[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 3 09:10:34 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b6fe467 by security tracker role at 2021-08-03T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,185 @@
+CVE-2021-37931
+ RESERVED
+CVE-2021-37930
+ RESERVED
+CVE-2021-37929
+ RESERVED
+CVE-2021-37928
+ RESERVED
+CVE-2021-37927
+ RESERVED
+CVE-2021-37926
+ RESERVED
+CVE-2021-37925
+ RESERVED
+CVE-2021-37924
+ RESERVED
+CVE-2021-37923
+ RESERVED
+CVE-2021-37922
+ RESERVED
+CVE-2021-37921
+ RESERVED
+CVE-2021-37920
+ RESERVED
+CVE-2021-37919
+ RESERVED
+CVE-2021-37918
+ RESERVED
+CVE-2021-37917
+ RESERVED
+CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note body. ...)
+ TODO: check
+CVE-2021-37915
+ RESERVED
+CVE-2021-37914 (In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled an ...)
+ TODO: check
+CVE-2021-37913
+ RESERVED
+CVE-2021-37912
+ RESERVED
+CVE-2021-37911
+ RESERVED
+CVE-2021-37910
+ RESERVED
+CVE-2021-37909
+ RESERVED
+CVE-2021-37908
+ RESERVED
+CVE-2021-37907
+ RESERVED
+CVE-2021-37906
+ RESERVED
+CVE-2021-37905
+ RESERVED
+CVE-2021-37904
+ RESERVED
+CVE-2021-37903
+ RESERVED
+CVE-2021-37902
+ RESERVED
+CVE-2021-37901
+ RESERVED
+CVE-2021-37900
+ RESERVED
+CVE-2021-37899
+ RESERVED
+CVE-2021-37898
+ RESERVED
+CVE-2021-37897
+ RESERVED
+CVE-2021-37896
+ RESERVED
+CVE-2021-37895
+ RESERVED
+CVE-2021-37894
+ RESERVED
+CVE-2021-37893
+ RESERVED
+CVE-2021-37892
+ RESERVED
+CVE-2021-37891
+ RESERVED
+CVE-2021-37890
+ RESERVED
+CVE-2021-37889
+ RESERVED
+CVE-2021-37888
+ RESERVED
+CVE-2021-37887
+ RESERVED
+CVE-2021-37886
+ RESERVED
+CVE-2021-37885
+ RESERVED
+CVE-2021-37884
+ RESERVED
+CVE-2021-37883
+ RESERVED
+CVE-2021-37882
+ RESERVED
+CVE-2021-37881
+ RESERVED
+CVE-2021-37880
+ RESERVED
+CVE-2021-37879
+ RESERVED
+CVE-2021-37878
+ RESERVED
+CVE-2021-37877
+ RESERVED
+CVE-2021-37876
+ RESERVED
+CVE-2021-37875
+ RESERVED
+CVE-2021-37874
+ RESERVED
+CVE-2021-37873
+ RESERVED
+CVE-2021-37872
+ RESERVED
+CVE-2021-37871
+ RESERVED
+CVE-2021-37870
+ RESERVED
+CVE-2021-37869
+ RESERVED
+CVE-2021-37868
+ RESERVED
+CVE-2021-37867
+ RESERVED
+CVE-2021-37866
+ RESERVED
+CVE-2021-37865
+ RESERVED
+CVE-2021-37864
+ RESERVED
+CVE-2021-37863
+ RESERVED
+CVE-2021-37862
+ RESERVED
+CVE-2021-37861
+ RESERVED
+CVE-2021-37860
+ RESERVED
+CVE-2021-37859
+ RESERVED
+CVE-2021-37858
+ RESERVED
+CVE-2021-37857
+ RESERVED
+CVE-2021-37856
+ RESERVED
+CVE-2021-37855
+ RESERVED
+CVE-2021-37854
+ RESERVED
+CVE-2021-37853
+ RESERVED
+CVE-2021-37852
+ RESERVED
+CVE-2021-37851
+ RESERVED
+CVE-2021-37850
+ RESERVED
+CVE-2021-37849
+ RESERVED
+CVE-2021-37848 (common/password.c in Pengutronix barebox through 2021.07.0 leaks timin ...)
+ TODO: check
+CVE-2021-37847 (crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing ...)
+ TODO: check
+CVE-2021-37846
+ RESERVED
+CVE-2021-37845
+ RESERVED
+CVE-2021-37844
+ RESERVED
+CVE-2021-3677
+ RESERVED
+CVE-2021-3676
+ RESERVED
+CVE-2021-3675
+ RESERVED
CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...)
NOT-FOR-US: resolution SAML SSO apps for Atlassian products
CVE-2021-37842
@@ -7137,26 +7319,26 @@ CVE-2021-34639
RESERVED
CVE-2021-34638
RESERVED
-CVE-2021-34637
- RESERVED
+CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
CVE-2021-34636
RESERVED
-CVE-2021-34635
- RESERVED
+CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ TODO: check
CVE-2021-34634
RESERVED
CVE-2021-34633
RESERVED
-CVE-2021-34632
- RESERVED
+CVE-2021-34632 (The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request ...)
+ TODO: check
CVE-2021-34631
RESERVED
CVE-2021-34630 (In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtra ...)
NOT-FOR-US: GTranslate (Pro and Enterprise versions)
CVE-2021-34629 (The SendGrid WordPress plugin is vulnerable to authorization bypass vi ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-34628
- RESERVED
+CVE-2021-34628 (The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Re ...)
+ TODO: check
CVE-2021-34627 (A vulnerability in the getSelectedMimeTypesByRole function of the WP U ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34626 (A vulnerability in the deleteCustomType function of the WP Upload Rest ...)
@@ -11381,10 +11563,10 @@ CVE-2021-32814
RESERVED
CVE-2021-32813
RESERVED
-CVE-2021-32812
- RESERVED
-CVE-2021-32811
- RESERVED
+CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps (iOS and A ...)
+ TODO: check
+CVE-2021-32811 (Zope is an open-source web application server. Zope versions prior to ...)
+ TODO: check
CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for building task ...)
TODO: check
CVE-2021-32809
@@ -11440,8 +11622,8 @@ CVE-2021-32789 (woocommerce-gutenberg-products-block is a feature plugin for Woo
NOT-FOR-US: woocommerce-gutenberg-products-block
CVE-2021-32788 (Discourse is an open source discussion platform. In versions prior to ...)
NOT-FOR-US: Discourse
-CVE-2021-32787
- RESERVED
+CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph before ...)
+ TODO: check
CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7
@@ -13319,8 +13501,8 @@ CVE-2021-32021
RESERVED
CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insuffici ...)
NOT-FOR-US: kernel in Amazon Web Services FreeRTOS
-CVE-2021-32019
- RESERVED
+CVE-2021-32019 (There is missing input validation of host names displayed in OpenWrt b ...)
+ TODO: check
CVE-2021-32018
RESERVED
CVE-2021-32017
@@ -18657,8 +18839,8 @@ CVE-2021-29981
RESERVED
CVE-2021-29980
RESERVED
-CVE-2021-29979
- RESERVED
+CVE-2021-29979 (Hubs Cloud allows users to download shared content, specifically HTML ...)
+ TODO: check
CVE-2021-29978
RESERVED
CVE-2021-29977
@@ -23718,8 +23900,8 @@ CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. Th
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927747
CVE-2021-27944
RESERVED
-CVE-2021-27943
- RESERVED
+CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 ...)
+ TODO: check
CVE-2021-27942
RESERVED
CVE-2021-27941 (Unconstrained Web access to the device's private encryption key in the ...)
@@ -24720,16 +24902,16 @@ CVE-2021-27505
RESERVED
CVE-2021-27504
RESERVED
-CVE-2021-27503
- RESERVED
+CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
+ TODO: check
CVE-2021-27502
RESERVED
CVE-2021-27501
RESERVED
CVE-2021-27500
RESERVED
-CVE-2021-27499
- RESERVED
+CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
+ TODO: check
CVE-2021-27498
RESERVED
CVE-2021-27497
@@ -28246,8 +28428,8 @@ CVE-2021-26087
RESERVED
CVE-2021-26086
RESERVED
-CVE-2021-26085
- RESERVED
+CVE-2021-26085 (Affected versions of Atlassian Confluence Server allow remote attacker ...)
+ TODO: check
CVE-2021-26084
RESERVED
CVE-2021-26083 (Export HTML Report in Atlassian Jira Server and Jira Data Center befor ...)
@@ -37971,12 +38153,12 @@ CVE-2021-21868
RESERVED
CVE-2021-21867
RESERVED
-CVE-2021-21866
- RESERVED
-CVE-2021-21865
- RESERVED
-CVE-2021-21864
- RESERVED
+CVE-2021-21866 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
+ TODO: check
+CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageManagement ...)
+ TODO: check
+CVE-2021-21864 (A unsafe deserialization vulnerability exists in the ComponentModel Co ...)
+ TODO: check
CVE-2021-21863
RESERVED
CVE-2021-21862
@@ -38623,14 +38805,14 @@ CVE-2021-21567
RESERVED
CVE-2021-21566
RESERVED
-CVE-2021-21565
- RESERVED
+CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of ...)
+ TODO: check
CVE-2021-21564
RESERVED
-CVE-2021-21563
- RESERVED
-CVE-2021-21562
- RESERVED
+CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper C ...)
+ TODO: check
+CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path vulnerabil ...)
+ TODO: check
CVE-2021-21561
RESERVED
CVE-2021-21560
@@ -38647,8 +38829,8 @@ CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, M
NOT-FOR-US: Dell
CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...)
NOT-FOR-US: Dell
-CVE-2021-21553
- RESERVED
+CVE-2021-21553 (Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User M ...)
+ TODO: check
CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier ...)
NOT-FOR-US: Dell
CVE-2021-21551 (Dell dbutil_2_3.sys driver contains an insufficient access control vul ...)
@@ -77305,6 +77487,7 @@ CVE-2020-17512
CVE-2020-17511 (In Airflow versions prior to 1.10.13, when creating a user using airfl ...)
- airflow <itp> (bug #819700)
CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...)
+ {DLA-2726-1}
- shiro <unfixed> (bug #988728)
[bullseye] - shiro <no-dsa> (Minor issue)
[buster] - shiro <no-dsa> (Minor issue)
@@ -86534,6 +86717,7 @@ CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6
NOTE: https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e (8.5.57)
NOTE: https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399 (9.0.37)
CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ...)
+ {DLA-2726-1}
- shiro <unfixed> (bug #968753)
[bullseye] - shiro <no-dsa> (Minor issue)
[buster] - shiro <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b6fe4678c94479e6c4c48dfca0b0bdeec06c069
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b6fe4678c94479e6c4c48dfca0b0bdeec06c069
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210803/29232f36/attachment.htm>
More information about the debian-security-tracker-commits
mailing list