[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Apr 29 09:11:10 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b64a27e by security tracker role at 2021-04-29T08:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a  ...)
+	TODO: check
+CVE-2021-31878
+	RESERVED
+CVE-2021-31877
+	RESERVED
+CVE-2021-31876
+	RESERVED
+CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSO ...)
+	TODO: check
+CVE-2021-31874
+	RESERVED
+CVE-2021-31873
+	RESERVED
+CVE-2021-31872
+	RESERVED
+CVE-2021-31871
+	RESERVED
+CVE-2021-31870
+	RESERVED
+CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ...)
+	TODO: check
 CVE-2021-3521
 	RESERVED
 CVE-2021-3520 [memory corruption due to an integer overflow bug caused by memmove argument]
@@ -282,8 +304,8 @@ CVE-2020-13672 [SA-CORE-2021-002]
 	{DLA-2637-1}
 	- drupal7 <removed>
 	NOTE: https://www.drupal.org/sa-core-2021-002
-CVE-2021-31776
-	RESERVED
+CVE-2021-31776 (Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search p ...)
+	TODO: check
 CVE-2021-31775
 	RESERVED
 CVE-2021-31774
@@ -2652,6 +2674,8 @@ CVE-2021-XXXX [out of bounds reads in ASF demuxer]
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f (master)
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29 (1.18.4)
 CVE-2021-3522 [invalid reads during ID3v2 tag parsing]
+	RESERVED
+	{DSA-4903-1 DLA-2641-1}
 	- gst-plugins-base1.0 1.18.4-2
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee (master)
@@ -5344,8 +5368,8 @@ CVE-2021-29485
 	RESERVED
 CVE-2021-29484
 	RESERVED
-CVE-2021-29483
-	RESERVED
+CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The 'wikiconfig'  ...)
+	TODO: check
 CVE-2021-29482 (xz is a compression and decompression library focusing on the xz forma ...)
 	- golang-github-ulikunitz-xz <unfixed>
 	NOTE: https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
@@ -15637,16 +15661,13 @@ CVE-2021-25218
 	RESERVED
 CVE-2021-25217
 	RESERVED
-CVE-2021-25216 [A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack]
-	RESERVED
+CVE-2021-25216 (In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9 ...)
 	- bind9 <unfixed> (bug #987743)
 	NOTE: https://kb.isc.org/docs/cve-2021-25216
-CVE-2021-25215 [An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself]
-	RESERVED
+CVE-2021-25215 (In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9 ...)
 	- bind9 <unfixed> (bug #987742)
 	NOTE: https://kb.isc.org/docs/cve-2021-25215
-CVE-2021-25214 [A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly]
-	RESERVED
+CVE-2021-25214 (In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13,  ...)
 	- bind9 <unfixed> (bug #987741)
 	NOTE: https://kb.isc.org/docs/cve-2021-25214
 CVE-2021-25213
@@ -15778,10 +15799,10 @@ CVE-2021-25167
 	RESERVED
 CVE-2021-25166
 	RESERVED
-CVE-2021-25165
-	RESERVED
-CVE-2021-25164
-	RESERVED
+CVE-2021-25165 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
+	TODO: check
+CVE-2021-25164 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
+	TODO: check
 CVE-2021-25163
 	RESERVED
 CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was discovered  ...)
@@ -15804,8 +15825,8 @@ CVE-2021-25154 (A remote escalation of privilege vulnerability was discovered in
 	NOT-FOR-US: Aruba
 CVE-2021-25153 (A remote SQL injection vulnerability was discovered in Aruba AirWave M ...)
 	NOT-FOR-US: Aruba
-CVE-2021-25152
-	RESERVED
+CVE-2021-25152 (A remote insecure deserialization vulnerability was discovered in Arub ...)
+	TODO: check
 CVE-2021-25151 (A remote insecure deserialization vulnerability was discovered in Arub ...)
 	NOT-FOR-US: Aruba
 CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was discovered  ...)
@@ -25138,8 +25159,8 @@ CVE-2021-21416 (django-registration is a user registration package for Django. T
 	NOTE: https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c
 CVE-2021-21415
 	RESERVED
-CVE-2021-21414
-	RESERVED
+CVE-2021-21414 (Prisma is an open source ORM for Node.js & TypeScript. As of today ...)
+	TODO: check
 CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...)
 	NOT-FOR-US: Node isolated-vm
 CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...)
@@ -25198,8 +25219,8 @@ CVE-2021-21393 (Synapse is a Matrix reference homeserver written in python (pypi
 CVE-2021-21392 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
 	- matrix-synapse 1.28.0-1
 	NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
-CVE-2021-21391
-	RESERVED
+CVE-2021-21391 (CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the f ...)
+	TODO: check
 CVE-2021-21390 (MinIO is an open-source high performance object storage service and it ...)
 	NOT-FOR-US: MinIO
 CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...)
@@ -30372,8 +30393,8 @@ CVE-2021-2323
 	RESERVED
 CVE-2021-2322
 	RESERVED
-CVE-2021-2321
-	RESERVED
+CVE-2021-2321 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
 CVE-2021-2320 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...)
 	NOT-FOR-US: Oracle
 CVE-2021-2319 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...)
@@ -51005,26 +51026,26 @@ CVE-2020-22792
 	RESERVED
 CVE-2020-22791
 	RESERVED
-CVE-2020-22790
-	RESERVED
-CVE-2020-22789
-	RESERVED
+CVE-2020-22790 (Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta ...)
+	TODO: check
+CVE-2020-22789 (Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Be ...)
+	TODO: check
 CVE-2020-22788
 	RESERVED
 CVE-2020-22787
 	RESERVED
 CVE-2020-22786
 	RESERVED
-CVE-2020-22785
-	RESERVED
-CVE-2020-22784
-	RESERVED
-CVE-2020-22783
-	RESERVED
-CVE-2020-22782
-	RESERVED
-CVE-2020-22781
-	RESERVED
+CVE-2020-22785 (Etherpad < 1.8.3 is affected by a missing lock check which could ca ...)
+	TODO: check
+CVE-2020-22784 (In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces  ...)
+	TODO: check
+CVE-2020-22783 (Etherpad <1.8.3 stored passwords used by users insecurely in the da ...)
+	TODO: check
+CVE-2020-22782 (Etherpad < 1.8.3 is affected by a denial of service in the import f ...)
+	TODO: check
+CVE-2020-22781 (In Etherpad < 1.8.3, a specially crafted URI would raise an unhandl ...)
+	TODO: check
 CVE-2020-22780
 	RESERVED
 CVE-2020-22779
@@ -90033,10 +90054,10 @@ CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, m
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
 	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vjwg-42w7-w64h
-CVE-2020-7038
-	RESERVED
-CVE-2020-7037
-	RESERVED
+CVE-2020-7038 (A vulnerability was discovered in Management component of Avaya Equino ...)
+	TODO: check
+CVE-2020-7037 (An XML External Entities (XXE) vulnerability in Media Server component ...)
+	TODO: check
 CVE-2020-7036 (An XML External Entities (XXE)vulnerability in Callback Assist could a ...)
 	NOT-FOR-US: Callback Assist
 CVE-2020-7035 (An XML External Entities (XXE)vulnerability in the web-based user inte ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b64a27ef7042804c834674f569033430a33c4e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b64a27ef7042804c834674f569033430a33c4e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210429/20e52fdc/attachment.htm>

More information about the debian-security-tracker-commits mailing list