[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 24 21:10:49 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ae995083 by security tracker role at 2021-08-24T20:10:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-3734
+ RESERVED
CVE-2021-40080
RESERVED
CVE-2021-40079
@@ -1413,10 +1415,10 @@ CVE-2021-39378
RESERVED
CVE-2021-39377
RESERVED
-CVE-2021-39376
- RESERVED
-CVE-2021-39375
- RESERVED
+CVE-2021-39376 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...)
+ TODO: check
+CVE-2021-39375 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...)
+ TODO: check
CVE-2021-39374
RESERVED
CVE-2021-39373
@@ -2024,8 +2026,8 @@ CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back
NOTE: https://x-stream.github.io/CVE-2021-39139.html
CVE-2021-39138 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
-CVE-2021-39137
- RESERVED
+CVE-2021-39137 (go-ethereum is the official Go implementation of the Ethereum protocol ...)
+ TODO: check
CVE-2021-39136
RESERVED
CVE-2021-39135
@@ -2582,8 +2584,8 @@ CVE-2021-38860
RESERVED
CVE-2021-38859
RESERVED
-CVE-2021-3712 [Read buffer overruns processing ASN.1 strings]
- RESERVED
+CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ...)
+ {DSA-4963-1}
- openssl <unfixed>
- openssl1.0 <removed>
NOTE: https://www.openssl.org/news/secadv/20210824.txt
@@ -2597,8 +2599,8 @@ CVE-2021-3712 [Read buffer overruns processing ASN.1 strings]
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2d0e5d4a4a5d4332325b5e5cea492fad2be633e1 (OpenSSL_1_1_1l)
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11 (OpenSSL_1_1_1l)
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8c74c9d1ade0fbdab5b815ddb747351b8b839641 (OpenSSL_1_1_1l)
-CVE-2021-3711 [SM2 Decryption Buffer Overflow]
- RESERVED
+CVE-2021-3711 (In order to decrypt SM2 encrypted data an application is expected to c ...)
+ {DSA-4963-1}
- openssl <unfixed>
- openssl1.0 <not-affected> (Vulnerability does not affect 1.0.2 series)
NOTE: https://www.openssl.org/news/secadv/20210824.txt
@@ -2893,8 +2895,8 @@ CVE-2021-38716
RESERVED
CVE-2021-38715
RESERVED
-CVE-2021-38714
- RESERVED
+CVE-2021-38714 (In Plib through 1.85, there is an integer overflow vulnerability that ...)
+ TODO: check
CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...)
NOT-FOR-US: imgURL
CVE-2021-38712 (OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents ...)
@@ -3117,12 +3119,12 @@ CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBU
- polipo <removed>
[buster] - polipo <ignored> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/28/2
-CVE-2021-38613
- RESERVED
-CVE-2021-38612
- RESERVED
-CVE-2021-38611
- RESERVED
+CVE-2021-38613 (The assets/index.php Image Upload feature of the NASCENT RemKon Device ...)
+ TODO: check
+CVE-2021-38612 (In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulner ...)
+ TODO: check
+CVE-2021-38611 (A command-injection vulnerability in the Image Upload function of the ...)
+ TODO: check
CVE-2021-38610
RESERVED
CVE-2021-38609
@@ -3258,10 +3260,10 @@ CVE-2021-38559
RESERVED
CVE-2021-38558
RESERVED
-CVE-2021-38557
- RESERVED
-CVE-2021-38556
- RESERVED
+CVE-2021-38557 (raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as ...)
+ TODO: check
+CVE-2021-38556 (includes/configure_client.php in RaspAP 2.6.6 allows attackers to exec ...)
+ TODO: check
CVE-2021-38555
RESERVED
CVE-2021-38554 (HashiCorp Vault and Vault Enterprise’s UI erroneously cached and ...)
@@ -3801,8 +3803,8 @@ CVE-2021-38308
RESERVED
CVE-2021-38307
RESERVED
-CVE-2021-38306
- RESERVED
+CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an unauthe ...)
+ TODO: check
CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...)
NOT-FOR-US: 23andMe Yamale
CVE-2021-38304
@@ -4020,6 +4022,7 @@ CVE-2021-38209 (net/netfilter/nf_conntrack_standalone.c in the Linux kernel befo
[stretch] - linux 4.9.272-1
NOTE: https://git.kernel.org/linus/2671fa4dc0109d3fb581bc3078fdf17b5d9080f6
CVE-2021-38208 (net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local un ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.46-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba
@@ -5619,8 +5622,8 @@ CVE-2021-3666
CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3)
-CVE-2021-37538
- RESERVED
+CVE-2021-37538 (Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for ...)
+ TODO: check
CVE-2021-37537
RESERVED
CVE-2021-37536
@@ -7550,8 +7553,7 @@ CVE-2021-36692
RESERVED
CVE-2021-36691
RESERVED
-CVE-2021-36690 [Segmentation fault in idxGetTableInfo]
- RESERVED
+CVE-2021-36690 (Segmentation fault vulnerability in SQLite sqlite3 3.36.0 via the idxG ...)
- sqlite3 <unfixed>
[bullseye] - sqlite3 <no-dsa> (Minor issue)
[buster] - sqlite3 <no-dsa> (Minor issue)
@@ -8174,8 +8176,8 @@ CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes o
NOTE: Fixed by: https://gitlab.com/fetchmail/fetchmail/-/commit/c546c8299243a10a7b85c638e0e61396ecd5d8b5 (RELEASE_6-4-20)
NOTE: Regression fix: https://gitlab.com/fetchmail/fetchmail/-/commit/d3db2da1d13bd2419370ad96defb92eecb17064c (RELEASE_6-4-21)
NOTE: Negligible security impact
-CVE-2021-36385
- RESERVED
+CVE-2021-36385 (A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remot ...)
+ TODO: check
CVE-2021-36384
RESERVED
CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0 ...)
@@ -12771,7 +12773,7 @@ CVE-2021-34400
RESERVED
CVE-2021-34399
RESERVED
-CVE-2021-34398 (NVIDIA DCGM contains a vulnerability in the DIAG module where any user ...)
+CVE-2021-34398 (NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in ...)
NOT-FOR-US: NVIDIA
CVE-2021-34397 (Bootloader contains a vulnerability in NVIDIA MB2, which may cause fre ...)
NOT-FOR-US: NVIDIA
@@ -15585,8 +15587,8 @@ CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and
NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c
CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...)
NOT-FOR-US: Apache Jena Fuseki
-CVE-2021-33191
- RESERVED
+CVE-2021-33191 (From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements a ...)
+ TODO: check
CVE-2021-33190 (In Apache APISIX Dashboard version 2.6, we changed the default value o ...)
NOT-FOR-US: Apache APISIX Dashboard
CVE-2020-36365 (Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.Cl ...)
@@ -17828,8 +17830,8 @@ CVE-2021-32265
RESERVED
CVE-2021-32264
RESERVED
-CVE-2021-32263
- RESERVED
+CVE-2021-32263 (ok-file-formats through 2021-04-29 has a heap-based buffer overflow in ...)
+ TODO: check
CVE-2021-32262
RESERVED
CVE-2021-32261
@@ -27252,22 +27254,22 @@ CVE-2021-28634 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.00
NOT-FOR-US: Adobe
CVE-2021-28633
RESERVED
-CVE-2021-28632
- RESERVED
-CVE-2021-28631
- RESERVED
+CVE-2021-28632 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ TODO: check
+CVE-2021-28631 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-28630
RESERVED
CVE-2021-28629
RESERVED
-CVE-2021-28628
- RESERVED
-CVE-2021-28627
- RESERVED
-CVE-2021-28626
- RESERVED
-CVE-2021-28625
- RESERVED
+CVE-2021-28628 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ TODO: check
+CVE-2021-28627 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ TODO: check
+CVE-2021-28626 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ TODO: check
+CVE-2021-28625 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ TODO: check
CVE-2021-28624 (Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based ...)
NOT-FOR-US: Adobe
CVE-2021-28623 (Adobe Premiere Elements version 5.2 (and earlier) is affected by an in ...)
@@ -27284,40 +27286,40 @@ CVE-2021-28618
RESERVED
CVE-2021-28617
RESERVED
-CVE-2021-28616
- RESERVED
-CVE-2021-28615
- RESERVED
-CVE-2021-28614
- RESERVED
+CVE-2021-28616 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ TODO: check
+CVE-2021-28615 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ TODO: check
+CVE-2021-28614 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ TODO: check
CVE-2021-28613
RESERVED
-CVE-2021-28612
- RESERVED
-CVE-2021-28611
- RESERVED
-CVE-2021-28610
- RESERVED
-CVE-2021-28609
- RESERVED
-CVE-2021-28608
- RESERVED
-CVE-2021-28607
- RESERVED
-CVE-2021-28606
- RESERVED
-CVE-2021-28605
- RESERVED
-CVE-2021-28604
- RESERVED
-CVE-2021-28603
- RESERVED
-CVE-2021-28602
- RESERVED
-CVE-2021-28601
- RESERVED
-CVE-2021-28600
- RESERVED
+CVE-2021-28612 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ TODO: check
+CVE-2021-28611 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ TODO: check
+CVE-2021-28610 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ TODO: check
+CVE-2021-28609 (Adobe After Effects version 18.2 (and earlier) is affected by an Out-o ...)
+ TODO: check
+CVE-2021-28608 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ TODO: check
+CVE-2021-28607 (Adobe After Effects version 18.2 (and earlier) is affected by a heap c ...)
+ TODO: check
+CVE-2021-28606 (Adobe After Effects version 18.2 (and earlier) is affected by a Stack- ...)
+ TODO: check
+CVE-2021-28605 (Adobe After Effects version 18.2 (and earlier) is affected by a memory ...)
+ TODO: check
+CVE-2021-28604 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ TODO: check
+CVE-2021-28603 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ TODO: check
+CVE-2021-28602 (Adobe After Effects version 18.2 (and earlier) is affected by a memory ...)
+ TODO: check
+CVE-2021-28601 (Adobe After Effects version 18.2 (and earlier) is affected by a Null p ...)
+ TODO: check
+CVE-2021-28600 (Adobe After Effects version 18.2 (and earlier) is affected by an Out-o ...)
+ TODO: check
CVE-2021-28599
RESERVED
CVE-2021-28598
@@ -27408,14 +27410,14 @@ CVE-2021-28556 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and
NOT-FOR-US: Magento
CVE-2021-28555
RESERVED
-CVE-2021-28554
- RESERVED
+CVE-2021-28554 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-28553
RESERVED
-CVE-2021-28552
- RESERVED
-CVE-2021-28551
- RESERVED
+CVE-2021-28552 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ TODO: check
+CVE-2021-28551 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-28550
RESERVED
CVE-2021-28549 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...)
@@ -33530,8 +33532,8 @@ CVE-2021-26042
RESERVED
CVE-2021-26041
RESERVED
-CVE-2021-26040
- RESERVED
+CVE-2021-26040 (An issue was discovered in Joomla! 4.0.0. The media manager does not c ...)
+ TODO: check
CVE-2021-26039 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...)
NOT-FOR-US: Joomla!
CVE-2021-26038 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install actio ...)
@@ -39632,14 +39634,14 @@ CVE-2021-23434
RESERVED
CVE-2021-23433
RESERVED
-CVE-2021-23432
- RESERVED
-CVE-2021-23431
- RESERVED
-CVE-2021-23430
- RESERVED
-CVE-2021-23429
- RESERVED
+CVE-2021-23432 (This affects all versions of package mootools. This is due to the abil ...)
+ TODO: check
+CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site Request F ...)
+ TODO: check
+CVE-2021-23430 (All versions of package startserver are vulnerable to Directory Traver ...)
+ TODO: check
+CVE-2021-23429 (All versions of package transpile are vulnerable to Denial of Service ...)
+ TODO: check
CVE-2021-23428
RESERVED
CVE-2021-23427
@@ -39698,8 +39700,8 @@ CVE-2021-23408 (This affects the package com.graphhopper:graphhopper-web-bundle
NOT-FOR-US: com.graphhopper:graphhopper-web-bundle
CVE-2021-23407 (This affects the package elFinder.Net.Core from 0 and before 1.2.4. Th ...)
NOT-FOR-US: elFinder.Net.Core
-CVE-2021-23406
- RESERVED
+CVE-2021-23406 (This affects the package pac-resolver before 5.0.0. This can occur whe ...)
+ TODO: check
CVE-2021-23405 (This affects the package pimcore/pimcore before 10.0.7. This issue exi ...)
NOT-FOR-US: Pimcore
CVE-2021-23404
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae995083541b61963a72820ad20282350b8a91ac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae995083541b61963a72820ad20282350b8a91ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210824/f57462b5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list