[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 28 09:10:32 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2adedd54 by security tracker role at 2021-04-28T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2021-3519
+ RESERVED
+CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...)
+ TODO: check
+CVE-2021-31865 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...)
+ TODO: check
+CVE-2021-31864 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...)
+ TODO: check
+CVE-2021-31863 (Insufficient input validation in the Git repository integration of Red ...)
+ TODO: check
+CVE-2021-31862
+ RESERVED
+CVE-2021-31861
+ RESERVED
+CVE-2021-31860
+ RESERVED
+CVE-2021-31859
+ RESERVED
+CVE-2021-31858
+ RESERVED
+CVE-2021-31857
+ RESERVED
+CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 ...)
+ TODO: check
+CVE-2021-31855
+ RESERVED
+CVE-2021-31854
+ RESERVED
+CVE-2021-31853
+ RESERVED
+CVE-2021-31852
+ RESERVED
+CVE-2021-31851
+ RESERVED
+CVE-2021-31850
+ RESERVED
+CVE-2021-31849
+ RESERVED
+CVE-2021-31848
+ RESERVED
+CVE-2021-31847
+ RESERVED
+CVE-2021-31846
+ RESERVED
+CVE-2021-31845
+ RESERVED
+CVE-2021-31844
+ RESERVED
+CVE-2021-31843
+ RESERVED
+CVE-2021-31842
+ RESERVED
+CVE-2021-31841
+ RESERVED
+CVE-2021-31840
+ RESERVED
+CVE-2021-31839
+ RESERVED
+CVE-2021-31838
+ RESERVED
+CVE-2021-31837
+ RESERVED
+CVE-2021-31836
+ RESERVED
+CVE-2021-31835
+ RESERVED
+CVE-2021-31834
+ RESERVED
+CVE-2021-31833
+ RESERVED
+CVE-2021-31832
+ RESERVED
+CVE-2021-31831
+ RESERVED
+CVE-2021-31830
+ RESERVED
+CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Des ...)
+ TODO: check
CVE-2021-3518 [use-after-free in xmlXIncludeDoProcess() in xinclude.c]
RESERVED
- libxml2 <unfixed>
@@ -83,8 +161,8 @@ CVE-2019-25031 (Unbound before 1.9.5 allows configuration injection in create_un
NOTE: https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587
CVE-2021-3513
NOT-FOR-US: Keycloak
-CVE-2021-31815
- RESERVED
+CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on A ...)
+ TODO: check
CVE-2021-31814
RESERVED
CVE-2021-31813
@@ -105,7 +183,7 @@ CVE-2021-31806
RESERVED
CVE-2021-31805
RESERVED
-CVE-2020-36325 (An issue was discovered in Jansson through 2.13.1. Due to a parsing er ...)
+CVE-2020-36325 (** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due ...)
- jansson <unfixed> (unimportant)
NOTE: https://github.com/akheron/jansson/issues/548
NOTE: Disputed security impact between reporter and upstream
@@ -168,12 +246,12 @@ CVE-2021-31781
RESERVED
CVE-2021-31780 (In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing grou ...)
NOT-FOR-US: MISP
-CVE-2021-31779
- RESERVED
-CVE-2021-31778
- RESERVED
-CVE-2021-31777
- RESERVED
+CVE-2021-31779 (The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows ...)
+ TODO: check
+CVE-2021-31778 (The media2click (aka 2 Clicks for External Media) extension 1.x before ...)
+ TODO: check
+CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x be ...)
+ TODO: check
CVE-2019-25030
RESERVED
CVE-2019-25029
@@ -596,10 +674,10 @@ CVE-2021-31574
RESERVED
CVE-2021-31573
RESERVED
-CVE-2021-3512
- RESERVED
-CVE-2021-3511
- RESERVED
+CVE-2021-3512 (Improper access control vulnerability in Buffalo broadband routers (BH ...)
+ TODO: check
+CVE-2021-3511 (Disclosure of sensitive information to an unauthorized user vulnerabil ...)
+ TODO: check
CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
NOT-FOR-US: Amazon Web Services FreeRTOS kernel
CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
@@ -3809,8 +3887,8 @@ CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS
NOTE: https://github.com/phpseclib/phpseclib/pull/1635
CVE-2021-30129
RESERVED
-CVE-2021-30128
- RESERVED
+CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version ...)
+ TODO: check
CVE-2021-30127 (TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the adm ...)
NOT-FOR-US: Terramaster
CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyon ...)
@@ -5259,8 +5337,8 @@ CVE-2021-29478
RESERVED
CVE-2021-29477
RESERVED
-CVE-2021-29476
- RESERVED
+CVE-2021-29476 (Requests is a HTTP library written in PHP. Requests mishandles deseria ...)
+ TODO: check
CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
NOT-FOR-US: HedgeDoc
CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
@@ -5270,8 +5348,7 @@ CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write
[buster] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
NOTE: https://github.com/github/advisory-review/pull/1587
-CVE-2021-29472
- RESERVED
+CVE-2021-29472 (Composer is a dependency manager for PHP. URLs for Mercurial repositor ...)
- composer 2.0.9-2
NOTE: https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx
NOTE: https://github.com/composer/composer/commit/083b73515d1d72bc61c6374440b3f8a37531f8cf
@@ -5309,8 +5386,8 @@ CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of U
NOTE: https://www.openwall.com/lists/oss-security/2021/04/20/4
CVE-2021-29461 (### Impact - This issue could be exploited to read internal files from ...)
NOT-FOR-US: Discord-Recon
-CVE-2021-29460
- RESERVED
+CVE-2021-29460 (Kirby is an open source CMS. An editor with write access to the Kirby ...)
+ TODO: check
CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
@@ -5360,10 +5437,10 @@ CVE-2021-29444 (jose-browser-runtime is an npm package which provides a number o
NOT-FOR-US: Node jose-browser-runtime
CVE-2021-29443 (jose is an npm library providing a number of cryptographic operations. ...)
NOT-FOR-US: Node jose
-CVE-2021-29442
- RESERVED
-CVE-2021-29441
- RESERVED
+CVE-2021-29442 (Nacos is a platform designed for dynamic service discovery and configu ...)
+ TODO: check
+CVE-2021-29441 (Nacos is a platform designed for dynamic service discovery and configu ...)
+ TODO: check
CVE-2021-29440 (Grav is a file based Web-platform. Twig processing of static pages can ...)
NOT-FOR-US: Grav CMS
CVE-2021-29439 (The Grav admin plugin prior to version 1.10.11 does not correctly veri ...)
@@ -5941,8 +6018,8 @@ CVE-2021-29202
RESERVED
CVE-2021-29201
RESERVED
-CVE-2021-29200
- RESERVED
+CVE-2021-29200 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version An u ...)
+ TODO: check
CVE-2021-29199
RESERVED
CVE-2021-29198
@@ -8890,8 +8967,8 @@ CVE-2021-27935 (An issue was discovered in AdGuard before 0.105.2. An attacker a
NOT-FOR-US: AdGuard
CVE-2021-27934
RESERVED
-CVE-2021-27933
- RESERVED
+CVE-2021-27933 (pfSense 2.5.0 allows XSS via the services_wol_edit.php Description fie ...)
+ TODO: check
CVE-2021-27932
RESERVED
CVE-2021-27931 (LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthent ...)
@@ -24976,8 +25053,8 @@ CVE-2021-21431 (sopel-channelmgnt is a channelmgnt plugin for sopel. In versions
NOT-FOR-US: sopel-channelmgnt
CVE-2021-21430
RESERVED
-CVE-2021-21429
- RESERVED
+CVE-2021-21429 (OpenAPI Generator allows generation of API client libraries, server st ...)
+ TODO: check
CVE-2021-21428
RESERVED
CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
@@ -25135,8 +25212,8 @@ CVE-2021-21366 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2
[buster] - node-xmldom <no-dsa> (Minor issue)
NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
NOTE: https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
-CVE-2021-21365
- RESERVED
+CVE-2021-21365 (Bootstrap Package is a theme for TYPO3. It has been discovered that re ...)
+ TODO: check
CVE-2021-21364 (swagger-codegen is an open-source project which contains a template-dr ...)
- swagger-codegen <itp> (bug #950318)
CVE-2021-21363 (swagger-codegen is an open-source project which contains a template-dr ...)
@@ -25545,81 +25622,105 @@ CVE-2021-21227
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21226 (Use after free in navigation in Google Chrome prior to 90.0.4430.85 al ...)
+ {DSA-4906-1}
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21225 (Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430. ...)
+ {DSA-4906-1}
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21224 (Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a ...)
+ {DSA-4906-1}
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21223 (Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowe ...)
+ {DSA-4906-1}
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21222 (Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allo ...)
+ {DSA-4906-1}
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21221 (Insufficient validation of untrusted input in Mojo in Google Chrome pr ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21220 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21219 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21218 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21217 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21216 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21215 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21214 (Use after free in Network API in Google Chrome prior to 90.0.4430.72 a ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21213 (Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allow ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21212 (Incorrect security UI in Network Config UI in Google Chrome on ChromeO ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21211 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21210 (Inappropriate implementation in Network in Google Chrome prior to 90.0 ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21209 (Inappropriate implementation in storage in Google Chrome prior to 90.0 ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21208 (Insufficient data validation in QR scanner in Google Chrome on iOS pri ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21207 (Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 all ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21206 (Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowe ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21205 (Insufficient policy enforcement in navigation in Google Chrome on iOS ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21204 (Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21203 (Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21202 (Use after free in extensions in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21201 (Use after free in permissions in Google Chrome prior to 90.0.4430.72 a ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21200
@@ -26944,8 +27045,8 @@ CVE-2021-20718
RESERVED
CVE-2021-20717
RESERVED
-CVE-2021-20716
- RESERVED
+CVE-2021-20716 (Hidden functionality in multiple Buffalo network devices (BHR-4RV firm ...)
+ TODO: check
CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet App for An ...)
NOT-FOR-US: Hot Pepper Gourmet App
CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions prior t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2adedd54e678fea47a211549ec511b03def1883b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2adedd54e678fea47a211549ec511b03def1883b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210428/769e6fdd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list