[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 17 21:10:31 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09164782 by security tracker role at 2021-06-17T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2021-3608
+ RESERVED
+CVE-2021-3607
+ RESERVED
+CVE-2021-3606
+ RESERVED
+CVE-2021-34826
+ RESERVED
+CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches withou ...)
+ TODO: check
+CVE-2021-34824
+ RESERVED
+CVE-2021-34823
+ RESERVED
+CVE-2021-34822
+ RESERVED
+CVE-2021-34821
+ RESERVED
+CVE-2021-34820
+ RESERVED
+CVE-2021-34819
+ RESERVED
+CVE-2021-34818
+ RESERVED
+CVE-2021-34817
+ RESERVED
+CVE-2021-34816
+ RESERVED
+CVE-2021-34815
+ RESERVED
+CVE-2020-36389 (In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEdit ...)
+ TODO: check
+CVE-2020-36388 (In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, user ...)
+ TODO: check
+CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...)
+ TODO: check
CVE-2021-34814
RESERVED
CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...)
@@ -246,8 +282,8 @@ CVE-2021-3605 [Heap buffer overflow in the rleUncompress function]
RESERVED
- openexr <unfixed>
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036
-CVE-2021-3603
- RESERVED
+CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can result in ...)
+ TODO: check
CVE-2021-3602
RESERVED
CVE-2021-34695
@@ -2821,8 +2857,8 @@ CVE-2021-33559
RESERVED
CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...)
- boa <removed>
-CVE-2021-33557
- RESERVED
+CVE-2021-33557 (An XSS issue was discovered in manage_custom_field_edit_page.php in Ma ...)
+ TODO: check
CVE-2021-33556
RESERVED
CVE-2021-33555
@@ -4187,40 +4223,40 @@ CVE-2021-32954
RESERVED
CVE-2021-32953
RESERVED
-CVE-2021-32952
- RESERVED
+CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...)
+ TODO: check
CVE-2021-32951
RESERVED
-CVE-2021-32950
- RESERVED
+CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...)
+ TODO: check
CVE-2021-32949
RESERVED
-CVE-2021-32948
- RESERVED
+CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading procedure ...)
+ TODO: check
CVE-2021-32947
RESERVED
-CVE-2021-32946
- RESERVED
+CVE-2021-32946 (An improper check for unusual or exceptional conditions issue exists w ...)
+ TODO: check
CVE-2021-32945
RESERVED
-CVE-2021-32944
- RESERVED
+CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...)
+ TODO: check
CVE-2021-32943
RESERVED
CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...)
NOT-FOR-US: AVEVA InTouch Runtime
CVE-2021-32941
RESERVED
-CVE-2021-32940
- RESERVED
+CVE-2021-32940 (An out-of-bounds read issue exists in the DWG file-recovering procedur ...)
+ TODO: check
CVE-2021-32939
RESERVED
-CVE-2021-32938
- RESERVED
+CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-o ...)
+ TODO: check
CVE-2021-32937
RESERVED
-CVE-2021-32936
- RESERVED
+CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering procedu ...)
+ TODO: check
CVE-2021-32935
RESERVED
CVE-2021-32934
@@ -4768,8 +4804,8 @@ CVE-2021-32683 (wire-webapp is the web version of Wire, an open-source messenger
NOT-FOR-US: wire-webapp
CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...)
NOT-FOR-US: elFinder
-CVE-2021-32681
- RESERVED
+CVE-2021-32681 (Wagtail is an open source content management system built on Django. A ...)
+ TODO: check
CVE-2021-32680
RESERVED
CVE-2021-32679
@@ -4998,8 +5034,8 @@ CVE-2021-32584
RESERVED
CVE-2021-32583
RESERVED
-CVE-2021-32582
- RESERVED
+CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...)
+ TODO: check
CVE-2021-32581
RESERVED
CVE-2021-32580
@@ -5050,8 +5086,8 @@ CVE-2021-3543 (A flaw null pointer dereference in the Nitro Enclaves kernel driv
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/f1ce3986baa62cffc3c5be156994de87524bab99
NOTE: nitro_enclaves not enabled in Debian binary builds
-CVE-2021-32575
- RESERVED
+CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networ ...)
+ TODO: check
CVE-2021-32574
RESERVED
CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.js all ...)
@@ -6092,8 +6128,8 @@ CVE-2021-32080
RESERVED
CVE-2021-32079
RESERVED
-CVE-2021-32078
- RESERVED
+CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/perso ...)
+ TODO: check
CVE-2021-3539
RESERVED
CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from commit ...)
@@ -6912,8 +6948,8 @@ CVE-2021-31820
RESERVED
CVE-2021-31819
RESERVED
-CVE-2021-31818
- RESERVED
+CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL ...)
+ TODO: check
CVE-2021-31817
RESERVED
CVE-2021-31816
@@ -7676,8 +7712,8 @@ CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard comp
NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/4
NOTE: In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly
NOTE: cookie, introducing the specific CVE-2021-3509 issue.
-CVE-2021-31521
- RESERVED
+CVE-2021-31521 (Trend Micro InterScan Web Security Virtual Appliance version 6.5 was f ...)
+ TODO: check
CVE-2021-31520 (A weak session token authentication bypass vulnerability in Trend Micr ...)
NOT-FOR-US: Trend Micro
CVE-2021-31519 (An incorrect permission vulnerability in the product installer folders ...)
@@ -12026,8 +12062,8 @@ CVE-2021-29708 (IBM Spectrum Scale 5.1.0.1 could allow a local with access to th
NOT-FOR-US: IBM
CVE-2021-29707
RESERVED
-CVE-2021-29706
- RESERVED
+CVE-2021-29706 (IBM AIX 7.1 could allow a non-privileged local user to exploit a vulne ...)
+ TODO: check
CVE-2021-29705
RESERVED
CVE-2021-29704
@@ -15722,6 +15758,7 @@ CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earl
NOTE: https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
NOTE: Only affects the EL reference implementation which isn't built into the binary packages
CVE-2021-28169 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...)
+ {DLA-2688-1}
- jetty9 <unfixed> (bug #989999)
- jetty8 <removed>
- jetty <removed>
@@ -25590,7 +25627,7 @@ CVE-2021-24039
RESERVED
CVE-2021-24038
RESERVED
-CVE-2021-24037
+CVE-2021-24037 (A use after free in hermes, while emitting certain error messages, pri ...)
NOT-FOR-US: Facebook Hermes
CVE-2021-24036
RESERVED
@@ -27130,8 +27167,8 @@ CVE-2021-23398
RESERVED
CVE-2021-23397
RESERVED
-CVE-2021-23396
- RESERVED
+CVE-2021-23396 (All versions of package lutils are vulnerable to Prototype Pollution v ...)
+ TODO: check
CVE-2021-23395 (This affects all versions of package nedb. The library could be tricke ...)
TODO: check
CVE-2021-23394 (The package studio-42/elfinder before 2.1.58 are vulnerable to Remote ...)
@@ -30702,8 +30739,8 @@ CVE-2021-21779
RESERVED
CVE-2021-21778
RESERVED
-CVE-2021-21777
- RESERVED
+CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/IP UDP ...)
+ TODO: check
CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...)
NOT-FOR-US: ImageGear
CVE-2021-21775
@@ -37061,8 +37098,8 @@ CVE-2020-35375
RESERVED
CVE-2020-35374
RESERVED
-CVE-2020-35373
- RESERVED
+CVE-2020-35373 (In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated ...)
+ TODO: check
CVE-2020-35372
RESERVED
CVE-2020-35371
@@ -40057,7 +40094,7 @@ CVE-2020-29447 (Affected versions of Atlassian Crucible allow remote attackers t
NOT-FOR-US: Atlassian
CVE-2020-29446 (Affected versions of Atlassian Fisheye & Crucible allow remote att ...)
NOT-FOR-US: Atlassian
-CVE-2020-29445 (Affected versions of Confluence Server before 7.11.0 allow attackers t ...)
+CVE-2020-29445 (Affected versions of Confluence Server before 7.4.8, and versions from ...)
NOT-FOR-US: Atlassian
CVE-2020-29444 (Affected versions of Team Calendar in Confluence Server before 7.11.0 ...)
NOT-FOR-US: Atlassian
@@ -47420,8 +47457,8 @@ CVE-2021-0145
RESERVED
CVE-2021-0144
RESERVED
-CVE-2021-0143
- RESERVED
+CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand Verificat ...)
+ TODO: check
CVE-2021-0142
RESERVED
CVE-2021-0141
@@ -47542,7 +47579,7 @@ CVE-2021-0088
RESERVED
CVE-2021-0087
RESERVED
-CVE-2021-0086 (Improper permissions in the installer for the Intel(R) Brand Verificat ...)
+CVE-2021-0086 (Observable response discrepancy in floating-point operations for some ...)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html
NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in
NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
@@ -53162,8 +53199,8 @@ CVE-2020-25416
RESERVED
CVE-2020-25415
RESERVED
-CVE-2020-25414
- RESERVED
+CVE-2020-25414 (A local file inclusion vulnerability was discovered in the captcha fun ...)
+ TODO: check
CVE-2020-25413
RESERVED
CVE-2020-25412 (com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write ...)
@@ -66147,8 +66184,8 @@ CVE-2020-19204
RESERVED
CVE-2020-19203
RESERVED
-CVE-2020-19202
- RESERVED
+CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...)
+ TODO: check
CVE-2020-19201
RESERVED
CVE-2020-19200
@@ -190362,7 +190399,7 @@ CVE-2018-13033 (The Binary File Descriptor (BFD) library (aka libbfd), as distri
NOTE: binutils not covered by security support
CVE-2018-13032 (ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser a ...)
NOT-FOR-US: ECESSA ShieldLink
-CVE-2018-13031 (DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an admi ...)
+CVE-2018-13031 (DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to ...)
NOT-FOR-US: DamiCMS
CVE-2018-13030 (An issue was discovered in jpeg-compressor 0.1. The build_huffman func ...)
NOT-FOR-US: jpeg-compressor
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/091647824525db75ebde1cad6060b3827fbeaf86
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/091647824525db75ebde1cad6060b3827fbeaf86
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210617/87b1543e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list