[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 4 09:10:24 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8fc67763 by security tracker role at 2021-06-04T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...)
+	TODO: check
+CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...)
+	TODO: check
+CVE-2021-33838 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...)
+	TODO: check
+CVE-2021-33837
+	RESERVED
+CVE-2021-33836
+	RESERVED
+CVE-2021-33835
+	RESERVED
+CVE-2021-33834
+	RESERVED
 CVE-2021-33833
 	RESERVED
 CVE-2021-33832
@@ -2600,16 +2614,16 @@ CVE-2021-32668
 	RESERVED
 CVE-2021-32667
 	RESERVED
-CVE-2021-32666
-	RESERVED
-CVE-2021-32665
-	RESERVED
+CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...)
+	TODO: check
+CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...)
+	TODO: check
 CVE-2021-32664
 	RESERVED
 CVE-2021-32663
 	RESERVED
-CVE-2021-32662
-	RESERVED
+CVE-2021-32662 (Backstage is an open platform for building developer portals, and tech ...)
+	TODO: check
 CVE-2021-32661 (Backstage is an open platform for building developer portals. In versi ...)
 	TODO: check
 CVE-2021-32660 (Backstage is an open platform for building developer portals, and tech ...)
@@ -7863,21 +7877,18 @@ CVE-2021-3492 (Shiftfs, an out-of-tree stacking file system included in Ubuntu L
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
 	NOTE: Debian does not include the (not yet upstream accepted) shiftfs
-CVE-2021-3491
-	RESERVED
+CVE-2021-3491 (The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT li ...)
 	- linux 5.10.38-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/13
 	NOTE: https://git.kernel.org/linus/d1f82808877bb10d3deee7cf3374a4eb3fb582db
-CVE-2021-3490
-	RESERVED
+CVE-2021-3490 (The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in th ...)
 	- linux 5.10.38-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/11
-CVE-2021-3489
-	RESERVED
+CVE-2021-3489 (The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel di ...)
 	- linux 5.10.38-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -10924,8 +10935,7 @@ CVE-2021-3470 (A heap overflow issue was found in Redis in versions before 5.0.1
 	NOTE: https://github.com/redis/redis/pull/7963
 	NOTE: https://github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95
 	NOTE: Only an issue if not using a heap allocator other than jemalloc or glibc's malloc
-CVE-2021-3469
-	RESERVED
+CVE-2021-3469 (Foreman versions before 2.3.4 and before 2.4.0 is affected by an impro ...)
 	- foreman <itp> (bug #663101)
 CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event used to ...)
 	- avahi <unfixed> (bug #984938)
@@ -13731,6 +13741,7 @@ CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single Sign-On
 	NOT-FOR-US: Keycloak
 CVE-2021-28091 [XML signature wrapping vulnerability when parsing SAML responses]
 	RESERVED
+	{DSA-4926-1}
 	- lasso 2.6.1-3
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1940089
 	NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
@@ -18803,8 +18814,8 @@ CVE-2021-25949
 	RESERVED
 CVE-2021-25948
 	RESERVED
-CVE-2021-25947
-	RESERVED
+CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1 ...)
+	TODO: check
 CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...)
 	NOT-FOR-US: Node nconf-toml
 CVE-2021-25945 (Prototype pollution vulnerability in 'js-extend' versions 0.0.1 throug ...)
@@ -27129,16 +27140,16 @@ CVE-2021-22339 (There is a denial of service vulnerability in some versions of M
 	NOT-FOR-US: Huawei
 CVE-2021-22338
 	RESERVED
-CVE-2021-22337
-	RESERVED
+CVE-2021-22337 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
+	TODO: check
 CVE-2021-22336 (There is an Improper Control of Generation of Code vulnerability in Hu ...)
 	NOT-FOR-US: Huawei
-CVE-2021-22335
-	RESERVED
-CVE-2021-22334
-	RESERVED
-CVE-2021-22333
-	RESERVED
+CVE-2021-22335 (There is a Memory Buffer Improper Operation Limit vulnerability in Hua ...)
+	TODO: check
+CVE-2021-22334 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
+	TODO: check
+CVE-2021-22333 (There is an Improper Validation of Array Index vulnerability in Huawei ...)
+	TODO: check
 CVE-2021-22332 (There is a pointer double free vulnerability in some versions of Cloud ...)
 	NOT-FOR-US: CloudEngine (Huawei)
 CVE-2021-22331 (There is a JavaScript injection vulnerability in certain Huawei smartp ...)
@@ -29221,18 +29232,18 @@ CVE-2020-36011 (A cross-site scripting (XSS) issue in Add Patient Form in QDOCS
 	NOT-FOR-US: QDOCS Smart Hospital Management System
 CVE-2020-36010
 	RESERVED
-CVE-2020-36009
-	RESERVED
-CVE-2020-36008
-	RESERVED
-CVE-2020-36007
-	RESERVED
-CVE-2020-36006
-	RESERVED
-CVE-2020-36005
-	RESERVED
-CVE-2020-36004
-	RESERVED
+CVE-2020-36009 (OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerabil ...)
+	TODO: check
+CVE-2020-36008 (OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability ...)
+	TODO: check
+CVE-2020-36007 (AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripti ...)
+	TODO: check
+CVE-2020-36006 (AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulne ...)
+	TODO: check
+CVE-2020-36005 (AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulner ...)
+	TODO: check
+CVE-2020-36004 (AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulner ...)
+	TODO: check
 CVE-2020-36003 (The id parameter in detail.php of Online Book Store v1.0 is vulnerable ...)
 	NOT-FOR-US: Online Book Store
 CVE-2020-36002 (Seat-Reservation-System 1.0 has a SQL injection vulnerability in index ...)
@@ -29301,14 +29312,14 @@ CVE-2020-35975
 	RESERVED
 CVE-2020-35974
 	RESERVED
-CVE-2020-35973
-	RESERVED
-CVE-2020-35972
-	RESERVED
-CVE-2020-35971
-	RESERVED
-CVE-2020-35970
-	RESERVED
+CVE-2020-35973 (An issue was discovered in zzcms2020. There is a XSS vulnerability tha ...)
+	TODO: check
+CVE-2020-35972 (An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability  ...)
+	TODO: check
+CVE-2020-35971 (A storage XSS vulnerability is found in YzmCMS v5.8, which can be used ...)
+	TODO: check
+CVE-2020-35970 (An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability i ...)
+	TODO: check
 CVE-2020-35969
 	RESERVED
 CVE-2020-35968
@@ -127825,8 +127836,7 @@ CVE-2019-14586 (Use after free vulnerability in EDK II may allow an authenticate
 	[jessie] - edk2 <end-of-life> (non-free)
 CVE-2019-14585
 	RESERVED
-CVE-2019-14584
-	RESERVED
+CVE-2019-14584 (Null pointer dereference in Tianocore EDK2 may allow an authenticated  ...)
 	{DLA-2645-1}
 	- edk2 2020.11-1 (bug #977300)
 	[buster] - edk2 0~20181115.85588389-3+deb10u3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fc677633b3fe6cba15a48b59b066ed70c05f078

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fc677633b3fe6cba15a48b59b066ed70c05f078
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210604/c3906c41/attachment.htm>


More information about the debian-security-tracker-commits mailing list