[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 18 21:10:28 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
688a9378 by security tracker role at 2021-06-18T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2021-3611
+ RESERVED
+CVE-2021-3610
+ RESERVED
+CVE-2021-35053
+ RESERVED
+CVE-2021-35052
+ RESERVED
+CVE-2021-35051
+ RESERVED
+CVE-2021-35050
+ RESERVED
+CVE-2021-35049
+ RESERVED
+CVE-2021-35048
+ RESERVED
+CVE-2021-35047
+ RESERVED
+CVE-2021-35046
+ RESERVED
+CVE-2021-35045
+ RESERVED
+CVE-2021-35044
+ RESERVED
+CVE-2021-35043
+ RESERVED
+CVE-2021-35042
+ RESERVED
+CVE-2021-35041
+ RESERVED
CVE-2021-3609
RESERVED
CVE-2021-35040
@@ -465,8 +495,8 @@ CVE-2021-34817
RESERVED
CVE-2021-34816
RESERVED
-CVE-2021-34815
- RESERVED
+CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...)
+ TODO: check
CVE-2020-36389 (In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEdit ...)
- civicrm 5.28.4+dfsg1-1
NOTE: https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form
@@ -514,8 +544,8 @@ CVE-2021-34799
RESERVED
CVE-2021-34798
RESERVED
-CVE-2021-3604
- RESERVED
+CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...)
+ TODO: check
CVE-2021-34797
RESERVED
CVE-2021-34796
@@ -1079,16 +1109,19 @@ CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution i
TODO: check
CVE-2021-34550 [out-of-bounds memory access in v3 onion service descriptor parsing]
RESERVED
+ {DSA-4932-1}
- tor 0.4.5.9-1 (bug #990000)
[stretch] - tor <end-of-life> (See DSA 4644)
NOTE: https://blog.torproject.org/node/2041
CVE-2021-34549 [hashtable-based CPU denial-of-service attack against relays]
RESERVED
+ {DSA-4932-1}
- tor 0.4.5.9-1 (bug #990000)
[stretch] - tor <end-of-life> (See DSA 4644)
NOTE: https://blog.torproject.org/node/2041
CVE-2021-34548
RESERVED
+ {DSA-4932-1}
- tor 0.4.5.9-1 (bug #990000)
[stretch] - tor <end-of-life> (See DSA 4644)
NOTE: https://blog.torproject.org/node/2041
@@ -2589,6 +2622,7 @@ CVE-2021-3581
RESERVED
CVE-2021-3580 [Remote crash in RSA decryption via manipulated ciphertext]
RESERVED
+ {DSA-4933-1}
- nettle 3.7.3-1 (bug #989631)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1967983
NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
@@ -2646,20 +2680,20 @@ CVE-2021-33826
RESERVED
CVE-2021-33825
RESERVED
-CVE-2021-33824
- RESERVED
-CVE-2021-33823
- RESERVED
-CVE-2021-33822
- RESERVED
+CVE-2021-33824 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...)
+ TODO: check
+CVE-2021-33823 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...)
+ TODO: check
+CVE-2021-33822 (An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22 ...)
+ TODO: check
CVE-2021-33821
RESERVED
-CVE-2021-33820
- RESERVED
+CVE-2021-33820 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...)
+ TODO: check
CVE-2021-33819
RESERVED
-CVE-2021-33818
- RESERVED
+CVE-2021-33818 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...)
+ TODO: check
CVE-2021-33817
RESERVED
CVE-2021-33816
@@ -3248,10 +3282,10 @@ CVE-2021-33579
RESERVED
CVE-2021-33578
RESERVED
-CVE-2021-33577
- RESERVED
-CVE-2021-33576
- RESERVED
+CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...)
+ TODO: check
+CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...)
+ TODO: check
CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...)
NOT-FOR-US: ruby-jss gem
CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32 ...)
@@ -3772,8 +3806,8 @@ CVE-2021-33349
RESERVED
CVE-2021-33348
RESERVED
-CVE-2021-33347
- RESERVED
+CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...)
+ TODO: check
CVE-2021-33346
RESERVED
CVE-2021-33345
@@ -4671,12 +4705,12 @@ CVE-2021-32958
RESERVED
CVE-2021-32957
RESERVED
-CVE-2021-32956
- RESERVED
+CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...)
+ TODO: check
CVE-2021-32955
RESERVED
-CVE-2021-32954
- RESERVED
+CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a ...)
+ TODO: check
CVE-2021-32953
RESERVED
CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...)
@@ -5618,8 +5652,8 @@ CVE-2021-32538
RESERVED
CVE-2021-32537
RESERVED
-CVE-2021-32536
- RESERVED
+CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...)
+ TODO: check
CVE-2021-32535
RESERVED
CVE-2021-32534
@@ -19457,10 +19491,10 @@ CVE-2021-26837
RESERVED
CVE-2021-26836
RESERVED
-CVE-2021-26835
- RESERVED
-CVE-2021-26834
- RESERVED
+CVE-2021-26835 (No filtering of cross-site scripting (XSS) payloads in the markdown-ed ...)
+ TODO: check
+CVE-2021-26834 (A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An a ...)
+ TODO: check
CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...)
NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills
CVE-2021-26832 (Cross Site Scripting (XSS) in the "Reset Password" page form of Priori ...)
@@ -20083,7 +20117,7 @@ CVE-2021-26565 (Cleartext transmission of sensitive information vulnerability in
NOT-FOR-US: Synology
CVE-2021-26564 (Cleartext transmission of sensitive information vulnerability in synor ...)
NOT-FOR-US: Synology
-CVE-2021-26563 (Improper access control vulnerability in synoagentregisterd in Synolog ...)
+CVE-2021-26563 (Incorrect authorization vulnerability in synoagentregisterd in Synolog ...)
NOT-FOR-US: Synology
CVE-2021-26562 (Out-of-bounds write vulnerability in synoagentregisterd in Synology Di ...)
NOT-FOR-US: Synology
@@ -26677,10 +26711,10 @@ CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a refle
NOT-FOR-US: Bosch
CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP cameras allo ...)
NOT-FOR-US: Bosch
-CVE-2021-23846
- RESERVED
-CVE-2021-23845
- RESERVED
+CVE-2021-23846 (When using http protocol, the user password is transmitted as a clear ...)
+ TODO: check
+CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session while a ...)
+ TODO: check
CVE-2021-23844
RESERVED
CVE-2021-23843
@@ -30748,8 +30782,8 @@ CVE-2021-21999
RESERVED
CVE-2021-21998
RESERVED
-CVE-2021-21997
- RESERVED
+CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of ...)
+ TODO: check
CVE-2021-21996
RESERVED
CVE-2021-21995
@@ -31431,8 +31465,8 @@ CVE-2021-21671
RESERVED
CVE-2021-21670
RESERVED
-CVE-2021-21669
- RESERVED
+CVE-2021-21669 (Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not confi ...)
+ TODO: check
CVE-2021-21668 (Jenkins Scriptler Plugin 3.1 and earlier does not escape script conten ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21667 (Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter nam ...)
@@ -36066,6 +36100,7 @@ CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in li
CVE-2021-20306 (A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any ...)
NOT-FOR-US: Red Hat Business Central
CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...)
+ {DSA-4933-1}
- nettle 3.7.2-1 (bug #985652)
[stretch] - nettle <postponed> (Minor issue; can be fixed in next update)
NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
@@ -68171,8 +68206,8 @@ CVE-2020-18444
RESERVED
CVE-2020-18443
RESERVED
-CVE-2020-18442
- RESERVED
+CVE-2020-18442 (Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a d ...)
+ TODO: check
CVE-2020-18441
RESERVED
CVE-2020-18440
@@ -186793,7 +186828,7 @@ CVE-2018-14641 (A security flaw was found in the ip_frag_reasm() function in net
CVE-2018-14640
RESERVED
CVE-2018-14639
- RESERVED
+ REJECTED
CVE-2018-14638 (A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ...)
- 389-ds-base 1.4.0.18-1 (bug #908859)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
@@ -463342,7 +463377,7 @@ CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Moz
- xulrunner 1.8.1.5-1 (high)
NOTE: MFSA2007-18
CVE-2007-3733
- RESERVED
+ REJECTED
CVE-2007-3732 (In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc cal ...)
- linux-2.6 2.6.23-1
NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1)
@@ -494351,7 +494386,7 @@ CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 an
{DSA-809-1}
- squid 2.5.10-5 (medium)
CVE-2005-2795
- RESERVED
+ REJECTED
CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to c ...)
{DSA-809-3 DSA-809-1}
- squid 2.5.10-5 (medium)
@@ -503823,7 +503858,7 @@ CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in
CVE-2005-0395
REJECTED
CVE-2005-0394
- RESERVED
+ REJECTED
CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, w ...)
{DSA-733-1}
- crip 3.5-1sarge2 (low)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/688a9378af6a969aef5557e9ebc48ad913b74d38
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/688a9378af6a969aef5557e9ebc48ad913b74d38
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210618/caf67efb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list