[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 6 09:10:33 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1ec01a45 by security tracker role at 2021-08-06T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-38149
+ RESERVED
+CVE-2021-38148
+ RESERVED
+CVE-2021-38147
+ RESERVED
+CVE-2021-38146
+ RESERVED
CVE-2021-38145
RESERVED
CVE-2021-38144
@@ -128,8 +136,7 @@ CVE-2021-38090
RESERVED
CVE-2021-38089
RESERVED
-CVE-2021-3682 [usbredir: free call on invalid pointer in bufp_alloc()]
- RESERVED
+CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU in ver ...)
- qemu <unfixed> (bug #991911)
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/491
NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/b2d1fe67d09d2b6c7da647fbcea6ca0148c206d3 (v1.4.0-rc0)
@@ -456,8 +463,7 @@ CVE-2021-3681
TODO: check, needs verifying the affected ansible/ansible-base components
CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
NOT-FOR-US: showdoc
-CVE-2021-3679
- RESERVED
+CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
@@ -606,8 +612,8 @@ CVE-2021-37861
RESERVED
CVE-2021-37860
RESERVED
-CVE-2021-37859
- RESERVED
+CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...)
+ TODO: check
CVE-2021-37858
RESERVED
CVE-2021-37857
@@ -1093,8 +1099,8 @@ CVE-2021-37634
RESERVED
CVE-2021-37633
RESERVED
-CVE-2021-37632
- RESERVED
+CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of mods for ...)
+ TODO: check
CVE-2021-37631
RESERVED
CVE-2021-37630
@@ -1129,8 +1135,8 @@ CVE-2021-37616
RESERVED
CVE-2021-37615
RESERVED
-CVE-2021-37614
- RESERVED
+CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...)
+ TODO: check
CVE-2021-37613
RESERVED
CVE-2021-37612
@@ -2104,8 +2110,8 @@ CVE-2021-37158
RESERVED
CVE-2021-37157
RESERVED
-CVE-2021-37156
- RESERVED
+CVE-2021-37156 (Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon ...)
+ TODO: check
CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...)
- wolfssl <unfixed> (bug #991443)
[bullseye] - wolfssl <no-dsa> (Minor issue)
@@ -2466,8 +2472,7 @@ CVE-2021-36982
RESERVED
CVE-2021-36981
RESERVED
-CVE-2021-3655 [missing size validations on inbound SCTP packets]
- RESERVED
+CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions before v5.14 ...)
- linux 5.10.46-3
CVE-2021-3654 [novnc allows open redirection]
RESERVED
@@ -3420,8 +3425,8 @@ CVE-2021-36586
RESERVED
CVE-2021-36585
RESERVED
-CVE-2021-36584
- RESERVED
+CVE-2021-36584 (An issue was discovered in GPAC 1.0.1. There is a heap-based buffer ov ...)
+ TODO: check
CVE-2021-36583
RESERVED
CVE-2021-36582
@@ -3750,8 +3755,7 @@ CVE-2021-36421
RESERVED
CVE-2021-36420
RESERVED
-CVE-2021-3642
- RESERVED
+CVE-2021-3642 (A flaw was found in Wildfly Elytron where ScramServer may be susceptib ...)
NOT-FOR-US: WildFly Elytron
CVE-2021-36419
RESERVED
@@ -6301,14 +6305,14 @@ CVE-2021-35329
RESERVED
CVE-2021-35328
RESERVED
-CVE-2021-35327
- RESERVED
-CVE-2021-35326
- RESERVED
-CVE-2021-35325
- RESERVED
-CVE-2021-35324
- RESERVED
+CVE-2021-35327 (A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B2020091 ...)
+ TODO: check
+CVE-2021-35326 (A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B2 ...)
+ TODO: check
+CVE-2021-35325 (A stack overflow in the checkLoginUser function of TOTOLINK A720R A720 ...)
+ TODO: check
+CVE-2021-35324 (A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Fir ...)
+ TODO: check
CVE-2021-35323
RESERVED
CVE-2021-35322
@@ -6341,10 +6345,10 @@ CVE-2021-35309
RESERVED
CVE-2021-35308
RESERVED
-CVE-2021-35307
- RESERVED
-CVE-2021-35306
- RESERVED
+CVE-2021-35307 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...)
+ TODO: check
+CVE-2021-35306 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...)
+ TODO: check
CVE-2021-35305
RESERVED
CVE-2021-35304
@@ -7825,24 +7829,24 @@ CVE-2021-34641
RESERVED
CVE-2021-34640
RESERVED
-CVE-2021-34639
- RESERVED
-CVE-2021-34638
- RESERVED
+CVE-2021-34639 (Authenticated File Upload in WordPress Download Manager <= 3.1.24 a ...)
+ TODO: check
+CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager <= ...)
+ TODO: check
CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34636
RESERVED
CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-34634
- RESERVED
-CVE-2021-34633
- RESERVED
+CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2021-34633 (The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Reques ...)
+ TODO: check
CVE-2021-34632 (The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-34631
- RESERVED
+CVE-2021-34631 (The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
CVE-2021-34630 (In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtra ...)
NOT-FOR-US: GTranslate (Pro and Enterprise versions)
CVE-2021-34629 (The SendGrid WordPress plugin is vulnerable to authorization bypass vi ...)
@@ -8299,7 +8303,7 @@ CVE-2021-34439 (Microsoft Windows Media Foundation Remote Code Execution Vulnera
CVE-2021-34438 (Windows Font Driver Host Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-3591
- RESERVED
+ REJECTED
CVE-2021-3590
RESERVED
- foreman <itp> (bug #663101)
@@ -8457,8 +8461,8 @@ CVE-2021-34373 (Trusty trusted Linux kernel (TLK) contains a vulnerability in th
NOT-FOR-US: rusty TLK (NVIDIA)
CVE-2021-34372 (Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver c ...)
NOT-FOR-US: Trusty
-CVE-2021-34371
- RESERVED
+CVE-2021-34371 (Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI se ...)
+ TODO: check
CVE-2021-34370 (Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do s ...)
NOT-FOR-US: Accela Civic Platform
CVE-2021-34369 (portlets/contact/ref/refContactDetail.do in Accela Civic Platform thro ...)
@@ -9602,8 +9606,7 @@ CVE-2021-33849
RESERVED
CVE-2021-3581
RESERVED
-CVE-2021-3580 [Remote crash in RSA decryption via manipulated ciphertext]
- RESERVED
+CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions handled ...)
{DSA-4933-1}
- nettle 3.7.3-1 (bug #989631)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1967983
@@ -10238,10 +10241,10 @@ CVE-2021-33599
RESERVED
CVE-2021-33598
RESERVED
-CVE-2021-33597
- RESERVED
-CVE-2021-33596
- RESERVED
+CVE-2021-33597 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ TODO: check
+CVE-2021-33596 (Showing the legitimate URL in the address bar while loading the conten ...)
+ TODO: check
CVE-2021-33595
RESERVED
CVE-2021-33594
@@ -10283,8 +10286,8 @@ CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able
[stretch] - inspircd <not-affected> (Vulnerable code not present)
NOTE: https://docs.inspircd.org/security/2021-01/
NOTE: https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d
-CVE-2021-3566
- RESERVED
+CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...)
+ TODO: check
CVE-2021-33579
RESERVED
CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities ...)
@@ -12656,16 +12659,16 @@ CVE-2021-32583
RESERVED
CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...)
NOT-FOR-US: ConnectWise Automate
-CVE-2021-32581
- RESERVED
+CVE-2021-32581 (Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Im ...)
+ TODO: check
CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
TODO: check
CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and Acronis True ...)
TODO: check
-CVE-2021-32578
- RESERVED
-CVE-2021-32577
- RESERVED
+CVE-2021-32578 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
+ TODO: check
+CVE-2021-32577 (Acronis True Image prior to 2021 Update 5 for Windows allowed local pr ...)
+ TODO: check
CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
TODO: check
CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/i ...)
@@ -14078,10 +14081,10 @@ CVE-2021-32005
RESERVED
CVE-2021-32004
RESERVED
-CVE-2021-32003
- RESERVED
-CVE-2021-32002
- RESERVED
+CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in SiteManager prov ...)
+ TODO: check
+CVE-2021-32002 (Improper Access Control vulnerability in web service of Secomea SiteMa ...)
+ TODO: check
CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of S ...)
NOT-FOR-US: Rancher
CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-ma ...)
@@ -19344,14 +19347,12 @@ CVE-2021-29980
RESERVED
CVE-2021-29979 (Hubs Cloud allows users to download shared content, specifically HTML ...)
NOT-FOR-US: Hubs Cloud
-CVE-2021-29978
- RESERVED
-CVE-2021-29977
- RESERVED
+CVE-2021-29978 (Multiple low security issues were discovered and fixed in a security a ...)
+ TODO: check
+CVE-2021-29977 (Mozilla developers reported memory safety bugs present in Firefox 89. ...)
- firefox 90.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977
-CVE-2021-29976
- RESERVED
+CVE-2021-29976 (Mozilla developers reported memory safety bugs present in code shared ...)
{DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
- firefox 90.0-1
- firefox-esr 78.12.0esr-1
@@ -19359,28 +19360,22 @@ CVE-2021-29976
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29976
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29976
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29976
-CVE-2021-29975
- RESERVED
+CVE-2021-29975 (Through a series of DOM manipulations, a message, over which the attac ...)
- firefox 90.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29975
-CVE-2021-29974
- RESERVED
+CVE-2021-29974 (When network partitioning was enabled, e.g. as a result of Enhanced Tr ...)
- firefox 90.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29974
-CVE-2021-29973
- RESERVED
+CVE-2021-29973 (Password autofill was enabled without user interaction on insecure web ...)
- firefox <not-affected> (Only affects Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29973
-CVE-2021-29972
- RESERVED
+CVE-2021-29972 (A use-after-free vulnerability was found via testing, and traced to an ...)
- firefox 90.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29972
-CVE-2021-29971
- RESERVED
+CVE-2021-29971 (If a user had granted a permission to a webpage and saved that grant, ...)
- firefox <not-affected> (Only affects Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971
-CVE-2021-29970
- RESERVED
+CVE-2021-29970 (A malicious webpage could have triggered a use-after-free, memory corr ...)
{DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
- firefox 90.0-1
- firefox-esr 78.12.0esr-1
@@ -19388,8 +19383,7 @@ CVE-2021-29970
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29970
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29970
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29970
-CVE-2021-29969
- RESERVED
+CVE-2021-29969 (If Thunderbird was configured to use STARTTLS for an IMAP connection, ...)
{DSA-4940-1 DLA-2711-1}
- thunderbird 1:78.12.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29969
@@ -23622,8 +23616,8 @@ CVE-2021-3437
RESERVED
CVE-2021-3436
RESERVED
-CVE-2021-28216
- RESERVED
+CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...)
+ TODO: check
CVE-2021-28215
RESERVED
CVE-2021-28214
@@ -27513,8 +27507,8 @@ CVE-2021-26607
RESERVED
CVE-2021-26606
RESERVED
-CVE-2021-26605
- RESERVED
+CVE-2021-26605 (An improper input validation vulnerability in the service of ezPDFRead ...)
+ TODO: check
CVE-2021-26604
RESERVED
CVE-2021-26603
@@ -27566,8 +27560,8 @@ CVE-2021-26588
RESERVED
CVE-2021-26587
RESERVED
-CVE-2021-26586
- RESERVED
+CVE-2021-26586 (A potential security vulnerability has been identified in the HPE Edge ...)
+ TODO: check
CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView Global Da ...)
NOT-FOR-US: HPE
CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter (OV4VC) cou ...)
@@ -30572,18 +30566,18 @@ CVE-2021-25450
RESERVED
CVE-2021-25449
RESERVED
-CVE-2021-25448
- RESERVED
-CVE-2021-25447
- RESERVED
-CVE-2021-25446
- RESERVED
-CVE-2021-25445
- RESERVED
-CVE-2021-25444
- RESERVED
-CVE-2021-25443
- RESERVED
+CVE-2021-25448 (Improper access control vulnerability in Smart Touch Call prior to ver ...)
+ TODO: check
+CVE-2021-25447 (Improper access control vulnerability in SmartThings prior to version ...)
+ TODO: check
+CVE-2021-25446 (Improper access control vulnerability in SmartThings prior to version ...)
+ TODO: check
+CVE-2021-25445 (Unprotected component vulnerability in Samsung Internet prior to versi ...)
+ TODO: check
+CVE-2021-25444 (An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 ...)
+ TODO: check
+CVE-2021-25443 (A use after free vulnerability in conn_gadget driver prior to SMR AUG- ...)
+ TODO: check
CVE-2021-25442 (Improper MDM policy management vulnerability in KME module prior to KC ...)
NOT-FOR-US: Samsung (KME module)
CVE-2021-25441 (Improper input validation vulnerability in AR Emoji Editor prior to ve ...)
@@ -34227,8 +34221,8 @@ CVE-2021-23851
RESERVED
CVE-2021-23850
RESERVED
-CVE-2021-23849
- RESERVED
+CVE-2021-23849 (A vulnerability in the web-based interface allows an unauthenticated r ...)
+ TODO: check
CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a reflected c ...)
NOT-FOR-US: Bosch
CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP cameras allo ...)
@@ -36192,14 +36186,13 @@ CVE-2021-22930 [Use after free on close http2 on stream canceling]
NOTE: Possible incomplete fix (at least for v12): https://github.com/nodejs/node/issues/38964#issuecomment-889936936
CVE-2021-22929
RESERVED
-CVE-2021-22928
- RESERVED
-CVE-2021-22927
- RESERVED
-CVE-2021-22926
- RESERVED
-CVE-2021-22925 [TELNET stack contents disclosure again]
- RESERVED
+CVE-2021-22928 (A vulnerability has been identified in Citrix Virtual Apps and Desktop ...)
+ TODO: check
+CVE-2021-22927 (A session fixation vulnerability exists in Citrix ADC and Citrix Gatew ...)
+ TODO: check
+CVE-2021-22926 (libcurl-using applications can ask for a specific client certificate t ...)
+ TODO: check
+CVE-2021-22925 (curl supports the `-t` command line option, known as `CURLOPT_TELNETOP ...)
- curl <not-affected> (Incomplete fix for CVE-2021-22898 not applied)
NOTE: https://curl.se/docs/CVE-2021-22925.html
NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (curl-7_7_alpha2)
@@ -36207,23 +36200,20 @@ CVE-2021-22925 [TELNET stack contents disclosure again]
NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/4
NOTE: CVE is assigned because previous attempt to address CVE-2021-22898 resulted to be
NOTE: insufficient and the security vulnerability remained.
-CVE-2021-22924 [Bad connection reuse due to flawed path name checks]
- RESERVED
+CVE-2021-22924 (libcurl keeps previously used connections in a connection pool for sub ...)
- curl <unfixed> (bug #991492)
NOTE: https://curl.se/docs/CVE-2021-22924.html
NOTE: Introduced by: https://github.com/curl/curl/commit/89721ff04af70f527baae1368f3b992777bf6526 (curl-7_10_4)
NOTE: Fixed by: https://github.com/curl/curl/commit/5ea3145850ebff1dc2b13d17440300a01ca38161 (curl-7_78_0)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/3
-CVE-2021-22923 [Metalink download sends credentials]
- RESERVED
+CVE-2021-22923 (When curl is instructed to get content using the metalink feature, and ...)
- curl <unfixed> (unimportant)
NOTE: https://curl.se/docs/CVE-2021-22923.html
NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/2
NOTE: The fix for earlier versions is to rebuild curl with the metalink support
NOTE: switched off.
NOTE: Metalink support not enabled in Debian builds.
-CVE-2021-22922 [Wrong content via metalink not discarded]
- RESERVED
+CVE-2021-22922 (When curl is instructed to download content using the metalink feature ...)
- curl <unfixed> (unimportant)
NOTE: https://curl.se/docs/CVE-2021-22922.html
NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/1
@@ -36232,10 +36222,10 @@ CVE-2021-22922 [Wrong content via metalink not discarded]
NOTE: Metalink support not enabled in Debian builds.
CVE-2021-22921 (Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local pri ...)
- nodejs <not-affected> (Only affects Windows installer)
-CVE-2021-22920
- RESERVED
-CVE-2021-22919
- RESERVED
+CVE-2021-22920 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...)
+ TODO: check
+CVE-2021-22919 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...)
+ TODO: check
CVE-2021-22918 (Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bou ...)
{DSA-4936-1}
- libuv1 1.40.0-2 (bug #990561)
@@ -37266,8 +37256,8 @@ CVE-2021-22519 (Execute arbitrary code vulnerability in Micro Focus SiteScope pr
NOT-FOR-US: Micro Focus
CVE-2021-22518
RESERVED
-CVE-2021-22517
- RESERVED
+CVE-2021-22517 (A potential unauthorized privilege escalation vulnerability has been i ...)
+ TODO: check
CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability in Micr ...)
NOT-FOR-US: Micro Focus Secure API Manager
CVE-2021-22515 (Multi-Factor Authentication (MFA) functionality can be bypassed, allow ...)
@@ -37818,10 +37808,10 @@ CVE-2021-22243
RESERVED
CVE-2021-22242
RESERVED
-CVE-2021-22241
- RESERVED
-CVE-2021-22240
- RESERVED
+CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14 ...)
+ TODO: check
CVE-2021-22239
RESERVED
- gitlab <unfixed>
@@ -37844,8 +37834,8 @@ CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to
[stretch] - wireshark <postponed> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-06.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462
-CVE-2021-22234
- RESERVED
+CVE-2021-22234 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13.10 an ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22232 (HTML injection was possible via the full name field before versions 13 ...)
@@ -38613,8 +38603,8 @@ CVE-2021-21895
RESERVED
CVE-2021-21894
RESERVED
-CVE-2021-21893
- RESERVED
+CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
CVE-2021-21892
RESERVED
CVE-2021-21891
@@ -38659,8 +38649,8 @@ CVE-2021-21872
RESERVED
CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format Handle ...)
NOT-FOR-US: PowerISO
-CVE-2021-21870
- RESERVED
+CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
CVE-2021-21869
RESERVED
CVE-2021-21868
@@ -38673,8 +38663,8 @@ CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageMana
NOT-FOR-US: CODESYS
CVE-2021-21864 (A unsafe deserialization vulnerability exists in the ComponentModel Co ...)
NOT-FOR-US: CODESYS
-CVE-2021-21863
- RESERVED
+CVE-2021-21863 (A unsafe deserialization vulnerability exists in the ComponentModel Pr ...)
+ TODO: check
CVE-2021-21862
RESERVED
CVE-2021-21861
@@ -38737,8 +38727,8 @@ CVE-2021-21833 (An improper array index validation vulnerability exists in the T
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21832
RESERVED
-CVE-2021-21831
- RESERVED
+CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
CVE-2021-21830
RESERVED
CVE-2021-21829
@@ -38793,8 +38783,8 @@ CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.6-1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
-CVE-2021-21805
- RESERVED
+CVE-2021-21805 (An OS Command Injection vulnerability exists in the ping.php script fu ...)
+ TODO: check
CVE-2021-21804 (A local file inclusion (LFI) vulnerability exists in the options.php s ...)
NOT-FOR-US: Advantech R-SeeNet
CVE-2021-21803 (This vulnerability is present in device_graph_page.php script, which i ...)
@@ -38819,12 +38809,12 @@ CVE-2021-21794 (An out-of-bounds write vulnerability exists in the TIF bits_per_
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21793 (An out-of-bounds write vulnerability exists in the JPG sof_nb_comp hea ...)
NOT-FOR-US: Accusoft ImageGear
-CVE-2021-21792
- RESERVED
-CVE-2021-21791
- RESERVED
-CVE-2021-21790
- RESERVED
+CVE-2021-21792 (An information disclosure vulnerability exists in the the way IOBit Ad ...)
+ TODO: check
+CVE-2021-21791 (An information disclosure vulnerability exists in the the way IOBit Ad ...)
+ TODO: check
+CVE-2021-21790 (An information disclosure vulnerability exists in the the way IOBit Ad ...)
+ TODO: check
CVE-2021-21789 (A privilege escalation vulnerability exists in the way IOBit Advanced ...)
NOT-FOR-US: IOBit
CVE-2021-21788 (A privilege escalation vulnerability exists in the way IOBit Advanced ...)
@@ -38833,8 +38823,8 @@ CVE-2021-21787 (A privilege escalation vulnerability exists in the way IOBit Adv
NOT-FOR-US: IOBit
CVE-2021-21786 (A privilege escalation vulnerability exists in the IOCTL 0x9c406144 ha ...)
NOT-FOR-US: IOBit
-CVE-2021-21785
- RESERVED
+CVE-2021-21785 (An information disclosure vulnerability exists in the IOCTL 0x9c40a148 ...)
+ TODO: check
CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...)
@@ -38948,10 +38938,10 @@ CVE-2021-21741
RESERVED
CVE-2021-21740
RESERVED
-CVE-2021-21739
- RESERVED
-CVE-2021-21738
- RESERVED
+CVE-2021-21739 (A ZTE's product of the transport network access layer has a security v ...)
+ TODO: check
+CVE-2021-21738 (ZTE's big video business platform has two reflective cross-site script ...)
+ TODO: check
CVE-2021-21737 (A smart STB product of ZTE is impacted by a permission and access cont ...)
NOT-FOR-US: ZTE
CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...)
@@ -43160,8 +43150,8 @@ CVE-2021-20594
RESERVED
CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in Mitsubishi Ele ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20592
- RESERVED
+CVE-2021-20592 (Missing synchronization vulnerability in GOT2000 series GT27 model com ...)
+ TODO: check
CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model VNC ...)
@@ -44541,10 +44531,10 @@ CVE-2021-20118
RESERVED
CVE-2021-20117
RESERVED
-CVE-2021-20116
- RESERVED
-CVE-2021-20115
- RESERVED
+CVE-2021-20116 (A reflected cross-site scripting vulnerability exists in TCExam <= ...)
+ TODO: check
+CVE-2021-20115 (A reflected cross-site scripting vulnerability exists in TCExam <= ...)
+ TODO: check
CVE-2021-20114 (When installed following the default/recommended settings, TCExam < ...)
NOT-FOR-US: TCExam
CVE-2021-20113 (An exposure of sensitive information vulnerability exists in TCExam &l ...)
@@ -48268,8 +48258,8 @@ CVE-2021-1632
RESERVED
CVE-2021-1631
RESERVED
-CVE-2021-1630
- RESERVED
+CVE-2021-1630 (XML external entity (XXE) vulnerability affecting certain versions of ...)
+ TODO: check
CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...)
NOT-FOR-US: Tableau Server
CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...)
@@ -68053,8 +68043,8 @@ CVE-2020-22394 (In YzmCMS v5.5 the member contribution function in the editor co
NOT-FOR-US: YzmCMS
CVE-2020-22393
RESERVED
-CVE-2020-22392
- RESERVED
+CVE-2020-22392 (Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 w ...)
+ TODO: check
CVE-2020-22391
RESERVED
CVE-2020-22390 (Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name ...)
@@ -104595,8 +104585,8 @@ CVE-2020-7865
RESERVED
CVE-2020-7864 (Parameter manipulation can bypass authentication to cause file upload ...)
NOT-FOR-US: Raonwiz DEXT5Editor
-CVE-2020-7863
- RESERVED
+CVE-2020-7863 (A vulnerability in File Transfer Solution of Raonwiz could allow arbit ...)
+ TODO: check
CVE-2020-7862 (A vulnerability in agent program of HelpU remote control solution coul ...)
NOT-FOR-US: HelpU remote control solution
CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows directo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ec01a45c5ae0da66d3839bdc8bcb2e83b79558e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ec01a45c5ae0da66d3839bdc8bcb2e83b79558e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210806/8dfc7f51/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list