[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 13 09:10:25 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9c18d55b by security tracker role at 2021-08-13T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...)
+ TODO: check
+CVE-2021-38613
+ RESERVED
+CVE-2021-38612
+ RESERVED
+CVE-2021-38611
+ RESERVED
CVE-2021-38610
RESERVED
CVE-2021-38609
@@ -12,10 +20,10 @@ CVE-2021-38605
RESERVED
CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/s ...)
TODO: check
-CVE-2021-38603
- RESERVED
-CVE-2021-38602
- RESERVED
+CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...)
+ TODO: check
+CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...)
+ TODO: check
CVE-2021-38601
RESERVED
CVE-2021-38600
@@ -525,8 +533,8 @@ CVE-2021-38368
RESERVED
CVE-2021-38367
RESERVED
-CVE-2021-38366
- RESERVED
+CVE-2021-38366 (Sitecore through 10.1, when Update Center is enabled, allows remote au ...)
+ TODO: check
CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remo ...)
NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
CVE-2021-3698
@@ -2072,16 +2080,16 @@ CVE-2021-37706
RESERVED
CVE-2021-37705
RESERVED
-CVE-2021-37704
- RESERVED
+CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...)
+ TODO: check
CVE-2021-37703
RESERVED
CVE-2021-37702
RESERVED
CVE-2021-37701
RESERVED
-CVE-2021-37700
- RESERVED
+CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown objects. ...)
+ TODO: check
CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...)
TODO: check
CVE-2021-37698
@@ -2090,116 +2098,116 @@ CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red D
TODO: check
CVE-2021-37696 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
TODO: check
-CVE-2021-37695
- RESERVED
+CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
+ TODO: check
CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...)
TODO: check
CVE-2021-37693
RESERVED
-CVE-2021-37692
- RESERVED
-CVE-2021-37691
- RESERVED
-CVE-2021-37690
- RESERVED
-CVE-2021-37689
- RESERVED
-CVE-2021-37688
- RESERVED
-CVE-2021-37687
- RESERVED
-CVE-2021-37686
- RESERVED
-CVE-2021-37685
- RESERVED
-CVE-2021-37684
- RESERVED
-CVE-2021-37683
- RESERVED
-CVE-2021-37682
- RESERVED
-CVE-2021-37681
- RESERVED
-CVE-2021-37680
- RESERVED
-CVE-2021-37679
- RESERVED
-CVE-2021-37678
- RESERVED
-CVE-2021-37677
- RESERVED
-CVE-2021-37676
- RESERVED
-CVE-2021-37675
- RESERVED
-CVE-2021-37674
- RESERVED
-CVE-2021-37673
- RESERVED
-CVE-2021-37672
- RESERVED
-CVE-2021-37671
- RESERVED
-CVE-2021-37670
- RESERVED
-CVE-2021-37669
- RESERVED
-CVE-2021-37668
- RESERVED
-CVE-2021-37667
- RESERVED
-CVE-2021-37666
- RESERVED
-CVE-2021-37665
- RESERVED
-CVE-2021-37664
- RESERVED
-CVE-2021-37663
- RESERVED
-CVE-2021-37662
- RESERVED
-CVE-2021-37661
- RESERVED
+CVE-2021-37692 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37691 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37690 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37689 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37688 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37687 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37686 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37685 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37684 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37683 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37682 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37681 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37680 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37679 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37678 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37677 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37676 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37675 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37674 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37673 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37672 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37671 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37670 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37669 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37668 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37667 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37666 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37665 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37664 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37663 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37662 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37661 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37660 (TensorFlow is an end-to-end open source platform for machine learning. ...)
TODO: check
-CVE-2021-37659
- RESERVED
-CVE-2021-37658
- RESERVED
-CVE-2021-37657
- RESERVED
-CVE-2021-37656
- RESERVED
-CVE-2021-37655
- RESERVED
-CVE-2021-37654
- RESERVED
+CVE-2021-37659 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37658 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37657 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37656 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37655 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37654 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37653 (TensorFlow is an end-to-end open source platform for machine learning. ...)
TODO: check
-CVE-2021-37652
- RESERVED
-CVE-2021-37651
- RESERVED
-CVE-2021-37650
- RESERVED
+CVE-2021-37652 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37651 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37650 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37649 (TensorFlow is an end-to-end open source platform for machine learning. ...)
TODO: check
-CVE-2021-37648
- RESERVED
+CVE-2021-37648 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37647 (TensorFlow is an end-to-end open source platform for machine learning. ...)
TODO: check
-CVE-2021-37646
- RESERVED
-CVE-2021-37645
- RESERVED
-CVE-2021-37644
- RESERVED
+CVE-2021-37646 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37645 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
+CVE-2021-37644 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37643 (TensorFlow is an end-to-end open source platform for machine learning. ...)
TODO: check
CVE-2021-37642 (TensorFlow is an end-to-end open source platform for machine learning. ...)
TODO: check
-CVE-2021-37641
- RESERVED
+CVE-2021-37641 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37640 (TensorFlow is an end-to-end open source platform for machine learning. ...)
TODO: check
CVE-2021-37639 (TensorFlow is an end-to-end open source platform for machine learning. ...)
@@ -2210,8 +2218,8 @@ CVE-2021-37637 (TensorFlow is an end-to-end open source platform for machine lea
TODO: check
CVE-2021-37636 (TensorFlow is an end-to-end open source platform for machine learning. ...)
TODO: check
-CVE-2021-37635
- RESERVED
+CVE-2021-37635 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ TODO: check
CVE-2021-37634 (Leafkit is a templating language with Swift-inspired syntax. Versions ...)
NOT-FOR-US: Leafkit
CVE-2021-37633 (Discourse is an open source discussion platform. In versions prior to ...)
@@ -2298,8 +2306,8 @@ CVE-2021-37603
RESERVED
CVE-2021-37602
RESERVED
-CVE-2021-37599
- RESERVED
+CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Winscribe ...)
+ TODO: check
CVE-2021-3668
RESERVED
CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can potentially cause ...)
@@ -4223,7 +4231,7 @@ CVE-2021-36747 (Blackboard Learn through 9.1 allows XSS by an authenticated user
NOT-FOR-US: Blackboard Learn
CVE-2021-36746 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...)
NOT-FOR-US: Blackboard Learn
-CVE-2020-36420 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1 allows denial of ...)
+CVE-2020-36420 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is o ...)
- polipo <removed>
[buster] - polipo <ignored> (Minor issue)
[stretch] - polipo <ignored> (Minor issue)
@@ -12311,8 +12319,8 @@ CVE-2021-33200 (kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforce
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/27/1
NOTE: Issue introduced due to fixes applied for CVE-2021-29155
-CVE-2021-33199
- RESERVED
+CVE-2021-33199 (In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.p ...)
+ TODO: check
CVE-2021-33198 (In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic fo ...)
- golang-1.16 1.16.5-1
- golang-1.15 1.15.9-5
@@ -12680,8 +12688,8 @@ CVE-2021-33058
RESERVED
CVE-2021-33057
RESERVED
-CVE-2021-33056
- RESERVED
+CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and other prod ...)
+ TODO: check
CVE-2021-33055
RESERVED
CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...)
@@ -12714,8 +12722,8 @@ CVE-2021-33045
RESERVED
CVE-2021-33044
RESERVED
-CVE-2020-36363
- RESERVED
+CVE-2020-36363 (Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_C ...)
+ TODO: check
CVE-2021-3554
RESERVED
CVE-2021-3553
@@ -16112,8 +16120,8 @@ CVE-2021-31733
RESERVED
CVE-2021-31732
RESERVED
-CVE-2021-31731
- RESERVED
+CVE-2021-31731 (A directory traversal issue in KiteCMS 1.1.1 allows remote administrat ...)
+ TODO: check
CVE-2021-31730
RESERVED
CVE-2021-31729
@@ -16178,8 +16186,8 @@ CVE-2021-31700
RESERVED
CVE-2021-31699
RESERVED
-CVE-2021-31698
- RESERVED
+CVE-2021-31698 (Quectel EG25-G devices through 202006130814 allow executing arbitrary ...)
+ TODO: check
CVE-2021-31697
RESERVED
CVE-2021-31696
@@ -16474,8 +16482,8 @@ CVE-2021-31568
RESERVED
CVE-2021-31557
RESERVED
-CVE-2021-31556
- RESERVED
+CVE-2021-31556 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...)
+ TODO: check
CVE-2021-31555 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...)
NOT-FOR-US: MediaWiki extension OAuth
CVE-2021-31554 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
@@ -22184,8 +22192,8 @@ CVE-2021-29379 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Lin
NOT-FOR-US: D-Link
CVE-2021-29378
RESERVED
-CVE-2021-29377
- RESERVED
+CVE-2021-29377 (Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerabil ...)
+ TODO: check
CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...)
- ircii-pana <removed>
- ircii 20210314-1 (bug #986214)
@@ -23334,8 +23342,8 @@ CVE-2021-28892
RESERVED
CVE-2021-28891
RESERVED
-CVE-2021-28890
- RESERVED
+CVE-2021-28890 (J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via th ...)
+ TODO: check
CVE-2021-28889
RESERVED
CVE-2021-28888
@@ -25176,8 +25184,8 @@ CVE-2021-28123 (Undocumented Default Cryptographic Key Vulnerability in Cohesity
NOT-FOR-US: Cohesity DataPlatform
CVE-2021-28122 (A request-validation issue was discovered in Open5GS 2.1.3 through 2.2 ...)
NOT-FOR-US: Open5GS
-CVE-2021-28121
- RESERVED
+CVE-2021-28121 (Virtual Robots.txt before 1.10 does not block HTML tags in the robots. ...)
+ TODO: check
CVE-2021-28120
RESERVED
CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command e ...)
@@ -69329,8 +69337,8 @@ CVE-2020-22405
RESERVED
CVE-2020-22404
RESERVED
-CVE-2020-22403
- RESERVED
+CVE-2020-22403 (The express-cart package through 1.1.10 for Node.js allows CSRF. ...)
+ TODO: check
CVE-2020-22402
RESERVED
CVE-2020-22401
@@ -72321,12 +72329,12 @@ CVE-2020-20992
RESERVED
CVE-2020-20991
RESERVED
-CVE-2020-20990
- RESERVED
-CVE-2020-20989
- RESERVED
-CVE-2020-20988
- RESERVED
+CVE-2020-20990 (A cross site scripting (XSS) vulnerability in the /segments/edit.php c ...)
+ TODO: check
+CVE-2020-20989 (A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmo ...)
+ TODO: check
+CVE-2020-20988 (A cross site scripting (XSS) vulnerability in the /domains/cost-by-own ...)
+ TODO: check
CVE-2020-20987
RESERVED
CVE-2020-20986
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c18d55b94faaac42376e45abaed43193143f0f1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c18d55b94faaac42376e45abaed43193143f0f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210813/7009ee5e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list