[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 8 21:10:34 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ed3b4540 by security tracker role at 2021-06-08T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2022-20001
+ RESERVED
+CVE-2021-3588
+ RESERVED
+CVE-2021-34337
+ RESERVED
+CVE-2021-34336
+ RESERVED
+CVE-2021-34335
+ RESERVED
+CVE-2021-34334
+ RESERVED
+CVE-2021-34333
+ RESERVED
+CVE-2021-34332
+ RESERVED
+CVE-2021-34331
+ RESERVED
+CVE-2021-34330
+ RESERVED
+CVE-2021-34329
+ RESERVED
+CVE-2021-34328
+ RESERVED
+CVE-2021-34327
+ RESERVED
+CVE-2021-34326
+ RESERVED
+CVE-2021-34325
+ RESERVED
+CVE-2021-34324
+ RESERVED
+CVE-2021-34323
+ RESERVED
+CVE-2021-34322
+ RESERVED
+CVE-2021-34321
+ RESERVED
+CVE-2021-34320
+ RESERVED
+CVE-2021-34319
+ RESERVED
+CVE-2021-34318
+ RESERVED
+CVE-2021-34317
+ RESERVED
+CVE-2021-34316
+ RESERVED
+CVE-2021-34315
+ RESERVED
+CVE-2021-34314
+ RESERVED
+CVE-2021-34313
+ RESERVED
+CVE-2021-34312
+ RESERVED
+CVE-2021-34311
+ RESERVED
+CVE-2021-34310
+ RESERVED
+CVE-2021-34309
+ RESERVED
+CVE-2021-34308
+ RESERVED
+CVE-2021-34307
+ RESERVED
+CVE-2021-34306
+ RESERVED
+CVE-2021-34305
+ RESERVED
+CVE-2021-34304
+ RESERVED
+CVE-2021-34303
+ RESERVED
+CVE-2021-34302
+ RESERVED
+CVE-2021-34301
+ RESERVED
+CVE-2021-34300
+ RESERVED
+CVE-2021-34299
+ RESERVED
+CVE-2021-34298
+ RESERVED
+CVE-2021-34297
+ RESERVED
+CVE-2021-34296
+ RESERVED
+CVE-2021-34295
+ RESERVED
+CVE-2021-34294
+ RESERVED
+CVE-2021-34293
+ RESERVED
+CVE-2021-34292
+ RESERVED
+CVE-2021-34291
+ RESERVED
CVE-2021-3586
RESERVED
CVE-2021-3585
@@ -26,8 +124,8 @@ CVE-2021-34282
RESERVED
CVE-2021-34281
RESERVED
-CVE-2021-34280
- RESERVED
+CVE-2021-34280 (Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer ...)
+ TODO: check
CVE-2021-34279
RESERVED
CVE-2021-34278
@@ -1587,8 +1685,7 @@ CVE-2021-33573
RESERVED
CVE-2021-33572
RESERVED
-CVE-2021-33571 [Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses]
- RESERVED
+CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...)
{DLA-2676-1}
- python-django 2:2.2.24-1 (bug #989394)
NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
@@ -1627,8 +1724,7 @@ CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer
NOT-FOR-US: Shopizer
CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer before 2 ...)
NOT-FOR-US: Shopizer
-CVE-2021-33560 [cipher: Fix ElGamal encryption for other implementations.]
- RESERVED
+CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...)
- libgcrypt20 1.8.7-6
[buster] - libgcrypt20 <no-dsa> (Minor issue)
[stretch] - libgcrypt20 <no-dsa> (Minor issue)
@@ -1704,8 +1800,7 @@ CVE-2021-33526
RESERVED
CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (b ...)
NOT-FOR-US: EyesOfNetwork (EON) eonweb
-CVE-2021-3564
- RESERVED
+CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1
CVE-2021-33524
@@ -2398,8 +2493,7 @@ CVE-2021-3556
CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.5.1 fo ...)
- pg-partman 4.5.1-1 (bug #988917)
NOTE: https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3
-CVE-2021-33203 [Potential directory traversal via admindocs]
- RESERVED
+CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...)
{DLA-2676-1}
- python-django 2:2.2.24-1 (bug #989394)
NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
@@ -2466,8 +2560,8 @@ CVE-2021-33192
RESERVED
CVE-2021-33191
RESERVED
-CVE-2021-33190
- RESERVED
+CVE-2021-33190 (In Apache APISIX Dashboard version 2.6, we changed the default value o ...)
+ TODO: check
CVE-2020-36365 (Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.Cl ...)
NOT-FOR-US: Smartstore (aka SmartStoreNET)
CVE-2020-36364 (An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0 ...)
@@ -2528,10 +2622,10 @@ CVE-2021-33178
RESERVED
CVE-2021-33177
RESERVED
-CVE-2021-33176
- RESERVED
-CVE-2021-33175
- RESERVED
+CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...)
+ TODO: check
+CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...)
+ TODO: check
CVE-2021-33174
RESERVED
CVE-2021-33173
@@ -3592,10 +3686,10 @@ CVE-2021-32676
RESERVED
CVE-2021-32675
RESERVED
-CVE-2021-32674
- RESERVED
-CVE-2021-32673
- RESERVED
+CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...)
+ TODO: check
+CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot ...)
+ TODO: check
CVE-2021-32672
RESERVED
CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's translat ...)
@@ -3624,8 +3718,8 @@ CVE-2021-32660 (Backstage is an open platform for building developer portals, an
NOT-FOR-US: Backstage
CVE-2021-32659
RESERVED
-CVE-2021-32658
- RESERVED
+CVE-2021-32658 (Nextcloud Android is the Android client for the Nextcloud open source ...)
+ TODO: check
CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
- nextcloud-server <itp> (bug #941708)
CVE-2021-32656 (Nextcloud Server is a Nextcloud package that handles data storage. A v ...)
@@ -4855,8 +4949,8 @@ CVE-2021-32108
RESERVED
CVE-2021-32107
RESERVED
-CVE-2021-32106
- RESERVED
+CVE-2021-32106 (In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified i ...)
+ TODO: check
CVE-2021-32105
RESERVED
CVE-2021-32104 (A SQL injection vulnerability exists (with user privileges) in interfa ...)
@@ -5175,8 +5269,8 @@ CVE-2021-32017
RESERVED
CVE-2021-32016
RESERVED
-CVE-2021-32015
- RESERVED
+CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...)
+ TODO: check
CVE-2021-32014
RESERVED
CVE-2021-32013
@@ -5995,8 +6089,8 @@ CVE-2021-31740
RESERVED
CVE-2021-31739
RESERVED
-CVE-2021-31738
- RESERVED
+CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...)
+ TODO: check
CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerabili ...)
NOT-FOR-US: emlog
CVE-2021-31736
@@ -6439,30 +6533,26 @@ CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows re
NOTE: https://github.com/golang/go/issues/45710
NOTE: https://github.com/golang/go/issues/45711 (1.15 backport)
NOTE: https://github.com/golang/go/issues/45712 (1.16 backport)
-CVE-2021-26945
- RESERVED
+CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found in Ope ...)
- openexr <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947591
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31221
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31228
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/930
TODO: check details
-CVE-2021-26260
- RESERVED
+CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...)
- openexr <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894
TODO: check details
-CVE-2021-23215
- RESERVED
+CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...)
- openexr <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/901
TODO: check details
-CVE-2021-23169 [Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer]
- RESERVED
+CVE-2021-23169 (A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...)
- openexr 2.5.4-2 (bug #988240)
[buster] - openexr <not-affected> (Vulnerable code not present)
[stretch] - openexr <not-affected> (Vulnerable code not present)
@@ -9177,8 +9267,8 @@ CVE-2021-30359
RESERVED
CVE-2021-30358
RESERVED
-CVE-2021-30357
- RESERVED
+CVE-2021-30357 (SSL Network Extender Client for Linux before build 800008302 reveals p ...)
+ TODO: check
CVE-2021-30356 (A denial of service vulnerability was reported in Check Point Identity ...)
NOT-FOR-US: Check Point Identity Agent
CVE-2021-30355
@@ -14176,8 +14266,8 @@ CVE-2021-28295 (Online Ordering System 1.0 is vulnerable to unauthenticated SQL
NOT-FOR-US: Online Ordering System
CVE-2021-28294 (Online Ordering System 1.0 is vulnerable to arbitrary file upload thro ...)
NOT-FOR-US: Online Ordering System
-CVE-2021-28293
- RESERVED
+CVE-2021-28293 (Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated ...)
+ TODO: check
CVE-2021-28292
RESERVED
CVE-2021-28291
@@ -18573,14 +18663,14 @@ CVE-2021-26476 (EPrints 3.4.2 allows remote attackers to execute OS commands via
NOT-FOR-US: EPrints
CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal ...)
NOT-FOR-US: EPrints
-CVE-2021-26474
- RESERVED
-CVE-2021-26473
- RESERVED
-CVE-2021-26472
- RESERVED
-CVE-2021-26471
- RESERVED
+CVE-2021-26474 (Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a GET req ...)
+ TODO: check
+CVE-2021-26473 (Vembu BDR Suite before 4.2.0 allows Unauthenticated file write via a G ...)
+ TODO: check
+CVE-2021-26472 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...)
+ TODO: check
+CVE-2021-26471 (Vembu BDR Suite before 4.2.0 allows Unauthenticated Remote Code Execut ...)
+ TODO: check
CVE-2021-26470
RESERVED
CVE-2021-26469
@@ -25808,8 +25898,8 @@ CVE-2021-23394
RESERVED
CVE-2021-23393
RESERVED
-CVE-2021-23392
- RESERVED
+CVE-2021-23392 (The package locutus before 2.0.15 are vulnerable to Regular Expression ...)
+ TODO: check
CVE-2021-23391 (This affects all versions of package calipso. It is possible for a mal ...)
TODO: check
CVE-2021-23390
@@ -27748,12 +27838,12 @@ CVE-2021-22552
RESERVED
CVE-2021-22551
RESERVED
-CVE-2021-22550
- RESERVED
-CVE-2021-22549
- RESERVED
-CVE-2021-22548
- RESERVED
+CVE-2021-22550 (An attacker can modify the pointers in enclave memory to overwrite arb ...)
+ TODO: check
+CVE-2021-22549 (An attacker can modify the address to point to trusted memory to overw ...)
+ TODO: check
+CVE-2021-22548 (An attacker can change the pointer to untrusted memory to point to tru ...)
+ TODO: check
CVE-2021-22547 (In IoT Devices SDK, there is an implementation of calloc() that doesn' ...)
NOT-FOR-US: Google Cloud IoT Device SDK
CVE-2021-22546
@@ -28409,26 +28499,26 @@ CVE-2021-22223
RESERVED
CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...)
TODO: check
-CVE-2021-22221
- RESERVED
-CVE-2021-22220
- RESERVED
-CVE-2021-22219
- RESERVED
-CVE-2021-22218
- RESERVED
-CVE-2021-22217
- RESERVED
+CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
+CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
+CVE-2021-22219 (GitLab CE/EE since version 9.5 allows a high privilege user to obtain ...)
+ TODO: check
+CVE-2021-22218 (All versions of GitLab CE/EE starting with 12.8 were affected by an is ...)
+ TODO: check
+CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
+ TODO: check
CVE-2021-22216
RESERVED
-CVE-2021-22215
- RESERVED
-CVE-2021-22214
- RESERVED
-CVE-2021-22213
- RESERVED
-CVE-2021-22212
- RESERVED
+CVE-2021-22215 (An information disclosure vulnerability in GitLab EE versions 13.11 an ...)
+ TODO: check
+CVE-2021-22214 (When requests to the internal network for webhooks are enabled, a serv ...)
+ TODO: check
+CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all versions of G ...)
+ TODO: check
+CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 all ...)
+ TODO: check
CVE-2021-22211 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2021-22210 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -28671,8 +28761,7 @@ CVE-2021-22118 (In Spring Framework, versions 5.2.x prior to 5.2.15 and versions
TODO: check
CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not harden p ...)
- rabbitmq-server <not-affected> (Windows-specific)
-CVE-2021-22116
- RESERVED
+CVE-2021-22116 (RabbitMQ all versions prior to 3.8.16 are prone to a denial of service ...)
- rabbitmq-server <unfixed> (bug #989056)
NOTE: https://tanzu.vmware.com/security/cve-2021-22116
CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service broker cre ...)
@@ -29813,10 +29902,10 @@ CVE-2021-21561
RESERVED
CVE-2021-21560
RESERVED
-CVE-2021-21559
- RESERVED
-CVE-2021-21558
- RESERVED
+CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19 ...)
+ TODO: check
+CVE-2021-21558 (Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, co ...)
+ TODO: check
CVE-2021-21557
RESERVED
CVE-2021-21556
@@ -34126,7 +34215,7 @@ CVE-2021-20337
RESERVED
CVE-2021-20336 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
NOT-FOR-US: IBM
-CVE-2021-20335 (For MongoDB Ops Manager 4.2.X with multiple OM application servers, th ...)
+CVE-2021-20335 (For MongoDB Ops Manager <= 4.2.24 with multiple OM application serv ...)
NOT-FOR-US: MongoDB Ops Manager
CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine where M ...)
NOT-FOR-US: MongoDB Compass
@@ -34589,7 +34678,7 @@ CVE-2021-20230 (A flaw was found in stunnel before 5.57, where it improperly val
NOTE: Isolated fix only the changes in src/verify.c:
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1177580#c2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925226
-CVE-2021-20229 (A flaw was found in PostgreSQL in versions before 13.2, before 12.6, b ...)
+CVE-2021-20229 (A flaw was found in PostgreSQL in versions before 13.2. This flaw allo ...)
- postgresql-13 13.2-1
NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
CVE-2021-20228 (A flaw was found in the Ansible Engine 2.9.18, where sensitive info is ...)
@@ -40384,8 +40473,8 @@ CVE-2020-28715
RESERVED
CVE-2020-28714
RESERVED
-CVE-2020-28713
- RESERVED
+CVE-2020-28713 (Incorrect access control in push notification service in Night Owl Sma ...)
+ TODO: check
CVE-2020-28712
RESERVED
CVE-2020-28711
@@ -49065,12 +49154,12 @@ CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write w
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702937
CVE-2020-26518 (Artica Pandora FMS before 743 allows unauthenticated attackers to cond ...)
NOT-FOR-US: Artica Pandora FMS
-CVE-2020-26517
- RESERVED
-CVE-2020-26516
- RESERVED
-CVE-2020-26515
- RESERVED
+CVE-2020-26517 (A cross-site scripting (XSS) issue was discovered in Intland codeBeame ...)
+ TODO: check
+CVE-2020-26516 (A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10. ...)
+ TODO: check
+CVE-2020-26515 (An insufficiently protected credentials issue was discovered in Intlan ...)
+ TODO: check
CVE-2020-26514
RESERVED
CVE-2020-26513 (An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP ...)
@@ -49971,8 +50060,8 @@ CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access P
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.cb327ed0cabe.Ib7dcffa2a31f0913d660de65ba3c8aca75b1d10f@changeid/
-CVE-2020-26138
- RESERVED
+CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brackets in ...)
+ TODO: check
CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...)
- python-urllib3 1.25.9-1
[buster] - python-urllib3 <no-dsa> (Minor issue)
@@ -50679,8 +50768,8 @@ CVE-2020-25819
RESERVED
CVE-2020-25818
RESERVED
-CVE-2020-25817
- RESERVED
+CVE-2020-25817 (SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentP ...)
+ TODO: check
CVE-2020-25816 (HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed le ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-25815 (An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed3b4540df969c0aab994aaf31b3798e380e0bdb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed3b4540df969c0aab994aaf31b3798e380e0bdb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210608/4090e8ab/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list