[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 27 09:10:25 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18766e3a by security tracker role at 2021-04-27T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2021-31829
+ RESERVED
+CVE-2021-31828
+ RESERVED
+CVE-2021-31827
+ RESERVED
+CVE-2021-31825
+ RESERVED
+CVE-2021-31824
+ RESERVED
+CVE-2021-31823
+ RESERVED
+CVE-2021-31822
+ RESERVED
+CVE-2021-31821
+ RESERVED
+CVE-2021-31820
+ RESERVED
+CVE-2021-31819
+ RESERVED
+CVE-2021-31818
+ RESERVED
+CVE-2021-31817
+ RESERVED
+CVE-2021-31816
+ RESERVED
+CVE-2019-25042 (Unbound before 1.9.5 allows an out-of-bounds write via a compressed na ...)
+ TODO: check
+CVE-2019-25041 (Unbound before 1.9.5 allows an assertion failure via a compressed name ...)
+ TODO: check
+CVE-2019-25040 (Unbound before 1.9.5 allows an infinite loop via a compressed name in ...)
+ TODO: check
+CVE-2019-25039 (Unbound before 1.9.5 allows an integer overflow in a size calculation ...)
+ TODO: check
+CVE-2019-25038 (Unbound before 1.9.5 allows an integer overflow in a size calculation ...)
+ TODO: check
+CVE-2019-25037 (Unbound before 1.9.5 allows an assertion failure and denial of service ...)
+ TODO: check
+CVE-2019-25036 (Unbound before 1.9.5 allows an assertion failure and denial of service ...)
+ TODO: check
+CVE-2019-25035 (Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token ...)
+ TODO: check
+CVE-2019-25034 (Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dnam ...)
+ TODO: check
+CVE-2019-25033 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...)
+ TODO: check
+CVE-2019-25032 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...)
+ TODO: check
+CVE-2019-25031 (Unbound before 1.9.5 allows configuration injection in create_unbound_ ...)
+ TODO: check
CVE-2021-3513
NOT-FOR-US: Keycloak
CVE-2021-31815
@@ -25,7 +75,7 @@ CVE-2021-31805
CVE-2020-36325 (An issue was discovered in Jansson through 2.13.1. Due to a parsing er ...)
- jansson <unfixed>
NOTE: https://github.com/akheron/jansson/issues/548
-CVE-2021-31826 [Session recovery feature contains a null pointer deference]
+CVE-2021-31826 (Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointe ...)
- shibboleth-sp <unfixed> (bug #987608)
NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt
NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927
@@ -306,8 +356,8 @@ CVE-2021-31673
RESERVED
CVE-2021-31672
RESERVED
-CVE-2021-31671
- RESERVED
+CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of sensitive ...)
+ TODO: check
CVE-2021-31670
RESERVED
CVE-2021-31669
@@ -2525,8 +2575,8 @@ CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or De
NOT-FOR-US: htmly
CVE-2021-30636
RESERVED
-CVE-2021-30635
- RESERVED
+CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...)
+ TODO: check
CVE-2021-30634
RESERVED
CVE-2021-30633
@@ -3562,8 +3612,8 @@ CVE-2021-30167
RESERVED
CVE-2021-30166
RESERVED
-CVE-2021-30165
- RESERVED
+CVE-2021-30165 (The default administrator account & password of the EDIMAX wireles ...)
+ TODO: check
CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...)
- redmine <unfixed> (bug #986800)
CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...)
@@ -5170,8 +5220,8 @@ CVE-2021-29476
RESERVED
CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
NOT-FOR-US: HedgeDoc
-CVE-2021-29474
- RESERVED
+CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
+ TODO: check
CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
@@ -26835,10 +26885,10 @@ CVE-2021-20717
RESERVED
CVE-2021-20716
RESERVED
-CVE-2021-20715
- RESERVED
-CVE-2021-20714
- RESERVED
+CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet App for An ...)
+ TODO: check
+CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions prior t ...)
+ TODO: check
CVE-2021-20713
RESERVED
CVE-2021-20712 (Improper access control vulnerability in NEC Aterm WG2600HS firmware V ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18766e3a1e56123581ebdfb333fca657dc8910e8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18766e3a1e56123581ebdfb333fca657dc8910e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210427/9c87b5cf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list