[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 1 09:10:25 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aca222c3 by security tracker role at 2021-07-01T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...)
+ TODO: check
+CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in f ...)
+ TODO: check
+CVE-2021-36087 (The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e ...)
+ TODO: check
+CVE-2021-36086 (The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_clas ...)
+ TODO: check
+CVE-2021-36085 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...)
+ TODO: check
+CVE-2021-36084 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...)
+ TODO: check
+CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overf ...)
+ TODO: check
+CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in processClientServer ...)
+ TODO: check
+CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-fr ...)
+ TODO: check
+CVE-2021-36080 (GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_ ...)
+ TODO: check
+CVE-2020-36407 (libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataF ...)
+ TODO: check
+CVE-2020-36406 (uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in u ...)
+ TODO: check
+CVE-2020-36405 (Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::get ...)
+ TODO: check
+CVE-2020-36404 (Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl& ...)
+ TODO: check
+CVE-2020-36403 (HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in vcf_pa ...)
+ TODO: check
+CVE-2020-36402 (Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLi ...)
+ TODO: check
+CVE-2020-36401 (mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_f ...)
+ TODO: check
+CVE-2020-36400 (ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, ...)
+ TODO: check
+CVE-2020-36399
+ RESERVED
+CVE-2020-36398
+ RESERVED
+CVE-2020-36397
+ RESERVED
+CVE-2020-36396
+ RESERVED
+CVE-2020-36395
+ RESERVED
+CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_pr ...)
+ TODO: check
+CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_p ...)
+ TODO: check
+CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...)
+ TODO: check
+CVE-2018-25017 (RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in Tab ...)
+ TODO: check
+CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...)
+ TODO: check
CVE-2021-3631
RESERVED
CVE-2021-36079
@@ -13645,55 +13701,55 @@ CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11
NOT-FOR-US: LG mobile devices
CVE-2021-26948
RESERVED
- {DSA-4928-1}
+ {DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/410
NOTE: https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2
NOTE: Crash in CLI tool, no security impact
CVE-2021-26259
RESERVED
- {DSA-4928-1}
+ {DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/417
NOTE: https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5
NOTE: Crash in CLI tool, no security impact
CVE-2021-26252
RESERVED
- {DSA-4928-1}
+ {DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/412
NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
NOTE: Crash in CLI tool, no security impact
CVE-2021-23206
RESERVED
- {DSA-4928-1}
+ {DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/416
NOTE: https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8
NOTE: Crash in CLI tool, no security impact
CVE-2021-23191
RESERVED
- {DSA-4928-1}
+ {DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/415
NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
NOTE: Crash in CLI tool, no security impact
CVE-2021-23180
RESERVED
- {DSA-4928-1}
+ {DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/418
NOTE: https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a
NOTE: Crash in CLI tool, no security impact
CVE-2021-23165
RESERVED
- {DSA-4928-1}
+ {DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/413
NOTE: https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f
CVE-2021-23158
RESERVED
- {DSA-4928-1}
+ {DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/414
NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
@@ -17077,12 +17133,12 @@ CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP N
NOT-FOR-US: QNAP
CVE-2021-28805 (Inclusion of sensitive information in the source code has been reporte ...)
NOT-FOR-US: QNAP
-CVE-2021-28804
- RESERVED
-CVE-2021-28803
- RESERVED
-CVE-2021-28802
- RESERVED
+CVE-2021-28804 (A command injection vulnerabilities have been reported to affect QTS a ...)
+ TODO: check
+CVE-2021-28803 (This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11. ...)
+ TODO: check
+CVE-2021-28802 (A command injection vulnerabilities have been reported to affect QTS a ...)
+ TODO: check
CVE-2021-28801 (An out-of-bounds read vulnerability has been reported to affect certai ...)
NOT-FOR-US: QNAP
CVE-2021-28800 (A command injection vulnerability has been reported to affect QNAP NAS ...)
@@ -25565,12 +25621,12 @@ CVE-2020-36198 (A command injection vulnerability has been reported to affect ce
NOT-FOR-US: QNAP
CVE-2020-36197 (An improper access control vulnerability has been reported to affect e ...)
NOT-FOR-US: QNAP
-CVE-2020-36196
- RESERVED
+CVE-2020-36196 (A stored XSS vulnerability has been reported to affect QNAP NAS runnin ...)
+ TODO: check
CVE-2020-36195 (An SQL injection vulnerability has been reported to affect QNAP NAS ru ...)
NOT-FOR-US: QNAP
-CVE-2020-36194
- RESERVED
+CVE-2020-36194 (An XSS vulnerability has been reported to affect QNAP NAS running QTS ...)
+ TODO: check
CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...)
NOT-FOR-US: MISP
CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because the cl ...)
@@ -32286,22 +32342,22 @@ CVE-2021-22354 (There is an Information Disclosure Vulnerability in Huawei Smart
NOT-FOR-US: Huawei
CVE-2021-22353 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
NOT-FOR-US: Huawei
-CVE-2021-22352
- RESERVED
-CVE-2021-22351
- RESERVED
-CVE-2021-22350
- RESERVED
-CVE-2021-22349
- RESERVED
-CVE-2021-22348
- RESERVED
+CVE-2021-22352 (There is a Configuration Defect Vulnerability in Huawei Smartphone. Su ...)
+ TODO: check
+CVE-2021-22351 (There is a Credentials Management Errors Vulnerability in Huawei Smart ...)
+ TODO: check
+CVE-2021-22350 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ TODO: check
+CVE-2021-22349 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...)
+ TODO: check
+CVE-2021-22348 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ TODO: check
CVE-2021-22347
RESERVED
-CVE-2021-22346
- RESERVED
-CVE-2021-22345
- RESERVED
+CVE-2021-22346 (There is an Improper Permission Management Vulnerability in Huawei Sma ...)
+ TODO: check
+CVE-2021-22345 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...)
+ TODO: check
CVE-2021-22344
RESERVED
CVE-2021-22343
@@ -37400,8 +37456,8 @@ CVE-2021-20780
RESERVED
CVE-2021-20779
RESERVED
-CVE-2021-20778
- RESERVED
+CVE-2021-20778 (Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 seri ...)
+ TODO: check
CVE-2021-20777
RESERVED
CVE-2021-20776
@@ -37452,8 +37508,8 @@ CVE-2021-20754
RESERVED
CVE-2021-20753
RESERVED
-CVE-2021-20752
- RESERVED
+CVE-2021-20752 (Cross-site scripting vulnerability in IkaIka RSS Reader all versions a ...)
+ TODO: check
CVE-2021-20751 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p ...)
NOT-FOR-US: EC-CUBE
CVE-2021-20750 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18- ...)
@@ -38369,6 +38425,7 @@ CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and be
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f
CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers ...)
+ {DLA-2700-1}
- htmldoc 1.9.11-3 (unimportant; bug #984765)
[buster] - htmldoc 1.9.3-1+deb10u1
NOTE: https://github.com/michaelrsweet/htmldoc/issues/423
@@ -97765,6 +97822,7 @@ CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC
CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before ...)
NOT-FOR-US: Citrix
CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, &l ...)
+ {DLA-2698-1}
- node-bl 4.0.3-1 (bug #969309)
[buster] - node-bl 1.1.2-1+deb10u1
NOTE: https://hackerone.com/reports/966347
@@ -105559,7 +105617,7 @@ CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i
NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
NOTE: Negligible security impact
CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 negl ...)
- {DLA-2098-1}
+ {DLA-2699-1 DLA-2098-1}
- ipmitool 1.8.18-10.1 (bug #950761)
[buster] - ipmitool 1.8.18-6+deb10u1
NOTE: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
@@ -113367,7 +113425,7 @@ CVE-2019-19632 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2
CVE-2019-19631 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...)
NOT-FOR-US: Big Switch Networks
CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...)
- {DLA-2026-1}
+ {DLA-2700-1 DLA-2026-1}
- htmldoc 1.9.7-1 (unimportant; bug #988289)
[buster] - htmldoc 1.9.3-1+deb10u1
NOTE: https://github.com/michaelrsweet/htmldoc/issues/370
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aca222c3754f6652e20af6317fd737fe8b3121b9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aca222c3754f6652e20af6317fd737fe8b3121b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210701/0710b4dd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list