[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 18 09:10:27 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
531a20c3 by security tracker role at 2021-08-18T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2021-39274
+ RESERVED
+CVE-2021-39273
+ RESERVED
+CVE-2021-39272
+ RESERVED
+CVE-2021-39271
+ RESERVED
+CVE-2021-39270
+ RESERVED
+CVE-2021-39269
+ RESERVED
+CVE-2021-39268 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...)
+ TODO: check
+CVE-2021-39267 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...)
+ TODO: check
+CVE-2021-39266
+ RESERVED
+CVE-2021-39265
+ RESERVED
+CVE-2021-39264
+ RESERVED
+CVE-2021-39263
+ RESERVED
+CVE-2021-39262
+ RESERVED
+CVE-2021-39261
+ RESERVED
+CVE-2021-39260
+ RESERVED
+CVE-2021-39259
+ RESERVED
+CVE-2021-39258
+ RESERVED
+CVE-2021-39257
+ RESERVED
+CVE-2021-39256
+ RESERVED
+CVE-2021-39255
+ RESERVED
+CVE-2021-39254
+ RESERVED
+CVE-2021-39253
+ RESERVED
+CVE-2021-39252
+ RESERVED
+CVE-2021-39251
+ RESERVED
+CVE-2021-39250 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...)
+ TODO: check
+CVE-2021-39249 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...)
+ TODO: check
+CVE-2021-39248 (Open edX through Lilac.1 allows XSS in common/static/common/js/discuss ...)
+ TODO: check
+CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, ...)
+ TODO: check
+CVE-2021-39246
+ RESERVED
+CVE-2021-3716
+ RESERVED
+CVE-2021-3715
+ RESERVED
+CVE-2021-3714
+ RESERVED
CVE-2021-39245
RESERVED
CVE-2021-39244
@@ -5,16 +69,19 @@ CVE-2021-39244
CVE-2021-39243
RESERVED
CVE-2021-39242 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...)
+ {DSA-4960-1}
- haproxy <unfixed>
[buster] - haproxy <not-affected> (Vulnerable code introduced later)
NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=b5d2b9e154d78e4075db163826c5e0f6d31b2ab1
CVE-2021-39241 (An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ...)
+ {DSA-4960-1}
- haproxy <unfixed>
[buster] - haproxy <not-affected> (Vulnerable code introduced later)
NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=89265224d314a056d77d974284802c1b8a0dc97f
CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...)
+ {DSA-4960-1}
- haproxy <unfixed>
[buster] - haproxy <not-affected> (Vulnerable code introduced later)
NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
@@ -238,8 +305,8 @@ CVE-2021-39133
RESERVED
CVE-2021-39132
RESERVED
-CVE-2021-39131
- RESERVED
+CVE-2021-39131 (ced detects character encoding using Google’s compact_enc_det li ...)
+ TODO: check
CVE-2021-39130
RESERVED
CVE-2021-39129
@@ -1111,8 +1178,8 @@ CVE-2021-3708 (D-Link router DSL-2750U with firmware vME1.16 or prior versions i
NOT-FOR-US: D-Link
CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...)
NOT-FOR-US: D-Link
-CVE-2021-38702
- RESERVED
+CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 a ...)
+ TODO: check
CVE-2021-38701
RESERVED
CVE-2021-38700
@@ -11967,7 +12034,7 @@ CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. Ther
[stretch] - linux 4.9.80-1
NOTE: https://git.kernel.org/linus/a0ff660058b88d12625a783ce9e5c1371c87951f
CVE-2021-3587 [nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect]
- RESERVED
+ REJECTED
{DLA-2690-1 DLA-2689-1}
- linux 5.10.46-1
[buster] - linux 4.19.194-1
@@ -21879,12 +21946,10 @@ CVE-2021-29992
RESERVED
CVE-2021-29991
RESERVED
-CVE-2021-29990
- RESERVED
+CVE-2021-29990 (Mozilla developers and community members reported memory safety bugs p ...)
- firefox 91.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990
-CVE-2021-29989
- RESERVED
+CVE-2021-29989 (Mozilla developers reported memory safety bugs present in Firefox 90 a ...)
{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
@@ -21892,8 +21957,7 @@ CVE-2021-29989
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29989
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29989
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29989
-CVE-2021-29988
- RESERVED
+CVE-2021-29988 (Firefox incorrectly treated an inline list-item element as a block ele ...)
{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
@@ -21901,14 +21965,12 @@ CVE-2021-29988
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29988
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29988
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29988
-CVE-2021-29987
- RESERVED
+CVE-2021-29987 (After requesting multiple permissions, and closing the first permissio ...)
- firefox 91.0-1
- thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29987
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29987
-CVE-2021-29986
- RESERVED
+CVE-2021-29986 (A suspected race condition when calling getaddrinfo led to memory corr ...)
{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
@@ -21916,8 +21978,7 @@ CVE-2021-29986
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29986
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29986
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29986
-CVE-2021-29985
- RESERVED
+CVE-2021-29985 (A use-after-free vulnerability in media channels could have led to mem ...)
{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
@@ -21925,8 +21986,7 @@ CVE-2021-29985
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29985
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29985
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29985
-CVE-2021-29984
- RESERVED
+CVE-2021-29984 (Instruction reordering resulted in a sequence of instructions that wou ...)
{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
@@ -21934,24 +21994,20 @@ CVE-2021-29984
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29984
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29984
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29984
-CVE-2021-29983
- RESERVED
+CVE-2021-29983 (Firefox for Android could get stuck in fullscreen mode and not exit it ...)
- firefox <not-affected> (Only affects Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29983
-CVE-2021-29982
- RESERVED
+CVE-2021-29982 (Due to incorrect JIT optimization, we incorrectly interpreted data fro ...)
- firefox 91.0-1
- thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29982
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29982
-CVE-2021-29981
- RESERVED
+CVE-2021-29981 (An issue present in lowering/register allocation could have led to obs ...)
- firefox 91.0-1
- thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29981
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29981
-CVE-2021-29980
- RESERVED
+CVE-2021-29980 (Uninitialized memory in a canvas object could have caused an incorrect ...)
{DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
- firefox 91.0-1
- firefox-esr 78.13.0esr-1
@@ -25903,8 +25959,8 @@ CVE-2021-28373 (The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 20
NOTE: https://community.tt-rss.org/t/check-password-not-called-if-otp-is-enabled-update-asap-if-youre-using-2fa/4502
NOTE: Introduced by: https://git.tt-rss.org/fox/tt-rss/commit/3fd785654372d493c031d9b541ab33a881023a32
NOTE: Fixed by: https://git.tt-rss.org/fox/tt-rss/commit/4949e1a59059d9e72ba7a98f783cec312c06c6d2
-CVE-2021-28372
- RESERVED
+CVE-2021-28372 (ThroughTek's Kalay Platform 2.0 network allows an attacker to imperson ...)
+ TODO: check
CVE-2021-28371
RESERVED
CVE-2021-28370
@@ -41412,8 +41468,8 @@ CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the comman
NOT-FOR-US: Xmill (AT&T Labs)
CVE-2021-21811
RESERVED
-CVE-2021-21810
- RESERVED
+CVE-2021-21810 (A memory corruption vulnerability exists in the XML-parsing ParseAttri ...)
+ TODO: check
CVE-2021-21809 (A command execution vulnerability exists in the default legacy spellch ...)
NOT-FOR-US: Moodle plugin
CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...)
@@ -45388,8 +45444,8 @@ CVE-2021-20794
RESERVED
CVE-2021-20793
RESERVED
-CVE-2021-20792
- RESERVED
+CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions ...)
+ TODO: check
CVE-2021-20791
RESERVED
CVE-2021-20790
@@ -45422,52 +45478,52 @@ CVE-2021-20777 (Improper authorization in handler for custom URL scheme vulnerab
NOT-FOR-US: GU App for Android
CVE-2021-20776 (Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR ...)
NOT-FOR-US: SCT-40CM01SR and AT-40CM01SR
-CVE-2021-20775
- RESERVED
-CVE-2021-20774
- RESERVED
-CVE-2021-20773
- RESERVED
-CVE-2021-20772
- RESERVED
-CVE-2021-20771
- RESERVED
-CVE-2021-20770
- RESERVED
-CVE-2021-20769
- RESERVED
-CVE-2021-20768
- RESERVED
-CVE-2021-20767
- RESERVED
-CVE-2021-20766
- RESERVED
-CVE-2021-20765
- RESERVED
-CVE-2021-20764
- RESERVED
-CVE-2021-20763
- RESERVED
-CVE-2021-20762
- RESERVED
-CVE-2021-20761
- RESERVED
-CVE-2021-20760
- RESERVED
-CVE-2021-20759
- RESERVED
-CVE-2021-20758
- RESERVED
-CVE-2021-20757
- RESERVED
-CVE-2021-20756
- RESERVED
-CVE-2021-20755
- RESERVED
-CVE-2021-20754
- RESERVED
-CVE-2021-20753
- RESERVED
+CVE-2021-20775 (Improper input validation vulnerability in Bulletin of Cybozu Garoon 4 ...)
+ TODO: check
+CVE-2021-20774 (Cross-site scripting vulnerability in some functions of E-mail of Cybo ...)
+ TODO: check
+CVE-2021-20773 (There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, ...)
+ TODO: check
+CVE-2021-20772 (Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10 ...)
+ TODO: check
+CVE-2021-20771 (Cross-site scripting vulnerability in some functions of Group Mail of ...)
+ TODO: check
+CVE-2021-20770 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 t ...)
+ TODO: check
+CVE-2021-20769 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 ...)
+ TODO: check
+CVE-2021-20768 (Operational restrictions bypass vulnerability in Scheduler and MultiRe ...)
+ TODO: check
+CVE-2021-20767 (Cross-site scripting vulnerability in Full Text Search of Cybozu Garoo ...)
+ TODO: check
+CVE-2021-20766 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 t ...)
+ TODO: check
+CVE-2021-20765 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 ...)
+ TODO: check
+CVE-2021-20764 (Improper input validation vulnerability in Attaching Files of Cybozu G ...)
+ TODO: check
+CVE-2021-20763 (Operational restrictions bypass vulnerability in Portal of Cybozu Garo ...)
+ TODO: check
+CVE-2021-20762 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...)
+ TODO: check
+CVE-2021-20761 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...)
+ TODO: check
+CVE-2021-20760 (Improper input validation vulnerability in User Profile of Cybozu Garo ...)
+ TODO: check
+CVE-2021-20759 (Operational restrictions bypass vulnerability in Bulletin of Cybozu Ga ...)
+ TODO: check
+CVE-2021-20758 (Cross-site request forgery (CSRF) vulnerability in Message of Cybozu G ...)
+ TODO: check
+CVE-2021-20757 (Operational restrictions bypass vulnerability in E-mail of Cybozu Garo ...)
+ TODO: check
+CVE-2021-20756 (Viewing restrictions bypass vulnerability in Address of Cybozu Garoon ...)
+ TODO: check
+CVE-2021-20755 (Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4 ...)
+ TODO: check
+CVE-2021-20754 (Improper input validation vulnerability in Workflow of Cybozu Garoon 4 ...)
+ TODO: check
+CVE-2021-20753 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 ...)
+ TODO: check
CVE-2021-20752 (Cross-site scripting vulnerability in IkaIka RSS Reader all versions a ...)
NOT-FOR-US: IkaIka RSS Reader
CVE-2021-20751 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p ...)
@@ -53926,8 +53982,8 @@ CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objpar
NOT-FOR-US: PrusaSlicer
CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() ...)
NOT-FOR-US: PrusaSlicer
-CVE-2020-28594
- RESERVED
+CVE-2020-28594 (A use-after-free vulnerability exists in the _3MF_Importer::_handle_en ...)
+ TODO: check
CVE-2020-28593 (A unauthenticated backdoor exists in the configuration server function ...)
NOT-FOR-US: Cosori Smart 5.8-Quart Air Fryer CS158-AF
CVE-2020-28592 (A heap-based buffer overflow vulnerability exists in the configuration ...)
@@ -57363,8 +57419,7 @@ CVE-2021-0286 (A vulnerability in the handling of exceptional conditions in Juni
NOT-FOR-US: Juniper
CVE-2021-0285 (An uncontrolled resource consumption vulnerability in Juniper Networks ...)
NOT-FOR-US: Juniper
-CVE-2021-0284
- RESERVED
+CVE-2021-0284 (A buffer overflow vulnerability in the TCP/IP stack of Juniper Network ...)
NOT-FOR-US: Juniper
CVE-2021-0283 (A buffer overflow vulnerability in the TCP/IP stack of Juniper Network ...)
NOT-FOR-US: Juniper
@@ -68774,8 +68829,8 @@ CVE-2020-23343
RESERVED
CVE-2020-23342 (A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/ed ...)
NOT-FOR-US: Anchor CMS
-CVE-2020-23341
- RESERVED
+CVE-2020-23341 (A reflected cross site scripting (XSS) vulnerability in the /header.tm ...)
+ TODO: check
CVE-2020-23340
RESERVED
CVE-2020-23339
@@ -68788,16 +68843,16 @@ CVE-2020-23336
RESERVED
CVE-2020-23335
RESERVED
-CVE-2020-23334
- RESERVED
-CVE-2020-23333
- RESERVED
-CVE-2020-23332
- RESERVED
-CVE-2020-23331
- RESERVED
-CVE-2020-23330
- RESERVED
+CVE-2020-23334 (A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTer ...)
+ TODO: check
+CVE-2020-23333 (A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom ...)
+ TODO: check
+CVE-2020-23332 (A heap-based buffer overflow exists in the AP4_StdcFileByteStream::Rea ...)
+ TODO: check
+CVE-2020-23331 (An issue was discovered in Bento4 version 06c39d9. A NULL pointer dere ...)
+ TODO: check
+CVE-2020-23330 (An issue was discovered in Bento4 version 06c39d9. A NULL pointer dere ...)
+ TODO: check
CVE-2020-23329
RESERVED
CVE-2020-23328
@@ -79465,8 +79520,8 @@ CVE-2020-18166 (Unrestricted File Upload in LAOBANCMS v2.0 allows remote attacke
NOT-FOR-US: LAOBANCMS
CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...)
NOT-FOR-US: LAOBANCMS
-CVE-2020-18164
- RESERVED
+CVE-2020-18164 (SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.p ...)
+ TODO: check
CVE-2020-18163
RESERVED
CVE-2020-18162
@@ -91030,10 +91085,10 @@ CVE-2020-13591 (An exploitable SQL injection vulnerability exists in the "access
NOT-FOR-US: Rukovoditel Project Management App
CVE-2020-13590
RESERVED
-CVE-2020-13589
- RESERVED
-CVE-2020-13588
- RESERVED
+CVE-2020-13589 (An exploitable SQL injection vulnerability exists in the ‘entiti ...)
+ TODO: check
+CVE-2020-13588 (An exploitable SQL injection vulnerability exists in the ‘entiti ...)
+ TODO: check
CVE-2020-13587 (An exploitable SQL injection vulnerability exists in the "forms_fields ...)
NOT-FOR-US: Rukovoditel Project Management App
CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/531a20c3e9b5e4cdb8774cace73f17563d6c3f06
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/531a20c3e9b5e4cdb8774cace73f17563d6c3f06
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210818/3e1bd0b2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list