[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 21 21:10:37 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
69eaf32a by security tracker role at 2021-06-21T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-3612
+ RESERVED
+CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.13 ...)
+ TODO: check
+CVE-2021-35065
+ RESERVED
+CVE-2021-35064
+ RESERVED
+CVE-2021-35063
+ RESERVED
+CVE-2021-35062
+ RESERVED
+CVE-2021-35061
+ RESERVED
+CVE-2021-35060
+ RESERVED
+CVE-2021-35059
+ RESERVED
+CVE-2021-35058
+ RESERVED
+CVE-2021-35057
+ RESERVED
+CVE-2021-35056
+ RESERVED
+CVE-2021-35055
+ RESERVED
+CVE-2020-36393
+ RESERVED
+CVE-2020-36392
+ RESERVED
+CVE-2020-36391
+ RESERVED
+CVE-2020-36390
+ RESERVED
+CVE-2019-25047 (Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) ...)
+ TODO: check
+CVE-2018-25016 (Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) ...)
+ TODO: check
CVE-2021-35054
RESERVED
CVE-2021-XXXX [memory leak when authenticated client connects with MQTT v5 sent a crafted CONNECT message to the broker]
@@ -3310,8 +3348,8 @@ CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27896
CVE-2021-33573
RESERVED
-CVE-2021-33572
- RESERVED
+CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...)
+ TODO: check
CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...)
{DLA-2676-1}
- python-django 2:2.2.24-1 (bug #989394)
@@ -5281,8 +5319,8 @@ CVE-2021-32699
RESERVED
CVE-2021-32698
RESERVED
-CVE-2021-32697
- RESERVED
+CVE-2021-32697 (neos/forms is an open source framework to build web forms. By crafting ...)
+ TODO: check
CVE-2021-32696 (The npm package "striptags" is an implementation of PHP's strip_tags i ...)
TODO: check
CVE-2021-32695 (Nextcloud Android app is the Android client for Nextcloud. In versions ...)
@@ -7670,8 +7708,8 @@ CVE-2021-31771
RESERVED
CVE-2021-31770
RESERVED
-CVE-2021-31769
- RESERVED
+CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code execution by u ...)
+ TODO: check
CVE-2021-31768
RESERVED
CVE-2021-31767
@@ -13609,8 +13647,8 @@ CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to c
[buster] - openjpeg2 <no-dsa> (Minor issue)
[stretch] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1338
-CVE-2021-29337
- RESERVED
+CVE-2021-29337 (MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users ...)
+ TODO: check
CVE-2021-29336
RESERVED
CVE-2021-29335
@@ -14239,10 +14277,10 @@ CVE-2021-29062
RESERVED
CVE-2021-29061
RESERVED
-CVE-2021-29060
- RESERVED
-CVE-2021-29059
- RESERVED
+CVE-2021-29060 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ TODO: check
+CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 4.3.1 and below where ...)
+ TODO: check
CVE-2021-29058
RESERVED
CVE-2021-29057
@@ -14789,8 +14827,8 @@ CVE-2021-28834 (Kramdown before 2.3.1 does not restrict Rouge formatters to the
NOTE: https://github.com/gettalong/kramdown/pull/708
NOTE: Fixed by: https://github.com/gettalong/kramdown/commit/d6a1cbcb2caa2f8a70927f176070d126b2422760
NOTE: Introduced by https://github.com/gettalong/kramdown/commit/ff0218aefcf00cd5a389e17e075d36cd46d011e2 (v1.16)
-CVE-2021-28833
- RESERVED
+CVE-2021-28833 (Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist ...)
+ TODO: check
CVE-2021-28832 (VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via ...)
NOT-FOR-US: VSCodeVim
CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ...)
@@ -15116,8 +15154,8 @@ CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3
NOT-FOR-US: ASUS
CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...)
NOT-FOR-US: ASUS
-CVE-2021-28684
- RESERVED
+CVE-2021-28684 (The XML parser used in ConeXware PowerArchiver before 20.10.02 allows ...)
+ TODO: check
CVE-2021-28683 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...)
- envoyproxy <itp> (bug #987544)
CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...)
@@ -20468,8 +20506,7 @@ CVE-2021-26463
RESERVED
CVE-2021-26462
RESERVED
-CVE-2021-26461
- RESERVED
+CVE-2021-26461 (Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-a ...)
NOT-FOR-US: Apache NuttX
CVE-2021-26460
RESERVED
@@ -33297,8 +33334,8 @@ CVE-2021-21424 (Symfony is a PHP framework for web and console applications and
NOTE: https://github.com/symfony/symfony/commit/f012eee6c6034a94566dff596fe4e16dfc5d9c1f
CVE-2021-21423 (`projen` is a project generation tool that synthesizes project configu ...)
NOT-FOR-US: projen
-CVE-2021-21422
- RESERVED
+CVE-2021-21422 (mongo-express is a web-based MongoDB admin interface, written with Nod ...)
+ TODO: check
CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications that a ...)
NOT-FOR-US: node-etsy-client
CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerability ...)
@@ -36395,14 +36432,14 @@ CVE-2021-20251
CVE-2021-20250 (A flaw was found in wildfly. The JBoss EJB client has publicly accessi ...)
- wildfly <itp> (bug #752018)
CVE-2021-20249
- RESERVED
+ REJECTED
- rpm <unfixed> (bug #985308)
[bullseye] - rpm <no-dsa> (Minor issue)
[buster] - rpm <no-dsa> (Minor issue)
[stretch] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927742
CVE-2021-20248
- RESERVED
+ REJECTED
- rpm <unfixed> (bug #985308)
[bullseye] - rpm <no-dsa> (Minor issue)
[buster] - rpm <no-dsa> (Minor issue)
@@ -45425,88 +45462,67 @@ CVE-2021-0535
RESERVED
CVE-2021-0534
RESERVED
-CVE-2021-0533
- RESERVED
+CVE-2021-0533 (In memory management driver, there is a possible memory corruption due ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0532
- RESERVED
+CVE-2021-0532 (In memory management driver, there is a possible memory corruption due ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0531
- RESERVED
+CVE-2021-0531 (In memory management driver, there is a possible memory corruption due ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0530
- RESERVED
+CVE-2021-0530 (In memory management driver, there is a possible out of bounds write d ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0529
- RESERVED
+CVE-2021-0529 (In memory management driver, there is a possible memory corruption due ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0528
- RESERVED
+CVE-2021-0528 (In memory management driver, there is a possible memory corruption due ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0527
- RESERVED
+CVE-2021-0527 (In memory management driver, there is a possible memory corruption due ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0526
- RESERVED
+CVE-2021-0526 (In memory management driver, there is a possible out of bounds write d ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0525
- RESERVED
+CVE-2021-0525 (In memory management driver, there is a possible out of bounds write d ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0524
RESERVED
-CVE-2021-0523
- RESERVED
+CVE-2021-0523 (In onCreate of WifiScanModeActivity.java, there is a possible way to e ...)
NOT-FOR-US: Android
-CVE-2021-0522
- RESERVED
+CVE-2021-0522 (In ConnectionHandler::SdpCb of connection_handler.cc, there is a possi ...)
NOT-FOR-US: Android
-CVE-2021-0521
- RESERVED
+CVE-2021-0521 (In getAllPackages of PackageManagerService, there is a possible inform ...)
NOT-FOR-US: Android
-CVE-2021-0520
- RESERVED
+CVE-2021-0520 (In several functions of MemoryFileSystem.cpp and related files, there ...)
+ TODO: check
CVE-2021-0519
RESERVED
CVE-2021-0518
RESERVED
-CVE-2021-0517
- RESERVED
+CVE-2021-0517 (In updateCapabilities of ConnectivityService.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2021-0516
- RESERVED
+CVE-2021-0516 (In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of b ...)
NOT-FOR-US: Android
CVE-2021-0515
RESERVED
CVE-2021-0514
RESERVED
-CVE-2021-0513
- RESERVED
+CVE-2021-0513 (In deleteNotificationChannel and related functions of NotificationMana ...)
NOT-FOR-US: Android
-CVE-2021-0512 [HID: make arrays usage and value to be the same]
- RESERVED
+CVE-2021-0512 (In __hidinput_change_resolution_multipliers of hid-input.c, there is a ...)
- linux 5.10.19-1
[buster] - linux 4.19.181-1
NOTE: https://git.kernel.org/linus/ed9be64eefe26d7d8b0b5b9fa3ffdf425d87a01f
-CVE-2021-0511
- RESERVED
+CVE-2021-0511 (In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode i ...)
NOT-FOR-US: Android
-CVE-2021-0510
- RESERVED
-CVE-2021-0509
- RESERVED
-CVE-2021-0508
- RESERVED
-CVE-2021-0507
- RESERVED
+CVE-2021-0510 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...)
+ TODO: check
+CVE-2021-0509 (In various functions of CryptoPlugin.cpp, there is a possible use afte ...)
+ TODO: check
+CVE-2021-0508 (In various functions of DrmPlugin.cpp, there is a possible use after f ...)
+ TODO: check
+CVE-2021-0507 (In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bou ...)
NOT-FOR-US: Android
-CVE-2021-0506
- RESERVED
+CVE-2021-0506 (In ActivityPicker.java, there is a possible bypass of user interaction ...)
NOT-FOR-US: Android
-CVE-2021-0505
- RESERVED
+CVE-2021-0505 (In the Settings app, there is a possible way to disable an always-on V ...)
NOT-FOR-US: Android
-CVE-2021-0504
- RESERVED
+CVE-2021-0504 (In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of ...)
NOT-FOR-US: Android
CVE-2021-0503
RESERVED
@@ -45558,8 +45574,7 @@ CVE-2021-0480 (In createPendingIntent of SnoozeHelper.java, there is a possible
NOT-FOR-US: Android
CVE-2021-0479
RESERVED
-CVE-2021-0478
- RESERVED
+CVE-2021-0478 (In updateDrawable of StatusBarIconView.java, there is a possible permi ...)
NOT-FOR-US: Android
CVE-2021-0477 (In notifyScreenshotError of ScreenshotNotificationsController.java, th ...)
NOT-FOR-US: Android
@@ -60236,8 +60251,8 @@ CVE-2020-22392
RESERVED
CVE-2020-22391
RESERVED
-CVE-2020-22390
- RESERVED
+CVE-2020-22390 (Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name ...)
+ TODO: check
CVE-2020-22389
RESERVED
CVE-2020-22388
@@ -62090,8 +62105,8 @@ CVE-2020-21519
RESERVED
CVE-2020-21518
RESERVED
-CVE-2020-21517
- RESERVED
+CVE-2020-21517 (Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gour ...)
+ TODO: check
CVE-2020-21516
RESERVED
CVE-2020-21515
@@ -62864,8 +62879,8 @@ CVE-2020-21132
RESERVED
CVE-2020-21131
RESERVED
-CVE-2020-21130
- RESERVED
+CVE-2020-21130 (Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the grou ...)
+ TODO: check
CVE-2020-21129
RESERVED
CVE-2020-21128
@@ -66141,10 +66156,10 @@ CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allow
NOT-FOR-US: FinalWire Ltd AIDA64 Engineer
CVE-2020-19512
RESERVED
-CVE-2020-19511
- RESERVED
-CVE-2020-19510
- RESERVED
+CVE-2020-19511 (Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) clas ...)
+ TODO: check
+CVE-2020-19510 (Textpattern 4.7.3 contains an aribtrary file load via the file_insert ...)
+ TODO: check
CVE-2020-19509
RESERVED
CVE-2020-19508
@@ -98638,7 +98653,7 @@ CVE-2020-7033 (A Cross Site Scripting (XSS) Vulnerability on the Unified Portal
CVE-2020-7032 (An XML external entity (XXE) vulnerability in Avaya WebLM admin interf ...)
NOT-FOR-US: Avaya
CVE-2020-7031
- RESERVED
+ REJECTED
CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered in the ...)
NOT-FOR-US: IP Office
CVE-2020-7029 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in th ...)
@@ -154619,7 +154634,7 @@ CVE-2019-7004 (A Cross-Site Scripting (XSS) vulnerability in the WebUI component
CVE-2019-7003 (A SQL injection vulnerability in the reporting component of Avaya Cont ...)
NOT-FOR-US: Avaya
CVE-2019-7002
- RESERVED
+ REJECTED
CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP Office Cont ...)
NOT-FOR-US: IP Office Contact Center
CVE-2019-7000 (A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura ...)
@@ -168046,7 +168061,7 @@ CVE-2019-2221 (In hasActivityInVisibleTask of WindowProcessController.java there
NOT-FOR-US: Android
CVE-2019-2220 (In checkOperation of AppOpsService.java, there is a possible bypass of ...)
NOT-FOR-US: Android
-CVE-2019-2219 (In System UI, there is a possible bypass of user's consent for access ...)
+CVE-2019-2219 (In several functions of NotificationManagerService.java and related fi ...)
NOT-FOR-US: Android
CVE-2019-2218 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
NOT-FOR-US: Android
@@ -468052,7 +468067,7 @@ CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 thro
- tomcat5.5 5.5.17-1 (low)
- tomcat4 <removed> (low)
CVE-2007-1857
- RESERVED
+ REJECTED
CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure p ...)
- cron <not-affected> (Debian uses proper permission scheme)
CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_cl ...)
@@ -486782,7 +486797,7 @@ CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.
CVE-2006-1054
REJECTED
CVE-2006-1053
- RESERVED
+ REJECTED
CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...)
{DSA-1184-2}
- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
@@ -487247,7 +487262,7 @@ CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan 1.05g
CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php in ilch ...)
NOT-FOR-US: ilchClan
CVE-2006-0849
- RESERVED
+ REJECTED
CVE-2006-0848 (The "Open 'safe' files after downloading" option in Safari on Apple Ma ...)
NOT-FOR-US: Apple Safari
CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component in Che ...)
@@ -487503,7 +487518,7 @@ CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors, a
{DSA-1103 DSA-1097-1}
- linux-2.6 2.6.15-8
CVE-2006-0740
- RESERVED
+ REJECTED
CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of serv ...)
NOT-FOR-US: eStara SIP softphone
CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow r ...)
@@ -491727,9 +491742,9 @@ CVE-2005-XXXX [unsafe file permissions in vpnc]
- vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant)
NOTE: Only an example file
CVE-2006-0017
- RESERVED
+ REJECTED
CVE-2006-0016
- RESERVED
+ REJECTED
CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll ...)
NOT-FOR-US: Microsoft
CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69eaf32a2ede29dbcd68bf1b25d818bf268b4c88
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69eaf32a2ede29dbcd68bf1b25d818bf268b4c88
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210621/57144fd1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list