[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 12 09:10:50 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
57044ee0 by security tracker role at 2021-08-12T08:10:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2021-38593 (Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::c ...)
+ TODO: check
+CVE-2021-38592 (Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called fro ...)
+ TODO: check
+CVE-2021-38591 (An issue was discovered on LG mobile devices with Android OS P and Q s ...)
+ TODO: check
+CVE-2021-38590 (In cPanel before 96.0.8, weak permissions on web stats can lead to inf ...)
+ TODO: check
+CVE-2021-38589 (In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly re ...)
+ TODO: check
+CVE-2021-38588 (In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the in ...)
+ TODO: check
+CVE-2021-38587 (In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creat ...)
+ TODO: check
+CVE-2021-38586 (In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operatio ...)
+ TODO: check
+CVE-2021-38585 (The WHM Locale Upload feature in cPanel before 98.0.1 allows unseriali ...)
+ TODO: check
+CVE-2021-38584 (The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attac ...)
+ TODO: check
+CVE-2021-38583
+ RESERVED
+CVE-2021-38582
+ RESERVED
+CVE-2021-38581
+ RESERVED
+CVE-2021-38580
+ RESERVED
+CVE-2021-38579
+ RESERVED
+CVE-2021-38578
+ RESERVED
+CVE-2021-38577
+ RESERVED
+CVE-2021-38576
+ RESERVED
+CVE-2021-38575
+ RESERVED
+CVE-2021-38574 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ TODO: check
+CVE-2021-38573 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ TODO: check
+CVE-2021-38572 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ TODO: check
+CVE-2021-38571 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ TODO: check
+CVE-2021-38570 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ TODO: check
+CVE-2021-38569 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ TODO: check
+CVE-2021-38568 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ TODO: check
+CVE-2021-38567 (An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Read ...)
+ TODO: check
+CVE-2021-38566 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ TODO: check
+CVE-2021-38565 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ TODO: check
+CVE-2021-38564 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ TODO: check
+CVE-2021-38563 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ TODO: check
+CVE-2021-3703
+ RESERVED
+CVE-2021-3702
+ RESERVED
+CVE-2021-3701
+ RESERVED
+CVE-2021-3700
+ RESERVED
CVE-2021-38562
RESERVED
CVE-2021-38561
@@ -1972,14 +2042,14 @@ CVE-2021-37701
RESERVED
CVE-2021-37700
RESERVED
-CVE-2021-37699
- RESERVED
+CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...)
+ TODO: check
CVE-2021-37698
RESERVED
-CVE-2021-37697
- RESERVED
-CVE-2021-37696
- RESERVED
+CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
+ TODO: check
+CVE-2021-37696 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
+ TODO: check
CVE-2021-37695
RESERVED
CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...)
@@ -2116,10 +2186,10 @@ CVE-2021-37629
RESERVED
CVE-2021-37628
RESERVED
-CVE-2021-37627
- RESERVED
-CVE-2021-37626
- RESERVED
+CVE-2021-37627 (Contao is an open source CMS that allows creation of websites and scal ...)
+ TODO: check
+CVE-2021-37626 (Contao is an open source CMS that allows you to create websites and sc ...)
+ TODO: check
CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4 ...)
NOT-FOR-US: Skytable
CVE-2021-37624
@@ -4032,8 +4102,7 @@ CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
NOT-FOR-US: Zoho
CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. ...)
NOT-FOR-US: Zoho
-CVE-2021-36770 [Encode.pm loads code from outside expected @INC]
- RESERVED
+CVE-2021-36770 (Encode.pm, as distributed in Perl through 5.34.0, allows local users t ...)
- libencode-perl 3.08-2
[bullseye] - libencode-perl 3.08-1+deb11u1
[buster] - libencode-perl <not-affected> (Vulnerable code introduced later)
@@ -10825,10 +10894,10 @@ CVE-2021-3573
NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
CVE-2021-33795 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorr ...)
NOT-FOR-US: Foxit
-CVE-2021-33794
- RESERVED
-CVE-2021-33793
- RESERVED
+CVE-2021-33794 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow informat ...)
+ TODO: check
+CVE-2021-33793 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...)
+ TODO: check
CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...)
NOT-FOR-US: Foxit
CVE-2021-3572 [Don't split git references on unicode separators #9827]
@@ -10840,7 +10909,7 @@ CVE-2021-3572 [Don't split git references on unicode separators #9827]
NOTE: https://github.com/pypa/pip/pull/9827
NOTE: https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e (21.1)
CVE-2021-33791
- RESERVED
+ REJECTED
CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. When pt ...)
- linuxptp 3.1-2.1 (bug #990749)
[buster] - linuxptp <not-affected> (Vulnerable code introduced later, transparent clock implementation in v2.0)
@@ -14114,14 +14183,14 @@ CVE-2021-32442
RESERVED
CVE-2021-32441
RESERVED
-CVE-2021-32440
- RESERVED
-CVE-2021-32439
- RESERVED
-CVE-2021-32438
- RESERVED
-CVE-2021-32437
- RESERVED
+CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to ca ...)
+ TODO: check
+CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0. ...)
+ TODO: check
+CVE-2021-32438 (The gf_media_export_filters function in GPAC 1.0.1 allows attackers to ...)
+ TODO: check
+CVE-2021-32437 (The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to caus ...)
+ TODO: check
CVE-2021-32436
RESERVED
CVE-2021-32435
@@ -20407,6 +20476,7 @@ CVE-2021-29990
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990
CVE-2021-29989
RESERVED
+ {DSA-4956-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -20415,6 +20485,7 @@ CVE-2021-29989
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29989
CVE-2021-29988
RESERVED
+ {DSA-4956-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -20429,6 +20500,7 @@ CVE-2021-29987
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29987
CVE-2021-29986
RESERVED
+ {DSA-4956-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -20437,6 +20509,7 @@ CVE-2021-29986
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29986
CVE-2021-29985
RESERVED
+ {DSA-4956-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -20445,6 +20518,7 @@ CVE-2021-29985
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29985
CVE-2021-29984
RESERVED
+ {DSA-4956-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -20469,6 +20543,7 @@ CVE-2021-29981
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29981
CVE-2021-29980
RESERVED
+ {DSA-4956-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
- thunderbird <unfixed>
@@ -39327,8 +39402,8 @@ CVE-2021-22100
RESERVED
CVE-2021-22099
RESERVED
-CVE-2021-22098
- RESERVED
+CVE-2021-22098 (UAA server versions prior to 75.4.0 are vulnerable to an open redirect ...)
+ TODO: check
CVE-2021-22097
RESERVED
CVE-2021-22096
@@ -52503,24 +52578,24 @@ CVE-2021-1116
RESERVED
CVE-2021-1115
RESERVED
-CVE-2021-1114
- RESERVED
-CVE-2021-1113
- RESERVED
-CVE-2021-1112
- RESERVED
-CVE-2021-1111
- RESERVED
-CVE-2021-1110
- RESERVED
-CVE-2021-1109
- RESERVED
-CVE-2021-1108
- RESERVED
-CVE-2021-1107
- RESERVED
-CVE-2021-1106
- RESERVED
+CVE-2021-1114 (NVIDIA Linux kernel distributions contain a vulnerability in the kerne ...)
+ TODO: check
+CVE-2021-1113 (NVIDIA camera firmware contains a vulnerability where an unauthorized ...)
+ TODO: check
+CVE-2021-1112 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...)
+ TODO: check
+CVE-2021-1111 (Bootloader contains a vulnerability in the NV3P server where any user ...)
+ TODO: check
+CVE-2021-1110 (NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerabi ...)
+ TODO: check
+CVE-2021-1109 (NVIDIA camera firmware contains a multistep, timing-related vulnerabil ...)
+ TODO: check
+CVE-2021-1108 (NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capt ...)
+ TODO: check
+CVE-2021-1107 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVM ...)
+ TODO: check
+CVE-2021-1106 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...)
+ TODO: check
CVE-2021-1105
RESERVED
CVE-2021-1104
@@ -62348,20 +62423,20 @@ CVE-2020-25568
RESERVED
CVE-2020-25567
RESERVED
-CVE-2020-25566
- RESERVED
-CVE-2020-25565
- RESERVED
-CVE-2020-25564
- RESERVED
-CVE-2020-25563
- RESERVED
-CVE-2020-25562
- RESERVED
-CVE-2020-25561
- RESERVED
-CVE-2020-25560
- RESERVED
+CVE-2020-25566 (In SapphireIMS 5.0, it is possible to take over an account by sending ...)
+ TODO: check
+CVE-2020-25565 (In SapphireIMS 5.0, it is possible to use the hardcoded credential in ...)
+ TODO: check
+CVE-2020-25564 (In SapphireIMS 5.0, it is possible to create local administrator on an ...)
+ TODO: check
+CVE-2020-25563 (In SapphireIMS 5.0, it is possible to create local administrator on an ...)
+ TODO: check
+CVE-2020-25562 (In SapphireIMS 5.0, there is no CSRF token present in the entire appli ...)
+ TODO: check
+CVE-2020-25561 (SapphireIMS 5 utilized default sapphire:ims credentials to connect the ...)
+ TODO: check
+CVE-2020-25560 (In SapphireIMS 5.0, it is possible to use the hardcoded credential in ...)
+ TODO: check
CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing print_set_output ...)
- gnuplot <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/gnuplot/bugs/2312/
@@ -71448,16 +71523,16 @@ CVE-2020-21365
RESERVED
CVE-2020-21364
RESERVED
-CVE-2020-21363
- RESERVED
-CVE-2020-21362
- RESERVED
+CVE-2020-21363 (An arbitrary file deletion vulnerability exists within Maccms10. ...)
+ TODO: check
+CVE-2020-21362 (A cross site scripting (XSS) vulnerability in the background search fu ...)
+ TODO: check
CVE-2020-21361
RESERVED
CVE-2020-21360
RESERVED
-CVE-2020-21359
- RESERVED
+CVE-2020-21359 (An arbitrary file upload vulnerability in the Template Upload function ...)
+ TODO: check
CVE-2020-21358 (A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attac ...)
NOT-FOR-US: Wage-CMS
CVE-2020-21357 (A stored cross site scripting (XSS) vulnerability in /admin.php?mod=us ...)
@@ -239524,14 +239599,14 @@ CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a
NOT-FOR-US: Joomla!
CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only i ...)
NOT-FOR-US: Joomla!
-CVE-2017-16632
- RESERVED
-CVE-2017-16631
- RESERVED
-CVE-2017-16630
- RESERVED
-CVE-2017-16629
- RESERVED
+CVE-2017-16632 (In SapphireIMS 4097_1, the password in the database is stored in Base6 ...)
+ TODO: check
+CVE-2017-16631 (In SapphireIMS 4097_1, a guest user is able to change the password of ...)
+ TODO: check
+CVE-2017-16630 (In SapphireIMS 4097_1, a guest user can create a local administrator a ...)
+ TODO: check
+CVE-2017-16629 (In SapphireIMS 4097_1, it is possible to guess the registered/active u ...)
+ TODO: check
CVE-2017-16628
RESERVED
CVE-2017-16627
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57044ee0934e62221608099763483ee871edd3e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57044ee0934e62221608099763483ee871edd3e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210812/8befa462/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list