[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 23 09:10:29 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
870245f2 by security tracker role at 2021-07-23T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-37404
+	RESERVED
+CVE-2021-3663
+	RESERVED
+CVE-2021-3662
+	RESERVED
+CVE-2021-3661
+	RESERVED
 CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
 	NOT-FOR-US: OX App Suite
 CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
@@ -4298,6 +4306,7 @@ CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler]
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549
 CVE-2021-35472 [Session cache corruption can lead to authorization bypass or spoofing]
 	RESERVED
+	{DSA-4943-1}
 	- lemonldap-ng 2.0.11+ds-4
 	[stretch] - lemonldap-ng <not-affected> (Vulnerable code not present; updateSession doesn't use in-memory cache)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539
@@ -6981,10 +6990,10 @@ CVE-2021-34270
 	RESERVED
 CVE-2021-34269
 	RESERVED
-CVE-2021-34268
-	RESERVED
-CVE-2021-34267
-	RESERVED
+CVE-2021-34268 (An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM ...)
+	TODO: check
+CVE-2021-34267 (An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM3 ...)
+	TODO: check
 CVE-2021-34266
 	RESERVED
 CVE-2021-34265
@@ -6993,14 +7002,14 @@ CVE-2021-34264
 	RESERVED
 CVE-2021-34263
 	RESERVED
-CVE-2021-34262
-	RESERVED
-CVE-2021-34261
-	RESERVED
-CVE-2021-34260
-	RESERVED
-CVE-2021-34259
-	RESERVED
+CVE-2021-34262 (A buffer overflow vulnerability in the USBH_ParseEPDesc() function of  ...)
+	TODO: check
+CVE-2021-34261 (An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middle ...)
+	TODO: check
+CVE-2021-34260 (A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() funct ...)
+	TODO: check
+CVE-2021-34259 (A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of ...)
+	TODO: check
 CVE-2021-34258
 	RESERVED
 CVE-2021-34257
@@ -10401,13 +10410,11 @@ CVE-2021-32788
 	RESERVED
 CVE-2021-32787
 	RESERVED
-CVE-2021-32786 [Open Redirect in oidc_validate_redirect_url()]
-	RESERVED
+CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
 	- libapache2-mod-auth-openidc <unfixed>
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9)
-CVE-2021-32785 [Format string bug in the Redis cache implementation]
-	RESERVED
+CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
 	- libapache2-mod-auth-openidc <unfixed>
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9)
@@ -29334,12 +29341,12 @@ CVE-2021-25214 (In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.1
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f68d4cba3321ed375bbc334e2333250893c4f587 (v9_16_15)
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f092fcee10a7e8b391747dbdd7e58243bff4f75c (v9_16_15)
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/01a916abac22f87a248a7525d3e7408acac0804b (v9_16_15)
-CVE-2021-25213
-	RESERVED
+CVE-2021-25213 (SQL injection vulnerability in SourceCodester Travel Management System ...)
+	TODO: check
 CVE-2021-25212 (SQL injection vulnerability in SourceCodester Alumni Management System ...)
 	NOT-FOR-US: SourceCodester Alumni Management System
-CVE-2021-25211
-	RESERVED
+CVE-2021-25211 (Arbitrary file upload vulnerability in SourceCodester Ordering System  ...)
+	TODO: check
 CVE-2021-25210 (Arbitrary file upload vulnerability in SourceCodester Alumni Managemen ...)
 	NOT-FOR-US: SourceCodester Alumni Management System
 CVE-2021-25209 (SQL injection vulnerability in SourceCodester Theme Park Ticketing Sys ...)
@@ -29350,8 +29357,8 @@ CVE-2021-25207
 	RESERVED
 CVE-2021-25206
 	RESERVED
-CVE-2021-25205
-	RESERVED
+CVE-2021-25205 (SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 ...)
+	TODO: check
 CVE-2021-25204
 	RESERVED
 CVE-2021-25203
@@ -31768,8 +31775,8 @@ CVE-2021-24038
 	RESERVED
 CVE-2021-24037 (A use after free in hermes, while emitting certain error messages, pri ...)
 	NOT-FOR-US: Facebook Hermes
-CVE-2021-24036
-	RESERVED
+CVE-2021-24036 (Passing an attacker controlled size when creating an IOBuf could cause ...)
+	TODO: check
 CVE-2021-24035 (A lack of filename validation when unzipping archives prior to WhatsAp ...)
 	NOT-FOR-US: WhatsApp
 CVE-2021-24034
@@ -61591,17 +61598,17 @@ CVE-2020-24515 (Protection mechanism failure in some Intel(R) RealSense(TM) IDs
 CVE-2020-24514 (Improper authentication in some Intel(R) RealSense(TM) IDs may allow a ...)
 	NOT-FOR-US: Intel
 CVE-2020-24513 (Domain-bypass transient execution vulnerability in some Intel Atom(R)  ...)
-	{DSA-4934-1}
+	{DSA-4934-1 DLA-2718-1}
 	- intel-microcode 3.20210608.1 (bug #989615)
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
 CVE-2020-24512 (Observable timing discrepancy in some Intel(R) Processors may allow an ...)
-	{DSA-4934-1}
+	{DSA-4934-1 DLA-2718-1}
 	- intel-microcode 3.20210608.1 (bug #989615)
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html
 CVE-2020-24511 (Improper isolation of shared resources in some Intel(R) Processors may ...)
-	{DSA-4934-1}
+	{DSA-4934-1 DLA-2718-1}
 	- intel-microcode 3.20210608.1 (bug #989615)
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html
@@ -61655,7 +61662,7 @@ CVE-2020-24490 (Improper buffer restrictions in BlueZ may allow an unauthenticat
 	NOTE: https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649
 	NOTE: Fixed by: https://git.kernel.org/linus/a2ec905d1e160a33b2e210e45ad30445ef26ce0e (5.8)
 CVE-2020-24489 (Incomplete cleanup in some Intel(R) VT-d products may allow an authent ...)
-	{DSA-4934-1}
+	{DSA-4934-1 DLA-2718-1}
 	- intel-microcode 3.20210608.1 (bug #989615)
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
@@ -66238,10 +66245,10 @@ CVE-2020-22286
 	RESERVED
 CVE-2020-22285
 	RESERVED
-CVE-2020-22284
-	RESERVED
-CVE-2020-22283
-	RESERVED
+CVE-2020-22284 (A buffer overflow vulnerability in the zepif_linkoutput() function of  ...)
+	TODO: check
+CVE-2020-22283 (A buffer overflow vulnerability in the icmp6_send_response_with_addrs_ ...)
+	TODO: check
 CVE-2020-22282
 	RESERVED
 CVE-2020-22281



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/870245f2e0e08fe5e84ee5b5d4fc19e96cb5ac49

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/870245f2e0e08fe5e84ee5b5d4fc19e96cb5ac49
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210723/f23cc190/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list