[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 23 21:10:33 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b33e7ddd by security tracker role at 2021-08-23T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-3733
+ RESERVED
+CVE-2021-3732
+ RESERVED
CVE-2021-39615
RESERVED
CVE-2021-39614
@@ -536,8 +540,8 @@ CVE-2021-39358 (In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not en
- gfbgraph <unfixed>
NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
NOTE: https://gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17
-CVE-2021-3731 [Clickjacking vulnerability]
- RESERVED
+CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by other s ...)
+ {DSA-4962-1}
- ledgersmb <unfixed>
NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking
CVE-2021-39357
@@ -648,12 +652,12 @@ CVE-2021-39305
RESERVED
CVE-2021-39304
RESERVED
-CVE-2021-3730
- RESERVED
-CVE-2021-3729
- RESERVED
-CVE-2021-3728
- RESERVED
+CVE-2021-3730 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
+CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
+CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2020-36474 (SafeCurl before 0.9.2 has a DNS rebinding vulnerability. ...)
NOT-FOR-US: SafeCurl
CVE-2021-39303
@@ -1025,38 +1029,38 @@ CVE-2021-39156
RESERVED
CVE-2021-39155
RESERVED
-CVE-2021-39154
- RESERVED
-CVE-2021-39153
- RESERVED
-CVE-2021-39152
- RESERVED
-CVE-2021-39151
- RESERVED
-CVE-2021-39150
- RESERVED
-CVE-2021-39149
- RESERVED
-CVE-2021-39148
- RESERVED
-CVE-2021-39147
- RESERVED
-CVE-2021-39146
- RESERVED
-CVE-2021-39145
- RESERVED
-CVE-2021-39144
- RESERVED
+CVE-2021-39154 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39153 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39152 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39151 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39150 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39149 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39148 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39147 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39146 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39145 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
CVE-2021-39143
RESERVED
CVE-2021-39142
RESERVED
-CVE-2021-39141
- RESERVED
-CVE-2021-39140
- RESERVED
-CVE-2021-39139
- RESERVED
+CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39140 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
+CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back again ...)
+ TODO: check
CVE-2021-39138 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2021-39137
@@ -2634,6 +2638,7 @@ CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows r
NOT-FOR-US: Contiki
CVE-2021-38385
RESERVED
+ {DSA-4961-1}
- tor 0.4.5.10-1
[stretch] - tor <end-of-life> (See DSA 4644)
NOTE: https://blog.torproject.org/node/2062
@@ -2840,12 +2845,12 @@ CVE-2021-38296
RESERVED
CVE-2021-38295
RESERVED
-CVE-2021-3694 [cross-site scripting]
- RESERVED
+CVE-2021-3694 (LedgerSMB does not sufficiently HTML-encode error messages sent to the ...)
+ {DSA-4962-1}
- ledgersmb <unfixed>
NOTE: https://ledgersmb.org/cve-2021-3694-cross-site-scripting
-CVE-2021-3693 [cross-site scripting]
- RESERVED
+CVE-2021-3693 (LedgerSMB does not check the origin of HTML fragments merged into the ...)
+ {DSA-4962-1}
- ledgersmb <unfixed>
NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting
CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...)
@@ -8313,8 +8318,7 @@ CVE-2021-3628
RESERVED
CVE-2021-3627
RESERVED
-CVE-2021-35940 [Regression of CVE-2017-12613]
- RESERVED
+CVE-2021-35940 (An out-of-bounds array read in the apr_time_exp*() functions was fixed ...)
- apr <unfixed> (bug #992789)
[bullseye] - apr <no-dsa> (Minor issue)
[buster] - apr <not-affected> (Vulnerable code re-introduced in 1.7.0)
@@ -9392,8 +9396,8 @@ CVE-2021-35467
RESERVED
CVE-2021-35466
RESERVED
-CVE-2021-35465
- RESERVED
+CVE-2021-35465 (Certain Arm products before 2021-08-23 do not properly consider the ef ...)
+ TODO: check
CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization vulnerabilit ...)
NOT-FOR-US: ForgeRock
CVE-2021-35463 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...)
@@ -13622,8 +13626,8 @@ CVE-2021-33600
RESERVED
CVE-2021-33599
RESERVED
-CVE-2021-33598
- RESERVED
+CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all versions ...)
+ TODO: check
CVE-2021-33597 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
NOT-FOR-US: F-Secure
CVE-2021-33596 (Showing the legitimate URL in the address bar while loading the conten ...)
@@ -23336,8 +23340,8 @@ CVE-2021-29804 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cro
NOT-FOR-US: IBM
CVE-2021-29803 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
NOT-FOR-US: IBM
-CVE-2021-29802
- RESERVED
+CVE-2021-29802 (IBM Security SOAR performs an operation at a privilege level that is h ...)
+ TODO: check
CVE-2021-29801
RESERVED
CVE-2021-29800
@@ -23532,8 +23536,8 @@ CVE-2021-29706 (IBM AIX 7.1 could allow a non-privileged local user to exploit a
NOT-FOR-US: IBM
CVE-2021-29705
RESERVED
-CVE-2021-29704
- RESERVED
+CVE-2021-29704 (IBM Security SOAR uses weaker than expected cryptographic algorithms t ...)
+ TODO: check
CVE-2021-29703 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulne ...)
NOT-FOR-US: IBM
CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 a ...)
@@ -35906,8 +35910,8 @@ CVE-2021-24660
RESERVED
CVE-2021-24659
RESERVED
-CVE-2021-24658
- RESERVED
+CVE-2021-24658 (The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 d ...)
+ TODO: check
CVE-2021-24657
RESERVED
CVE-2021-24656
@@ -36018,8 +36022,8 @@ CVE-2021-24604
RESERVED
CVE-2021-24603
RESERVED
-CVE-2021-24602
- RESERVED
+CVE-2021-24602 (The HM Multiple Roles WordPress plugin before 1.3 does not have any ac ...)
+ TODO: check
CVE-2021-24601
RESERVED
CVE-2021-24600
@@ -36074,14 +36078,14 @@ CVE-2021-24576
RESERVED
CVE-2021-24575
RESERVED
-CVE-2021-24574
- RESERVED
+CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not sanitise and ...)
+ TODO: check
CVE-2021-24573
RESERVED
CVE-2021-24572
RESERVED
-CVE-2021-24571
- RESERVED
+CVE-2021-24571 (The HD Quiz WordPress plugin before 1.8.4 does not escape some of its ...)
+ TODO: check
CVE-2021-24570
RESERVED
CVE-2021-24569
@@ -36092,44 +36096,44 @@ CVE-2021-24567
RESERVED
CVE-2021-24566
RESERVED
-CVE-2021-24565
- RESERVED
-CVE-2021-24564
- RESERVED
+CVE-2021-24565 (The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have ...)
+ TODO: check
+CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sa ...)
+ TODO: check
CVE-2021-24563
RESERVED
-CVE-2021-24562
- RESERVED
-CVE-2021-24561
- RESERVED
+CVE-2021-24562 (The LMS by LifterLMS – Online Course, Membership & Learning ...)
+ TODO: check
+CVE-2021-24561 (The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_gr ...)
+ TODO: check
CVE-2021-24560
RESERVED
CVE-2021-24559
RESERVED
-CVE-2021-24558
- RESERVED
-CVE-2021-24557
- RESERVED
-CVE-2021-24556
- RESERVED
-CVE-2021-24555
- RESERVED
-CVE-2021-24554
- RESERVED
-CVE-2021-24553
- RESERVED
-CVE-2021-24552
- RESERVED
-CVE-2021-24551
- RESERVED
-CVE-2021-24550
- RESERVED
-CVE-2021-24549
- RESERVED
+CVE-2021-24558 (The pspin_duplicate_post_save_as_new_post function of the Project Stat ...)
+ TODO: check
+CVE-2021-24557 (The update functionality in the rslider_page uses an rs_id POST parame ...)
+ TODO: check
+CVE-2021-24556 (The kento_email_subscriber_ajax AJAX action of the Email Subscriber Wo ...)
+ TODO: check
+CVE-2021-24555 (The daac_delete_booking_callback function, hooked to the daac_delete_b ...)
+ TODO: check
+CVE-2021-24554 (The Paytm – Donation Plugin WordPress plugin through 1.3.2 does ...)
+ TODO: check
+CVE-2021-24553 (The Timeline Calendar WordPress plugin through 1.2 does not sanitise, ...)
+ TODO: check
+CVE-2021-24552 (The Simple Events Calendar WordPress plugin through 1.4.0 does not san ...)
+ TODO: check
+CVE-2021-24551 (The Edit Comments WordPress plugin through 0.3 does not sanitise, vali ...)
+ TODO: check
+CVE-2021-24550 (The Broken Link Manager WordPress plugin through 0.6.5 does not saniti ...)
+ TODO: check
+CVE-2021-24549 (The AceIDE WordPress plugin through 2.6.2 does not sanitise or validat ...)
+ TODO: check
CVE-2021-24548 (The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Au ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24547
- RESERVED
+CVE-2021-24547 (The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to ...)
+ TODO: check
CVE-2021-24546
RESERVED
CVE-2021-24545
@@ -36156,16 +36160,16 @@ CVE-2021-24535 (The Light Messages WordPress plugin through 1.0 is lacking CSRF
NOT-FOR-US: WordPress plugin
CVE-2021-24534 (The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24533
- RESERVED
+CVE-2021-24533 (The Maintenance WordPress plugin before 4.03 does not sanitise or esca ...)
+ TODO: check
CVE-2021-24532
RESERVED
-CVE-2021-24531
- RESERVED
+CVE-2021-24531 (The Charitable – Donation Plugin WordPress plugin before 1.6.51 ...)
+ TODO: check
CVE-2021-24530
RESERVED
-CVE-2021-24529
- RESERVED
+CVE-2021-24529 (The Grid Gallery – Photo Image Grid Gallery WordPress plugin bef ...)
+ TODO: check
CVE-2021-24528
RESERVED
CVE-2021-24527 (The User Registration & User Profile – Profile Builder WordP ...)
@@ -36174,8 +36178,8 @@ CVE-2021-24526 (The Form Maker by 10Web – Mobile-Friendly Drag & Drop
NOT-FOR-US: WordPress plugin
CVE-2021-24525
RESERVED
-CVE-2021-24524
- RESERVED
+CVE-2021-24524 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...)
+ TODO: check
CVE-2021-24523
RESERVED
CVE-2021-24522 (The User Registration, User Profile, Login & Membership – Pr ...)
@@ -36210,8 +36214,8 @@ CVE-2021-24508
RESERVED
CVE-2021-24507 (The Astra Pro Addon WordPress plugin before 3.5.2 did not properly san ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24506
- RESERVED
+CVE-2021-24506 (The Slider Hero with Animation, Video Background & Intro Maker Wor ...)
+ TODO: check
CVE-2021-24505 (The Forms WordPress plugin before 1.12.3 did not sanitise its input fi ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24504 (The WP LMS – Best WordPress LMS Plugin WordPress plugin through ...)
@@ -36228,8 +36232,8 @@ CVE-2021-24499 (The Workreap WordPress theme before 2.2.2 AJAX actions workreap_
NOT-FOR-US: Wordpress theme
CVE-2021-24498 (The Calendar Event Multi View WordPress plugin before 1.4.01 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24497
- RESERVED
+CVE-2021-24497 (The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL In ...)
+ TODO: check
CVE-2021-24496 (The Community Events WordPress plugin before 1.4.8 does not sanitise, ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24495 (The Marmoset Viewer WordPress plugin before 1.9.3 does not property sa ...)
@@ -36250,8 +36254,8 @@ CVE-2021-24488 (The slider import search feature and tab parameter of the Post G
NOT-FOR-US: WordPress plugin
CVE-2021-24487
RESERVED
-CVE-2021-24486
- RESERVED
+CVE-2021-24486 (The Simple Social Media Share Buttons – Social Sharing for Every ...)
+ TODO: check
CVE-2021-24485
RESERVED
CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...)
@@ -126935,7 +126939,7 @@ CVE-2019-18851
CVE-2019-18850 (TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a dis ...)
NOT-FOR-US: TrevorC2
CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the victim' ...)
- {DLA-2005-1}
+ {DLA-2748-1 DLA-2005-1}
- tnef 1.4.18-1 (bug #944851)
[buster] - tnef 1.4.12-1.2+deb10u1
NOTE: https://github.com/verdammelt/tnef/pull/40
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b33e7ddd0a09e132b61c13d082b3eea9ce3237c8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b33e7ddd0a09e132b61c13d082b3eea9ce3237c8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210823/7645373c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list