[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Apr 27 09:10:25 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18766e3a by security tracker role at 2021-04-27T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2021-31829
+	RESERVED
+CVE-2021-31828
+	RESERVED
+CVE-2021-31827
+	RESERVED
+CVE-2021-31825
+	RESERVED
+CVE-2021-31824
+	RESERVED
+CVE-2021-31823
+	RESERVED
+CVE-2021-31822
+	RESERVED
+CVE-2021-31821
+	RESERVED
+CVE-2021-31820
+	RESERVED
+CVE-2021-31819
+	RESERVED
+CVE-2021-31818
+	RESERVED
+CVE-2021-31817
+	RESERVED
+CVE-2021-31816
+	RESERVED
+CVE-2019-25042 (Unbound before 1.9.5 allows an out-of-bounds write via a compressed na ...)
+	TODO: check
+CVE-2019-25041 (Unbound before 1.9.5 allows an assertion failure via a compressed name ...)
+	TODO: check
+CVE-2019-25040 (Unbound before 1.9.5 allows an infinite loop via a compressed name in  ...)
+	TODO: check
+CVE-2019-25039 (Unbound before 1.9.5 allows an integer overflow in a size calculation  ...)
+	TODO: check
+CVE-2019-25038 (Unbound before 1.9.5 allows an integer overflow in a size calculation  ...)
+	TODO: check
+CVE-2019-25037 (Unbound before 1.9.5 allows an assertion failure and denial of service ...)
+	TODO: check
+CVE-2019-25036 (Unbound before 1.9.5 allows an assertion failure and denial of service ...)
+	TODO: check
+CVE-2019-25035 (Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token ...)
+	TODO: check
+CVE-2019-25034 (Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dnam ...)
+	TODO: check
+CVE-2019-25033 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...)
+	TODO: check
+CVE-2019-25032 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...)
+	TODO: check
+CVE-2019-25031 (Unbound before 1.9.5 allows configuration injection in create_unbound_ ...)
+	TODO: check
 CVE-2021-3513
 	NOT-FOR-US: Keycloak
 CVE-2021-31815
@@ -25,7 +75,7 @@ CVE-2021-31805
 CVE-2020-36325 (An issue was discovered in Jansson through 2.13.1. Due to a parsing er ...)
 	- jansson <unfixed>
 	NOTE: https://github.com/akheron/jansson/issues/548
-CVE-2021-31826 [Session recovery feature contains a null pointer deference]
+CVE-2021-31826 (Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointe ...)
 	- shibboleth-sp <unfixed> (bug #987608)
 	NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt
 	NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927
@@ -306,8 +356,8 @@ CVE-2021-31673
 	RESERVED
 CVE-2021-31672
 	RESERVED
-CVE-2021-31671
-	RESERVED
+CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of sensitive ...)
+	TODO: check
 CVE-2021-31670
 	RESERVED
 CVE-2021-31669
@@ -2525,8 +2575,8 @@ CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or De
 	NOT-FOR-US: htmly
 CVE-2021-30636
 	RESERVED
-CVE-2021-30635
-	RESERVED
+CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...)
+	TODO: check
 CVE-2021-30634
 	RESERVED
 CVE-2021-30633
@@ -3562,8 +3612,8 @@ CVE-2021-30167
 	RESERVED
 CVE-2021-30166
 	RESERVED
-CVE-2021-30165
-	RESERVED
+CVE-2021-30165 (The default administrator account & password of the EDIMAX wireles ...)
+	TODO: check
 CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...)
 	- redmine <unfixed> (bug #986800)
 CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...)
@@ -5170,8 +5220,8 @@ CVE-2021-29476
 	RESERVED
 CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
 	NOT-FOR-US: HedgeDoc
-CVE-2021-29474
-	RESERVED
+CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
+	TODO: check
 CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
@@ -26835,10 +26885,10 @@ CVE-2021-20717
 	RESERVED
 CVE-2021-20716
 	RESERVED
-CVE-2021-20715
-	RESERVED
-CVE-2021-20714
-	RESERVED
+CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet App for An ...)
+	TODO: check
+CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions prior t ...)
+	TODO: check
 CVE-2021-20713
 	RESERVED
 CVE-2021-20712 (Improper access control vulnerability in NEC Aterm WG2600HS firmware V ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18766e3a1e56123581ebdfb333fca657dc8910e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18766e3a1e56123581ebdfb333fca657dc8910e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210427/9c87b5cf/attachment.htm>


More information about the debian-security-tracker-commits mailing list