[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 26 09:10:25 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9ee8450b by security tracker role at 2021-07-26T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,189 @@
-CVE-2021-37438
+CVE-2021-37530
+ RESERVED
+CVE-2021-37529
+ RESERVED
+CVE-2021-37528
+ RESERVED
+CVE-2021-37527
+ RESERVED
+CVE-2021-37526
+ RESERVED
+CVE-2021-37525
+ RESERVED
+CVE-2021-37524
+ RESERVED
+CVE-2021-37523
+ RESERVED
+CVE-2021-37522
+ RESERVED
+CVE-2021-37521
+ RESERVED
+CVE-2021-37520
+ RESERVED
+CVE-2021-37519
+ RESERVED
+CVE-2021-37518
+ RESERVED
+CVE-2021-37517
+ RESERVED
+CVE-2021-37516
+ RESERVED
+CVE-2021-37515
+ RESERVED
+CVE-2021-37514
+ RESERVED
+CVE-2021-37513
+ RESERVED
+CVE-2021-37512
+ RESERVED
+CVE-2021-37511
+ RESERVED
+CVE-2021-37510
+ RESERVED
+CVE-2021-37509
+ RESERVED
+CVE-2021-37508
+ RESERVED
+CVE-2021-37507
+ RESERVED
+CVE-2021-37506
+ RESERVED
+CVE-2021-37505
+ RESERVED
+CVE-2021-37504
+ RESERVED
+CVE-2021-37503
+ RESERVED
+CVE-2021-37502
+ RESERVED
+CVE-2021-37501
+ RESERVED
+CVE-2021-37500
+ RESERVED
+CVE-2021-37499
+ RESERVED
+CVE-2021-37498
+ RESERVED
+CVE-2021-37497
+ RESERVED
+CVE-2021-37496
+ RESERVED
+CVE-2021-37495
+ RESERVED
+CVE-2021-37494
+ RESERVED
+CVE-2021-37493
+ RESERVED
+CVE-2021-37492
+ RESERVED
+CVE-2021-37491
+ RESERVED
+CVE-2021-37490
+ RESERVED
+CVE-2021-37489
+ RESERVED
+CVE-2021-37488
+ RESERVED
+CVE-2021-37487
+ RESERVED
+CVE-2021-37486
+ RESERVED
+CVE-2021-37485
+ RESERVED
+CVE-2021-37484
+ RESERVED
+CVE-2021-37483
+ RESERVED
+CVE-2021-37482
+ RESERVED
+CVE-2021-37481
+ RESERVED
+CVE-2021-37480
+ RESERVED
+CVE-2021-37479
+ RESERVED
+CVE-2021-37478
RESERVED
+CVE-2021-37477
+ RESERVED
+CVE-2021-37476
+ RESERVED
+CVE-2021-37475
+ RESERVED
+CVE-2021-37474
+ RESERVED
+CVE-2021-37473
+ RESERVED
+CVE-2021-37472
+ RESERVED
+CVE-2021-37471
+ RESERVED
+CVE-2021-37470 (In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists ...)
+ TODO: check
+CVE-2021-37469 (In NCH WebDictate v2.13 and earlier, authenticated users can abuse log ...)
+ TODO: check
+CVE-2021-37468 (NCH Reflect CRM 3.01 allows local users to discover cleartext user acc ...)
+ TODO: check
+CVE-2021-37467 (In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploa ...)
+ TODO: check
+CVE-2021-37466 (In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (refle ...)
+ TODO: check
+CVE-2021-37465 (In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflec ...)
+ TODO: check
+CVE-2021-37464 (In NCH Quorum v2.03 and earlier, XSS exists via Conference Description ...)
+ TODO: check
+CVE-2021-37463 (In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (sto ...)
+ TODO: check
+CVE-2021-37462 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ TODO: check
+CVE-2021-37461 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ TODO: check
+CVE-2021-37460 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ TODO: check
+CVE-2021-37459 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ TODO: check
+CVE-2021-37458 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ TODO: check
+CVE-2021-37457 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ TODO: check
+CVE-2021-37456 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ TODO: check
+CVE-2021-37455 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ TODO: check
+CVE-2021-37454 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ TODO: check
+CVE-2021-37453 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ TODO: check
+CVE-2021-37452 (NCH Quorum v2.03 and earlier allows local users to discover cleartext ...)
+ TODO: check
+CVE-2021-37451 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ TODO: check
+CVE-2021-37450 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ TODO: check
+CVE-2021-37449 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ TODO: check
+CVE-2021-37448 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ TODO: check
+CVE-2021-37447 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...)
+ TODO: check
+CVE-2021-37446 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...)
+ TODO: check
+CVE-2021-37445 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...)
+ TODO: check
+CVE-2021-37444 (NCH IVM Attendant v5.12 and earlier suffers from a directory traversal ...)
+ TODO: check
+CVE-2021-37443 (NCH IVM Attendant v5.12 and earlier allows path traversal via the logd ...)
+ TODO: check
+CVE-2021-37442 (NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile ...)
+ TODO: check
+CVE-2021-37441 (NCH Axon PBX v2.22 and earlier allows path traversal for file deletion ...)
+ TODO: check
+CVE-2021-37440 (NCH Axon PBX v2.22 and earlier allows path traversal for file disclosu ...)
+ TODO: check
+CVE-2021-37439 (NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vu ...)
+ TODO: check
+CVE-2021-37438
+ REJECTED
CVE-2021-37437
RESERVED
CVE-2021-37436 (Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, ...)
@@ -1337,6 +1521,7 @@ CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a hea
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml
CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acom ...)
+ {DLA-2720-1}
- aspell 0.60.8-3 (bug #991307)
NOTE: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml
@@ -2905,10 +3090,10 @@ CVE-2021-36094
RESERVED
CVE-2021-36093
RESERVED
-CVE-2021-36092
- RESERVED
-CVE-2021-36091
- RESERVED
+CVE-2021-36092 (It's possible to create an email which contains specially crafted link ...)
+ TODO: check
+CVE-2021-36091 (Agents are able to list appointments in the calendars without required ...)
+ TODO: check
CVE-2021-3632
RESERVED
NOT-FOR-US: Keycloak
@@ -7877,8 +8062,7 @@ CVE-2021-33902
RESERVED
CVE-2021-33901
RESERVED
-CVE-2021-33900
- RESERVED
+CVE-2021-33900 (While investigating DIRSTUDIO-1219 it was noticed that configured Star ...)
- apache-directory-server <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/07/24/1
TODO: check
@@ -38533,10 +38717,10 @@ CVE-2020-35852 (Chatbox is affected by cross-site scripting (XSS). An attacker h
NOT-FOR-US: Chatbox
CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properly. Att ...)
NOT-FOR-US: HGiga MailSherlock
-CVE-2021-21443
- RESERVED
-CVE-2021-21442
- RESERVED
+CVE-2021-21443 (Agents are able to list customer user emails without required permissi ...)
+ TODO: check
+CVE-2021-21442 (In the project create screen it's possible to inject malicious JS code ...)
+ TODO: check
CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens. It's poss ...)
- otrs2 6.0.32-5 (bug #989992)
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -38544,8 +38728,8 @@ CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens. It'
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-11/
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
NOTE: src:otrs2 is the znuny fork)
-CVE-2021-21440
- RESERVED
+CVE-2021-21440 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...)
+ TODO: check
CVE-2021-21439 (DoS attack can be performed when an email contains specially designed ...)
- otrs2 6.0.32-5 (bug #989992)
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -127977,7 +128161,7 @@ CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatReal
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
NOTE: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
CVE-2019-17544 (libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over- ...)
- {DLA-1966-1}
+ {DLA-2720-1 DLA-1966-1}
- aspell 0.60.8-1 (low)
[buster] - aspell <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee8450b34112119fcdc6d0b71230bbe35e65811
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee8450b34112119fcdc6d0b71230bbe35e65811
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210726/3af635f5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list