali ...)
- linux <unfixed>
@@ -4624,8 +4647,8 @@ CVE-2021-29696
RESERVED
CVE-2021-29695
RESERVED
-CVE-2021-29694
- RESERVED
+CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expec ...)
+ TODO: check
CVE-2021-29693
RESERVED
CVE-2021-29692
@@ -4668,8 +4691,8 @@ CVE-2021-29674
RESERVED
CVE-2021-29673
RESERVED
-CVE-2021-29672
- RESERVED
+CVE-2021-29672 (IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to ...)
+ TODO: check
CVE-2021-29671 (IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the ...)
NOT-FOR-US: IBM
CVE-2021-29670
@@ -5140,12 +5163,12 @@ CVE-2021-29477
RESERVED
CVE-2021-29476
RESERVED
-CVE-2021-29475
- RESERVED
+CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
+ TODO: check
CVE-2021-29474
RESERVED
-CVE-2021-29473
- RESERVED
+CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
+ TODO: check
CVE-2021-29472
RESERVED
CVE-2021-29471
@@ -5318,8 +5341,7 @@ CVE-2021-29423
RESERVED
CVE-2021-3473 (An internal product security audit of Lenovo XClarity Controller (XCC) ...)
NOT-FOR-US: Lenovo XClarity Controller (XCC)
-CVE-2021-3472 [Fix XChangeFeedbackControl() request underflow]
- RESERVED
+CVE-2021-3472 (A flaw was found in xorg-x11-server in versions before 1.20.11. An int ...)
{DSA-4893-1 DLA-2627-1}
- xorg-server 2:1.20.11-1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
@@ -6439,7 +6461,7 @@ CVE-2021-28929
RESERVED
CVE-2021-28928
RESERVED
-CVE-2021-28927 (The text-to-speech engine in libretro RetroArch for Windows 0.11 passe ...)
+CVE-2021-28927 (The text-to-speech engine in libretro RetroArch for Windows 1.9.0 pass ...)
- retroarch <not-affected> (Windows-specific)
CVE-2021-28926
RESERVED
@@ -6650,8 +6672,7 @@ CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the err
- busybox <unfixed> (bug #985674)
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
-CVE-2021-27851 [Local privilege escalation via guix-daemon and --keep-failed]
- RESERVED
+CVE-2021-27851 (A security vulnerability that can lead to local privilege escalation h ...)
- guix 1.2.0-4 (bug #985467; unimportant)
NOTE: https://issues.guix.gnu.org/47229
NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf
@@ -7602,8 +7623,8 @@ CVE-2021-28401
RESERVED
CVE-2021-28400
RESERVED
-CVE-2021-28399
- RESERVED
+CVE-2021-28399 (OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid us ...)
+ TODO: check
CVE-2021-28398
RESERVED
CVE-2021-28397
@@ -8442,8 +8463,8 @@ CVE-2021-28081
RESERVED
CVE-2021-28080
RESERVED
-CVE-2021-28079
- RESERVED
+CVE-2021-28079 (Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnera ...)
+ TODO: check
CVE-2021-28078
RESERVED
CVE-2021-28077
@@ -11385,8 +11406,8 @@ CVE-2021-26799
RESERVED
CVE-2021-26798
RESERVED
-CVE-2021-26797
- RESERVED
+CVE-2021-26797 (An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.2014 ...)
+ TODO: check
CVE-2021-26796
RESERVED
CVE-2021-26795
@@ -13501,10 +13522,10 @@ CVE-2021-25930
RESERVED
CVE-2021-25929
RESERVED
-CVE-2021-25928
- RESERVED
-CVE-2021-25927
- RESERVED
+CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...)
+ TODO: check
+CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...)
+ TODO: check
CVE-2021-25926 (In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Re ...)
NOT-FOR-US: SiCKRAGE
CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored C ...)
@@ -13952,10 +13973,10 @@ CVE-2021-25841
RESERVED
CVE-2021-25840
RESERVED
-CVE-2021-25839
- RESERVED
-CVE-2021-25838
- RESERVED
+CVE-2021-25839 (A weak password requirement vulnerability exists in the Create New Use ...)
+ TODO: check
+CVE-2021-25838 (The Import function in MintHCM RELEASE 3.0.8 allows an attacker to exe ...)
+ TODO: check
CVE-2021-25837 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...)
NOT-FOR-US: Cosmos Network Ethermint
CVE-2021-25836 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...)
@@ -19398,8 +19419,8 @@ CVE-2021-23384
RESERVED
CVE-2021-23383
RESERVED
-CVE-2021-23382
- RESERVED
+CVE-2021-23382 (The package postcss before 8.2.13 are vulnerable to Regular Expression ...)
+ TODO: check
CVE-2021-23381 (This affects all versions of package killing. If attacker-controlled u ...)
NOT-FOR-US: Node killing
CVE-2021-23380 (This affects all versions of package roar-pidusage. If attacker-contro ...)
@@ -19442,8 +19463,8 @@ CVE-2021-23367
RESERVED
CVE-2021-23366
RESERVED
-CVE-2021-23365
- RESERVED
+CVE-2021-23365 (The package github.com/tyktechnologies/tyk-identity-broker before 1.1. ...)
+ TODO: check
CVE-2021-23364
RESERVED
CVE-2021-23363 (This affects the package kill-by-port before 0.0.2. If (attacker-contr ...)
@@ -21029,8 +21050,8 @@ CVE-2021-22671
RESERVED
CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version ...)
NOT-FOR-US: Fatek FvDesigner
-CVE-2021-22669
- RESERVED
+CVE-2021-22669 (Incorrect permissions are set to default on the ‘Project Managem ...)
+ TODO: check
CVE-2021-22668
RESERVED
CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the ...)
@@ -25405,108 +25426,82 @@ CVE-2021-21228
RESERVED
CVE-2021-21227
RESERVED
-CVE-2021-21226
- RESERVED
+CVE-2021-21226 (Use after free in navigation in Google Chrome prior to 90.0.4430.85 al ...)
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21225
- RESERVED
+CVE-2021-21225 (Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430. ...)
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21224
- RESERVED
+CVE-2021-21224 (Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a ...)
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21223
- RESERVED
+CVE-2021-21223 (Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowe ...)
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21222
- RESERVED
+CVE-2021-21222 (Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allo ...)
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21221
- RESERVED
+CVE-2021-21221 (Insufficient validation of untrusted input in Mojo in Google Chrome pr ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21220
- RESERVED
+CVE-2021-21220 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21219
- RESERVED
+CVE-2021-21219 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21218
- RESERVED
+CVE-2021-21218 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21217
- RESERVED
+CVE-2021-21217 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21216
- RESERVED
+CVE-2021-21216 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21215
- RESERVED
+CVE-2021-21215 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21214
- RESERVED
+CVE-2021-21214 (Use after free in Network API in Google Chrome prior to 90.0.4430.72 a ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21213
- RESERVED
+CVE-2021-21213 (Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allow ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21212
- RESERVED
+CVE-2021-21212 (Incorrect security UI in Network Config UI in Google Chrome on ChromeO ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21211
- RESERVED
+CVE-2021-21211 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21210
- RESERVED
+CVE-2021-21210 (Inappropriate implementation in Network in Google Chrome prior to 90.0 ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21209
- RESERVED
+CVE-2021-21209 (Inappropriate implementation in storage in Google Chrome prior to 90.0 ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21208
- RESERVED
+CVE-2021-21208 (Insufficient data validation in QR scanner in Google Chrome on iOS pri ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21207
- RESERVED
+CVE-2021-21207 (Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 all ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21206
- RESERVED
+CVE-2021-21206 (Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowe ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21205
- RESERVED
+CVE-2021-21205 (Insufficient policy enforcement in navigation in Google Chrome on iOS ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21204
- RESERVED
+CVE-2021-21204 (Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21203
- RESERVED
+CVE-2021-21203 (Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21202
- RESERVED
+CVE-2021-21202 (Use after free in extensions in Google Chrome prior to 90.0.4430.72 al ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21201
- RESERVED
+CVE-2021-21201 (Use after free in permissions in Google Chrome prior to 90.0.4430.72 a ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21200
@@ -27171,8 +27166,8 @@ CVE-2021-20548
RESERVED
CVE-2021-20547
RESERVED
-CVE-2021-20546
- RESERVED
+CVE-2021-20546 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to ...)
+ TODO: check
CVE-2021-20545
RESERVED
CVE-2021-20544
@@ -27191,16 +27186,16 @@ CVE-2021-20538
RESERVED
CVE-2021-20537
RESERVED
-CVE-2021-20536
- RESERVED
+CVE-2021-20536 (IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores ...)
+ TODO: check
CVE-2021-20535
RESERVED
CVE-2021-20534
RESERVED
CVE-2021-20533
RESERVED
-CVE-2021-20532
- RESERVED
+CVE-2021-20532 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a loc ...)
+ TODO: check
CVE-2021-20531
RESERVED
CVE-2021-20530
@@ -27399,8 +27394,8 @@ CVE-2021-20434
RESERVED
CVE-2021-20433
RESERVED
-CVE-2021-20432
- RESERVED
+CVE-2021-20432 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Reso ...)
+ TODO: check
CVE-2021-20431
RESERVED
CVE-2021-20430
@@ -67233,8 +67228,7 @@ CVE-2020-15080 (In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, s
NOT-FOR-US: PrestaShop
CVE-2020-15079 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there i ...)
NOT-FOR-US: PrestaShop
-CVE-2020-15078
- RESERVED
+CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass ...)
- openvpn <unfixed> (bug #987380)
[buster] - openvpn <no-dsa> (Minor issue)
[stretch] - openvpn <no-dsa> (Minor issue)
@@ -96227,8 +96221,8 @@ CVE-2020-4564 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.
NOT-FOR-US: IBM
CVE-2020-4563
RESERVED
-CVE-2020-4562
- RESERVED
+CVE-2020-4562 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ TODO: check
CVE-2020-4561
RESERVED
CVE-2020-4560 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...)
@@ -414290,10 +414284,10 @@ CVE-2010-2473 (Drupal 6.x before 6.16 and 5.x before version 5.22 does not prope
CVE-2010-2472 (Locale module and dependent contributed modules in Drupal 6.x before 6 ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
-CVE-2010-2471 (drupal6 version 6.16 has open redirection ...)
+CVE-2010-2471 (Drupal versions 5.x and 6.x has open redirection ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
-CVE-2010-2250 (Drupal 6.x before 6.16 uses a user-supplied value in output during sit ...)
+CVE-2010-2250 (Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output du ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
CVE-2010-XXXX [linux-ftpd: null ptr dereference]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b9e5a4abe6bebea32de1215a462ea74d62bec14
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b9e5a4abe6bebea32de1215a462ea74d62bec14
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210426/fe149015/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list