[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jul 24 09:10:27 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff697deb by security tracker role at 2021-07-24T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-37425
+	RESERVED
 CVE-2021-37424
 	RESERVED
 CVE-2021-37423
@@ -10493,8 +10495,8 @@ CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for t
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9)
 CVE-2021-32784
 	RESERVED
-CVE-2021-32783
-	RESERVED
+CVE-2021-32783 (Contour is a Kubernetes ingress controller using Envoy proxy. In Conto ...)
+	TODO: check
 CVE-2021-32782
 	RESERVED
 CVE-2021-32781
@@ -10730,8 +10732,8 @@ CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storag
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32687
 	RESERVED
-CVE-2021-32686
-	RESERVED
+CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...)
+	TODO: check
 CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...)
 	NOT-FOR-US: tEnvoy
 CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...)
@@ -27997,10 +27999,10 @@ CVE-2021-25811 (MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via
 	NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices
 CVE-2021-25810 (Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0. ...)
 	NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices
-CVE-2021-25809
-	RESERVED
-CVE-2021-25808
-	RESERVED
+CVE-2021-25809 (UCMS 1.5.0 was discovered to contain a physical path leakage via an er ...)
+	TODO: check
+CVE-2021-25808 (A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 a ...)
+	TODO: check
 CVE-2021-25807
 	RESERVED
 CVE-2021-25806
@@ -29154,8 +29156,8 @@ CVE-2021-3171
 	RESERVED
 CVE-2021-3170
 	RESERVED
-CVE-2021-3169
-	RESERVED
+CVE-2021-3169 (An issue in Jumpserver 2.6.2 and below allows attackers to create a co ...)
+	TODO: check
 CVE-2021-3168
 	RESERVED
 CVE-2021-3167 (In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens ar ...)
@@ -69543,8 +69545,8 @@ CVE-2020-20743
 	RESERVED
 CVE-2020-20742
 	RESERVED
-CVE-2020-20741
-	RESERVED
+CVE-2020-20741 (Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX90 ...)
+	TODO: check
 CVE-2020-20740 (PDFResurrect before 0.20 lack of header validation checks causes heap- ...)
 	{DLA-2475-1}
 	- pdfresurrect 0.21-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff697debd020cb658e85d90202e0606f6a6f186a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff697debd020cb658e85d90202e0606f6a6f186a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210724/2677d50c/attachment.htm>
