[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 20 21:10:39 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a6084068 by security tracker role at 2021-08-20T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2021-39357
+ RESERVED
+CVE-2021-39356
+ RESERVED
+CVE-2021-39355
+ RESERVED
+CVE-2021-39354
+ RESERVED
+CVE-2021-39353
+ RESERVED
+CVE-2021-39352
+ RESERVED
+CVE-2021-39351
+ RESERVED
+CVE-2021-39350
+ RESERVED
+CVE-2021-39349
+ RESERVED
+CVE-2021-39348
+ RESERVED
+CVE-2021-39347
+ RESERVED
+CVE-2021-39346
+ RESERVED
+CVE-2021-39345
+ RESERVED
+CVE-2021-39344
+ RESERVED
+CVE-2021-39343
+ RESERVED
+CVE-2021-39342
+ RESERVED
+CVE-2021-39341
+ RESERVED
+CVE-2021-39340
+ RESERVED
+CVE-2021-39339
+ RESERVED
+CVE-2021-39338
+ RESERVED
+CVE-2021-39337
+ RESERVED
+CVE-2021-39336
+ RESERVED
+CVE-2021-39335
+ RESERVED
+CVE-2021-39334
+ RESERVED
+CVE-2021-39333
+ RESERVED
+CVE-2021-39332
+ RESERVED
+CVE-2021-39331
+ RESERVED
+CVE-2021-39330
+ RESERVED
+CVE-2021-39329
+ RESERVED
+CVE-2021-39328
+ RESERVED
+CVE-2021-39327
+ RESERVED
+CVE-2021-39326
+ RESERVED
+CVE-2021-39325
+ RESERVED
+CVE-2021-39324
+ RESERVED
+CVE-2021-39323
+ RESERVED
+CVE-2021-39322
+ RESERVED
+CVE-2021-39321
+ RESERVED
+CVE-2021-39320
+ RESERVED
+CVE-2021-39319
+ RESERVED
+CVE-2021-39318
+ RESERVED
+CVE-2021-39317
+ RESERVED
+CVE-2021-39316
+ RESERVED
+CVE-2021-39315
+ RESERVED
+CVE-2021-39314
+ RESERVED
+CVE-2021-39313
+ RESERVED
+CVE-2021-39312
+ RESERVED
+CVE-2021-39311
+ RESERVED
+CVE-2021-39310
+ RESERVED
+CVE-2021-39309
+ RESERVED
+CVE-2021-39308
+ RESERVED
+CVE-2021-39307
+ RESERVED
+CVE-2021-39306
+ RESERVED
+CVE-2021-39305
+ RESERVED
+CVE-2021-39304
+ RESERVED
+CVE-2021-3730
+ RESERVED
+CVE-2021-3729
+ RESERVED
+CVE-2021-3728
+ RESERVED
+CVE-2020-36474 (SafeCurl before 0.9.2 has a DNS rebinding vulnerability. ...)
+ TODO: check
CVE-2021-39303
RESERVED
CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...)
@@ -5740,8 +5856,8 @@ CVE-2021-3650
RESERVED
CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity ...)
NOT-FOR-US: chatwoot
-CVE-2021-36748
- RESERVED
+CVE-2021-36748 (A SQL Injection issue in the list controller of the Prestahome Blog (a ...)
+ TODO: check
CVE-2021-36747 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...)
NOT-FOR-US: Blackboard Learn
CVE-2021-36746 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...)
@@ -7468,46 +7584,46 @@ CVE-2021-36018
RESERVED
CVE-2021-36017
RESERVED
-CVE-2021-36016
- RESERVED
-CVE-2021-36015
- RESERVED
-CVE-2021-36014
- RESERVED
+CVE-2021-36016 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
+ TODO: check
+CVE-2021-36015 (Adobe Media Encoder version 15.2 (and earlier) is affected by a memory ...)
+ TODO: check
+CVE-2021-36014 (Adobe Media Encoder version 15.2 (and earlier) is affected by an unini ...)
+ TODO: check
CVE-2021-36013
RESERVED
CVE-2021-36012
RESERVED
-CVE-2021-36011
- RESERVED
-CVE-2021-36010
- RESERVED
-CVE-2021-36009
- RESERVED
-CVE-2021-36008
- RESERVED
-CVE-2021-36007
- RESERVED
-CVE-2021-36006
- RESERVED
-CVE-2021-36005
- RESERVED
+CVE-2021-36011 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a potent ...)
+ TODO: check
+CVE-2021-36010 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-o ...)
+ TODO: check
+CVE-2021-36009 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an memor ...)
+ TODO: check
+CVE-2021-36008 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Use-a ...)
+ TODO: check
+CVE-2021-36007 (Adobe Prelude version 10.0 (and earlier) are affected by an uninitiali ...)
+ TODO: check
+CVE-2021-36006 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...)
+ TODO: check
+CVE-2021-36005 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...)
+ TODO: check
CVE-2021-36004 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
NOT-FOR-US: Adobe
CVE-2021-36003
RESERVED
CVE-2021-36002
RESERVED
-CVE-2021-36001
- RESERVED
-CVE-2021-36000
- RESERVED
-CVE-2021-35999
- RESERVED
+CVE-2021-36001 (Adobe Character Animator version 4.2 (and earlier) is affected by an o ...)
+ TODO: check
+CVE-2021-36000 (Adobe Character Animator version 4.2 (and earlier) is affected by a me ...)
+ TODO: check
+CVE-2021-35999 (Adobe Prelude version 10.0 (and earlier) is affected by a memory corru ...)
+ TODO: check
CVE-2021-35998
RESERVED
-CVE-2021-35997
- RESERVED
+CVE-2021-35997 (Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory ...)
+ TODO: check
CVE-2021-35996
RESERVED
CVE-2021-35995
@@ -7516,30 +7632,30 @@ CVE-2021-35994
RESERVED
CVE-2021-35993
RESERVED
-CVE-2021-35992
- RESERVED
-CVE-2021-35991
- RESERVED
-CVE-2021-35990
- RESERVED
-CVE-2021-35989
- RESERVED
-CVE-2021-35988
- RESERVED
-CVE-2021-35987
- RESERVED
-CVE-2021-35986
- RESERVED
-CVE-2021-35985
- RESERVED
-CVE-2021-35984
- RESERVED
-CVE-2021-35983
- RESERVED
+CVE-2021-35992 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
+ TODO: check
+CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitiali ...)
+ TODO: check
+CVE-2021-35990 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
+ TODO: check
+CVE-2021-35989 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
+ TODO: check
+CVE-2021-35988 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-35987 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-35986 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-35985 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-35984 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-35983 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
CVE-2021-35982
RESERVED
-CVE-2021-35981
- RESERVED
+CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
CVE-2021-35980
RESERVED
CVE-2021-35979
@@ -8478,8 +8594,8 @@ CVE-2021-35531
RESERVED
CVE-2021-35530
RESERVED
-CVE-2021-35529
- RESERVED
+CVE-2021-35529 (Insufficiently Protected Credentials vulnerability in client environme ...)
+ TODO: check
CVE-2021-35528
RESERVED
CVE-2021-35527 (Password autocomplete vulnerability in the web application password fi ...)
@@ -10488,7 +10604,7 @@ CVE-2021-34657 (The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Si
NOT-FOR-US: WordPress plugin
CVE-2021-34656 (The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-34655 (The Custom Post Type Relations WordPress plugin is vulnerable to Refle ...)
+CVE-2021-34655 (The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34654 (The Custom Post Type Relations WordPress plugin is vulnerable to Refle ...)
NOT-FOR-US: WordPress plugin
@@ -11009,8 +11125,8 @@ CVE-2021-34435
RESERVED
CVE-2021-34434
RESERVED
-CVE-2021-34433
- RESERVED
+CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3 ...)
+ TODO: check
CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...)
- mosquitto 2.0.8-1
[buster] - mosquitto <ignored> (Vulnerable code is not accessible in version 1.x)
@@ -11483,8 +11599,8 @@ CVE-2021-34230
RESERVED
CVE-2021-34229
RESERVED
-CVE-2021-34228
- RESERVED
+CVE-2021-34228 (Cross-site scripting in parent_control.htm in TOTOLINK A3002R version ...)
+ TODO: check
CVE-2021-34227
RESERVED
CVE-2021-34226
@@ -11493,24 +11609,24 @@ CVE-2021-34225
RESERVED
CVE-2021-34224
RESERVED
-CVE-2021-34223
- RESERVED
+CVE-2021-34223 (Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1. ...)
+ TODO: check
CVE-2021-34222
RESERVED
CVE-2021-34221
RESERVED
-CVE-2021-34220
- RESERVED
+CVE-2021-34220 (Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1. ...)
+ TODO: check
CVE-2021-34219
RESERVED
-CVE-2021-34218
- RESERVED
+CVE-2021-34218 (Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V ...)
+ TODO: check
CVE-2021-34217
RESERVED
CVE-2021-34216
RESERVED
-CVE-2021-34215
- RESERVED
+CVE-2021-34215 (Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1 ...)
+ TODO: check
CVE-2021-34214
RESERVED
CVE-2021-34213
@@ -11525,8 +11641,8 @@ CVE-2021-34209
RESERVED
CVE-2021-34208
RESERVED
-CVE-2021-34207
- RESERVED
+CVE-2021-34207 (Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20 ...)
+ TODO: check
CVE-2021-34206
RESERVED
CVE-2021-34205
@@ -25558,26 +25674,26 @@ CVE-2021-3445 (A flaw was found in libdnf's signature verification functionality
NOTE: https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de
CVE-2021-28644
RESERVED
-CVE-2021-28643
- RESERVED
-CVE-2021-28642
- RESERVED
-CVE-2021-28641
- RESERVED
-CVE-2021-28640
- RESERVED
-CVE-2021-28639
- RESERVED
-CVE-2021-28638
- RESERVED
-CVE-2021-28637
- RESERVED
-CVE-2021-28636
- RESERVED
-CVE-2021-28635
- RESERVED
-CVE-2021-28634
- RESERVED
+CVE-2021-28643 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-28642 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-28641 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-28640 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-28639 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-28638 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-28637 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-28636 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-28635 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
+CVE-2021-28634 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ TODO: check
CVE-2021-28633
RESERVED
CVE-2021-28632
@@ -25596,8 +25712,8 @@ CVE-2021-28626
RESERVED
CVE-2021-28625
RESERVED
-CVE-2021-28624
- RESERVED
+CVE-2021-28624 (Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based ...)
+ TODO: check
CVE-2021-28623 (Adobe Premiere Elements version 5.2 (and earlier) is affected by an in ...)
NOT-FOR-US: Adobe
CVE-2021-28622
@@ -25654,20 +25770,20 @@ CVE-2021-28597 (Adobe Photoshop Elements version 5.2 (and earlier) is affected b
NOT-FOR-US: Adobe
CVE-2021-28596
RESERVED
-CVE-2021-28595
- RESERVED
+CVE-2021-28595 (Adobe Dimension version 3.4 (and earlier) is affected by an Uncontroll ...)
+ TODO: check
CVE-2021-28594
RESERVED
-CVE-2021-28593
- RESERVED
-CVE-2021-28592
- RESERVED
-CVE-2021-28591
- RESERVED
-CVE-2021-28590
- RESERVED
-CVE-2021-28589
- RESERVED
+CVE-2021-28593 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a Use Af ...)
+ TODO: check
+CVE-2021-28592 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-o ...)
+ TODO: check
+CVE-2021-28591 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-o ...)
+ TODO: check
+CVE-2021-28590 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
+ TODO: check
+CVE-2021-28589 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
+ TODO: check
CVE-2021-28588 (Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
CVE-2021-28587 (After Effects versions 18.0 (and earlier) are affected by an out-of-bo ...)
@@ -27608,11 +27724,11 @@ CVE-2021-27794 (A vulnerability in the authentication mechanism of Brocade Fabri
NOT-FOR-US: Brocade Fabric OS
CVE-2021-27793 (ntermittent authorization failure in aaa tacacs+ with Brocade Fabric O ...)
NOT-FOR-US: Brocade Fabric OS
-CVE-2021-27792 (The command “ipfilter” in Brocade Fabric OS before Brocade ...)
+CVE-2021-27792 (The request handling functions in web management interface of Brocade ...)
NOT-FOR-US: Brocade Fabric OS
CVE-2021-27791 (The function that is used to parse the Authentication header in Brocad ...)
NOT-FOR-US: Brocade Fabric OS
-CVE-2021-27790 (The command “ipfilter” in Brocade Fabric OS before Brocade ...)
+CVE-2021-27790 (The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9 ...)
NOT-FOR-US: Brocade Fabric OS
CVE-2021-27789
RESERVED
@@ -40641,10 +40757,10 @@ CVE-2021-22257
RESERVED
CVE-2021-22256
RESERVED
-CVE-2021-22255
- RESERVED
-CVE-2021-22254
- RESERVED
+CVE-2021-22255 (SSRF in URL file upload in Baserow <1.1.0 allows remote authenticat ...)
+ TODO: check
+CVE-2021-22254 (Under very specific conditions a user could be impersonated using Gitl ...)
+ TODO: check
CVE-2021-22253
RESERVED
CVE-2021-22252
@@ -40659,8 +40775,8 @@ CVE-2021-22248
RESERVED
CVE-2021-22247
RESERVED
-CVE-2021-22246
- RESERVED
+CVE-2021-22246 (A vulnerability was discovered in GitLab versions before 14.0.2, 13.12 ...)
+ TODO: check
CVE-2021-22245
RESERVED
CVE-2021-22244
@@ -40677,8 +40793,8 @@ CVE-2021-22239
RESERVED
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
-CVE-2021-22238
- RESERVED
+CVE-2021-22238 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2021-22237
RESERVED
- gitlab <unfixed>
@@ -41730,8 +41846,8 @@ CVE-2021-21825 (A heap-based buffer overflow vulnerability exists in the XML Dec
NOT-FOR-US: AT&T Labs Xmill
CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 ...)
NOT-FOR-US: Accusoft ImageGear
-CVE-2021-21823
- RESERVED
+CVE-2021-21823 (An information disclosure vulnerability exists in the Friend finder fu ...)
+ TODO: check
CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
CVE-2021-21821 (A stack-based buffer overflow vulnerability exists in the PDF process_ ...)
@@ -59494,18 +59610,18 @@ CVE-2020-27468
RESERVED
CVE-2020-27467
RESERVED
-CVE-2020-27466
- RESERVED
+CVE-2020-27466 (An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemp ...)
+ TODO: check
CVE-2020-27465
RESERVED
-CVE-2020-27464
- RESERVED
+CVE-2020-27464 (An insecure update feature in the /updater.php component of rConfig 3. ...)
+ TODO: check
CVE-2020-27463
RESERVED
CVE-2020-27462
RESERVED
-CVE-2020-27461
- RESERVED
+CVE-2020-27461 (A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed ...)
+ TODO: check
CVE-2020-27460
RESERVED
CVE-2020-27459 (Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a ...)
@@ -64594,8 +64710,8 @@ CVE-2020-25361
RESERVED
CVE-2020-25360
RESERVED
-CVE-2020-25359
- RESERVED
+CVE-2020-25359 (An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fix ...)
+ TODO: check
CVE-2020-25358
RESERVED
CVE-2020-25357
@@ -64606,12 +64722,12 @@ CVE-2020-25355
RESERVED
CVE-2020-25354
RESERVED
-CVE-2020-25353
- RESERVED
-CVE-2020-25352
- RESERVED
-CVE-2020-25351
- RESERVED
+CVE-2020-25353 (A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 ha ...)
+ TODO: check
+CVE-2020-25352 (A stored cross-site scripting (XSS) vulnerability in the /devices.php ...)
+ TODO: check
+CVE-2020-25351 (An information disclosure vulnerability in rConfig 3.9.5 has been fixe ...)
+ TODO: check
CVE-2020-25350
RESERVED
CVE-2020-25349
@@ -78353,10 +78469,10 @@ CVE-2020-18888 (Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows re
NOT-FOR-US: puppyCMS
CVE-2020-18887
RESERVED
-CVE-2020-18886
- RESERVED
-CVE-2020-18885
- RESERVED
+CVE-2020-18886 (Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to ...)
+ TODO: check
+CVE-2020-18885 (Command Injection in PHPMyWind v5.6 allows remote attackers to execute ...)
+ TODO: check
CVE-2020-18884
RESERVED
CVE-2020-18883
@@ -78367,12 +78483,12 @@ CVE-2020-18881
RESERVED
CVE-2020-18880
RESERVED
-CVE-2020-18879
- RESERVED
-CVE-2020-18878
- RESERVED
-CVE-2020-18877
- RESERVED
+CVE-2020-18879 (Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to e ...)
+ TODO: check
+CVE-2020-18878 (Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2020-18877 (SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain se ...)
+ TODO: check
CVE-2020-18876
RESERVED
CVE-2020-18875 (Incorrect Access Control in DotCMS versions before 5.1 allows remote a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6084068307f1b2571b1e640d7ce6af161df7096
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6084068307f1b2571b1e640d7ce6af161df7096
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210820/4c0e3e74/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list