[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 26 21:10:44 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c9d227c5 by security tracker role at 2021-08-26T20:10:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerabili ...)
+ TODO: check
+CVE-2021-40146
+ RESERVED
+CVE-2021-3738
+ RESERVED
+CVE-2021-3737
+ RESERVED
+CVE-2021-3736
+ RESERVED
CVE-2021-40145 (** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (a ...)
- libgd2 <unfixed>
[bullseye] - libgd2 <no-dsa> (Minor issue)
@@ -130,6 +140,7 @@ CVE-2021-40082
CVE-2021-40081
RESERVED
CVE-2021-3739
+ RESERVED
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -144,8 +155,8 @@ CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, tri
[buster] - knot-resolver <not-affected> (Vulnerable code introduced later)
NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169
NOTE: Introduced by https://gitlab.nic.cz/knot/knot-resolver/-/commit/7107faebc72c14c864622128a20a9b39fe94d733 (5.3.1)
-CVE-2021-3734
- RESERVED
+CVE-2021-3734 (yourls is vulnerable to Improper Restriction of Rendered UI Layers or ...)
+ TODO: check
CVE-2021-40080
RESERVED
CVE-2021-40079
@@ -3406,8 +3417,8 @@ CVE-2021-38561
RESERVED
CVE-2021-38560
RESERVED
-CVE-2021-38559
- RESERVED
+CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php ...)
+ TODO: check
CVE-2021-38558
RESERVED
CVE-2021-38557 (raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as ...)
@@ -7083,14 +7094,14 @@ CVE-2021-36933 (Windows Services for NFS ONCRPC XDR Driver Information Disclosur
NOT-FOR-US: Microsoft
CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
NOT-FOR-US: Microsoft
-CVE-2021-36931
- RESERVED
+CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+ TODO: check
CVE-2021-36930
RESERVED
-CVE-2021-36929
- RESERVED
-CVE-2021-36928
- RESERVED
+CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-36928 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+ TODO: check
CVE-2021-36927 (Windows Digital TV Tuner device registration application Elevation of ...)
NOT-FOR-US: Microsoft
CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
@@ -8407,8 +8418,8 @@ CVE-2021-36354
RESERVED
CVE-2021-36353
RESERVED
-CVE-2021-36352
- RESERVED
+CVE-2021-36352 (Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Inf ...)
+ TODO: check
CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Information ...)
NOT-FOR-US: Care2x Open Source Hospital Information Management
CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function]
@@ -17063,8 +17074,8 @@ CVE-2021-32650
RESERVED
CVE-2021-32649
RESERVED
-CVE-2021-32648
- RESERVED
+CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...)
+ TODO: check
CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...)
NOT-FOR-US: Emissary
CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides automatic voice ...)
@@ -18373,8 +18384,8 @@ CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from co
NOTE: https://github.com/satori/go.uuid/issues/73
CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions before 3.1. ...)
NOT-FOR-US: VerityStream MSOW Solutions
-CVE-2021-32076
- RESERVED
+CVE-2021-32076 (Access Restriction Bypass via referrer spoof was discovered in SolarWi ...)
+ TODO: check
CVE-2021-32075 (Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. ...)
NOT-FOR-US: Re-Logic Terraria
CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows a ...)
@@ -22251,62 +22262,48 @@ CVE-2021-30606
RESERVED
CVE-2021-30605
RESERVED
-CVE-2021-30604
- RESERVED
+CVE-2021-30604 (Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowe ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30603
- RESERVED
+CVE-2021-30603 (Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30602
- RESERVED
+CVE-2021-30602 (Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allow ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30601
- RESERVED
+CVE-2021-30601 (Use after free in Extensions API in Google Chrome prior to 92.0.4515.1 ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30600
- RESERVED
+CVE-2021-30600 (Use after free in Printing in Google Chrome prior to 92.0.4515.159 all ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30599
- RESERVED
+CVE-2021-30599 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30598
- RESERVED
+CVE-2021-30598 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30597
- RESERVED
+CVE-2021-30597 (Use after free in Browser UI in Google Chrome on Chrome prior to 92.0. ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30596
- RESERVED
+CVE-2021-30596 (Incorrect security UI in Navigation in Google Chrome on Android prior ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30595
RESERVED
-CVE-2021-30594
- RESERVED
+CVE-2021-30594 (Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30593
- RESERVED
+CVE-2021-30593 (Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.13 ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30592
- RESERVED
+CVE-2021-30592 (Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515. ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30591
- RESERVED
+CVE-2021-30591 (Use after free in File System API in Google Chrome prior to 92.0.4515. ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30590
- RESERVED
+CVE-2021-30590 (Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515. ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30589 (Insufficient validation of untrusted input in Sharing in Google Chrome ...)
@@ -25237,8 +25234,8 @@ CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was
[stretch] - sabnzbdplus <no-dsa> (Minor issue; contrib not supported)
NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp
NOTE: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b
-CVE-2021-29487
- RESERVED
+CVE-2021-29487 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...)
+ TODO: check
CVE-2021-29486 (cumulative-distribution-function is an open source npm library used wh ...)
NOT-FOR-US: Node cumulative-distribution-function
CVE-2021-29485 (Ratpack is a toolkit for creating web applications. In versions prior ...)
@@ -29093,8 +29090,8 @@ CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. Th
[buster] - rpm <no-dsa> (Minor issue)
[stretch] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927747
-CVE-2021-27944
- RESERVED
+CVE-2021-27944 (Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E ...)
+ TODO: check
CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 ...)
NOT-FOR-US: Vizio
CVE-2021-27942 (Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a thre ...)
@@ -81029,12 +81026,12 @@ CVE-2020-18479
RESERVED
CVE-2020-18478
RESERVED
-CVE-2020-18477
- RESERVED
-CVE-2020-18476
- RESERVED
-CVE-2020-18475
- RESERVED
+CVE-2020-18477 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enqui ...)
+ TODO: check
+CVE-2020-18476 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic informat ...)
+ TODO: check
+CVE-2020-18475 (Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is ...)
+ TODO: check
CVE-2020-18474
RESERVED
CVE-2020-18473
@@ -81043,14 +81040,14 @@ CVE-2020-18472
RESERVED
CVE-2020-18471
RESERVED
-CVE-2020-18470
- RESERVED
-CVE-2020-18469
- RESERVED
-CVE-2020-18468
- RESERVED
-CVE-2020-18467
- RESERVED
+CVE-2020-18470 (Stored cross-site scripting (XSS) vulnerability in the Name of applica ...)
+ TODO: check
+CVE-2020-18469 (Stored cross-site scripting (XSS) vulnerability in the Copyright Text ...)
+ TODO: check
+CVE-2020-18468 (Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Hea ...)
+ TODO: check
+CVE-2020-18467 (Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in ...)
+ TODO: check
CVE-2020-18466
RESERVED
CVE-2020-18465
@@ -91572,10 +91569,10 @@ CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3804
CVE-2020-14162 (An issue was discovered in Pi-Hole through 5.0. The local www-data use ...)
NOT-FOR-US: Pi-Hole
-CVE-2020-14161
- RESERVED
-CVE-2020-14160
- RESERVED
+CVE-2020-14161 (It is possible to inject HTML and/or JavaScript in the HTML to PDF con ...)
+ TODO: check
+CVE-2020-14160 (An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote ...)
+ TODO: check
CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.178, a ...)
NOT-FOR-US: ConnectWise
CVE-2020-14158 (The ABUS Secvest FUMO50110 hybrid module does not have any security me ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9d227c53a8b773cf31a1b1c1af35e48f20a7ee3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9d227c53a8b773cf31a1b1c1af35e48f20a7ee3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210826/28dc4c79/attachment.htm>
More information about the debian-security-tracker-commits
mailing list