[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 18 21:10:43 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c20e4d7c by security tracker role at 2021-08-18T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2021-39291
+ RESERVED
+CVE-2021-39290
+ RESERVED
+CVE-2021-39289
+ RESERVED
+CVE-2021-39288
+ RESERVED
+CVE-2021-39287
+ RESERVED
+CVE-2021-39286 (Webrecorder pywb before 2.6.0 allows XSS because it does not ensure th ...)
+ TODO: check
+CVE-2021-39285
+ RESERVED
+CVE-2021-39284
+ RESERVED
+CVE-2021-39283 (liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion ...)
+ TODO: check
+CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 ...)
+ TODO: check
+CVE-2021-39281
+ RESERVED
+CVE-2021-39280
+ RESERVED
+CVE-2021-39279
+ RESERVED
+CVE-2021-39278
+ RESERVED
+CVE-2021-39277
+ RESERVED
+CVE-2021-39276
+ RESERVED
+CVE-2021-39275
+ RESERVED
+CVE-2021-3717
+ RESERVED
CVE-2021-39274
RESERVED
CVE-2021-39273
@@ -6,8 +42,8 @@ CVE-2021-39272
RESERVED
CVE-2021-39271
RESERVED
-CVE-2021-39270
- RESERVED
+CVE-2021-39270 (In Ping Identity RSA SecurID Integration Kit before 3.2, user imperson ...)
+ TODO: check
CVE-2021-39269
RESERVED
CVE-2021-39268 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...)
@@ -1156,8 +1192,8 @@ CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...)
NOT-FOR-US: imgURL
CVE-2021-38712 (OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents ...)
NOT-FOR-US: OneNav
-CVE-2021-38710
- RESERVED
+CVE-2021-38710 (** DISPUTED ** Static (Persistent) XSS Vulnerability exists in version ...)
+ TODO: check
CVE-2021-38709 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...)
NOT-FOR-US: ocProducts Composr CMS
CVE-2021-38708 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...)
@@ -3453,8 +3489,8 @@ CVE-2021-3671
RESERVED
CVE-2021-3670
RESERVED
-CVE-2021-37714
- RESERVED
+CVE-2021-37714 (jsoup is a Java library for working with HTML. Those using jsoup versi ...)
+ TODO: check
CVE-2021-37713
RESERVED
CVE-2021-37712
@@ -3477,8 +3513,8 @@ CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagi
NOT-FOR-US: PhpFastCache
CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...)
NOT-FOR-US: Discourse
-CVE-2021-37702
- RESERVED
+CVE-2021-37702 (Pimcore is an open source data & experience management platform. P ...)
+ TODO: check
CVE-2021-37701
RESERVED
CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown objects. ...)
@@ -3661,8 +3697,8 @@ CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, wri
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
NOTE: https://github.com/Exiv2/exiv2/pull/1759
-CVE-2021-37617
- RESERVED
+CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+ TODO: check
CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
@@ -3683,8 +3719,7 @@ CVE-2021-37610
RESERVED
CVE-2021-37609
RESERVED
-CVE-2021-37608
- RESERVED
+CVE-2021-37608 (Unrestricted Upload of File with Dangerous Type vulnerability in Apach ...)
NOT-FOR-US: Apache OFBiz
CVE-2021-37607
RESERVED
@@ -4224,8 +4259,8 @@ CVE-2021-37360
RESERVED
CVE-2021-37359
RESERVED
-CVE-2021-37358
- RESERVED
+CVE-2021-37358 (SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers t ...)
+ TODO: check
CVE-2021-37357
RESERVED
CVE-2021-37356
@@ -12861,8 +12896,7 @@ CVE-2021-33582
RESERVED
CVE-2021-33581
RESERVED
-CVE-2021-33580
- RESERVED
+CVE-2021-33580 (User controlled `request.getHeader("Referer")`, `request.getRequestURL ...)
NOT-FOR-US: Apache Roller
CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...)
- inspircd 3.8.1-2 (bug #989144)
@@ -14925,8 +14959,8 @@ CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime servi
NOT-FOR-US: XWiki
CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
-CVE-2021-32728
- RESERVED
+CVE-2021-32728 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+ TODO: check
CVE-2021-32727 (Nextcloud Android Client is the Android client for Nextcloud. Clients ...)
NOT-FOR-US: Nextcloud Android Client
CVE-2021-32726 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
@@ -17228,8 +17262,8 @@ CVE-2021-31822
RESERVED
CVE-2021-31821
RESERVED
-CVE-2021-31820
- RESERVED
+CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...)
+ TODO: check
CVE-2021-31819
RESERVED
CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL ...)
@@ -33884,8 +33918,7 @@ CVE-2021-25220
RESERVED
CVE-2021-25219
RESERVED
-CVE-2021-25218
- RESERVED
+CVE-2021-25218 (In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported P ...)
- bind9 <not-affected> (Vulnerable code introduced later)
NOTE: https://kb.isc.org/docs/cve-2021-25218
CVE-2021-25217 (In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 ( ...)
@@ -37827,10 +37860,10 @@ CVE-2021-23427
RESERVED
CVE-2021-23426
RESERVED
-CVE-2021-23425
- RESERVED
-CVE-2021-23424
- RESERVED
+CVE-2021-23425 (All versions of package trim-off-newlines are vulnerable to Regular Ex ...)
+ TODO: check
+CVE-2021-23424 (This affects all versions of package ansi-html. If an attacker provide ...)
+ TODO: check
CVE-2021-23423 (This affects the package bikeshed before 3.0.0. This can occur when an ...)
TODO: check
CVE-2021-23422 (This affects the package bikeshed before 3.0.0. This can occur when an ...)
@@ -41363,10 +41396,10 @@ CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine o
NOT-FOR-US: Foxit
CVE-2021-21869
RESERVED
-CVE-2021-21868
- RESERVED
-CVE-2021-21867
- RESERVED
+CVE-2021-21868 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
+ TODO: check
+CVE-2021-21867 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
+ TODO: check
CVE-2021-21866 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
NOT-FOR-US: CODESYS
CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageManagement ...)
@@ -41375,58 +41408,58 @@ CVE-2021-21864 (A unsafe deserialization vulnerability exists in the ComponentMo
NOT-FOR-US: CODESYS
CVE-2021-21863 (A unsafe deserialization vulnerability exists in the ComponentModel Pr ...)
NOT-FOR-US: CODESYS
-CVE-2021-21862
- RESERVED
+CVE-2021-21862 (Multiple exploitable integer truncation vulnerabilities exist within t ...)
+ TODO: check
CVE-2021-21861 (An exploitable integer truncation vulnerability exists within the MPEG ...)
TODO: check
CVE-2021-21860 (An exploitable integer truncation vulnerability exists within the MPEG ...)
TODO: check
CVE-2021-21859 (An exploitable integer truncation vulnerability exists within the MPEG ...)
TODO: check
-CVE-2021-21858
- RESERVED
-CVE-2021-21857
- RESERVED
-CVE-2021-21856
- RESERVED
-CVE-2021-21855
- RESERVED
-CVE-2021-21854
- RESERVED
-CVE-2021-21853
- RESERVED
-CVE-2021-21852
- RESERVED
-CVE-2021-21851
- RESERVED
+CVE-2021-21858 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21857 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21856 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21855 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21854 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21853 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21851 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
CVE-2021-21850
RESERVED
CVE-2021-21849
RESERVED
CVE-2021-21848
RESERVED
-CVE-2021-21847
- RESERVED
-CVE-2021-21846
- RESERVED
-CVE-2021-21845
- RESERVED
-CVE-2021-21844
- RESERVED
-CVE-2021-21843
- RESERVED
+CVE-2021-21847 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21846 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21845 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21844 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21843 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
CVE-2021-21842
RESERVED
CVE-2021-21841
RESERVED
CVE-2021-21840
RESERVED
-CVE-2021-21839
- RESERVED
-CVE-2021-21838
- RESERVED
-CVE-2021-21837
- RESERVED
+CVE-2021-21839 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21838 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
+CVE-2021-21837 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ TODO: check
CVE-2021-21836
RESERVED
CVE-2021-21835
@@ -41435,7 +41468,7 @@ CVE-2021-21834
RESERVED
CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...)
NOT-FOR-US: Accusoft ImageGear
-CVE-2021-21832 (A VULNERABILITY_CLASS vulnerability exists in the FEATURE functionalit ...)
+CVE-2021-21832 (A memory corruption vulnerability exists in the ISO Parsing functional ...)
NOT-FOR-US: Disc Soft Ltd Deamon Tools Pro
CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
@@ -41449,8 +41482,8 @@ CVE-2021-21827
RESERVED
CVE-2021-21826
RESERVED
-CVE-2021-21825
- RESERVED
+CVE-2021-21825 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ TODO: check
CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21823
@@ -41543,8 +41576,7 @@ CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugi
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245
CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format buffer s ...)
NOT-FOR-US: ImageGear
-CVE-2021-21781
- RESERVED
+CVE-2021-21781 (An information disclosure vulnerability exists in the ARM SIGPAGE func ...)
{DLA-2713-1}
- linux 5.10.19-1
[buster] - linux 4.19.177-1
@@ -55673,12 +55705,12 @@ CVE-2021-0630
RESERVED
CVE-2021-0629
RESERVED
-CVE-2021-0628
- RESERVED
-CVE-2021-0627
- RESERVED
-CVE-2021-0626
- RESERVED
+CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to improper inpu ...)
+ TODO: check
+CVE-2021-0627 (In OMA DRM, there is a possible memory corruption due to an integer ov ...)
+ TODO: check
+CVE-2021-0626 (In ged, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
CVE-2021-0625
RESERVED
CVE-2021-0624
@@ -56098,18 +56130,18 @@ CVE-2021-0422
RESERVED
CVE-2021-0421
RESERVED
-CVE-2021-0420
- RESERVED
-CVE-2021-0419
- RESERVED
-CVE-2021-0418
- RESERVED
-CVE-2021-0417
- RESERVED
-CVE-2021-0416
- RESERVED
-CVE-2021-0415
- RESERVED
+CVE-2021-0420 (In memory management driver, there is a possible system crash due to a ...)
+ TODO: check
+CVE-2021-0419 (In memory management driver, there is a possible system crash due to i ...)
+ TODO: check
+CVE-2021-0418 (In memory management driver, there is a possible system crash due to i ...)
+ TODO: check
+CVE-2021-0417 (In memory management driver, there is a possible system crash due to i ...)
+ TODO: check
+CVE-2021-0416 (In memory management driver, there is a possible system crash due to i ...)
+ TODO: check
+CVE-2021-0415 (In memory management driver, there is a possible information disclosur ...)
+ TODO: check
CVE-2021-0414
RESERVED
CVE-2021-0413
@@ -56122,10 +56154,10 @@ CVE-2021-0410
RESERVED
CVE-2021-0409
RESERVED
-CVE-2021-0408
- RESERVED
-CVE-2021-0407
- RESERVED
+CVE-2021-0408 (In asf extractor, there is a possible out of bounds read due to an inc ...)
+ TODO: check
+CVE-2021-0407 (In clk driver, there is a possible out of bounds write due to an incor ...)
+ TODO: check
CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a missing ...)
NOT-FOR-US: MediaTek
CVE-2021-0405 (In performance driver, there is a possible out of bounds write due to ...)
@@ -56759,8 +56791,8 @@ CVE-2020-28148
RESERVED
CVE-2020-28147
RESERVED
-CVE-2020-28146
- RESERVED
+CVE-2020-28146 (Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and ...)
+ TODO: check
CVE-2020-28145
RESERVED
CVE-2020-28144 (Certain Moxa Inc products are affected by an improper restriction of o ...)
@@ -62783,12 +62815,12 @@ CVE-2020-25930
RESERVED
CVE-2020-25929
RESERVED
-CVE-2020-25928
- RESERVED
-CVE-2020-25927
- RESERVED
-CVE-2020-25926
- RESERVED
+CVE-2020-25928 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: ...)
+ TODO: check
+CVE-2020-25927 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: ...)
+ TODO: check
+CVE-2020-25926 (The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: I ...)
+ TODO: check
CVE-2020-25925 (Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10 ...)
NOT-FOR-US: IceWarp
CVE-2020-25924
@@ -63175,8 +63207,8 @@ CVE-2020-25769
RESERVED
CVE-2020-25768 (Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 hav ...)
NOT-FOR-US: Contao CMS
-CVE-2020-25767
- RESERVED
+CVE-2020-25767 (An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_c ...)
+ TODO: check
CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...)
NOT-FOR-US: MISP
CVE-2020-25765 (Addressed remote code execution vulnerability in reg_device.php due to ...)
@@ -69429,8 +69461,8 @@ CVE-2020-23071
RESERVED
CVE-2020-23070
RESERVED
-CVE-2020-23069
- RESERVED
+CVE-2020-23069 (Path Traversal vulneraility exists in webTareas 2.0 via the extpath pa ...)
+ TODO: check
CVE-2020-23068
RESERVED
CVE-2020-23067
@@ -71331,16 +71363,16 @@ CVE-2020-22126
RESERVED
CVE-2020-22125
RESERVED
-CVE-2020-22124
- RESERVED
+CVE-2020-22124 (A vulnerability in the \inc\config.php component of joyplus-cms v1.6 a ...)
+ TODO: check
CVE-2020-22123
RESERVED
-CVE-2020-22122
- RESERVED
+CVE-2020-22122 (A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a ...)
+ TODO: check
CVE-2020-22121
RESERVED
-CVE-2020-22120
- RESERVED
+CVE-2020-22120 (A remote code execution (RCE) vulnerability in /root/run/adm.php?admin ...)
+ TODO: check
CVE-2020-22119
RESERVED
CVE-2020-22118
@@ -76436,8 +76468,8 @@ CVE-2020-19671
RESERVED
CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication ca ...)
NOT-FOR-US: Niushop B2B2C Multi-Business Basic Edition
-CVE-2020-19669
- RESERVED
+CVE-2020-19669 (Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3. ...)
+ TODO: check
CVE-2020-19668 (Unverified indexs into the array lead to out of bound access in the gi ...)
- libsixel <unfixed> (bug #990799)
[bullseye] - libsixel <no-dsa> (Minor issue)
@@ -78080,8 +78112,8 @@ CVE-2020-18877
RESERVED
CVE-2020-18876
RESERVED
-CVE-2020-18875
- RESERVED
+CVE-2020-18875 (Incorrect Access Control in DotCMS versions before 5.1 allows remote a ...)
+ TODO: check
CVE-2020-18874
RESERVED
CVE-2020-18873
@@ -78338,8 +78370,8 @@ CVE-2020-18748
RESERVED
CVE-2020-18747
RESERVED
-CVE-2020-18746
- RESERVED
+CVE-2020-18746 (SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbit ...)
+ TODO: check
CVE-2020-18745
RESERVED
CVE-2020-18744
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c20e4d7cbf229c685d3d9ffd737869deb100990f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c20e4d7cbf229c685d3d9ffd737869deb100990f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210818/d0031a38/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list