[Git][security-tracker-team/security-tracker][master] automatic update

Thu Aug 5 21:10:30 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9e3725b by security tracker role at 2021-08-05T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-38145
+	RESERVED
+CVE-2021-38144
+	RESERVED
+CVE-2021-38143
+	RESERVED
+CVE-2021-38142
+	RESERVED
+CVE-2021-38141
+	RESERVED
+CVE-2021-38140
+	RESERVED
+CVE-2021-38139
+	RESERVED
+CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...)
+	TODO: check
+CVE-2021-38137
+	RESERVED
+CVE-2021-38136
+	RESERVED
+CVE-2021-3688
+	RESERVED
 CVE-2021-38135
 	RESERVED
 CVE-2021-38134
@@ -92,8 +114,8 @@ CVE-2021-38097
 	RESERVED
 CVE-2021-38096
 	RESERVED
-CVE-2021-38095
-	RESERVED
+CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...)
+	TODO: check
 CVE-2021-38094
 	RESERVED
 CVE-2021-38093
@@ -1083,8 +1105,8 @@ CVE-2021-37627
 	RESERVED
 CVE-2021-37626
 	RESERVED
-CVE-2021-37625
-	RESERVED
+CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4  ...)
+	TODO: check
 CVE-2021-37624
 	RESERVED
 CVE-2021-37623
@@ -1127,10 +1149,10 @@ CVE-2021-3669 [reading /proc/sysvipc/shm does not scale with large shared memory
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473
 CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...)
 	NOT-FOR-US: Meow hash
-CVE-2021-37605
-	RESERVED
-CVE-2021-37604
-	RESERVED
+CVE-2021-37605 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...)
+	TODO: check
+CVE-2021-37604 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...)
+	TODO: check
 CVE-2021-37603
 	RESERVED
 CVE-2021-37602
@@ -11537,6 +11559,7 @@ CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import
 	NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
 	NOTE: https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/
 CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5 ...)
+	{DLA-2733-1}
 	- tomcat9 <unfixed> (bug #991046)
 	- tomcat8 <removed>
 	NOTE: https://github.com/apache/tomcat/commit/45d70a86a901cbd534f8f570bed2aec9f7f7b88e (9.0.47)
@@ -12583,8 +12606,8 @@ CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute ar
 	NOT-FOR-US: zzzcms
 CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles ...)
 	NOT-FOR-US: SolarWinds
-CVE-2021-32603
-	RESERVED
+CVE-2021-32603 (A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiM ...)
+	TODO: check
 CVE-2021-32602
 	RESERVED
 CVE-2021-32601
@@ -12593,8 +12616,8 @@ CVE-2021-32600
 	RESERVED
 CVE-2021-32599
 	RESERVED
-CVE-2021-32598
-	RESERVED
+CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
+	TODO: check
 CVE-2021-32597
 	RESERVED
 CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...)
@@ -12629,16 +12652,16 @@ CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A
 	NOT-FOR-US: ConnectWise Automate
 CVE-2021-32581
 	RESERVED
-CVE-2021-32580
-	RESERVED
-CVE-2021-32579
-	RESERVED
+CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
+	TODO: check
+CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and Acronis True ...)
+	TODO: check
 CVE-2021-32578
 	RESERVED
 CVE-2021-32577
 	RESERVED
-CVE-2021-32576
-	RESERVED
+CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
+	TODO: check
 CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/i ...)
 	- linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16
@@ -17510,6 +17533,7 @@ CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238
 	NOTE: https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1
 CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker  ...)
+	{DLA-2733-1}
 	- tomcat9 <unfixed> (bug #991046)
 	- tomcat8 <removed>
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65224
@@ -67329,8 +67353,8 @@ CVE-2020-22734
 	RESERVED
 CVE-2020-22733
 	RESERVED
-CVE-2020-22732
-	RESERVED
+CVE-2020-22732 (CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions &g ...)
+	TODO: check
 CVE-2020-22731
 	RESERVED
 CVE-2020-22730



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9e3725b049d31c94b3aa8773d845a1ca34558ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9e3725b049d31c94b3aa8773d845a1ca34558ff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210805/370f7edf/attachment-0001.htm>
