[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 10 21:10:35 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6aea80e4 by security tracker role at 2021-08-10T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...)
+ TODO: check
+CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote ...)
+ TODO: check
+CVE-2021-38385
+ RESERVED
+CVE-2021-38384 (Serverless Offline 8.0.0 returns a 403 HTTP status code for a route th ...)
+ TODO: check
+CVE-2021-38383 (OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_ ...)
+ TODO: check
+CVE-2021-38382 (Live555 through 1.08 does not handle Matroska and Ogg files properly. ...)
+ TODO: check
+CVE-2021-38381 (Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sendi ...)
+ TODO: check
+CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 stream, ...)
+ TODO: check
+CVE-2021-38379
+ RESERVED
+CVE-2021-38378
+ RESERVED
+CVE-2021-38377
+ RESERVED
+CVE-2021-38376
+ RESERVED
+CVE-2021-38375
+ RESERVED
+CVE-2021-38374
+ RESERVED
+CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...)
+ TODO: check
+CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new folders ...)
+ TODO: check
+CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection ...)
+ TODO: check
+CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server are acc ...)
+ TODO: check
+CVE-2021-38369
+ RESERVED
+CVE-2021-38368
+ RESERVED
+CVE-2021-38367
+ RESERVED
+CVE-2021-38366
+ RESERVED
+CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remo ...)
+ TODO: check
+CVE-2021-3698
+ RESERVED
+CVE-2021-3697
+ RESERVED
+CVE-2021-3696
+ RESERVED
+CVE-2021-3695
+ RESERVED
CVE-2021-XXXX [opensysuser evals the content of sysuser definitions]
- opensysuser <unfixed> (bug #992058)
CVE-2021-38364
@@ -144,8 +198,8 @@ CVE-2021-3694
RESERVED
CVE-2021-3693
RESERVED
-CVE-2021-3692
- RESERVED
+CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...)
+ TODO: check
CVE-2021-38294
RESERVED
CVE-2021-38293
@@ -409,8 +463,8 @@ CVE-2021-38175
RESERVED
CVE-2021-38174
RESERVED
-CVE-2021-3689
- RESERVED
+CVE-2021-3689 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...)
+ TODO: check
CVE-2020-36472 (An issue was discovered in the max7301 crate before 0.2.0 for Rust. Th ...)
NOT-FOR-US: Rust crate max7301
CVE-2020-36471 (An issue was discovered in the generator crate before 0.7.0 for Rust. ...)
@@ -576,8 +630,8 @@ CVE-2021-38142
RESERVED
CVE-2021-38141
RESERVED
-CVE-2021-38140
- RESERVED
+CVE-2021-38140 (The set_user extension module before 2.0.1 for PostgreSQL allows a pot ...)
+ TODO: check
CVE-2021-38139
RESERVED
CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...)
@@ -2208,12 +2262,12 @@ CVE-2021-37393 (In RPCMS v1.8 and below, the "nickname" variable is not properly
NOT-FOR-US: RPCMS
CVE-2021-37392 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...)
NOT-FOR-US: RPCMS
-CVE-2021-37391
- RESERVED
-CVE-2021-37390
- RESERVED
-CVE-2021-37389
- RESERVED
+CVE-2021-37391 (A user without privileges in Chamilo LMS 1.11.14 can send an invitatio ...)
+ TODO: check
+CVE-2021-37390 (A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/socia ...)
+ TODO: check
+CVE-2021-37389 (Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/ ...)
+ TODO: check
CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr paramet ...)
NOT-FOR-US: D-Link
CVE-2021-37387
@@ -2256,12 +2310,12 @@ CVE-2021-37369
RESERVED
CVE-2021-37368
RESERVED
-CVE-2021-37367
- RESERVED
-CVE-2021-37366
- RESERVED
-CVE-2021-37365
- RESERVED
+CVE-2021-37367 (CTparental before 4.45.07 is affected by a code execution vulnerabilit ...)
+ TODO: check
+CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request forgery ...)
+ TODO: check
+CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) ...)
+ TODO: check
CVE-2021-37364
RESERVED
CVE-2021-37363
@@ -2653,12 +2707,12 @@ CVE-2021-37182
RESERVED
CVE-2021-37181
RESERVED
-CVE-2021-37180
- RESERVED
-CVE-2021-37179
- RESERVED
-CVE-2021-37178
- RESERVED
+CVE-2021-37180 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
+ TODO: check
+CVE-2021-37179 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
+ TODO: check
+CVE-2021-37178 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
+ TODO: check
CVE-2021-37177
RESERVED
CVE-2021-37176
@@ -2669,8 +2723,8 @@ CVE-2021-37174
RESERVED
CVE-2021-37173
RESERVED
-CVE-2021-37172
- RESERVED
+CVE-2021-37172 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
+ TODO: check
CVE-2021-37171
RESERVED
CVE-2021-37170
@@ -2710,8 +2764,8 @@ CVE-2021-37154
RESERVED
CVE-2021-37153
RESERVED
-CVE-2021-37152
- RESERVED
+CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 befor ...)
+ TODO: check
CVE-2021-37151
RESERVED
CVE-2021-3657
@@ -3996,8 +4050,8 @@ CVE-2021-36603
RESERVED
CVE-2021-36602
RESERVED
-CVE-2021-36601
- RESERVED
+CVE-2021-36601 (GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerabilit ...)
+ TODO: check
CVE-2021-36600
RESERVED
CVE-2021-36599
@@ -10572,8 +10626,8 @@ CVE-2021-3567
NOTE: https://bugs.launchpad.net/ubuntu/+source/caribou/+bug/1912060
NOTE: https://gitlab.gnome.org/GNOME/caribou/-/merge_requests/3
NOTE: https://gitlab.gnome.org/GNOME/caribou/-/commit/d41c8e44b12222a290eaca16703406b113a630c6
-CVE-2021-33738
- RESERVED
+CVE-2021-33738 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
CVE-2021-33737
RESERVED
CVE-2021-33736
@@ -10606,16 +10660,16 @@ CVE-2021-33723
RESERVED
CVE-2021-33722
RESERVED
-CVE-2021-33721
- RESERVED
+CVE-2021-33721 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
+ TODO: check
CVE-2021-33720
RESERVED
CVE-2021-33719
RESERVED
CVE-2021-33718 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Mendix Applications
-CVE-2021-33717
- RESERVED
+CVE-2021-33717 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
+ TODO: check
CVE-2021-33716
RESERVED
CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions < ...)
@@ -10634,24 +10688,24 @@ CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspa
NOT-FOR-US: Siemens
CVE-2021-33708
RESERVED
-CVE-2021-33707
- RESERVED
-CVE-2021-33706
- RESERVED
+CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to redirect ...)
+ TODO: check
+CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by ...)
+ TODO: check
CVE-2021-33705
RESERVED
CVE-2021-33704
RESERVED
-CVE-2021-33703
- RESERVED
-CVE-2021-33702
- RESERVED
+CVE-2021-33703 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30 ...)
+ TODO: check
+CVE-2021-33702 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10 ...)
+ TODO: check
CVE-2021-33701
RESERVED
CVE-2021-33700
RESERVED
-CVE-2021-33699
- RESERVED
+CVE-2021-33699 (Task Hijacking is a vulnerability that affects the applications runnin ...)
+ TODO: check
CVE-2021-33698
RESERVED
CVE-2021-33697
@@ -12388,8 +12442,8 @@ CVE-2021-32945
RESERVED
CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...)
NOT-FOR-US: Open Design Alliance
-CVE-2021-32943
- RESERVED
+CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer overflow, w ...)
+ TODO: check
CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...)
NOT-FOR-US: AVEVA InTouch Runtime
CVE-2021-32941
@@ -12815,8 +12869,8 @@ CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-w
NOT-FOR-US: Gatsby
CVE-2021-32769 (Micronaut is a JVM-based, full stack Java framework designed for build ...)
NOT-FOR-US: Micronaut
-CVE-2021-32768
- RESERVED
+CVE-2021-32768 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
CVE-2021-32767 (TYPO3 is an open source PHP based web content management system. In ve ...)
NOT-FOR-US: Typo 3
CVE-2021-32766
@@ -15703,8 +15757,8 @@ CVE-2021-31657
RESERVED
CVE-2021-31656
RESERVED
-CVE-2021-31655
- RESERVED
+CVE-2021-31655 (Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2 ...)
+ TODO: check
CVE-2021-31654
RESERVED
CVE-2021-31653
@@ -20604,8 +20658,8 @@ CVE-2021-29741 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to explo
NOT-FOR-US: IBM
CVE-2021-29740 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 sys ...)
NOT-FOR-US: IBM
-CVE-2021-29739
- RESERVED
+CVE-2021-29739 (IBM Planning Analytics Local 2.0 could allow a remote attacker to obta ...)
+ TODO: check
CVE-2021-29738
RESERVED
CVE-2021-29737
@@ -22860,20 +22914,20 @@ CVE-2021-28846
RESERVED
CVE-2021-28845
RESERVED
-CVE-2021-28844
- RESERVED
-CVE-2021-28843
- RESERVED
-CVE-2021-28842
- RESERVED
-CVE-2021-28841
- RESERVED
-CVE-2021-28840
- RESERVED
-CVE-2021-28839
- RESERVED
-CVE-2021-28838
- RESERVED
+CVE-2021-28844 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
+ TODO: check
+CVE-2021-28843 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
+ TODO: check
+CVE-2021-28842 (Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11 ...)
+ TODO: check
+CVE-2021-28841 (Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, ...)
+ TODO: check
+CVE-2021-28840 (Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07. ...)
+ TODO: check
+CVE-2021-28839 (Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07. ...)
+ TODO: check
+CVE-2021-28838 (Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, D ...)
+ TODO: check
CVE-2021-28837
RESERVED
CVE-2021-28836
@@ -26335,11 +26389,11 @@ CVE-2021-27387 (A vulnerability has been identified in Simcenter Femap 2020.2 (A
NOT-FOR-US: Simcenter (Siemens)
CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
NOT-FOR-US: Siemens
-CVE-2021-27385 (A remote attacker could send specially crafted packets to a SmartVNC d ...)
+CVE-2021-27385 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
NOT-FOR-US: Siemens
-CVE-2021-27384 (SmartVNC has an out-of-bounds memory access vulnerability in the devic ...)
+CVE-2021-27384 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
NOT-FOR-US: Siemens
-CVE-2021-27383 (SmartVNC has a heap allocation leak vulnerability in the server Tight ...)
+CVE-2021-27383 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
NOT-FOR-US: Siemens
CVE-2021-27382 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
NOT-FOR-US: Solid Edge (Siemens)
@@ -30792,8 +30846,8 @@ CVE-2021-25661 (SmartVNC has an out-of-bounds memory access vulnerability that c
NOT-FOR-US: Siemens
CVE-2021-25660 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
NOT-FOR-US: Siemens
-CVE-2021-25659
- RESERVED
+CVE-2021-25659 (A vulnerability has been identified in Automation License Manager 5 (A ...)
+ TODO: check
CVE-2021-25658
RESERVED
CVE-2021-25657
@@ -34160,7 +34214,7 @@ CVE-2021-24119 (In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerabilit
NOTE: Fixed in 2.26.0: https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0
CVE-2021-24118
RESERVED
-CVE-2021-24117 (In Rust SGX 1.1.3, a side-channel vulnerability in base64 PEM file dec ...)
+CVE-2021-24117 (In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in ...)
NOT-FOR-US: Rust SGX
CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM f ...)
- wolfssl <unfixed> (bug #991663)
@@ -37602,12 +37656,12 @@ CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation
NOT-FOR-US: Cscape
CVE-2021-22677 (An integer overflow exists in the APIs of the host MCU while trying to ...)
NOT-FOR-US: SimpleLink
-CVE-2021-22676
- RESERVED
+CVE-2021-22676 (UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site sc ...)
+ TODO: check
CVE-2021-22675 (The affected product is vulnerable to integer overflow while parsing m ...)
NOT-FOR-US: SimpleLink
-CVE-2021-22674
- RESERVED
+CVE-2021-22674 (The affected product is vulnerable to a relative path traversal condit ...)
+ TODO: check
CVE-2021-22673 (The affected product is vulnerable to stack-based buffer overflow whil ...)
NOT-FOR-US: SimpleLink
CVE-2021-22672 (Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 ...)
@@ -38189,10 +38243,10 @@ CVE-2021-22388 (There is an Integer Overflow Vulnerability in Huawei Smartphone.
NOT-FOR-US: Huawei
CVE-2021-22387 (There is an Improper Control of Dynamically Managing Code Resources Vu ...)
NOT-FOR-US: Huawei
-CVE-2021-22386
- RESERVED
-CVE-2021-22385
- RESERVED
+CVE-2021-22386 (A component of the Huawei smartphone has a Double Free vulnerability. ...)
+ TODO: check
+CVE-2021-22385 (A component of the Huawei smartphone has a External Control of System ...)
+ TODO: check
CVE-2021-22384 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...)
NOT-FOR-US: Huawei
CVE-2021-22383 (There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 ...)
@@ -39908,16 +39962,16 @@ CVE-2021-21603 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not esca
- jenkins <removed>
CVE-2021-21602 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbi ...)
- jenkins <removed>
-CVE-2021-21601
- RESERVED
-CVE-2021-21600
- RESERVED
+CVE-2021-21601 (Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and p ...)
+ TODO: check
+CVE-2021-21600 (Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource co ...)
+ TODO: check
CVE-2021-21599
RESERVED
-CVE-2021-21598
- RESERVED
-CVE-2021-21597
- RESERVED
+CVE-2021-21598 (Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive ...)
+ TODO: check
+CVE-2021-21597 (Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclo ...)
+ TODO: check
CVE-2021-21596 (Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenMan ...)
TODO: check
CVE-2021-21595
@@ -39976,8 +40030,8 @@ CVE-2021-21569
RESERVED
CVE-2021-21568
RESERVED
-CVE-2021-21567
- RESERVED
+CVE-2021-21567 (Dell PowerScale OneFS 9.1.0.x contains an improper privilege managemen ...)
+ TODO: check
CVE-2021-21566
RESERVED
CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of ...)
@@ -40108,8 +40162,8 @@ CVE-2021-21503 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper inpu
NOT-FOR-US: PowerScale OneFS
CVE-2021-21502 (Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of S ...)
NOT-FOR-US: Dell
-CVE-2021-21501
- RESERVED
+CVE-2021-21501 (Improper configuration will cause ServiceComb ServiceCenter Directory ...)
+ TODO: check
CVE-2021-21500
RESERVED
CVE-2021-21499
@@ -52620,8 +52674,8 @@ CVE-2020-28399
RESERVED
CVE-2020-28398
RESERVED
-CVE-2020-28397
- RESERVED
+CVE-2020-28397 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ TODO: check
CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...)
NOT-FOR-US: Siemens
CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
@@ -62963,8 +63017,8 @@ CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=21bc31524e8ca487e976f713b878d7338ee00df2
CVE-2020-25083
RESERVED
-CVE-2020-25082
- RESERVED
+CVE-2020-25082 (An attacker with physical access to Nuvoton Trusted Platform Module (N ...)
+ TODO: check
CVE-2020-25081
RESERVED
CVE-2020-25080
@@ -67171,10 +67225,10 @@ CVE-2020-23174
RESERVED
CVE-2020-23173
RESERVED
-CVE-2020-23172
- RESERVED
-CVE-2020-23171
- RESERVED
+CVE-2020-23172 (A vulnerability in all versions of Kuba allows attackers to overwrite ...)
+ TODO: check
+CVE-2020-23171 (A vulnerability in all versions of Nim-lang allows unauthenticated att ...)
+ TODO: check
CVE-2020-23170
RESERVED
CVE-2020-23169
@@ -74242,7 +74296,8 @@ CVE-2020-19716 (A buffer overflow vulnerability in the Databuf function in types
- exiv2 <undetermined>
NOTE: https://github.com/Exiv2/exiv2/issues/980
TODO: check, unclear if fixed or not, upstream cannot reproduce as well in 0.27.1 as reported
-CVE-2020-19715 (An integer overflow vulnerability in the getUShort function of Exiv2 0 ...)
+CVE-2020-19715
+ REJECTED
- exiv2 0.27.2-6
NOTE: https://github.com/Exiv2/exiv2/issues/979
CVE-2020-19714
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aea80e43d86446ab33a218e9d40bc73436f917c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aea80e43d86446ab33a218e9d40bc73436f917c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210810/fc097f75/attachment.htm>
More information about the debian-security-tracker-commits
mailing list