[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 13 21:10:39 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
56c1c8ee by security tracker role at 2021-08-13T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2021-38673
+ RESERVED
+CVE-2021-38672
+ RESERVED
+CVE-2021-38671
+ RESERVED
+CVE-2021-38670
+ RESERVED
+CVE-2021-38669
+ RESERVED
+CVE-2021-38668
+ RESERVED
+CVE-2021-38667
+ RESERVED
+CVE-2021-38666
+ RESERVED
+CVE-2021-38665
+ RESERVED
+CVE-2021-38664
+ RESERVED
+CVE-2021-38663
+ RESERVED
+CVE-2021-38662
+ RESERVED
+CVE-2021-38661
+ RESERVED
+CVE-2021-38660
+ RESERVED
+CVE-2021-38659
+ RESERVED
+CVE-2021-38658
+ RESERVED
+CVE-2021-38657
+ RESERVED
+CVE-2021-38656
+ RESERVED
+CVE-2021-38655
+ RESERVED
+CVE-2021-38654
+ RESERVED
+CVE-2021-38653
+ RESERVED
+CVE-2021-38652
+ RESERVED
+CVE-2021-38651
+ RESERVED
+CVE-2021-38650
+ RESERVED
+CVE-2021-38649
+ RESERVED
+CVE-2021-38648
+ RESERVED
+CVE-2021-38647
+ RESERVED
+CVE-2021-38646
+ RESERVED
+CVE-2021-38645
+ RESERVED
+CVE-2021-38644
+ RESERVED
+CVE-2021-38643
+ RESERVED
+CVE-2021-38642
+ RESERVED
+CVE-2021-38641
+ RESERVED
+CVE-2021-38640
+ RESERVED
+CVE-2021-38639
+ RESERVED
+CVE-2021-38638
+ RESERVED
+CVE-2021-38637
+ RESERVED
+CVE-2021-38636
+ RESERVED
+CVE-2021-38635
+ RESERVED
+CVE-2021-38634
+ RESERVED
+CVE-2021-38633
+ RESERVED
+CVE-2021-38632
+ RESERVED
+CVE-2021-38631
+ RESERVED
+CVE-2021-38630
+ RESERVED
+CVE-2021-38629
+ RESERVED
+CVE-2021-38628
+ RESERVED
+CVE-2021-38627
+ RESERVED
+CVE-2021-38626
+ RESERVED
+CVE-2021-38625
+ RESERVED
+CVE-2021-38624
+ RESERVED
+CVE-2021-38623 (The deferred_image_processing (aka Deferred image processing) extensio ...)
+ TODO: check
+CVE-2021-38622
+ RESERVED
+CVE-2021-38621 (The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index ...)
+ TODO: check
+CVE-2021-38620
+ RESERVED
+CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...)
+ TODO: check
+CVE-2021-38618
+ RESERVED
+CVE-2021-38617
+ RESERVED
+CVE-2021-38616
+ RESERVED
+CVE-2021-38615
+ RESERVED
+CVE-2021-3705
+ RESERVED
+CVE-2021-3704
+ RESERVED
CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...)
- polipo <removed>
[buster] - polipo <ignored> (Minor issue)
@@ -72,8 +194,8 @@ CVE-2021-38585 (The WHM Locale Upload feature in cPanel before 98.0.1 allows uns
NOT-FOR-US: cPanel
CVE-2021-38584 (The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attac ...)
NOT-FOR-US: cPanel
-CVE-2021-38583
- RESERVED
+CVE-2021-38583 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...)
+ TODO: check
CVE-2021-38582
RESERVED
CVE-2021-38581
@@ -138,10 +260,10 @@ CVE-2021-38556
RESERVED
CVE-2021-38555
RESERVED
-CVE-2021-38554
- RESERVED
-CVE-2021-38553
- RESERVED
+CVE-2021-38554 (HashiCorp Vault and Vault Enterprise’s UI erroneously cached and ...)
+ TODO: check
+CVE-2021-38553 (HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized a ...)
+ TODO: check
CVE-2021-38552
RESERVED
CVE-2021-38551
@@ -677,8 +799,8 @@ CVE-2021-38304
RESERVED
CVE-2021-38303
RESERVED
-CVE-2021-38302
- RESERVED
+CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...)
+ TODO: check
CVE-2021-38301
RESERVED
CVE-2021-38300
@@ -2091,8 +2213,8 @@ CVE-2021-37705
RESERVED
CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...)
TODO: check
-CVE-2021-37703
- RESERVED
+CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...)
+ TODO: check
CVE-2021-37702
RESERVED
CVE-2021-37701
@@ -2113,8 +2235,8 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content
NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...)
TODO: check
-CVE-2021-37693
- RESERVED
+CVE-2021-37693 (Discourse is an open-source platform for community discussion. In Disc ...)
+ TODO: check
CVE-2021-37692 (TensorFlow is an end-to-end open source platform for machine learning. ...)
- tensorflow <itp> (bug #804612)
CVE-2021-37691 (TensorFlow is an end-to-end open source platform for machine learning. ...)
@@ -2353,8 +2475,8 @@ CVE-2021-37588 (In Charm 0.43, any two users can collude to achieve the ability
NOT-FOR-US: Charm
CVE-2021-37587 (In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 dat ...)
NOT-FOR-US: Charm
-CVE-2021-37586
- RESERVED
+CVE-2021-37586 (The PowerPlay Web component of Mitel Interaction Recording Multitenanc ...)
+ TODO: check
CVE-2021-37585
RESERVED
CVE-2021-37584
@@ -2849,28 +2971,28 @@ CVE-2021-37355
RESERVED
CVE-2021-37354
RESERVED
-CVE-2021-37353
- RESERVED
-CVE-2021-37352
- RESERVED
-CVE-2021-37351
- RESERVED
-CVE-2021-37350
- RESERVED
-CVE-2021-37349
- RESERVED
-CVE-2021-37348
- RESERVED
-CVE-2021-37347
- RESERVED
-CVE-2021-37346
- RESERVED
-CVE-2021-37345
- RESERVED
-CVE-2021-37344
- RESERVED
-CVE-2021-37343
- RESERVED
+CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due ...)
+ TODO: check
+CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before version 5.8. ...)
+ TODO: check
+CVE-2021-37351 (Nagios XI before version 5.8.5 is vulnerable to insecure permissions a ...)
+ TODO: check
+CVE-2021-37350 (Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerab ...)
+ TODO: check
+CVE-2021-37349 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
+ TODO: check
+CVE-2021-37348 (Nagios XI before version 5.8.5 is vulnerable to local file inclusion t ...)
+ TODO: check
+CVE-2021-37347 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
+ TODO: check
+CVE-2021-37346 (Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remo ...)
+ TODO: check
+CVE-2021-37345 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
+ TODO: check
+CVE-2021-37344 (Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote c ...)
+ TODO: check
+CVE-2021-37343 (A path traversal vulnerability exists in Nagios XI below version 5.8.5 ...)
+ TODO: check
CVE-2021-37342
RESERVED
CVE-2021-37341
@@ -3533,8 +3655,8 @@ CVE-2021-37030
RESERVED
CVE-2021-37029
RESERVED
-CVE-2021-37028
- RESERVED
+CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q product. Whe ...)
+ TODO: check
CVE-2021-37027
RESERVED
CVE-2021-37026
@@ -4074,24 +4196,24 @@ CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow privile
NOT-FOR-US: Cohesity
CVE-2021-36794
RESERVED
-CVE-2021-36793
- RESERVED
-CVE-2021-36792
- RESERVED
-CVE-2021-36791
- RESERVED
-CVE-2021-36790
- RESERVED
-CVE-2021-36789
- RESERVED
-CVE-2021-36788
- RESERVED
-CVE-2021-36787
- RESERVED
-CVE-2021-36786
- RESERVED
-CVE-2021-36785
- RESERVED
+CVE-2021-36793 (The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, ...)
+ TODO: check
+CVE-2021-36792 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has ...)
+ TODO: check
+CVE-2021-36791 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...)
+ TODO: check
+CVE-2021-36790 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...)
+ TODO: check
+CVE-2021-36789 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...)
+ TODO: check
+CVE-2021-36788 (The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows ...)
+ TODO: check
+CVE-2021-36787 (The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 al ...)
+ TODO: check
+CVE-2021-36786 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...)
+ TODO: check
+CVE-2021-36785 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...)
+ TODO: check
CVE-2021-36784
RESERVED
CVE-2021-36783
@@ -5015,8 +5137,8 @@ CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, a
NOT-FOR-US: Devolutions Server
CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthenticat ...)
NOT-FOR-US: Edifecs
-CVE-2021-36380
- RESERVED
+CVE-2021-36380 (Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command I ...)
+ TODO: check
CVE-2021-36379
REJECTED
CVE-2021-36378
@@ -5528,8 +5650,7 @@ CVE-2021-36151
RESERVED
CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...)
NOT-FOR-US: OpenShift
-CVE-2021-3635 [flowtable list del corruption with kernel BUG at lib/list_debug.c:50]
- RESERVED
+CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation in versi ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1976946
CVE-2021-3634
@@ -8568,8 +8689,8 @@ CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches
NOTE: '--require-ssl' flag added in https://github.com/quassel/quassel/pull/43
CVE-2021-34824 (Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely explo ...)
NOT-FOR-US: Istio
-CVE-2021-34823
- RESERVED
+CVE-2021-34823 (The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 fo ...)
+ TODO: check
CVE-2021-34822
RESERVED
CVE-2021-34821 (Cross Site Scripting (XSS) vulnerability exists in AAT Novus Managemen ...)
@@ -9586,8 +9707,8 @@ CVE-2021-34400
RESERVED
CVE-2021-34399
RESERVED
-CVE-2021-34398
- RESERVED
+CVE-2021-34398 (NVIDIA DCGM contains a vulnerability in the DIAG module where any user ...)
+ TODO: check
CVE-2021-34397 (Bootloader contains a vulnerability in NVIDIA MB2, which may cause fre ...)
NOT-FOR-US: NVIDIA
CVE-2021-34396 (Bootloader contains a vulnerability in access permission settings wher ...)
@@ -10945,8 +11066,7 @@ CVE-2021-33797
RESERVED
CVE-2021-33796
RESERVED
-CVE-2021-3573
- RESERVED
+CVE-2021-3573 (A use-after-free in function hci_sock_bound_ioctl() of the Linux kerne ...)
{DLA-2690-1 DLA-2689-1}
- linux 5.10.46-1
[buster] - linux 4.19.194-1
@@ -15007,18 +15127,18 @@ CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 al
NOT-FOR-US: HashiCorp vault-action (aka Vault GitHub Action)
CVE-2021-32073 (DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote at ...)
NOT-FOR-US: DedeCMS
-CVE-2021-32072
- RESERVED
-CVE-2021-32071
- RESERVED
-CVE-2021-32070
- RESERVED
-CVE-2021-32069
- RESERVED
-CVE-2021-32068
- RESERVED
-CVE-2021-32067
- RESERVED
+CVE-2021-32072 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
+ TODO: check
+CVE-2021-32071 (The MiCollab Client service in Mitel MiCollab before 9.3 could allow a ...)
+ TODO: check
+CVE-2021-32070 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
+ TODO: check
+CVE-2021-32069 (The AWV component of Mitel MiCollab before 9.3 could allow an attacker ...)
+ TODO: check
+CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel MiCollab befor ...)
+ TODO: check
+CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
+ TODO: check
CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
@@ -16961,8 +17081,8 @@ CVE-2021-31401
RESERVED
CVE-2021-31400
RESERVED
-CVE-2021-31399
- RESERVED
+CVE-2021-31399 (On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the ...)
+ TODO: check
CVE-2021-31398
RESERVED
CVE-2021-31397
@@ -20942,8 +21062,8 @@ CVE-2021-29882
RESERVED
CVE-2021-29881
RESERVED
-CVE-2021-29880
- RESERVED
+CVE-2021-29880 (IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or mult ...)
+ TODO: check
CVE-2021-29879
RESERVED
CVE-2021-29878
@@ -26161,8 +26281,8 @@ CVE-2021-27743
RESERVED
CVE-2021-27742
RESERVED
-CVE-2021-27741
- RESERVED
+CVE-2021-27741 (" Security vulnerability in HCL Commerce Management Center allowing XM ...)
+ TODO: check
CVE-2021-27740
RESERVED
CVE-2021-27739
@@ -26894,10 +27014,10 @@ CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow
NOT-FOR-US: Askey devices
CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-b ...)
NOT-FOR-US: Askey devices
-CVE-2021-27402
- RESERVED
-CVE-2021-27401
- RESERVED
+CVE-2021-27402 (The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an u ...)
+ TODO: check
+CVE-2021-27401 (The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 coul ...)
+ TODO: check
CVE-2021-27400 (HashiCorp Vault and Vault Enterprise Cassandra integrations (storage b ...)
NOT-FOR-US: HashiCorp Vault and Vault Enterprise
CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has one out ...)
@@ -29032,8 +29152,8 @@ CVE-2021-3354
RESERVED
CVE-2021-3353
RESERVED
-CVE-2021-3352
- RESERVED
+CVE-2021-3352 (The Software Development Kit in Mitel MiContact Center Business from 8 ...)
+ TODO: check
CVE-2021-3351 (OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device ...)
NOT-FOR-US: OpenPLC
CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...)
@@ -40031,10 +40151,10 @@ CVE-2021-21832
RESERVED
CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
-CVE-2021-21830
- RESERVED
-CVE-2021-21829
- RESERVED
+CVE-2021-21830 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ TODO: check
+CVE-2021-21829 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ TODO: check
CVE-2021-21828
RESERVED
CVE-2021-21827
@@ -52674,8 +52794,8 @@ CVE-2021-1106 (NVIDIA Linux kernel distributions contain a vulnerability in nvma
NOT-FOR-US: NVIDIA
CVE-2021-1105
RESERVED
-CVE-2021-1104
- RESERVED
+CVE-2021-1104 (The RISC-V Instruction Set Manual contains a documented ambiguity for ...)
+ TODO: check
CVE-2021-1103 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
NOT-FOR-US: NVIDIA vGPU software
CVE-2021-1102 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
@@ -76895,20 +77015,20 @@ CVE-2020-18761
RESERVED
CVE-2020-18760
RESERVED
-CVE-2020-18759
- RESERVED
-CVE-2020-18758
- RESERVED
-CVE-2020-18757
- RESERVED
-CVE-2020-18756
- RESERVED
+CVE-2020-18759 (An information disclosure vulnerability exists in the EPA protocol of ...)
+ TODO: check
+CVE-2020-18758 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...)
+ TODO: check
+CVE-2020-18757 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...)
+ TODO: check
+CVE-2020-18756 (An arbitrary memory access vulnerability in the EPA protocol of Dut Co ...)
+ TODO: check
CVE-2020-18755
RESERVED
-CVE-2020-18754
- RESERVED
-CVE-2020-18753
- RESERVED
+CVE-2020-18754 (An information disclosure vulnerability exists within Dut Computer Con ...)
+ TODO: check
+CVE-2020-18753 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...)
+ TODO: check
CVE-2020-18752
RESERVED
CVE-2020-18751
@@ -198519,7 +198639,7 @@ CVE-2018-13845 (An issue has been found in HTSlib 1.8. It is a buffer over-read
[stretch] - htslib <no-dsa> (Minor issue)
[jessie] - htslib <no-dsa> (Minor issue)
NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403681105
-CVE-2018-13844 (An issue has been found in HTSlib 1.8. It is a memory leak in fai_read ...)
+CVE-2018-13844 (** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory l ...)
- htslib 1.9-2 (low)
[stretch] - htslib <no-dsa> (Minor issue)
[jessie] - htslib <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56c1c8eebdbe204fa8e4f3e1c798bec452287f28
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56c1c8eebdbe204fa8e4f3e1c798bec452287f28
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210813/90a0bf5e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list