[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 17 21:10:48 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b7da41b by security tracker role at 2021-08-17T20:10:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2021-39245
+ RESERVED
+CVE-2021-39244
+ RESERVED
+CVE-2021-39243
+ RESERVED
+CVE-2021-39242 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...)
+ TODO: check
+CVE-2021-39241 (An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ...)
+ TODO: check
+CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...)
+ TODO: check
+CVE-2021-39239
+ RESERVED
+CVE-2021-39238
+ RESERVED
+CVE-2021-39237
+ RESERVED
+CVE-2021-39236
+ RESERVED
+CVE-2021-39235
+ RESERVED
+CVE-2021-39234
+ RESERVED
+CVE-2021-39233
+ RESERVED
+CVE-2021-39232
+ RESERVED
+CVE-2021-39231
+ RESERVED
+CVE-2021-3713
+ RESERVED
CVE-2021-XXXX [HTTP/2 vulnerabilities from 2.0 to 2.5-dev]
- haproxy <unfixed>
[bullseye] - haproxy 2.2.9-2+deb11u1
@@ -3351,7 +3383,7 @@ CVE-2021-37709 (Shopware is an open source eCommerce platform. Versions prior to
NOT-FOR-US: Shopware
CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
NOT-FOR-US: Shopware
-CVE-2021-37707 (### Impact Manipulation of product reviews via API ### Patches We reco ...)
+CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
NOT-FOR-US: Shopware
CVE-2021-37706
RESERVED
@@ -6876,8 +6908,8 @@ CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile
NOT-FOR-US: Echo ShareCare
CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...)
NOT-FOR-US: Echo ShareCare
-CVE-2021-3633
- RESERVED
+CVE-2021-3633 (A DLL preloading vulnerability was reported in Lenovo Driver Managemen ...)
+ TODO: check
CVE-2021-36120
RESERVED
CVE-2021-36119
@@ -8374,8 +8406,8 @@ CVE-2021-35494
RESERVED
CVE-2021-35493
RESERVED
-CVE-2021-3619
- RESERVED
+CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...)
+ TODO: check
CVE-2021-35492
RESERVED
CVE-2021-35491
@@ -8438,12 +8470,12 @@ CVE-2021-3618
NOTE: * Add ssl_sni_hostname option to require a match on incoming SNI hostname.
NOTE: sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2
NOTE: exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html
-CVE-2021-3617
- RESERVED
-CVE-2021-3616
- RESERVED
-CVE-2021-3615
- RESERVED
+CVE-2021-3617 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+ TODO: check
+CVE-2021-3616 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+ TODO: check
+CVE-2021-3615 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+ TODO: check
CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems that coul ...)
NOT-FOR-US: Lenovo
CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache ...)
@@ -10851,7 +10883,7 @@ CVE-2021-34409
CVE-2021-34408
RESERVED
CVE-2021-34407
- RESERVED
+ REJECTED
CVE-2021-34406
RESERVED
CVE-2021-34405
@@ -14519,10 +14551,10 @@ CVE-2021-32832
RESERVED
CVE-2021-32831
RESERVED
-CVE-2021-32830
- RESERVED
-CVE-2021-32829
- RESERVED
+CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont ...)
+ TODO: check
+CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...)
+ TODO: check
CVE-2021-32828
RESERVED
CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...)
@@ -23648,8 +23680,8 @@ CVE-2021-29315
RESERVED
CVE-2021-29314
RESERVED
-CVE-2021-29313
- RESERVED
+CVE-2021-29313 (Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the ...)
+ TODO: check
CVE-2021-29312
RESERVED
CVE-2021-29311
@@ -24188,10 +24220,10 @@ CVE-2021-29083 (Improper neutralization of special elements used in an OS comman
NOT-FOR-US: Synology
CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not proper ...)
NOT-FOR-US: Motorola MH702x devices
-CVE-2021-3459
- RESERVED
-CVE-2021-3458
- RESERVED
+CVE-2021-3459 (A privilege escalation vulnerability was reported in the MM1000 device ...)
+ TODO: check
+CVE-2021-3458 (The Motorola MM1000 device configuration portal can be accessed withou ...)
+ TODO: check
CVE-2021-29082 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
NOT-FOR-US: NETGEAR
CVE-2021-29081 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
@@ -24254,8 +24286,8 @@ CVE-2021-29058
RESERVED
CVE-2021-29057
RESERVED
-CVE-2021-29056
- RESERVED
+CVE-2021-29056 (Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via ...)
+ TODO: check
CVE-2021-29055
RESERVED
CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...)
@@ -31790,10 +31822,10 @@ CVE-2021-25959
RESERVED
CVE-2021-25958
RESERVED
-CVE-2021-25957
- RESERVED
-CVE-2021-25956
- RESERVED
+CVE-2021-25957 (In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerabl ...)
+ TODO: check
+CVE-2021-25956 (In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 ...)
+ TODO: check
CVE-2021-25955 (In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v1 ...)
- dolibarr <removed>
NOTE: https://github.com/Dolibarr/dolibarr/commit/796b2d201acb9938b903fb2afa297db289ecc93e
@@ -33684,8 +33716,8 @@ CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connec
NOT-FOR-US: Sophos Connect Client
CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...)
NOT-FOR-US: Sophos
-CVE-2021-25263
- RESERVED
+CVE-2021-25263 (Clickhouse prior to versions v20.8.18.32-lts, v21.1.9.41-stable, v21.2 ...)
+ TODO: check
CVE-2021-25262
RESERVED
CVE-2021-25261
@@ -40646,8 +40678,8 @@ CVE-2021-22158 (The Proofpoint Insider Threat Management Server (formerly Observ
NOT-FOR-US: Proofpoint Insider Threat Management Server
CVE-2021-22157 (Proofpoint Insider Threat Management Server (formerly ObserveIT Server ...)
NOT-FOR-US: Proofpoint Insider Threat Management Server
-CVE-2021-22156
- RESERVED
+CVE-2021-22156 (An integer overflow vulnerability in the calloc() function of the C ru ...)
+ TODO: check
CVE-2021-22155 (An Authentication Bypass vulnerability in the SAML Authentication comp ...)
NOT-FOR-US: BlackBerry Workspaces Server
CVE-2021-22154 (An Information Disclosure vulnerability in the Management Console comp ...)
@@ -41323,8 +41355,8 @@ CVE-2021-21834
RESERVED
CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...)
NOT-FOR-US: Accusoft ImageGear
-CVE-2021-21832
- RESERVED
+CVE-2021-21832 (A VULNERABILITY_CLASS vulnerability exists in the FEATURE functionalit ...)
+ TODO: check
CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
CVE-2021-21830 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
@@ -50458,8 +50490,8 @@ CVE-2020-29550 (An issue was discovered in URVE Build 24.03.2020. The password o
NOT-FOR-US: URVE
CVE-2020-29549
RESERVED
-CVE-2020-29548
- RESERVED
+CVE-2020-29548 (An issue was discovered in SmarterTools SmarterMail through 100.0.7537 ...)
+ TODO: check
CVE-2020-29547
RESERVED
CVE-2020-29546
@@ -52347,8 +52379,8 @@ CVE-2020-28848
RESERVED
CVE-2020-28847
RESERVED
-CVE-2020-28846
- RESERVED
+CVE-2020-28846 (Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 ...)
+ TODO: check
CVE-2020-28845 (A CSV injection vulnerability in the Admin portal for Netskope 75.0 al ...)
NOT-FOR-US: Admin portal for Netskope
CVE-2020-28844
@@ -55525,27 +55557,21 @@ CVE-2021-0648
RESERVED
CVE-2021-0647
RESERVED
-CVE-2021-0646
- RESERVED
+CVE-2021-0646 (In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bound ...)
NOT-FOR-US: Android
-CVE-2021-0645
- RESERVED
+CVE-2021-0645 (In shouldBlockFromTree of ExternalStorageProvider.java, there is a pos ...)
NOT-FOR-US: Android
CVE-2021-0644
RESERVED
CVE-2021-0643
RESERVED
-CVE-2021-0642
- RESERVED
+CVE-2021-0642 (In onResume of VoicemailSettingsFragment.java, there is a possible way ...)
NOT-FOR-US: Android
-CVE-2021-0641
- RESERVED
+CVE-2021-0641 (In getAvailableSubscriptionInfoList of SubscriptionController.java, th ...)
NOT-FOR-US: Android
-CVE-2021-0640
- RESERVED
+CVE-2021-0640 (In noteAtomLogged of StatsdStats.cpp, there is a possible out of bound ...)
NOT-FOR-US: Android
-CVE-2021-0639
- RESERVED
+CVE-2021-0639 (In multiple functions of libl3oemcrypto.cpp, there is a possible weakn ...)
NOT-FOR-US: Widevine
CVE-2021-0638
RESERVED
@@ -55641,13 +55667,11 @@ CVE-2021-0595
RESERVED
CVE-2021-0594 (In onCreate of ConfirmConnectActivity, there is a possible remote bypa ...)
NOT-FOR-US: Android
-CVE-2021-0593
- RESERVED
+CVE-2021-0593 (In sendDevicePickedIntent of DevicePickerFragment.java, there is a pos ...)
NOT-FOR-US: Android
CVE-2021-0592 (In various functions in WideVine, there are possible out of bounds wri ...)
NOT-FOR-US: Widevine
-CVE-2021-0591
- RESERVED
+CVE-2021-0591 (In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, ther ...)
NOT-FOR-US: Android
CVE-2021-0590 (In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a p ...)
NOT-FOR-US: Android
@@ -55661,38 +55685,29 @@ CVE-2021-0586 (In onCreate of DevicePickerFragment.java, there is a possible way
NOT-FOR-US: Android
CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a possible ...)
NOT-FOR-US: Android
-CVE-2021-0584
- RESERVED
+CVE-2021-0584 (In verifyBufferObject of Parcel.cpp, there is a possible out of bounds ...)
NOT-FOR-US: Android
CVE-2021-0583
RESERVED
-CVE-2021-0582
- RESERVED
+CVE-2021-0582 (In wifi driver, there is a possible out of bounds read due to a missin ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0581
- RESERVED
+CVE-2021-0581 (In wifi driver, there is a possible out of bounds read due to a missin ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0580
- RESERVED
+CVE-2021-0580 (In wifi driver, there is a possible out of bounds read due to a missin ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0579
- RESERVED
+CVE-2021-0579 (In wifi driver, there is a possible out of bounds read due to a missin ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0578
- RESERVED
+CVE-2021-0578 (In wifi driver, there is a possible out of bounds read due to a missin ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0577 (In flv extractor, there is a possible out of bounds write due to a hea ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0576
- RESERVED
+CVE-2021-0576 (In flv extractor, there is a possible out of bounds write due to a mis ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0575
RESERVED
-CVE-2021-0574
- RESERVED
+CVE-2021-0574 (In asf extractor, there is a possible out of bounds write due to a mis ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0573
- RESERVED
+CVE-2021-0573 (In asf extractor, there is a possible out of bounds write due to a mis ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0572 (In doNotification of AccountManagerService.java, there is a possible p ...)
NOT-FOR-US: Android
@@ -55800,8 +55815,7 @@ CVE-2021-0521 (In getAllPackages of PackageManagerService, there is a possible i
NOT-FOR-US: Android
CVE-2021-0520 (In several functions of MemoryFileSystem.cpp and related files, there ...)
NOT-FOR-US: Android media framework
-CVE-2021-0519
- RESERVED
+CVE-2021-0519 (In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of b ...)
NOT-FOR-US: Google Play
CVE-2021-0518 (In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there i ...)
NOT-FOR-US: Android
@@ -69600,8 +69614,8 @@ CVE-2020-22939
RESERVED
CVE-2020-22938
RESERVED
-CVE-2020-22937
- RESERVED
+CVE-2020-22937 (A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 ...)
+ TODO: check
CVE-2020-22936
RESERVED
CVE-2020-22935
@@ -84320,8 +84334,8 @@ CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Dec
NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T)
CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...)
NOT-FOR-US: ACTi NVR3 Standard Server
-CVE-2020-15955
- RESERVED
+CVE-2020-15955 (In s/qmail through 4.0.07, an active MitM can inject arbitrary plainte ...)
+ TODO: check
CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...)
{DLA-2300-1}
- kdepim-runtime 4:20.04.1-2 (bug #966666)
@@ -114913,8 +114927,8 @@ CVE-2020-4994
RESERVED
CVE-2020-4993 (IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature ...)
NOT-FOR-US: IBM
-CVE-2020-4992
- RESERVED
+CVE-2020-4992 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to ...)
+ TODO: check
CVE-2020-4991
RESERVED
CVE-2020-4990 (IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote at ...)
@@ -115488,8 +115502,8 @@ CVE-2020-4708 (IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some
NOT-FOR-US: IBM
CVE-2020-4707 (IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site s ...)
NOT-FOR-US: IBM
-CVE-2020-4706
- RESERVED
+CVE-2020-4706 (IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header ...)
+ TODO: check
CVE-2020-4705 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
NOT-FOR-US: IBM
CVE-2020-4704 (IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripti ...)
@@ -190443,7 +190457,7 @@ CVE-2018-17367
RESERVED
CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability t ...)
NOT-FOR-US: MCMS
-CVE-2018-17365 (SeaCMS 6.64 allows remote attackers to delete arbitrary files via the ...)
+CVE-2018-17365 (SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files ...)
NOT-FOR-US: SeaCMS
CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via t ...)
NOT-FOR-US: OTCMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b7da41ba24baea1e58693fef728e3adee9d61c6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b7da41ba24baea1e58693fef728e3adee9d61c6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210817/35c1fd64/attachment.htm>
More information about the debian-security-tracker-commits
mailing list