[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 31 09:10:28 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
259b457f by security tracker role at 2021-08-31T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repository ...)
+ TODO: check
+CVE-2021-40329
+ RESERVED
+CVE-2021-3751
+ RESERVED
CVE-2021-40328
RESERVED
CVE-2021-40327
@@ -2292,42 +2298,55 @@ CVE-2021-39265
CVE-2021-39264
RESERVED
CVE-2021-39263
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39262
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39261
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39260
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39259
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39258
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39257
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39256
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39255
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39254
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39253
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39252
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39251
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39250 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...)
@@ -2510,14 +2529,14 @@ CVE-2021-39180
RESERVED
CVE-2021-39179
RESERVED
-CVE-2021-39178
- RESERVED
-CVE-2021-39177
- RESERVED
+CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...)
+ TODO: check
+CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...)
+ TODO: check
CVE-2021-39176
RESERVED
-CVE-2021-39175
- RESERVED
+CVE-2021-39175 (HedgeDoc is a platform to write and share markdown. In versions prior ...)
+ TODO: check
CVE-2021-39174 (Cachet is an open source status page system. Prior to version 2.5.1, a ...)
TODO: check
CVE-2021-39173 (Cachet is an open source status page system. Prior to version 2.5.1 au ...)
@@ -2628,10 +2647,10 @@ CVE-2021-39135
RESERVED
CVE-2021-39134
RESERVED
-CVE-2021-39133
- RESERVED
-CVE-2021-39132
- RESERVED
+CVE-2021-39133 (Rundeck is an open source automation service with a web console, comma ...)
+ TODO: check
+CVE-2021-39132 (### Impact An authorized user can upload a zip-format plugin with a cr ...)
+ TODO: check
CVE-2021-39131 (ced detects character encoding using Google’s compact_enc_det li ...)
NOT-FOR-US: Node ced
CVE-2021-39130
@@ -4870,12 +4889,12 @@ CVE-2021-38147
RESERVED
CVE-2021-38146
RESERVED
-CVE-2021-38145
- RESERVED
-CVE-2021-38144
- RESERVED
-CVE-2021-38143
- RESERVED
+CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...)
+ TODO: check
+CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...)
+ TODO: check
+CVE-2021-38143 (An issue was discovered in Form Tools through 3.0.20. When an administ ...)
+ TODO: check
CVE-2021-38142
RESERVED
CVE-2021-38141
@@ -6103,7 +6122,7 @@ CVE-2021-37595 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_conte
CVE-2021-37594 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...)
- freerdp2 <not-affected> (Windows-specific)
NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9
-CVE-2021-37593 (PEEL Shopping before 9.4.0.1 allows remote SQL injection. A public use ...)
+CVE-2021-37593 (PEEL Shopping version 9.4.0 allows remote SQL injection. A public user ...)
NOT-FOR-US: PEEL Shopping
CVE-2021-37592
RESERVED
@@ -7395,8 +7414,8 @@ CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attack
NOT-FOR-US: ReplaySorcery
CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...)
NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
-CVE-2021-36981
- RESERVED
+CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...)
+ TODO: check
CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...)
- linux 5.10.46-3
CVE-2021-3654 [novnc allows open redirection]
@@ -8153,10 +8172,10 @@ CVE-2021-36694
RESERVED
CVE-2021-36693
RESERVED
-CVE-2021-36692
- RESERVED
-CVE-2021-36691
- RESERVED
+CVE-2021-36692 (libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/c ...)
+ TODO: check
+CVE-2021-36691 (libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image ...)
+ TODO: check
CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...)
- sqlite3 3.36.0-2 (unimportant)
[stretch] - sqlite3 <not-affected> (vulnerable code is not present)
@@ -8850,8 +8869,8 @@ CVE-2021-36358
RESERVED
CVE-2021-36357
RESERVED
-CVE-2021-36356
- RESERVED
+CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to execute ...)
+ TODO: check
CVE-2021-36355
RESERVED
CVE-2021-36354
@@ -11399,15 +11418,19 @@ CVE-2021-35271
CVE-2021-35270
RESERVED
CVE-2021-35269
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-35268
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-35267
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-35266
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-35265 (A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS be ...)
@@ -13296,8 +13319,8 @@ CVE-2021-34436
RESERVED
CVE-2021-34435
RESERVED
-CVE-2021-34434
- RESERVED
+CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...)
+ TODO: check
CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3 ...)
NOT-FOR-US: Eclipse Californium
CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...)
@@ -15934,17 +15957,21 @@ CVE-2021-33291
CVE-2021-33290
RESERVED
CVE-2021-33289
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-33288
RESERVED
CVE-2021-33287
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-33286
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-33285
+ RESERVED
- ntfs-3g <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-33284
@@ -17037,10 +17064,10 @@ CVE-2021-32834
RESERVED
CVE-2021-32833
RESERVED
-CVE-2021-32832
- RESERVED
-CVE-2021-32831
- RESERVED
+CVE-2021-32832 (Rocket.Chat is an open-source fully customizable communications platfo ...)
+ TODO: check
+CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for Node.js p ...)
+ TODO: check
CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont ...)
NOT-FOR-US: Node @diez/generation
CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...)
@@ -30433,12 +30460,12 @@ CVE-2021-27560
RESERVED
CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the Nickname f ...)
NOT-FOR-US: Monica
-CVE-2021-27558
- RESERVED
-CVE-2021-27557
- RESERVED
-CVE-2021-27556
- RESERVED
+CVE-2021-27558 (A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows re ...)
+ TODO: check
+CVE-2021-27557 (A cross-site request forgery (CSRF) vulnerability in the Cron job tab ...)
+ TODO: check
+CVE-2021-27556 (The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (wh ...)
+ TODO: check
CVE-2021-27555
RESERVED
CVE-2021-27554
@@ -72497,8 +72524,8 @@ CVE-2020-22850
RESERVED
CVE-2020-22849
RESERVED
-CVE-2020-22848
- RESERVED
+CVE-2020-22848 (A remote code execution (RCE) vulnerability in the \Playsong.php compo ...)
+ TODO: check
CVE-2020-22847
RESERVED
CVE-2020-22846
@@ -93623,8 +93650,8 @@ CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin
NOT-FOR-US: Real-Time Find and Replace plugin for WordPress
CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlie ...)
NOT-FOR-US: gVectors wpDiscuz plugin for WordPress
-CVE-2020-13639
- RESERVED
+CVE-2020-13639 (A stored XSS vulnerability was discovered in the ECT Provider in OutSy ...)
+ TODO: check
CVE-2020-13638 (lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authenti ...)
NOT-FOR-US: rConfig
CVE-2020-13637 (An issue was discovered in the stashcat app through 3.9.2 for macOS, W ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/259b457fb8b007c184721d64ada70edb185fc73b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/259b457fb8b007c184721d64ada70edb185fc73b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210831/0e28acdc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list