[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 10 09:10:28 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c19f2d2a by security tracker role at 2021-08-10T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2021-38364
+	RESERVED
+CVE-2021-38363
+	RESERVED
+CVE-2021-38362
+	RESERVED
+CVE-2021-38361
+	RESERVED
+CVE-2021-38360
+	RESERVED
+CVE-2021-38359
+	RESERVED
+CVE-2021-38358
+	RESERVED
+CVE-2021-38357
+	RESERVED
+CVE-2021-38356
+	RESERVED
+CVE-2021-38355
+	RESERVED
+CVE-2021-38354
+	RESERVED
+CVE-2021-38353
+	RESERVED
+CVE-2021-38352
+	RESERVED
+CVE-2021-38351
+	RESERVED
+CVE-2021-38350
+	RESERVED
+CVE-2021-38349
+	RESERVED
+CVE-2021-38348
+	RESERVED
+CVE-2021-38347
+	RESERVED
+CVE-2021-38346
+	RESERVED
+CVE-2021-38345
+	RESERVED
+CVE-2021-38344
+	RESERVED
+CVE-2021-38343
+	RESERVED
+CVE-2021-38342
+	RESERVED
+CVE-2021-38341
+	RESERVED
+CVE-2021-38340
+	RESERVED
+CVE-2021-38339
+	RESERVED
+CVE-2021-38338
+	RESERVED
+CVE-2021-38337
+	RESERVED
+CVE-2021-38336
+	RESERVED
+CVE-2021-38335
+	RESERVED
+CVE-2021-38334
+	RESERVED
+CVE-2021-38333
+	RESERVED
+CVE-2021-38332
+	RESERVED
+CVE-2021-38331
+	RESERVED
+CVE-2021-38330
+	RESERVED
+CVE-2021-38329
+	RESERVED
+CVE-2021-38328
+	RESERVED
+CVE-2021-38327
+	RESERVED
+CVE-2021-38326
+	RESERVED
+CVE-2021-38325
+	RESERVED
+CVE-2021-38324
+	RESERVED
+CVE-2021-38323
+	RESERVED
+CVE-2021-38322
+	RESERVED
+CVE-2021-38321
+	RESERVED
+CVE-2021-38320
+	RESERVED
+CVE-2021-38319
+	RESERVED
+CVE-2021-38318
+	RESERVED
+CVE-2021-38317
+	RESERVED
+CVE-2021-38316
+	RESERVED
+CVE-2021-38315
+	RESERVED
+CVE-2021-38314
+	RESERVED
+CVE-2021-38313
+	RESERVED
+CVE-2021-38312
+	RESERVED
+CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops exist in ...)
+	TODO: check
+CVE-2021-38310
+	RESERVED
+CVE-2021-38309
+	RESERVED
+CVE-2021-38308
+	RESERVED
+CVE-2021-38307
+	RESERVED
+CVE-2021-38306
+	RESERVED
+CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...)
+	TODO: check
+CVE-2021-38304
+	RESERVED
+CVE-2021-38303
+	RESERVED
+CVE-2021-38302
+	RESERVED
+CVE-2021-38301
+	RESERVED
 CVE-2021-38300
 	RESERVED
 CVE-2021-38299
@@ -408,7 +536,7 @@ CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before
 	[stretch] - keystone <end-of-life> (Keystone not supported in stretch)
 	NOTE: https://launchpad.net/bugs/1688137
 CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...)
-	{DLA-2736-1}
+	{DSA-4953-1 DLA-2736-1}
 	[experimental] - lynx 2.9.0dev.9-1
 	- lynx 2.9.0dev.6-3 (bug #991971)
 	[bullseye] - lynx 2.9.0dev.6-3~deb11u1
@@ -1305,6 +1433,7 @@ CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3
 	NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431
 CVE-2021-3672 [Missing input validation on hostnames returned by DNS servers]
 	RESERVED
+	{DSA-4954-1 DLA-2738-1}
 	- c-ares <unfixed> (bug #992053)
 	[bullseye] - c-ares 1.17.1-1+deb11u1
 	NOTE: https://c-ares.haxx.se/adv_20210810.html
@@ -1536,10 +1665,10 @@ CVE-2021-37636
 	RESERVED
 CVE-2021-37635
 	RESERVED
-CVE-2021-37634
-	RESERVED
-CVE-2021-37633
-	RESERVED
+CVE-2021-37634 (Leafkit is a templating language with Swift-inspired syntax. Versions  ...)
+	TODO: check
+CVE-2021-37633 (Discourse is an open source discussion platform. In versions prior to  ...)
+	TODO: check
 CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of mods for ...)
 	NOT-FOR-US: SuperMartijn642's Config Lib (lib for Minecraft)
 CVE-2021-37631
@@ -1584,13 +1713,11 @@ CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, wri
 	NOTE: https://github.com/Exiv2/exiv2/pull/1759
 CVE-2021-37617
 	RESERVED
-CVE-2021-37616 [Null pointer dereference in Exiv2::Internal::resolveLens0x8ff]
-	RESERVED
+CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
 	NOTE: https://github.com/Exiv2/exiv2/pull/1758
-CVE-2021-37615 [Null pointer dereference in Exiv2::Internal::resolveLens0x319]
-	RESERVED
+CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
 	NOTE: https://github.com/Exiv2/exiv2/pull/1758
@@ -4548,10 +4675,10 @@ CVE-2021-36279
 	RESERVED
 CVE-2021-36278
 	RESERVED
-CVE-2021-36277
-	RESERVED
-CVE-2021-36276
-	RESERVED
+CVE-2021-36277 (Dell Command Update, Dell Update, and Alienware Update versions prior  ...)
+	TODO: check
+CVE-2021-36276 (Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insuffic ...)
+	TODO: check
 CVE-2021-36275
 	RESERVED
 CVE-2021-36274
@@ -9040,8 +9167,7 @@ CVE-2021-34337
 	RESERVED
 CVE-2021-34336
 	RESERVED
-CVE-2021-34335 [Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff]
-	RESERVED
+CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
 	NOTE: https://github.com/Exiv2/exiv2/pull/1750
@@ -12058,7 +12184,7 @@ CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import
 	NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
 	NOTE: https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/
 CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5 ...)
-	{DLA-2733-1}
+	{DSA-4952-1 DLA-2733-1}
 	- tomcat9 9.0.43-2 (bug #991046)
 	[bullseye] - tomcat9 9.0.43-2~deb11u1
 	- tomcat8 <removed>
@@ -12603,10 +12729,10 @@ CVE-2021-32800
 	RESERVED
 CVE-2021-32799
 	RESERVED
-CVE-2021-32798
-	RESERVED
-CVE-2021-32797
-	RESERVED
+CVE-2021-32798 (The Jupyter notebook is a web-based notebook environment for interacti ...)
+	TODO: check
+CVE-2021-32797 (JupyterLab is a user interface for Project Jupyter which will eventual ...)
+	TODO: check
 CVE-2021-32796 (xmldom is an open source pure JavaScript W3C standard-based (XML DOM L ...)
 	- node-xmldom <unfixed> (bug #991612)
 	[bullseye] - node-xmldom <ignored> (Minor issue, too intrusive to backport)
@@ -18040,7 +18166,7 @@ CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238
 	NOTE: https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1
 CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker  ...)
-	{DLA-2733-1}
+	{DSA-4952-1 DLA-2733-1}
 	- tomcat9 9.0.43-2 (bug #991046)
 	[bullseye] - tomcat9 9.0.43-2~deb11u1
 	- tomcat8 <removed>
@@ -39757,8 +39883,8 @@ CVE-2021-21598
 	RESERVED
 CVE-2021-21597
 	RESERVED
-CVE-2021-21596
-	RESERVED
+CVE-2021-21596 (Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenMan ...)
+	TODO: check
 CVE-2021-21595
 	RESERVED
 CVE-2021-21594
@@ -39779,10 +39905,10 @@ CVE-2021-21587 (Dell Wyse Management Suite versions 3.2 and earlier contain a fu
 	NOT-FOR-US: Dell
 CVE-2021-21586 (Wyse Management Suite versions 3.2 and earlier contain an absolute pat ...)
 	NOT-FOR-US: Dell
-CVE-2021-21585
-	RESERVED
-CVE-2021-21584
-	RESERVED
+CVE-2021-21585 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS comma ...)
+	TODO: check
+CVE-2021-21584 (Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modul ...)
+	TODO: check
 CVE-2021-21583
 	RESERVED
 CVE-2021-21582
@@ -39821,8 +39947,8 @@ CVE-2021-21566
 	RESERVED
 CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of ...)
 	NOT-FOR-US: Dell
-CVE-2021-21564
-	RESERVED
+CVE-2021-21564 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper ...)
+	TODO: check
 CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper C ...)
 	NOT-FOR-US: EMC
 CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path vulnerabil ...)
@@ -63579,10 +63705,10 @@ CVE-2020-24744
 	RESERVED
 CVE-2020-24743
 	RESERVED
-CVE-2020-24742
-	RESERVED
-CVE-2020-24741
-	RESERVED
+CVE-2020-24742 (An issue has been fixed in Qt versions 5.14.0 where QPluginLoader atte ...)
+	TODO: check
+CVE-2020-24741 (An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrar ...)
+	TODO: check
 CVE-2020-24740 (An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerab ...)
 	NOT-FOR-US: Pluck CMS
 CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...)
@@ -67052,14 +67178,14 @@ CVE-2020-23153
 	RESERVED
 CVE-2020-23152
 	RESERVED
-CVE-2020-23151
-	RESERVED
-CVE-2020-23150
-	RESERVED
-CVE-2020-23149
-	RESERVED
-CVE-2020-23148
-	RESERVED
+CVE-2020-23151 (rConfig 3.9.5 allows command injection by sending a crafted GET reques ...)
+	TODO: check
+CVE-2020-23150 (A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allow ...)
+	TODO: check
+CVE-2020-23149 (The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsaniti ...)
+	TODO: check
+CVE-2020-23148 (The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsaniti ...)
+	TODO: check
 CVE-2020-23147
 	RESERVED
 CVE-2020-23146



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c19f2d2a8a37adef5411227d15cf4b0c439e64c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c19f2d2a8a37adef5411227d15cf4b0c439e64c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210810/1352d99f/attachment.htm>


More information about the debian-security-tracker-commits mailing list