[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 12 21:10:29 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b644affe by security tracker role at 2021-07-12T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,693 @@
+CVE-2021-36715
+ RESERVED
+CVE-2021-36714
+ RESERVED
+CVE-2021-36713
+ RESERVED
+CVE-2021-36712
+ RESERVED
+CVE-2021-36711
+ RESERVED
+CVE-2021-36710
+ RESERVED
+CVE-2021-36709
+ RESERVED
+CVE-2021-36708
+ RESERVED
+CVE-2021-36707
+ RESERVED
+CVE-2021-36706
+ RESERVED
+CVE-2021-36705
+ RESERVED
+CVE-2021-36704
+ RESERVED
+CVE-2021-36703
+ RESERVED
+CVE-2021-36702
+ RESERVED
+CVE-2021-36701
+ RESERVED
+CVE-2021-36700
+ RESERVED
+CVE-2021-36699
+ RESERVED
+CVE-2021-36698
+ RESERVED
+CVE-2021-36697
+ RESERVED
+CVE-2021-36696
+ RESERVED
+CVE-2021-36695
+ RESERVED
+CVE-2021-36694
+ RESERVED
+CVE-2021-36693
+ RESERVED
+CVE-2021-36692
+ RESERVED
+CVE-2021-36691
+ RESERVED
+CVE-2021-36690
+ RESERVED
+CVE-2021-36689
+ RESERVED
+CVE-2021-36688
+ RESERVED
+CVE-2021-36687
+ RESERVED
+CVE-2021-36686
+ RESERVED
+CVE-2021-36685
+ RESERVED
+CVE-2021-36684
+ RESERVED
+CVE-2021-36683
+ RESERVED
+CVE-2021-36682
+ RESERVED
+CVE-2021-36681
+ RESERVED
+CVE-2021-36680
+ RESERVED
+CVE-2021-36679
+ RESERVED
+CVE-2021-36678
+ RESERVED
+CVE-2021-36677
+ RESERVED
+CVE-2021-36676
+ RESERVED
+CVE-2021-36675
+ RESERVED
+CVE-2021-36674
+ RESERVED
+CVE-2021-36673
+ RESERVED
+CVE-2021-36672
+ RESERVED
+CVE-2021-36671
+ RESERVED
+CVE-2021-36670
+ RESERVED
+CVE-2021-36669
+ RESERVED
+CVE-2021-36668
+ RESERVED
+CVE-2021-36667
+ RESERVED
+CVE-2021-36666
+ RESERVED
+CVE-2021-36665
+ RESERVED
+CVE-2021-36664
+ RESERVED
+CVE-2021-36663
+ RESERVED
+CVE-2021-36662
+ RESERVED
+CVE-2021-36661
+ RESERVED
+CVE-2021-36660
+ RESERVED
+CVE-2021-36659
+ RESERVED
+CVE-2021-36658
+ RESERVED
+CVE-2021-36657
+ RESERVED
+CVE-2021-36656
+ RESERVED
+CVE-2021-36655
+ RESERVED
+CVE-2021-36654
+ RESERVED
+CVE-2021-36653
+ RESERVED
+CVE-2021-36652
+ RESERVED
+CVE-2021-36651
+ RESERVED
+CVE-2021-36650
+ RESERVED
+CVE-2021-36649
+ RESERVED
+CVE-2021-36648
+ RESERVED
+CVE-2021-36647
+ RESERVED
+CVE-2021-36646
+ RESERVED
+CVE-2021-36645
+ RESERVED
+CVE-2021-36644
+ RESERVED
+CVE-2021-36643
+ RESERVED
+CVE-2021-36642
+ RESERVED
+CVE-2021-36641
+ RESERVED
+CVE-2021-36640
+ RESERVED
+CVE-2021-36639
+ RESERVED
+CVE-2021-36638
+ RESERVED
+CVE-2021-36637
+ RESERVED
+CVE-2021-36636
+ RESERVED
+CVE-2021-36635
+ RESERVED
+CVE-2021-36634
+ RESERVED
+CVE-2021-36633
+ RESERVED
+CVE-2021-36632
+ RESERVED
+CVE-2021-36631
+ RESERVED
+CVE-2021-36630
+ RESERVED
+CVE-2021-36629
+ RESERVED
+CVE-2021-36628
+ RESERVED
+CVE-2021-36627
+ RESERVED
+CVE-2021-36626
+ RESERVED
+CVE-2021-36625
+ RESERVED
+CVE-2021-36624
+ RESERVED
+CVE-2021-36623
+ RESERVED
+CVE-2021-36622
+ RESERVED
+CVE-2021-36621
+ RESERVED
+CVE-2021-36620
+ RESERVED
+CVE-2021-36619
+ RESERVED
+CVE-2021-36618
+ RESERVED
+CVE-2021-36617
+ RESERVED
+CVE-2021-36616
+ RESERVED
+CVE-2021-36615
+ RESERVED
+CVE-2021-36614
+ RESERVED
+CVE-2021-36613
+ RESERVED
+CVE-2021-36612
+ RESERVED
+CVE-2021-36611
+ RESERVED
+CVE-2021-36610
+ RESERVED
+CVE-2021-36609
+ RESERVED
+CVE-2021-36608
+ RESERVED
+CVE-2021-36607
+ RESERVED
+CVE-2021-36606
+ RESERVED
+CVE-2021-36605
+ RESERVED
+CVE-2021-36604
+ RESERVED
+CVE-2021-36603
+ RESERVED
+CVE-2021-36602
+ RESERVED
+CVE-2021-36601
+ RESERVED
+CVE-2021-36600
+ RESERVED
+CVE-2021-36599
+ RESERVED
+CVE-2021-36598
+ RESERVED
+CVE-2021-36597
+ RESERVED
+CVE-2021-36596
+ RESERVED
+CVE-2021-36595
+ RESERVED
+CVE-2021-36594
+ RESERVED
+CVE-2021-36593
+ RESERVED
+CVE-2021-36592
+ RESERVED
+CVE-2021-36591
+ RESERVED
+CVE-2021-36590
+ RESERVED
+CVE-2021-36589
+ RESERVED
+CVE-2021-36588
+ RESERVED
+CVE-2021-36587
+ RESERVED
+CVE-2021-36586
+ RESERVED
+CVE-2021-36585
+ RESERVED
+CVE-2021-36584
+ RESERVED
+CVE-2021-36583
+ RESERVED
+CVE-2021-36582
+ RESERVED
+CVE-2021-36581
+ RESERVED
+CVE-2021-36580
+ RESERVED
+CVE-2021-36579
+ RESERVED
+CVE-2021-36578
+ RESERVED
+CVE-2021-36577
+ RESERVED
+CVE-2021-36576
+ RESERVED
+CVE-2021-36575
+ RESERVED
+CVE-2021-36574
+ RESERVED
+CVE-2021-36573
+ RESERVED
+CVE-2021-36572
+ RESERVED
+CVE-2021-36571
+ RESERVED
+CVE-2021-36570
+ RESERVED
+CVE-2021-36569
+ RESERVED
+CVE-2021-36568
+ RESERVED
+CVE-2021-36567
+ RESERVED
+CVE-2021-36566
+ RESERVED
+CVE-2021-36565
+ RESERVED
+CVE-2021-36564
+ RESERVED
+CVE-2021-36563
+ RESERVED
+CVE-2021-36562
+ RESERVED
+CVE-2021-36561
+ RESERVED
+CVE-2021-36560
+ RESERVED
+CVE-2021-36559
+ RESERVED
+CVE-2021-36558
+ RESERVED
+CVE-2021-36557
+ RESERVED
+CVE-2021-36556
+ RESERVED
+CVE-2021-36555
+ RESERVED
+CVE-2021-36554
+ RESERVED
+CVE-2021-36553
+ RESERVED
+CVE-2021-36552
+ RESERVED
+CVE-2021-36551
+ RESERVED
+CVE-2021-36550
+ RESERVED
+CVE-2021-36549
+ RESERVED
+CVE-2021-36548
+ RESERVED
+CVE-2021-36547
+ RESERVED
+CVE-2021-36546
+ RESERVED
+CVE-2021-36545
+ RESERVED
+CVE-2021-36544
+ RESERVED
+CVE-2021-36543
+ RESERVED
+CVE-2021-36542
+ RESERVED
+CVE-2021-36541
+ RESERVED
+CVE-2021-36540
+ RESERVED
+CVE-2021-36539
+ RESERVED
+CVE-2021-36538
+ RESERVED
+CVE-2021-36537
+ RESERVED
+CVE-2021-36536
+ RESERVED
+CVE-2021-36535
+ RESERVED
+CVE-2021-36534
+ RESERVED
+CVE-2021-36533
+ RESERVED
+CVE-2021-36532
+ RESERVED
+CVE-2021-36531
+ RESERVED
+CVE-2021-36530
+ RESERVED
+CVE-2021-36529
+ RESERVED
+CVE-2021-36528
+ RESERVED
+CVE-2021-36527
+ RESERVED
+CVE-2021-36526
+ RESERVED
+CVE-2021-36525
+ RESERVED
+CVE-2021-36524
+ RESERVED
+CVE-2021-36523
+ RESERVED
+CVE-2021-36522
+ RESERVED
+CVE-2021-36521
+ RESERVED
+CVE-2021-36520
+ RESERVED
+CVE-2021-36519
+ RESERVED
+CVE-2021-36518
+ RESERVED
+CVE-2021-36517
+ RESERVED
+CVE-2021-36516
+ RESERVED
+CVE-2021-36515
+ RESERVED
+CVE-2021-36514
+ RESERVED
+CVE-2021-36513
+ RESERVED
+CVE-2021-36512
+ RESERVED
+CVE-2021-36511
+ RESERVED
+CVE-2021-36510
+ RESERVED
+CVE-2021-36509
+ RESERVED
+CVE-2021-36508
+ RESERVED
+CVE-2021-36507
+ RESERVED
+CVE-2021-36506
+ RESERVED
+CVE-2021-36505
+ RESERVED
+CVE-2021-36504
+ RESERVED
+CVE-2021-36503
+ RESERVED
+CVE-2021-36502
+ RESERVED
+CVE-2021-36501
+ RESERVED
+CVE-2021-36500
+ RESERVED
+CVE-2021-36499
+ RESERVED
+CVE-2021-36498
+ RESERVED
+CVE-2021-36497
+ RESERVED
+CVE-2021-36496
+ RESERVED
+CVE-2021-36495
+ RESERVED
+CVE-2021-36494
+ RESERVED
+CVE-2021-36493
+ RESERVED
+CVE-2021-36492
+ RESERVED
+CVE-2021-36491
+ RESERVED
+CVE-2021-36490
+ RESERVED
+CVE-2021-36489
+ RESERVED
+CVE-2021-36488
+ RESERVED
+CVE-2021-36487
+ RESERVED
+CVE-2021-36486
+ RESERVED
+CVE-2021-36485
+ RESERVED
+CVE-2021-36484
+ RESERVED
+CVE-2021-36483
+ RESERVED
+CVE-2021-36482
+ RESERVED
+CVE-2021-36481
+ RESERVED
+CVE-2021-36480
+ RESERVED
+CVE-2021-36479
+ RESERVED
+CVE-2021-36478
+ RESERVED
+CVE-2021-36477
+ RESERVED
+CVE-2021-36476
+ RESERVED
+CVE-2021-36475
+ RESERVED
+CVE-2021-36474
+ RESERVED
+CVE-2021-36473
+ RESERVED
+CVE-2021-36472
+ RESERVED
+CVE-2021-36471
+ RESERVED
+CVE-2021-36470
+ RESERVED
+CVE-2021-36469
+ RESERVED
+CVE-2021-36468
+ RESERVED
+CVE-2021-36467
+ RESERVED
+CVE-2021-36466
+ RESERVED
+CVE-2021-36465
+ RESERVED
+CVE-2021-36464
+ RESERVED
+CVE-2021-36463
+ RESERVED
+CVE-2021-36462
+ RESERVED
+CVE-2021-36461
+ RESERVED
+CVE-2021-36460
+ RESERVED
+CVE-2021-36459
+ RESERVED
+CVE-2021-36458
+ RESERVED
+CVE-2021-36457
+ RESERVED
+CVE-2021-36456
+ RESERVED
+CVE-2021-36455
+ RESERVED
+CVE-2021-36454
+ RESERVED
+CVE-2021-36453
+ RESERVED
+CVE-2021-36452
+ RESERVED
+CVE-2021-36451
+ RESERVED
+CVE-2021-36450
+ RESERVED
+CVE-2021-36449
+ RESERVED
+CVE-2021-36448
+ RESERVED
+CVE-2021-36447
+ RESERVED
+CVE-2021-36446
+ RESERVED
+CVE-2021-36445
+ RESERVED
+CVE-2021-36444
+ RESERVED
+CVE-2021-36443
+ RESERVED
+CVE-2021-36442
+ RESERVED
+CVE-2021-36441
+ RESERVED
+CVE-2021-36440
+ RESERVED
+CVE-2021-36439
+ RESERVED
+CVE-2021-36438
+ RESERVED
+CVE-2021-36437
+ RESERVED
+CVE-2021-36436
+ RESERVED
+CVE-2021-36435
+ RESERVED
+CVE-2021-36434
+ RESERVED
+CVE-2021-36433
+ RESERVED
+CVE-2021-36432
+ RESERVED
+CVE-2021-36431
+ RESERVED
+CVE-2021-36430
+ RESERVED
+CVE-2021-36429
+ RESERVED
+CVE-2021-36428
+ RESERVED
+CVE-2021-36427
+ RESERVED
+CVE-2021-36426
+ RESERVED
+CVE-2021-36425
+ RESERVED
+CVE-2021-36424
+ RESERVED
+CVE-2021-36423
+ RESERVED
+CVE-2021-36422
+ RESERVED
+CVE-2021-36421
+ RESERVED
+CVE-2021-36420
+ RESERVED
+CVE-2021-3642
+ RESERVED
+CVE-2021-36419
+ RESERVED
+CVE-2021-36418
+ RESERVED
+CVE-2021-36417
+ RESERVED
+CVE-2021-36416
+ RESERVED
+CVE-2021-36415
+ RESERVED
+CVE-2021-36414
+ RESERVED
+CVE-2021-36413
+ RESERVED
+CVE-2021-36412
+ RESERVED
+CVE-2021-36411
+ RESERVED
+CVE-2021-36410
+ RESERVED
+CVE-2021-3641
+ RESERVED
+CVE-2021-36409
+ RESERVED
+CVE-2021-36408
+ RESERVED
+CVE-2021-36407
+ RESERVED
+CVE-2021-36406
+ RESERVED
+CVE-2021-36405
+ RESERVED
+CVE-2021-36404
+ RESERVED
+CVE-2021-36403
+ RESERVED
+CVE-2021-36402
+ RESERVED
+CVE-2021-36401
+ RESERVED
+CVE-2021-36400
+ RESERVED
+CVE-2021-36399
+ RESERVED
+CVE-2021-36398
+ RESERVED
+CVE-2021-36397
+ RESERVED
+CVE-2021-36396
+ RESERVED
+CVE-2021-36395
+ RESERVED
+CVE-2021-36394
+ RESERVED
+CVE-2021-36393
+ RESERVED
+CVE-2021-36392
+ RESERVED
+CVE-2021-36391
+ RESERVED
+CVE-2021-36390
+ RESERVED
+CVE-2021-36389
+ RESERVED
+CVE-2021-36388
+ RESERVED
+CVE-2021-36387
+ RESERVED
+CVE-2021-36386
+ RESERVED
+CVE-2021-36385
+ RESERVED
+CVE-2021-36384
+ RESERVED
+CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0 ...)
+ TODO: check
+CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows ...)
+ TODO: check
+CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthenticat ...)
+ TODO: check
+CVE-2021-36380
+ RESERVED
+CVE-2021-36379
+ RESERVED
+CVE-2021-36378
+ RESERVED
+CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ...)
+ TODO: check
+CVE-2021-36376
+ RESERVED
+CVE-2021-36375
+ RESERVED
+CVE-2021-36374
+ RESERVED
+CVE-2021-36373
+ RESERVED
CVE-2021-36372
RESERVED
CVE-2021-36371 (Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allo ...)
@@ -2897,8 +3587,8 @@ CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.
NOT-FOR-US: ConnectWise Automate
CVE-2021-35065
RESERVED
-CVE-2021-35064
- RESERVED
+CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...)
+ TODO: check
CVE-2021-35063
RESERVED
[experimental] - suricata 1:6.0.3-1~exp1
@@ -2991,8 +3681,8 @@ CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Si
NOTE: https://git.kernel.org/linus/0c18f29aae7ce3dadd26d8ee3505d07cc982df75
CVE-2021-35038
RESERVED
-CVE-2021-35037
- RESERVED
+CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnera ...)
+ TODO: check
CVE-2021-35036
RESERVED
CVE-2021-35035
@@ -5709,8 +6399,8 @@ CVE-2021-33809
RESERVED
CVE-2021-33808
RESERVED
-CVE-2021-33807
- RESERVED
+CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/d ...)
+ TODO: check
CVE-2021-3579
RESERVED
CVE-2021-3578 [possible remote code execution in isync/mbsync]
@@ -7505,6 +8195,7 @@ CVE-2021-33056
CVE-2021-33055
RESERVED
CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...)
+ {DLA-2707-1}
- sogo <unfixed> (bug #989479)
NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html
NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
@@ -7557,8 +8248,8 @@ CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import
NOTE: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
NOTE: https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/
-CVE-2021-33037
- RESERVED
+CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5 ...)
+ TODO: check
CVE-2021-33036
RESERVED
CVE-2021-33035
@@ -8276,16 +8967,16 @@ CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of order
NOT-FOR-US: Shopware
CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The whitespa ...)
NOT-FOR-US: Flysystem
-CVE-2021-32707
- RESERVED
+CVE-2021-32707 (Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6 ...)
+ TODO: check
CVE-2021-32706
RESERVED
-CVE-2021-32705
- RESERVED
+CVE-2021-32705 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ TODO: check
CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...)
NOT-FOR-US: DHIS 2
-CVE-2021-32703
- RESERVED
+CVE-2021-32703 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ TODO: check
CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
NOT-FOR-US: Auth0 Next.js SDK
CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Cont ...)
@@ -8315,10 +9006,10 @@ CVE-2021-32691 (Apollos Apps is an open source platform for launching church-rel
NOT-FOR-US: Apollo Apps
CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured Kuberne ...)
- helm-kubernetes <itp> (bug #910799)
-CVE-2021-32689
- RESERVED
-CVE-2021-32688
- RESERVED
+CVE-2021-32689 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...)
+ TODO: check
+CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...)
+ TODO: check
CVE-2021-32687
RESERVED
CVE-2021-32686
@@ -8333,12 +9024,12 @@ CVE-2021-32682 (elFinder is an open-source file manager for web, written in Java
NOT-FOR-US: elFinder
CVE-2021-32681 (Wagtail is an open source content management system built on Django. A ...)
NOT-FOR-US: Wagtail
-CVE-2021-32680
- RESERVED
-CVE-2021-32679
- RESERVED
-CVE-2021-32678
- RESERVED
+CVE-2021-32680 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ TODO: check
+CVE-2021-32679 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ TODO: check
+CVE-2021-32678 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ TODO: check
CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ based on ...)
- fastapi <unfixed> (bug #990582)
NOTE: https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7
@@ -8513,8 +9204,8 @@ CVE-2021-32608 (An issue was discovered in Smartstore (aka SmartStoreNET) throug
NOT-FOR-US: Smartstore
CVE-2021-32607 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...)
NOT-FOR-US: Smartstore
-CVE-2021-3547
- RESERVED
+CVE-2021-3547 (OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middl ...)
+ TODO: check
CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrar ...)
NOT-FOR-US: zzzcms
CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles ...)
@@ -13319,10 +14010,10 @@ CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1966743
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238
NOTE: https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1
-CVE-2021-30640
- RESERVED
-CVE-2021-30639
- RESERVED
+CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker ...)
+ TODO: check
+CVE-2021-30639 (A vulnerability in Apache Tomcat allows an attacker to remotely trigge ...)
+ TODO: check
CVE-2020-36334 (themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by ...)
NOT-FOR-US: WordPress plugin themegrill-demo-importer
CVE-2020-36333 (themegrill-demo-importer before 1.6.2 does not require authentication ...)
@@ -14714,8 +15405,8 @@ CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS
NOTE: According to upstream, 1.x and 2.x have the problem described as "incompatibility issue in phpseclib v1, v2, v3 (strict mode)'s RSA PKCS#1 v1.5
NOTE: signature verification suffering from rejecting valid signatures whose encoded message uses implicit hash algorithm's NULL parameter." but
NOTE: this is not considered as a security problem.
-CVE-2021-30129
- RESERVED
+CVE-2021-30129 (A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to ...)
+ TODO: check
CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version ...)
NOT-FOR-US: Apache OFBiz
CVE-2021-30127 (TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the adm ...)
@@ -15437,8 +16128,8 @@ CVE-2021-29824
RESERVED
CVE-2021-29823
RESERVED
-CVE-2021-29822
- RESERVED
+CVE-2021-29822 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
+ TODO: check
CVE-2021-29821
RESERVED
CVE-2021-29820
@@ -15471,12 +16162,12 @@ CVE-2021-29807
RESERVED
CVE-2021-29806
RESERVED
-CVE-2021-29805
- RESERVED
-CVE-2021-29804
- RESERVED
-CVE-2021-29803
- RESERVED
+CVE-2021-29805 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
+ TODO: check
+CVE-2021-29804 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
+ TODO: check
+CVE-2021-29803 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
+ TODO: check
CVE-2021-29802
RESERVED
CVE-2021-29801
@@ -15493,12 +16184,12 @@ CVE-2021-29796
RESERVED
CVE-2021-29795
RESERVED
-CVE-2021-29794
- RESERVED
+CVE-2021-29794 (IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH s ...)
+ TODO: check
CVE-2021-29793
RESERVED
-CVE-2021-29792
- RESERVED
+CVE-2021-29792 (IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA ...)
+ TODO: check
CVE-2021-29791
RESERVED
CVE-2021-29790
@@ -21540,8 +22231,8 @@ CVE-2021-27295
RESERVED
CVE-2021-27294
RESERVED
-CVE-2021-27293
- RESERVED
+CVE-2021-27293 (RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is ...)
+ TODO: check
CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression ...)
- node-ua-parser-js 0.7.24+ds-1 (bug #985568)
[buster] - node-ua-parser-js <no-dsa> (Minor issue)
@@ -24563,8 +25254,8 @@ CVE-2021-26101
RESERVED
CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service ...)
NOT-FOR-US: Fortiguard
-CVE-2021-26099
- RESERVED
+CVE-2021-26099 (Missing cryptographic steps in the Identity-Based Encryption service o ...)
+ TODO: check
CVE-2021-26098
RESERVED
CVE-2021-26097
@@ -24581,12 +25272,12 @@ CVE-2021-26092
RESERVED
CVE-2021-26091
RESERVED
-CVE-2021-26090
- RESERVED
-CVE-2021-26089
- RESERVED
-CVE-2021-26088
- RESERVED
+CVE-2021-26090 (A missing release of memory after its effective lifetime vulnerability ...)
+ TODO: check
+CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and below m ...)
+ TODO: check
+CVE-2021-26088 (An improper authentication vulnerability in FSSO Collector version 5.0 ...)
+ TODO: check
CVE-2021-26087
RESERVED
CVE-2021-26086
@@ -29340,12 +30031,12 @@ CVE-2021-24017
RESERVED
CVE-2021-24016
RESERVED
-CVE-2021-24015
- RESERVED
+CVE-2021-24015 (An improper neutralization of special elements used in an OS Command v ...)
+ TODO: check
CVE-2021-24014
RESERVED
-CVE-2021-24013
- RESERVED
+CVE-2021-24013 (Multiple Path traversal vulnerabilities in the Webmail of FortiMail be ...)
+ TODO: check
CVE-2021-24012 (An improper following of a certificate's chain of trust vulnerability ...)
NOT-FOR-US: FortiGate
CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below 8.8.2 m ...)
@@ -30845,10 +31536,10 @@ CVE-2021-23392 (The package locutus before 2.0.15 are vulnerable to Regular Expr
NOT-FOR-US: Node locutus
CVE-2021-23391 (This affects all versions of package calipso. It is possible for a mal ...)
NOT-FOR-US: Node calipso
-CVE-2021-23390
- RESERVED
-CVE-2021-23389
- RESERVED
+CVE-2021-23390 (The package total4 before 0.0.43 are vulnerable to Arbitrary Code Exec ...)
+ TODO: check
+CVE-2021-23389 (The package total.js before 3.4.9 are vulnerable to Arbitrary Code Exe ...)
+ TODO: check
CVE-2021-23388 (The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulner ...)
NOT-FOR-US: Node forms
CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open Redirec ...)
@@ -31825,24 +32516,22 @@ CVE-2021-22923
RESERVED
CVE-2021-22922
RESERVED
-CVE-2021-22921
- RESERVED
+CVE-2021-22921 (Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local pri ...)
- nodejs <not-affected> (Only affects Windows installer)
CVE-2021-22920
RESERVED
CVE-2021-22919
RESERVED
-CVE-2021-22918
- RESERVED
+CVE-2021-22918 (Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bou ...)
{DSA-4936-1}
- libuv1 1.40.0-2 (bug #990561)
[stretch] - libuv1 <not-affected> (Vulnerable code added later)
NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
NOTE: https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d971631829
-CVE-2021-22917
- RESERVED
-CVE-2021-22916
- RESERVED
+CVE-2021-22917 (Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to ...)
+ TODO: check
+CVE-2021-22916 (In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is ...)
+ TODO: check
CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brut ...)
- nextcloud-server <itp> (bug #941708)
CVE-2021-22914 (Citrix Cloud Connector before 6.31.0.62192 suffers from insecure stora ...)
@@ -32864,8 +33553,8 @@ CVE-2021-22517
RESERVED
CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability in Micr ...)
NOT-FOR-US: Micro Focus Secure API Manager
-CVE-2021-22515
- RESERVED
+CVE-2021-22515 (Multi-Factor Authentication (MFA) functionality can be bypassed, allow ...)
+ TODO: check
CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro Focus Applic ...)
NOT-FOR-US: Micro Focus
CVE-2021-22513 (Missing Authorization vulnerability in Micro Focus Application Automat ...)
@@ -34830,14 +35519,14 @@ CVE-2021-21593
RESERVED
CVE-2021-21592
RESERVED
-CVE-2021-21591
- RESERVED
-CVE-2021-21590
- RESERVED
-CVE-2021-21589
- RESERVED
-CVE-2021-21588
- RESERVED
+CVE-2021-21591 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...)
+ TODO: check
+CVE-2021-21590 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...)
+ TODO: check
+CVE-2021-21589 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...)
+ TODO: check
+CVE-2021-21588 (Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vu ...)
+ TODO: check
CVE-2021-21587
RESERVED
CVE-2021-21586
@@ -36479,6 +37168,7 @@ CVE-2021-21419 (Eventlet is a concurrent networking library for Python. A websoc
CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...)
NOT-FOR-US: PrestaShop
CVE-2021-21417 (fluidsynth is a software synthesizer based on the SoundFont 2 specific ...)
+ {DLA-2697-1}
- fluidsynth 2.1.7-1.1
[buster] - fluidsynth 1.1.11-1+deb10u1
NOTE: https://github.com/FluidSynth/fluidsynth/issues/808
@@ -39068,8 +39758,8 @@ CVE-2021-20416 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could all
NOT-FOR-US: IBM
CVE-2021-20415 (IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account ...)
NOT-FOR-US: IBM
-CVE-2021-20414
- RESERVED
+CVE-2021-20414 (IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce ...)
+ TODO: check
CVE-2021-20413 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...)
NOT-FOR-US: IBM
CVE-2021-20412 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-co ...)
@@ -62059,8 +62749,8 @@ CVE-2020-23081
RESERVED
CVE-2020-23080
RESERVED
-CVE-2020-23079
- RESERVED
+CVE-2020-23079 (SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration ...)
+ TODO: check
CVE-2020-23078
RESERVED
CVE-2020-23077
@@ -66062,12 +66752,12 @@ CVE-2020-21135
RESERVED
CVE-2020-21134
RESERVED
-CVE-2020-21133
- RESERVED
-CVE-2020-21132
- RESERVED
-CVE-2020-21131
- RESERVED
+CVE-2020-21133 (SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpasswor ...)
+ TODO: check
+CVE-2020-21132 (SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. ...)
+ TODO: check
+CVE-2020-21131 (SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language ...)
+ TODO: check
CVE-2020-21130 (Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the grou ...)
NOT-FOR-US: HisiPHP
CVE-2020-21129
@@ -69959,14 +70649,14 @@ CVE-2020-19206
RESERVED
CVE-2020-19205
RESERVED
-CVE-2020-19204
- RESERVED
-CVE-2020-19203
- RESERVED
+CVE-2020-19204 (Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 is affected ...)
+ TODO: check
+CVE-2020-19203 (Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is affected by: C ...)
+ TODO: check
CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...)
NOT-FOR-US: IPFire
-CVE-2020-19201
- RESERVED
+CVE-2020-19201 (Netgate pfSense 2.4.4 - p2 is affected by: Cross Site Scripting (XSS). ...)
+ TODO: check
CVE-2020-19200
RESERVED
CVE-2020-19199 (A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2. ...)
@@ -70291,10 +70981,10 @@ CVE-2020-19040
RESERVED
CVE-2020-19039
RESERVED
-CVE-2020-19038
- RESERVED
-CVE-2020-19037
- RESERVED
+CVE-2020-19038 (File Deletion vulnerability in Halo 0.4.3 via delBackup. ...)
+ TODO: check
+CVE-2020-19037 (Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a m ...)
+ TODO: check
CVE-2020-19036
RESERVED
CVE-2020-19035
@@ -70403,14 +71093,14 @@ CVE-2020-18984
RESERVED
CVE-2020-18983
RESERVED
-CVE-2020-18982
- RESERVED
+CVE-2020-18982 (Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAutho ...)
+ TODO: check
CVE-2020-18981
RESERVED
-CVE-2020-18980
- RESERVED
-CVE-2020-18979
- RESERVED
+CVE-2020-18980 (Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr an ...)
+ TODO: check
+CVE-2020-18979 (Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via theX-forwar ...)
+ TODO: check
CVE-2020-18978
RESERVED
CVE-2020-18977
@@ -99868,8 +100558,8 @@ CVE-2020-7874
RESERVED
CVE-2020-7873
RESERVED
-CVE-2020-7872
- RESERVED
+CVE-2020-7872 (DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vuln ...)
+ TODO: check
CVE-2020-7871 (A vulnerability of Helpcom could allow an unauthenticated attacker to ...)
NOT-FOR-US: Cnesty Helpcom
CVE-2020-7870 (A memory corruption vulnerability exists when ezPDF improperly handles ...)
@@ -107632,8 +108322,8 @@ CVE-2020-4940
RESERVED
CVE-2020-4939
RESERVED
-CVE-2020-4938
- RESERVED
+CVE-2020-4938 (IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forge ...)
+ TODO: check
CVE-2020-4937 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 u ...)
NOT-FOR-US: IBM
CVE-2020-4936
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b644affe2a855f45bf7539279f94c8bab13b0f35
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b644affe2a855f45bf7539279f94c8bab13b0f35
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210712/63519fe1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list