[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 4 21:10:38 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
434f5796 by security tracker role at 2021-06-04T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-3581
+ RESERVED
+CVE-2021-3580
+ RESERVED
+CVE-2021-33844
+ RESERVED
+CVE-2021-33842
+ RESERVED
+CVE-2021-33841
+ RESERVED
+CVE-2021-23210
+ RESERVED
+CVE-2021-23172
+ RESERVED
+CVE-2021-23159
+ RESERVED
CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...)
NOT-FOR-US: Luca
CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...)
@@ -124,8 +140,8 @@ CVE-2021-3571
RESERVED
CVE-2021-3570
RESERVED
-CVE-2020-36382
- RESERVED
+CVE-2020-36382 (OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigge ...)
+ TODO: check
CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code execution becau ...)
NOT-FOR-US: RebornCore
CVE-2021-33789
@@ -654,8 +670,7 @@ CVE-2016-20011 (libgrss through 0.7.0 fails to perform TLS certificate verificat
[stretch] - libgrss <ignored> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=772647
NOTE: https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
-CVE-2021-3565 [during tpm2_import command invocation a fixed AES wrapping key is used]
- RESERVED
+CVE-2021-3565 (A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3 ...)
- tpm2-tools 5.0-2 (bug #989148)
[buster] - tpm2-tools <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964427
@@ -1781,8 +1796,7 @@ CVE-2021-33056
RESERVED
CVE-2021-33055
RESERVED
-CVE-2021-33054
- RESERVED
+CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...)
- sogo <unfixed>
NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html
NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
@@ -5105,9 +5119,9 @@ CVE-2021-31686
CVE-2021-31685
RESERVED
CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONParserBy ...)
- - json-smart <unfixed>
- NOTE: https://github.com/netplex/json-smart-v2/issues/67
- NOTE: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
+ - json-smart <unfixed>
+ NOTE: https://github.com/netplex/json-smart-v2/issues/67
+ NOTE: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
CVE-2021-31683
RESERVED
CVE-2021-31682
@@ -7711,78 +7725,63 @@ CVE-2021-30521
RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30520
- RESERVED
+CVE-2021-30520 (Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 al ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30519
- RESERVED
+CVE-2021-30519 (Use after free in Payments in Google Chrome prior to 90.0.4430.212 all ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30518
- RESERVED
+CVE-2021-30518 (Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.443 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30517
- RESERVED
+CVE-2021-30517 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30516
- RESERVED
+CVE-2021-30516 (Heap buffer overflow in History in Google Chrome prior to 90.0.4430.21 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30515
- RESERVED
+CVE-2021-30515 (Use after free in File API in Google Chrome prior to 90.0.4430.212 all ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30514
- RESERVED
+CVE-2021-30514 (Use after free in Autofill in Google Chrome prior to 90.0.4430.212 all ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30513
- RESERVED
+CVE-2021-30513 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30512
- RESERVED
+CVE-2021-30512 (Use after free in Notifications in Google Chrome prior to 90.0.4430.21 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30511
- RESERVED
+CVE-2021-30511 (Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.2 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30510
- RESERVED
+CVE-2021-30510 (Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30509
- RESERVED
+CVE-2021-30509 (Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.2 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30508
- RESERVED
+CVE-2021-30508 (Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.443 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30507
- RESERVED
+CVE-2021-30507 (Inappropriate implementation in Offline in Google Chrome on Android pr ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30506
- RESERVED
+CVE-2021-30506 (Incorrect security UI in Web App Installs in Google Chrome on Android ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -7919,8 +7918,8 @@ CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before
CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible to in ...)
- glpi <removed>
NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS
-CVE-2021-30475
- RESERVED
+CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...)
+ TODO: check
CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...)
- aom <unfixed>
NOTE: https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e
@@ -10266,7 +10265,7 @@ CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications.
NOTE: CVE is related to an incomplete fix for CVE-2019-16770
CVE-2021-29508 (Due to how Wire handles type information in its serialization format, ...)
NOT-FOR-US: Wire
-CVE-2021-29507 (### Impact _What kind of vulnerability is it? Who is impacted?_ The vu ...)
+CVE-2021-29507 (GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interfa ...)
- dlt-daemon <unfixed> (unimportant)
NOTE: https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f (useless boilerplate only)
NOTE: https://github.com/GENIVI/dlt-daemon/commit/f5344f8cf036e6dcb899522e8e679639dd23e1a4
@@ -13748,8 +13747,7 @@ CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regula
NOT-FOR-US: Node is-svg
CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 ...)
NOT-FOR-US: Keycloak
-CVE-2021-28091 [XML signature wrapping vulnerability when parsing SAML responses]
- RESERVED
+CVE-2021-28091 (Lasso all versions prior to 2.7.0 has improper verification of a crypt ...)
{DSA-4926-1}
- lasso 2.6.1-3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1940089
@@ -14757,8 +14755,8 @@ CVE-2021-27659
RESERVED
CVE-2021-27658
RESERVED
-CVE-2021-27657
- RESERVED
+CVE-2021-27657 (Successful exploitation of this vulnerability could give an authentica ...)
+ TODO: check
CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior could a ...)
NOT-FOR-US: exacqVision Web Service
CVE-2021-27655
@@ -16231,8 +16229,8 @@ CVE-2021-26996
RESERVED
CVE-2021-26995
RESERVED
-CVE-2021-26994
- RESERVED
+CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptibl ...)
+ TODO: check
CVE-2021-26993
RESERVED
CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...)
@@ -26792,8 +26790,8 @@ CVE-2021-22518
RESERVED
CVE-2021-22517
RESERVED
-CVE-2021-22516
- RESERVED
+CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability in Micr ...)
+ TODO: check
CVE-2021-22515
RESERVED
CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro Focus Applic ...)
@@ -28963,14 +28961,14 @@ CVE-2020-36144 (Redash 8.0.0 is affected by LDAP Injection. There is an informat
NOT-FOR-US: Redash
CVE-2020-36143
RESERVED
-CVE-2020-36142
- RESERVED
-CVE-2020-36141
- RESERVED
-CVE-2020-36140
- RESERVED
-CVE-2020-36139
- RESERVED
+CVE-2020-36142 (BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserti ...)
+ TODO: check
+CVE-2020-36141 (BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via b ...)
+ TODO: check
+CVE-2020-36140 (BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode= ...)
+ TODO: check
+CVE-2020-36139 (BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnera ...)
+ TODO: check
CVE-2020-36138
RESERVED
CVE-2020-36137
@@ -39627,10 +39625,10 @@ CVE-2021-1566
RESERVED
CVE-2021-1565
RESERVED
-CVE-2021-1564
- RESERVED
-CVE-2021-1563
- RESERVED
+CVE-2021-1564 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...)
+ TODO: check
+CVE-2021-1563 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...)
+ TODO: check
CVE-2021-1562
RESERVED
CVE-2021-1561
@@ -39667,24 +39665,24 @@ CVE-2021-1546
RESERVED
CVE-2021-1545
RESERVED
-CVE-2021-1544
- RESERVED
+CVE-2021-1544 (A vulnerability in logging mechanisms of Cisco Webex Meetings client s ...)
+ TODO: check
CVE-2021-1543
RESERVED
CVE-2021-1542
RESERVED
CVE-2021-1541
RESERVED
-CVE-2021-1540
- RESERVED
-CVE-2021-1539
- RESERVED
-CVE-2021-1538
- RESERVED
-CVE-2021-1537
- RESERVED
-CVE-2021-1536
- RESERVED
+CVE-2021-1540 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
+ TODO: check
+CVE-2021-1539 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
+ TODO: check
+CVE-2021-1538 (A vulnerability in the configuration dashboard of Cisco Common Service ...)
+ TODO: check
+CVE-2021-1537 (A vulnerability in the installer software of Cisco ThousandEyes Record ...)
+ TODO: check
+CVE-2021-1536 (A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco ...)
+ TODO: check
CVE-2021-1535 (A vulnerability in the cluster management interface of Cisco SD-WAN vM ...)
NOT-FOR-US: Cisco
CVE-2021-1534
@@ -39699,14 +39697,14 @@ CVE-2021-1530 (A vulnerability in the web-based management interface of Cisco Br
NOT-FOR-US: Cisco
CVE-2021-1529
RESERVED
-CVE-2021-1528
- RESERVED
-CVE-2021-1527
- RESERVED
-CVE-2021-1526
- RESERVED
-CVE-2021-1525
- RESERVED
+CVE-2021-1528 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ TODO: check
+CVE-2021-1527 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...)
+ TODO: check
+CVE-2021-1526 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...)
+ TODO: check
+CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
+ TODO: check
CVE-2021-1524
RESERVED
CVE-2021-1523
@@ -39721,8 +39719,8 @@ CVE-2021-1519 (A vulnerability in the interprocess communication (IPC) channel o
NOT-FOR-US: Cisco
CVE-2021-1518
RESERVED
-CVE-2021-1517
- RESERVED
+CVE-2021-1517 (A vulnerability in the multimedia viewer feature of Cisco Webex Meetin ...)
+ TODO: check
CVE-2021-1516 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
NOT-FOR-US: Cisco
CVE-2021-1515 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...)
@@ -39749,10 +39747,10 @@ CVE-2021-1505 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could a
NOT-FOR-US: Cisco
CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
NOT-FOR-US: Cisco
-CVE-2021-1503
- RESERVED
-CVE-2021-1502
- RESERVED
+CVE-2021-1503 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...)
+ TODO: check
+CVE-2021-1502 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...)
+ TODO: check
CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive Securit ...)
NOT-FOR-US: Cisco
CVE-2021-1500
@@ -46138,10 +46136,10 @@ CVE-2020-27304
RESERVED
CVE-2020-27303
RESERVED
-CVE-2020-27302
- RESERVED
-CVE-2020-27301
- RESERVED
+CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...)
+ TODO: check
+CVE-2020-27301 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...)
+ TODO: check
CVE-2020-27300
RESERVED
CVE-2020-27299 (The affected product is vulnerable to an out-of-bounds read, which may ...)
@@ -73045,8 +73043,8 @@ CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions allows a remote attackers to
NOTE: https://github.com/OpenVPN/openvpn/commit/3d18e308c4e7e6f7ab7c2826c70d2d07b031c18a (v2.5.2)
NOTE: https://github.com/OpenVPN/openvpn/commit/3aca477a1b58714754fea3a26d0892fffc51db6b (v2.5.2)
NOTE: https://github.com/OpenVPN/openvpn/commit/0e5516a9d656ce86f7fb370c824344ea1760c255 (2.4.11)
-CVE-2020-15077
- RESERVED
+CVE-2020-15077 (OpenVPN Access Server 2.8.7 and earlier versions allows a remote attac ...)
+ TODO: check
CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older versions ma ...)
NOT-FOR-US: Private Tunnel installer for macOS
CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older may corrup ...)
@@ -85521,7 +85519,7 @@ CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhos
{DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
-CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive inform ...)
+CVE-2020-10941 (Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive inform ...)
- mbedtls 2.16.5-1
[buster] - mbedtls <no-dsa> (Minor issue)
[stretch] - mbedtls <no-dsa> (Minor issue)
@@ -94509,8 +94507,8 @@ CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0
NOTE: https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd (1.11.28)
CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the ...)
NOT-FOR-US: Sonoff TH 10 and 16 devices
-CVE-2020-7469
- RESERVED
+CVE-2020-7469 (In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12. ...)
+ TODO: check
CVE-2020-7468 (In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12. ...)
NOT-FOR-US: FreeBSD ftpd
CVE-2020-7467 (In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434f57960d54729ed1ffc0716659ebc9394a6bd0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434f57960d54729ed1ffc0716659ebc9394a6bd0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210604/79fb3409/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list