[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 28 21:10:31 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e56625c by security tracker role at 2021-07-28T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,18 @@
-CVE-2021-37600 [integer overflow in ipcutils.c]
+CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...)
+ TODO: check
+CVE-2021-37605
+ RESERVED
+CVE-2021-37604
+ RESERVED
+CVE-2021-37603
+ RESERVED
+CVE-2021-37602
+ RESERVED
+CVE-2021-37599
+ RESERVED
+CVE-2021-3668
+ RESERVED
+CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can potentially cause ...)
- util-linux <unfixed> (bug #991619)
NOTE: https://github.com/karelzak/util-linux/issues/1395
NOTE: https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
@@ -404,7 +418,7 @@ CVE-2021-23208
RESERVED
CVE-2021-23183
RESERVED
-CVE-2021-37601 [Remote Information Disclosure]
+CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers t ...)
- prosody 0.11.9-2
NOTE: https://prosody.im/security/advisory_20210722/
CVE-2021-37404
@@ -7671,10 +7685,10 @@ CVE-2021-34168
RESERVED
CVE-2021-34167
RESERVED
-CVE-2021-34166
- RESERVED
-CVE-2021-34165
- RESERVED
+CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. ...)
+ TODO: check
+CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1. ...)
+ TODO: check
CVE-2021-34164
RESERVED
CVE-2021-34163
@@ -12824,10 +12838,10 @@ CVE-2021-32003
RESERVED
CVE-2021-32002
RESERVED
-CVE-2021-32001
- RESERVED
-CVE-2021-32000
- RESERVED
+CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of S ...)
+ TODO: check
+CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-ma ...)
+ TODO: check
CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
NOT-FOR-US: Rancher
CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
@@ -15784,6 +15798,7 @@ CVE-2021-30800
RESERVED
CVE-2021-30799
RESERVED
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.3-1
@@ -15792,6 +15807,7 @@ CVE-2021-30798
RESERVED
CVE-2021-30797
RESERVED
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.3-1
@@ -15800,6 +15816,7 @@ CVE-2021-30796
RESERVED
CVE-2021-30795
RESERVED
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.3-1
@@ -15888,6 +15905,7 @@ CVE-2021-30759
RESERVED
CVE-2021-30758
RESERVED
+ {DSA-4945-1}
- webkit2gtk 2.32.2-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.2-1
@@ -15910,6 +15928,7 @@ CVE-2021-30750
RESERVED
CVE-2021-30749
RESERVED
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.3-1
@@ -15924,6 +15943,7 @@ CVE-2021-30745
RESERVED
CVE-2021-30744
RESERVED
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.3-1
@@ -15948,6 +15968,7 @@ CVE-2021-30735
RESERVED
CVE-2021-30734
RESERVED
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.3-1
@@ -15980,6 +16001,7 @@ CVE-2021-30721
RESERVED
CVE-2021-30720
RESERVED
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.3-1
@@ -16046,6 +16068,7 @@ CVE-2021-30690
RESERVED
CVE-2021-30689
RESERVED
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.3-1
@@ -16108,6 +16131,7 @@ CVE-2021-30666
NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
CVE-2021-30665
RESERVED
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.3-1
@@ -16116,6 +16140,7 @@ CVE-2021-30664
RESERVED
CVE-2021-30663
RESERVED
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.3-1
@@ -29987,8 +30012,8 @@ CVE-2021-25202 (SQL injection vulnerability in SourceCodester Sales and Inventor
NOT-FOR-US: SourceCodester Sales and Inventory System
CVE-2021-25201 (SQL injection vulnerability in Learning Management System v 1.0 allows ...)
NOT-FOR-US: Learning Management System
-CVE-2021-25200
- RESERVED
+CVE-2021-25200 (Arbitrary file upload vulnerability in SourceCodester Learning Managem ...)
+ TODO: check
CVE-2021-25199
RESERVED
CVE-2021-25198
@@ -33884,14 +33909,14 @@ CVE-2021-23419
RESERVED
CVE-2021-23418
RESERVED
-CVE-2021-23417
- RESERVED
-CVE-2021-23416
- RESERVED
-CVE-2021-23415
- RESERVED
-CVE-2021-23414
- RESERVED
+CVE-2021-23417 (All versions of package deepmergefn are vulnerable to Prototype Pollut ...)
+ TODO: check
+CVE-2021-23416 (This affects all versions of package curly-bracket-parser. When used a ...)
+ TODO: check
+CVE-2021-23415 (This affects the package elFinder.AspNet before 1.1.1. The user-contro ...)
+ TODO: check
+CVE-2021-23414 (This affects the package video.js before 7.14.3. The src attribute of ...)
+ TODO: check
CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new zip file w ...)
- node-jszip 3.5.0+dfsg-2
NOTE: https://github.com/Stuk/jszip/pull/766
@@ -37563,6 +37588,7 @@ CVE-2021-21781
CVE-2021-21780
RESERVED
CVE-2021-21779 (A use-after-free vulnerability exists in the way Webkit’s Graphi ...)
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[bullseye] - webkit2gtk <postponed> (Fix along with next update round)
[buster] - webkit2gtk <postponed> (Fix along with next update round)
@@ -37577,6 +37603,7 @@ CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/I
CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...)
NOT-FOR-US: ImageGear
CVE-2021-21775 (A use-after-free vulnerability exists in the way certain events are pr ...)
+ {DSA-4945-1}
- webkit2gtk 2.32.3-1
[bullseye] - webkit2gtk <postponed> (Fix along with next update round)
[buster] - webkit2gtk <postponed> (Fix along with next update round)
@@ -67884,8 +67911,8 @@ CVE-2020-21856
RESERVED
CVE-2020-21855
RESERVED
-CVE-2020-21854
- RESERVED
+CVE-2020-21854 (Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the syste ...)
+ TODO: check
CVE-2020-21853
RESERVED
CVE-2020-21852
@@ -96407,8 +96434,8 @@ CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.
NOTE: https://bugs.torproject.org/33120
CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...)
NOT-FOR-US: Walmart Labs Concord
-CVE-2020-10590
- RESERVED
+CVE-2020-10590 (Replicated Classic 2.x versions have an improperly secured API that ex ...)
+ TODO: check
CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...)
NOT-FOR-US: v2rayL
CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...)
@@ -110798,8 +110825,8 @@ CVE-2020-5006
RESERVED
CVE-2020-5005
RESERVED
-CVE-2020-5004
- RESERVED
+CVE-2020-5004 (IBM Jazz Foundation products are vulnerable to cross-site scripting. T ...)
+ TODO: check
CVE-2020-5003 (IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML Extern ...)
NOT-FOR-US: IBM
CVE-2020-5002
@@ -110858,8 +110885,8 @@ CVE-2020-4976 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2020-4975 (IBM Engineering products are vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
-CVE-2020-4974
- RESERVED
+CVE-2020-4974 (IBM Jazz Foundation products are vulnerable to server side request for ...)
+ TODO: check
CVE-2020-4973
RESERVED
CVE-2020-4972
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e56625c2e68d142561ff5b9ed2553f9381a5f7c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e56625c2e68d142561ff5b9ed2553f9381a5f7c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210728/90532577/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list