[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 25 21:10:44 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d931bf1f by security tracker role at 2021-08-25T20:10:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2021-40141
+ RESERVED
+CVE-2021-40140
+ RESERVED
+CVE-2021-40139
+ RESERVED
+CVE-2021-40138
+ RESERVED
+CVE-2021-40137
+ RESERVED
+CVE-2021-40136
+ RESERVED
+CVE-2021-40135
+ RESERVED
+CVE-2021-40134
+ RESERVED
+CVE-2021-40133
+ RESERVED
+CVE-2021-40132
+ RESERVED
+CVE-2021-40131
+ RESERVED
+CVE-2021-40130
+ RESERVED
+CVE-2021-40129
+ RESERVED
+CVE-2021-40128
+ RESERVED
+CVE-2021-40127
+ RESERVED
+CVE-2021-40126
+ RESERVED
+CVE-2021-40125
+ RESERVED
+CVE-2021-40124
+ RESERVED
+CVE-2021-40123
+ RESERVED
+CVE-2021-40122
+ RESERVED
+CVE-2021-40121
+ RESERVED
+CVE-2021-40120
+ RESERVED
+CVE-2021-40119
+ RESERVED
+CVE-2021-40118
+ RESERVED
+CVE-2021-40117
+ RESERVED
+CVE-2021-40116
+ RESERVED
+CVE-2021-40115
+ RESERVED
+CVE-2021-40114
+ RESERVED
+CVE-2021-40113
+ RESERVED
+CVE-2021-40112
+ RESERVED
+CVE-2021-40111
+ RESERVED
+CVE-2021-40110
+ RESERVED
CVE-2021-40109
RESERVED
CVE-2021-40108
@@ -1871,8 +1935,7 @@ CVE-2021-39232
RESERVED
CVE-2021-39231
RESERVED
-CVE-2021-3713 [out-of-bounds write in UAS (USB Attached SCSI) device emulation]
- RESERVED
+CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) d ...)
- qemu <unfixed> (bug #992727)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
@@ -2017,10 +2080,10 @@ CVE-2021-39162
RESERVED
CVE-2021-39161
RESERVED
-CVE-2021-39160
- RESERVED
-CVE-2021-39159
- RESERVED
+CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...)
+ TODO: check
+CVE-2021-39159 (BinderHub is a kubernetes-based cloud service that allows users to sha ...)
+ TODO: check
CVE-2021-39158 (NVCaffe's python required dependencies list used to contain `gfortran` ...)
TODO: check
CVE-2021-39157 (detect-character-encoding is an open source character encoding inspect ...)
@@ -2093,8 +2156,8 @@ CVE-2021-39138 (Parse Server is an open source backend that can be deployed to a
NOT-FOR-US: Parse Server
CVE-2021-39137 (go-ethereum is the official Go implementation of the Ethereum protocol ...)
TODO: check
-CVE-2021-39136
- RESERVED
+CVE-2021-39136 (baserCMS is an open source content management system with a focus on J ...)
+ TODO: check
CVE-2021-39135
RESERVED
CVE-2021-39134
@@ -12094,8 +12157,7 @@ CVE-2021-34697
RESERVED
CVE-2021-34696
RESERVED
-CVE-2021-3605 [Heap buffer overflow in the rleUncompress function]
- RESERVED
+CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress functionality in versions pr ...)
{DLA-2732-1}
- openexr <unfixed> (bug #990899)
[buster] - openexr <no-dsa> (Minor issue)
@@ -13961,16 +14023,16 @@ CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that exceed
NOTE: https://trac.nginx.org/nginx/ticket/1368
CVE-2021-33887 (Insufficient verification of data authenticity in Peloton TTR01 up to ...)
NOT-FOR-US: Peloton TTR01
-CVE-2021-33886
- RESERVED
-CVE-2021-33885
- RESERVED
-CVE-2021-33884
- RESERVED
-CVE-2021-33883
- RESERVED
-CVE-2021-33882
- RESERVED
+CVE-2021-33886 (An improper sanitization of input vulnerability in B. Braun SpaceCom2 ...)
+ TODO: check
+CVE-2021-33885 (An Insufficient Verification of Data Authenticity vulnerability in B. ...)
+ TODO: check
+CVE-2021-33884 (An Unrestricted Upload of File with Dangerous Type vulnerability in B. ...)
+ TODO: check
+CVE-2021-33883 (A Cleartext Transmission of Sensitive Information vulnerability in B. ...)
+ TODO: check
+CVE-2021-33882 (A Missing Authentication for Critical Function vulnerability in B. Bra ...)
+ TODO: check
CVE-2021-33881 (On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a w ...)
NOT-FOR-US: NXP
CVE-2021-33880 (The aaugustin websockets library before 9.1 for Python has an Observab ...)
@@ -14660,8 +14722,8 @@ CVE-2021-33607
RESERVED
CVE-2021-33606
RESERVED
-CVE-2021-33605
- RESERVED
+CVE-2021-33605 (Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow ver ...)
+ TODO: check
CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...)
NOT-FOR-US: com.vaadin:flow-server
CVE-2021-33603
@@ -15452,7 +15514,7 @@ CVE-2021-33258
RESERVED
CVE-2021-33257
RESERVED
-CVE-2021-33256 (A CSV injection vulnerability on the login panel of ManageEngine ADSel ...)
+CVE-2021-33256 (** DISPUTED ** A CSV injection vulnerability on the login panel of Man ...)
NOT-FOR-US: ManageEngine
CVE-2021-33255
RESERVED
@@ -16076,8 +16138,8 @@ CVE-2021-33017
RESERVED
CVE-2021-33016
RESERVED
-CVE-2021-33015
- RESERVED
+CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
+ TODO: check
CVE-2021-33014
RESERVED
CVE-2021-33013
@@ -16116,8 +16178,8 @@ CVE-2021-32997
RESERVED
CVE-2021-32996
RESERVED
-CVE-2021-32995
- RESERVED
+CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
+ TODO: check
CVE-2021-32994
RESERVED
CVE-2021-32993
@@ -16156,8 +16218,8 @@ CVE-2021-32977
RESERVED
CVE-2021-32976
RESERVED
-CVE-2021-32975
- RESERVED
+CVE-2021-32975 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
+ TODO: check
CVE-2021-32974
RESERVED
CVE-2021-32973
@@ -18612,8 +18674,8 @@ CVE-2021-31991
RESERVED
CVE-2021-31990
RESERVED
-CVE-2021-31989
- RESERVED
+CVE-2021-31989 (A user with permission to log on to the machine hosting the AXIS Devic ...)
+ TODO: check
CVE-2021-31988
RESERVED
CVE-2021-31987
@@ -42402,8 +42464,8 @@ CVE-2021-22258
RESERVED
CVE-2021-22257
RESERVED
-CVE-2021-22256
- RESERVED
+CVE-2021-22256 (Improper authorization in GitLab CE/EE affecting all versions since 12 ...)
+ TODO: check
CVE-2021-22255 (SSRF in URL file upload in Baserow <1.1.0 allows remote authenticat ...)
NOT-FOR-US: Baserow
CVE-2021-22254 (Under very specific conditions a user could be impersonated using Gitl ...)
@@ -42414,24 +42476,24 @@ CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE affecti
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2021-22251 (Improper validation of invited users' email address in GitLab EE affec ...)
TODO: check
-CVE-2021-22250
- RESERVED
+CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...)
+ TODO: check
CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions since 12.2 ...)
TODO: check
CVE-2021-22248 (Improper authorization on the pipelines page in GitLab CE/EE affecting ...)
- gitlab <not-affected> (Vulnerable code intrododuced later)
-CVE-2021-22247
- RESERVED
+CVE-2021-22247 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...)
+ TODO: check
CVE-2021-22246 (A vulnerability was discovered in GitLab versions before 14.0.2, 13.12 ...)
- gitlab <unfixed>
-CVE-2021-22245
- RESERVED
-CVE-2021-22244
- RESERVED
-CVE-2021-22243
- RESERVED
-CVE-2021-22242
- RESERVED
+CVE-2021-22245 (Improper validation of commit author in GitLab CE/EE affecting all ver ...)
+ TODO: check
+CVE-2021-22244 (Improper authorization in the vulnerability report feature in GitLab E ...)
+ TODO: check
+CVE-2021-22243 (Under specialized conditions, GitLab CE/EE versions starting 7.10 may ...)
+ TODO: check
+CVE-2021-22242 (Insufficient input sanitization in Mermaid markdown in GitLab CE/EE ve ...)
+ TODO: check
CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14 ...)
@@ -42442,12 +42504,10 @@ CVE-2021-22239
NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22238 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
-CVE-2021-22237
- RESERVED
+CVE-2021-22237 (Under specialized conditions, GitLab may allow a user with an imperson ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
-CVE-2021-22236
- RESERVED
+CVE-2021-22236 (Due to improper handling of OAuth client IDs, new subscriptions genera ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 ...)
@@ -43275,11 +43335,11 @@ CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format
NOT-FOR-US: PowerISO
CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
-CVE-2021-21869
- RESERVED
-CVE-2021-21868 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
+CVE-2021-21869 (An unsafe deserialization vulnerability exists in the Engine.plugin Pr ...)
+ TODO: check
+CVE-2021-21868 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...)
NOT-FOR-US: CODESYS
-CVE-2021-21867 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
+CVE-2021-21867 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...)
NOT-FOR-US: CODESYS
CVE-2021-21866 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
NOT-FOR-US: CODESYS
@@ -43362,22 +43422,19 @@ CVE-2021-21851 (Multiple exploitable integer overflow vulnerabilities exist with
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
-CVE-2021-21850
- RESERVED
+CVE-2021-21850 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
-CVE-2021-21849
- RESERVED
+CVE-2021-21849 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
-CVE-2021-21848
- RESERVED
+CVE-2021-21848 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
@@ -43413,22 +43470,19 @@ CVE-2021-21843 (Multiple exploitable integer overflow vulnerabilities exist with
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
-CVE-2021-21842
- RESERVED
+CVE-2021-21842 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
-CVE-2021-21841
- RESERVED
+CVE-2021-21841 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
-CVE-2021-21840
- RESERVED
+CVE-2021-21840 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
@@ -43452,22 +43506,19 @@ CVE-2021-21837 (Multiple exploitable integer overflow vulnerabilities exist with
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
-CVE-2021-21836
- RESERVED
+CVE-2021-21836 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
-CVE-2021-21835
- RESERVED
+CVE-2021-21835 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
- gpac <not-affected> (Vulnerable code not present)
NOTE: Introduced in https://github.com/gpac/gpac/commit/0f9761c48541bc01f0c619b7d02916d28e87dea9
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
-CVE-2021-21834
- RESERVED
+CVE-2021-21834 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
@@ -43600,8 +43651,8 @@ CVE-2021-21779 (A use-after-free vulnerability exists in the way Webkit’s
- wpewebkit 2.32.3-1
[bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238
-CVE-2021-21778
- RESERVED
+CVE-2021-21778 (A denial of service vulnerability exists in the ASDU message processin ...)
+ TODO: check
CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/IP UDP ...)
NOT-FOR-US: EIP Stack Group OpENer
CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...)
@@ -79921,18 +79972,18 @@ CVE-2020-18978
RESERVED
CVE-2020-18977
RESERVED
-CVE-2020-18976
- RESERVED
+CVE-2020-18976 (Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial ...)
+ TODO: check
CVE-2020-18975
RESERVED
-CVE-2020-18974
- RESERVED
+CVE-2020-18974 (Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers ...)
+ TODO: check
CVE-2020-18973
RESERVED
-CVE-2020-18972
- RESERVED
-CVE-2020-18971
- RESERVED
+CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v ...)
+ TODO: check
+CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...)
+ TODO: check
CVE-2020-18970
RESERVED
CVE-2020-18969
@@ -210511,8 +210562,8 @@ CVE-2018-10792
RESERVED
CVE-2018-10791
RESERVED
-CVE-2018-10790
- RESERVED
+CVE-2018-10790 (The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allow ...)
+ TODO: check
CVE-2018-10789
RESERVED
CVE-2018-10788
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d931bf1f368faf7ef341033b3e6703f970738b97
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d931bf1f368faf7ef341033b3e6703f970738b97
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210825/b2b073b9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list