[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1367a793 by security tracker role at 2021-06-05T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2021-33878
+	RESERVED
+CVE-2021-33877
+	RESERVED
+CVE-2021-33876
+	RESERVED
+CVE-2021-33875
+	RESERVED
+CVE-2021-33874
+	RESERVED
+CVE-2021-33873
+	RESERVED
+CVE-2021-33872
+	RESERVED
+CVE-2021-33871
+	RESERVED
+CVE-2021-33870
+	RESERVED
+CVE-2021-33869
+	RESERVED
+CVE-2021-33868
+	RESERVED
+CVE-2021-33867
+	RESERVED
+CVE-2021-33866
+	RESERVED
+CVE-2021-33865
+	RESERVED
+CVE-2021-33864
+	RESERVED
+CVE-2021-33863
+	RESERVED
+CVE-2021-33862
+	RESERVED
+CVE-2021-33861
+	RESERVED
+CVE-2021-33860
+	RESERVED
+CVE-2021-33859
+	RESERVED
+CVE-2021-33858
+	RESERVED
+CVE-2021-33857
+	RESERVED
+CVE-2021-33856
+	RESERVED
+CVE-2021-33855
+	RESERVED
+CVE-2021-33854
+	RESERVED
+CVE-2021-33853
+	RESERVED
+CVE-2021-33852
+	RESERVED
+CVE-2021-33851
+	RESERVED
+CVE-2021-33850
+	RESERVED
+CVE-2021-33849
+	RESERVED
 CVE-2021-3581
 	RESERVED
 CVE-2021-3580
@@ -2687,8 +2747,8 @@ CVE-2021-32642 (radsecproxy is a generic RADIUS proxy that supports both UDP and
 	- radsecproxy 1.8.2-4 (unimportant)
 	NOTE: https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af
 	NOTE: Only affects example script
-CVE-2021-32641
-	RESERVED
+CVE-2021-32641 (auth0-lock is Auth0's signin solution. Versions of nauth0-lock before  ...)
+	TODO: check
 CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js.  ...)
 	- node-ws 7.4.2+~cs18.0.8-2
 	[buster] - node-ws <no-dsa> (Minor issue)
@@ -6108,14 +6168,14 @@ CVE-2021-31254 (Buffer overflow in the tenc_box_read function in MP4Box in GPAC
 	NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1)
 CVE-2021-31253
 	RESERVED
-CVE-2021-31252
-	RESERVED
-CVE-2021-31251
-	RESERVED
-CVE-2021-31250
-	RESERVED
-CVE-2021-31249
-	RESERVED
+CVE-2021-31252 (An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-4 ...)
+	TODO: check
+CVE-2021-31251 (An authentication bypass in telnet server in BF-430 and BF431 232/422  ...)
+	TODO: check
+CVE-2021-31250 (Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 ...)
+	TODO: check
+CVE-2021-31249 (A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450 ...)
+	TODO: check
 CVE-2021-31248
 	RESERVED
 CVE-2021-31247
@@ -9143,7 +9203,7 @@ CVE-2021-29968
 	RESERVED
 CVE-2021-29967
 	RESERVED
-	{DSA-4925-1 DLA-2673-1}
+	{DSA-4927-1 DSA-4925-1 DLA-2673-1}
 	- firefox-esr 78.11.0esr-1
 	- firefox 89.0-1
 	- thunderbird 1:78.11.0-1
@@ -9192,10 +9252,12 @@ CVE-2021-29958
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29958
 CVE-2021-29957
 	RESERVED
+	{DSA-4927-1}
 	- thunderbird 1:78.10.2-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29957
 CVE-2021-29956
 	RESERVED
+	{DSA-4927-1}
 	- thunderbird 1:78.10.2-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29956
 CVE-2021-29955
@@ -10287,8 +10349,8 @@ CVE-2021-29502 (WarnSystem is a cog (plugin) for the Red discord bot. A vulnerab
 	NOT-FOR-US: Red discord bot addon
 CVE-2021-29501 (Ticketer is a command based ticket system cog (plugin) for the red dis ...)
 	NOT-FOR-US: Red discord bot addon
-CVE-2021-29500
-	RESERVED
+CVE-2021-29500 (bubble fireworks is an open source java package relating to Spring Fra ...)
+	TODO: check
 CVE-2021-29499 (SIF is an open source implementation of the Singularity Container Imag ...)
 	- golang-github-sylabs-sif <undetermined>
 	NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg
@@ -16421,8 +16483,8 @@ CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition t
 	NOTE: https://github.com/horde/Text_Filter/commit/c26f938854c36b981558a3b1b9b2f81403cff60e (master)
 	NOTE: https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67 (v2.3.7)
 	NOTE: https://www.alexbirnberg.com/horde-xss.html
-CVE-2021-26928
-	RESERVED
+CVE-2021-26928 (** DISPUTED ** BIRD through 2.0.7 does not provide functionality for p ...)
+	TODO: check
 CVE-2021-26927 (A flaw was found in jasper before 2.0.25. A null pointer dereference i ...)
 	- jasper <removed>
 	NOTE: https://github.com/jasper-software/jasper/issues/265
@@ -38001,14 +38063,14 @@ CVE-2020-29326
 	RESERVED
 CVE-2020-29325
 	RESERVED
-CVE-2020-29324
-	RESERVED
-CVE-2020-29323
-	RESERVED
-CVE-2020-29322
-	RESERVED
-CVE-2020-29321
-	RESERVED
+CVE-2020-29324 (The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials di ...)
+	TODO: check
+CVE-2020-29323 (The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to cred ...)
+	TODO: check
+CVE-2020-29322 (The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosur ...)
+	TODO: check
+CVE-2020-29321 (The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosur ...)
+	TODO: check
 CVE-2020-29320
 	RESERVED
 CVE-2020-29319



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1367a793b1bb7b35ba15bae4a0d9c3f7e68368f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1367a793b1bb7b35ba15bae4a0d9c3f7e68368f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210605/c079ebf1/attachment.htm>