[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 4 09:10:24 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8fc67763 by security tracker role at 2021-06-04T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...)
+ TODO: check
+CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...)
+ TODO: check
+CVE-2021-33838 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...)
+ TODO: check
+CVE-2021-33837
+ RESERVED
+CVE-2021-33836
+ RESERVED
+CVE-2021-33835
+ RESERVED
+CVE-2021-33834
+ RESERVED
CVE-2021-33833
RESERVED
CVE-2021-33832
@@ -2600,16 +2614,16 @@ CVE-2021-32668
RESERVED
CVE-2021-32667
RESERVED
-CVE-2021-32666
- RESERVED
-CVE-2021-32665
- RESERVED
+CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...)
+ TODO: check
+CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...)
+ TODO: check
CVE-2021-32664
RESERVED
CVE-2021-32663
RESERVED
-CVE-2021-32662
- RESERVED
+CVE-2021-32662 (Backstage is an open platform for building developer portals, and tech ...)
+ TODO: check
CVE-2021-32661 (Backstage is an open platform for building developer portals. In versi ...)
TODO: check
CVE-2021-32660 (Backstage is an open platform for building developer portals, and tech ...)
@@ -7863,21 +7877,18 @@ CVE-2021-3492 (Shiftfs, an out-of-tree stacking file system included in Ubuntu L
- linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
NOTE: Debian does not include the (not yet upstream accepted) shiftfs
-CVE-2021-3491
- RESERVED
+CVE-2021-3491 (The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT li ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/13
NOTE: https://git.kernel.org/linus/d1f82808877bb10d3deee7cf3374a4eb3fb582db
-CVE-2021-3490
- RESERVED
+CVE-2021-3490 (The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in th ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/11
-CVE-2021-3489
- RESERVED
+CVE-2021-3489 (The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel di ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -10924,8 +10935,7 @@ CVE-2021-3470 (A heap overflow issue was found in Redis in versions before 5.0.1
NOTE: https://github.com/redis/redis/pull/7963
NOTE: https://github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95
NOTE: Only an issue if not using a heap allocator other than jemalloc or glibc's malloc
-CVE-2021-3469
- RESERVED
+CVE-2021-3469 (Foreman versions before 2.3.4 and before 2.4.0 is affected by an impro ...)
- foreman <itp> (bug #663101)
CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event used to ...)
- avahi <unfixed> (bug #984938)
@@ -13731,6 +13741,7 @@ CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single Sign-On
NOT-FOR-US: Keycloak
CVE-2021-28091 [XML signature wrapping vulnerability when parsing SAML responses]
RESERVED
+ {DSA-4926-1}
- lasso 2.6.1-3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1940089
NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
@@ -18803,8 +18814,8 @@ CVE-2021-25949
RESERVED
CVE-2021-25948
RESERVED
-CVE-2021-25947
- RESERVED
+CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1 ...)
+ TODO: check
CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...)
NOT-FOR-US: Node nconf-toml
CVE-2021-25945 (Prototype pollution vulnerability in 'js-extend' versions 0.0.1 throug ...)
@@ -27129,16 +27140,16 @@ CVE-2021-22339 (There is a denial of service vulnerability in some versions of M
NOT-FOR-US: Huawei
CVE-2021-22338
RESERVED
-CVE-2021-22337
- RESERVED
+CVE-2021-22337 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
+ TODO: check
CVE-2021-22336 (There is an Improper Control of Generation of Code vulnerability in Hu ...)
NOT-FOR-US: Huawei
-CVE-2021-22335
- RESERVED
-CVE-2021-22334
- RESERVED
-CVE-2021-22333
- RESERVED
+CVE-2021-22335 (There is a Memory Buffer Improper Operation Limit vulnerability in Hua ...)
+ TODO: check
+CVE-2021-22334 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
+ TODO: check
+CVE-2021-22333 (There is an Improper Validation of Array Index vulnerability in Huawei ...)
+ TODO: check
CVE-2021-22332 (There is a pointer double free vulnerability in some versions of Cloud ...)
NOT-FOR-US: CloudEngine (Huawei)
CVE-2021-22331 (There is a JavaScript injection vulnerability in certain Huawei smartp ...)
@@ -29221,18 +29232,18 @@ CVE-2020-36011 (A cross-site scripting (XSS) issue in Add Patient Form in QDOCS
NOT-FOR-US: QDOCS Smart Hospital Management System
CVE-2020-36010
RESERVED
-CVE-2020-36009
- RESERVED
-CVE-2020-36008
- RESERVED
-CVE-2020-36007
- RESERVED
-CVE-2020-36006
- RESERVED
-CVE-2020-36005
- RESERVED
-CVE-2020-36004
- RESERVED
+CVE-2020-36009 (OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerabil ...)
+ TODO: check
+CVE-2020-36008 (OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability ...)
+ TODO: check
+CVE-2020-36007 (AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripti ...)
+ TODO: check
+CVE-2020-36006 (AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulne ...)
+ TODO: check
+CVE-2020-36005 (AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulner ...)
+ TODO: check
+CVE-2020-36004 (AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulner ...)
+ TODO: check
CVE-2020-36003 (The id parameter in detail.php of Online Book Store v1.0 is vulnerable ...)
NOT-FOR-US: Online Book Store
CVE-2020-36002 (Seat-Reservation-System 1.0 has a SQL injection vulnerability in index ...)
@@ -29301,14 +29312,14 @@ CVE-2020-35975
RESERVED
CVE-2020-35974
RESERVED
-CVE-2020-35973
- RESERVED
-CVE-2020-35972
- RESERVED
-CVE-2020-35971
- RESERVED
-CVE-2020-35970
- RESERVED
+CVE-2020-35973 (An issue was discovered in zzcms2020. There is a XSS vulnerability tha ...)
+ TODO: check
+CVE-2020-35972 (An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability ...)
+ TODO: check
+CVE-2020-35971 (A storage XSS vulnerability is found in YzmCMS v5.8, which can be used ...)
+ TODO: check
+CVE-2020-35970 (An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability i ...)
+ TODO: check
CVE-2020-35969
RESERVED
CVE-2020-35968
@@ -127825,8 +127836,7 @@ CVE-2019-14586 (Use after free vulnerability in EDK II may allow an authenticate
[jessie] - edk2 <end-of-life> (non-free)
CVE-2019-14585
RESERVED
-CVE-2019-14584
- RESERVED
+CVE-2019-14584 (Null pointer dereference in Tianocore EDK2 may allow an authenticated ...)
{DLA-2645-1}
- edk2 2020.11-1 (bug #977300)
[buster] - edk2 0~20181115.85588389-3+deb10u3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fc677633b3fe6cba15a48b59b066ed70c05f078
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fc677633b3fe6cba15a48b59b066ed70c05f078
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210604/c3906c41/attachment.htm>
More information about the debian-security-tracker-commits
mailing list