[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 2 09:10:26 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af4de5be by security tracker role at 2021-08-02T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,155 @@
+CVE-2021-37838
+ RESERVED
+CVE-2021-37837
+ RESERVED
+CVE-2021-37836
+ RESERVED
+CVE-2021-37835
+ RESERVED
+CVE-2021-37834
+ RESERVED
+CVE-2021-37833
+ RESERVED
+CVE-2021-37832
+ RESERVED
+CVE-2021-37831
+ RESERVED
+CVE-2021-37830
+ RESERVED
+CVE-2021-37829
+ RESERVED
+CVE-2021-37828
+ RESERVED
+CVE-2021-37827
+ RESERVED
+CVE-2021-37826
+ RESERVED
+CVE-2021-37825
+ RESERVED
+CVE-2021-37824
+ RESERVED
+CVE-2021-37823
+ RESERVED
+CVE-2021-37822
+ RESERVED
+CVE-2021-37821
+ RESERVED
+CVE-2021-37820
+ RESERVED
+CVE-2021-37819
+ RESERVED
+CVE-2021-37818
+ RESERVED
+CVE-2021-37817
+ RESERVED
+CVE-2021-37816
+ RESERVED
+CVE-2021-37815
+ RESERVED
+CVE-2021-37814
+ RESERVED
+CVE-2021-37813
+ RESERVED
+CVE-2021-37812
+ RESERVED
+CVE-2021-37811
+ RESERVED
+CVE-2021-37810
+ RESERVED
+CVE-2021-37809
+ RESERVED
+CVE-2021-37808
+ RESERVED
+CVE-2021-37807
+ RESERVED
+CVE-2021-37806
+ RESERVED
+CVE-2021-37805
+ RESERVED
+CVE-2021-37804
+ RESERVED
+CVE-2021-37803
+ RESERVED
+CVE-2021-37802
+ RESERVED
+CVE-2021-37801
+ RESERVED
+CVE-2021-37800
+ RESERVED
+CVE-2021-37799
+ RESERVED
+CVE-2021-37798
+ RESERVED
+CVE-2021-37797
+ RESERVED
+CVE-2021-37796
+ RESERVED
+CVE-2021-37795
+ RESERVED
+CVE-2021-37794
+ RESERVED
+CVE-2021-37793
+ RESERVED
+CVE-2021-37792
+ RESERVED
+CVE-2021-37791
+ RESERVED
+CVE-2021-37790
+ RESERVED
+CVE-2021-37789
+ RESERVED
+CVE-2021-37788
+ RESERVED
+CVE-2021-37787
+ RESERVED
+CVE-2021-37786
+ RESERVED
+CVE-2021-37785
+ RESERVED
+CVE-2021-37784
+ RESERVED
+CVE-2021-37783
+ RESERVED
+CVE-2021-37782
+ RESERVED
+CVE-2021-37781
+ RESERVED
+CVE-2021-37780
+ RESERVED
+CVE-2021-37779
+ RESERVED
+CVE-2021-37778
+ RESERVED
+CVE-2021-37777
+ RESERVED
+CVE-2021-37776
+ RESERVED
+CVE-2021-37775
+ RESERVED
+CVE-2021-37774
+ RESERVED
+CVE-2021-37773
+ RESERVED
+CVE-2021-37772
+ RESERVED
+CVE-2021-37771
+ RESERVED
+CVE-2021-37770
+ RESERVED
+CVE-2021-37769
+ RESERVED
+CVE-2021-37768
+ RESERVED
+CVE-2021-37767
+ RESERVED
+CVE-2021-37766
+ RESERVED
+CVE-2021-37765
+ RESERVED
+CVE-2021-37764
+ RESERVED
+CVE-2021-37763
+ RESERVED
CVE-2021-37762
RESERVED
CVE-2021-37761
@@ -5084,8 +5236,7 @@ CVE-2021-35479 (Nagios Log Server before 2.1.9 contains Stored XSS in the custom
NOT-FOR-US: Nagios Log Server
CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown ...)
NOT-FOR-US: Nagios Log Server
-CVE-2021-35477
- RESERVED
+CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
CVE-2021-35476
@@ -7173,8 +7324,7 @@ CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly as
NOTE: https://github.com/golang/go/issues/47143
NOTE: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x)
NOTE: key_agreement.go also bundled in various other packages
-CVE-2021-34556
- RESERVED
+CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial ...)
@@ -26876,8 +27026,8 @@ CVE-2021-3353
RESERVED
CVE-2021-3352
RESERVED
-CVE-2021-3351
- RESERVED
+CVE-2021-3351 (OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device ...)
+ TODO: check
CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...)
NOT-FOR-US: Delete Account plugin for MyBB
CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ...)
@@ -202525,6 +202675,7 @@ CVE-2018-11498 (In Lizard v1.0 and LZ5 v2.0 (the prior release, before the produ
CVE-2018-11497
RESERVED
CVE-2018-11496 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read ...)
+ {DLA-2725-1}
- lrzip 0.631+git180528-1
[jessie] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/96
@@ -204951,6 +205102,7 @@ CVE-2018-10687
CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There is Refl ...)
NOT-FOR-US: Vesta Control Panel
CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (low; bug #897645)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <ignored> (Minor issue)
@@ -216577,8 +216729,8 @@ CVE-2017-18115
RESERVED
CVE-2017-18114
RESERVED
-CVE-2017-18113
- RESERVED
+CVE-2017-18113 (The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data C ...)
+ TODO: check
CVE-2017-18112 (Affected versions of Atlassian Fisheye allow remote attackers to view ...)
NOT-FOR-US: Atlassian
CVE-2017-18111 (The OAuthHelper in Atlassian Application Links before version 5.0.10, ...)
@@ -218931,6 +219083,7 @@ CVE-2018-5787 (An issue was discovered in Extreme Networks ExtremeWireless WiNG
CVE-2017-18044 (A Command Injection issue was discovered in ContentStore/Base/CVDataPi ...)
NOT-FOR-US: Commvault
CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #888506)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -219106,6 +219259,7 @@ CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial
NOTE: https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276
CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #898451)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -219460,6 +219614,7 @@ CVE-2018-5652 (An issue was discovered in the dark-mode plugin 1.6 for WordPress
CVE-2018-5651 (An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS ...)
NOT-FOR-US: dark-mode plugin for WordPress
CVE-2018-5650 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #887065)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -255719,11 +255874,13 @@ CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware
CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmwa ...)
NOT-FOR-US: Green Packet
CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #866020)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/75
CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #866022)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -260913,6 +261070,7 @@ CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so i
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/
NOTE: Crash in CLI tool, no security implications
CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 all ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #863150)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -260925,6 +261083,7 @@ CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/
NOTE: Crash in CLI tool, no security implications
CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #863153)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af4de5be5cf72de9225070493f9358332815a904
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af4de5be5cf72de9225070493f9358332815a904
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210802/7e6cdcf5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list