[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 23 21:10:46 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e77d95f0 by security tracker role at 2021-06-23T20:10:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-35468
+ RESERVED
+CVE-2021-35467
+ RESERVED
+CVE-2021-35466
+ RESERVED
+CVE-2021-35465
+ RESERVED
+CVE-2021-35464
+ RESERVED
+CVE-2021-35463
+ RESERVED
CVE-2021-35462
RESERVED
CVE-2021-35461
@@ -46,8 +58,8 @@ CVE-2021-35440
RESERVED
CVE-2021-35439
RESERVED
-CVE-2021-35438
- RESERVED
+CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-re ...)
+ TODO: check
CVE-2021-35437
RESERVED
CVE-2021-35436
@@ -509,8 +521,8 @@ CVE-2020-36394 (pam_setquota.c in the pam_setquota module before 2020-05-29 for
NOTE: https://github.com/linux-pam/linux-pam/commit/27ded8954a1235bb65ffc9c730ae5a50b1dfed61
CVE-2021-3613
RESERVED
-CVE-2021-35210
- RESERVED
+CVE-2021-35210 (Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x be ...)
+ TODO: check
CVE-2021-35209
RESERVED
CVE-2021-35208
@@ -4048,8 +4060,7 @@ CVE-2021-33626
RESERVED
CVE-2021-33625
RESERVED
-CVE-2021-33624
- RESERVED
+CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...)
@@ -7998,7 +8009,7 @@ CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU
NOTE: Revisited: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html
CVE-2021-3526
- RESERVED
+ REJECTED
CVE-2021-3525
REJECTED
CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
@@ -8929,10 +8940,10 @@ CVE-2021-31588
RESERVED
CVE-2021-31587
RESERVED
-CVE-2021-31586
- RESERVED
-CVE-2021-31585
- RESERVED
+CVE-2021-31586 (Accellion Kiteworks before 7.4.0 allows an authenticated user to perfo ...)
+ TODO: check
+CVE-2021-31585 (Accellion Kiteworks before 7.3.1 allows a user with Admin privileges t ...)
+ TODO: check
CVE-2021-31584 (Sipwise C5 NGCP www_admin version 3.6.7 allows call/click2dial CSRF at ...)
NOT-FOR-US: Sipwise
CVE-2021-31583 (Sipwise C5 NGCP CSC through CE_mr9.3.1 has multiple authenticated stor ...)
@@ -13746,8 +13757,8 @@ CVE-2021-29622 (Prometheus is an open-source monitoring system and time series d
NOTE: See https://bugs.debian.org/988804 for details.
CVE-2021-29621 (Flask-AppBuilder is a development framework, built on top of Flask. Us ...)
NOT-FOR-US: Flask-AppBuilder
-CVE-2021-29620
- RESERVED
+CVE-2021-29620 (Report portal is an open source reporting and analysis framework. Star ...)
+ TODO: check
CVE-2021-29619 (TensorFlow is an end-to-end open source platform for machine learning. ...)
- tensorflow <itp> (bug #804612)
CVE-2021-29618 (TensorFlow is an end-to-end open source platform for machine learning. ...)
@@ -15058,14 +15069,14 @@ CVE-2021-29089 (Improper neutralization of special elements used in an SQL comma
NOT-FOR-US: Synology
CVE-2021-29088 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
NOT-FOR-US: Synology
-CVE-2021-29087
- RESERVED
-CVE-2021-29086
- RESERVED
-CVE-2021-29085
- RESERVED
-CVE-2021-29084
- RESERVED
+CVE-2021-29087 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ TODO: check
+CVE-2021-29086 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ TODO: check
+CVE-2021-29085 (Improper neutralization of special elements in output used by a downst ...)
+ TODO: check
+CVE-2021-29084 (Improper neutralization of special elements in output used by a downst ...)
+ TODO: check
CVE-2021-29083 (Improper neutralization of special elements used in an OS command in S ...)
NOT-FOR-US: Synology
CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not proper ...)
@@ -15291,10 +15302,10 @@ CVE-2021-28979 (SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTT
NOT-FOR-US: SafeNet KeySecure Management Console
CVE-2021-28978
RESERVED
-CVE-2021-28977
- RESERVED
-CVE-2021-28976
- RESERVED
+CVE-2021-28977 (Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upl ...)
+ TODO: check
+CVE-2021-28976 (Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in a ...)
+ TODO: check
CVE-2021-3457 (An improper authorization handling flaw was found in Foreman. The Shel ...)
- foreman <itp> (bug #663101)
CVE-2021-3456
@@ -18541,8 +18552,8 @@ CVE-2021-3415
RESERVED
CVE-2021-27650
RESERVED
-CVE-2021-27649
- RESERVED
+CVE-2021-27649 (Use after free vulnerability in file transfer protocol component in Sy ...)
+ TODO: check
CVE-2021-27648 (Externally controlled reference to a resource in another sphere in qua ...)
NOT-FOR-US: Synology
CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synolo ...)
@@ -22651,7 +22662,7 @@ CVE-2021-25952
CVE-2021-25951
RESERVED
CVE-2021-25950
- RESERVED
+ REJECTED
CVE-2021-25949 (Prototype pollution vulnerability in ‘set-getter’ version ...)
NOT-FOR-US: Node set-getter
CVE-2021-25948 (Prototype pollution vulnerability in ‘expand-hash’ version ...)
@@ -31719,10 +31730,10 @@ CVE-2021-22001
RESERVED
CVE-2021-22000
RESERVED
-CVE-2021-21999
- RESERVED
-CVE-2021-21998
- RESERVED
+CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Conso ...)
+ TODO: check
+CVE-2021-21998 (VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 ...)
+ TODO: check
CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of ...)
NOT-FOR-US: VMware
CVE-2021-21996
@@ -31778,7 +31789,7 @@ CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vuln
NOT-FOR-US: VMware
CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...)
NOT-FOR-US: MikroTik RouterOS
-CVE-2021-3013 (ripgrep before 13 allows attackers to trigger execution of arbitrary p ...)
+CVE-2021-3013 (ripgrep before 13 on Windows allows attackers to trigger execution of ...)
- rust-ripgrep <not-affected> (Only affects ripgrep on Windows)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0071.html
CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...)
@@ -57929,8 +57940,8 @@ CVE-2020-23964
RESERVED
CVE-2020-23963
RESERVED
-CVE-2020-23962
- RESERVED
+CVE-2020-23962 (A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allow ...)
+ TODO: check
CVE-2020-23961
RESERVED
CVE-2020-23960 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Admi ...)
@@ -65241,14 +65252,14 @@ CVE-2020-20394
RESERVED
CVE-2020-20393
RESERVED
-CVE-2020-20392
- RESERVED
-CVE-2020-20391
- RESERVED
+CVE-2020-20392 (SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters ...)
+ TODO: check
+CVE-2020-20391 (Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/sni ...)
+ TODO: check
CVE-2020-20390
RESERVED
-CVE-2020-20389
- RESERVED
+CVE-2020-20389 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in adm ...)
+ TODO: check
CVE-2020-20388
RESERVED
CVE-2020-20387
@@ -68717,12 +68728,12 @@ CVE-2020-18661
RESERVED
CVE-2020-18660
RESERVED
-CVE-2020-18659
- RESERVED
-CVE-2020-18658
- RESERVED
-CVE-2020-18657
- RESERVED
+CVE-2020-18659 (Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the ...)
+ TODO: check
+CVE-2020-18658 (Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 ...)
+ TODO: check
+CVE-2020-18657 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 ...)
+ TODO: check
CVE-2020-18656
RESERVED
CVE-2020-18655
@@ -177797,6 +177808,7 @@ CVE-2018-18447
CVE-2018-18446
RESERVED
CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...)
+ {DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (unimportant)
[jessie] - openexr <not-affected> (exrmultiview code not present in tarball)
NOTE: Issue in exrmultiview which is not installed in the binary package.
@@ -254007,7 +254019,7 @@ CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator fu
NOTE: https://github.com/openexr/openexr/issues/232
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0)
CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...)
- {DLA-2358-1}
+ {DLA-2358-1 DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
[jessie] - openexr <not-affected> (ImfFastHuf.cpp / DWA compressor introduced v2.2)
[wheezy] - openexr <not-affected> (ImfFastHuf.cpp / DWA compressor introduced v2.2)
@@ -404689,7 +404701,7 @@ CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux
CVE-2011-2927 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...)
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2926
- RESERVED
+ REJECTED
CVE-2011-2925 (Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 re ...)
NOT-FOR-US: Cumin
CVE-2011-2924 (foomatic-rip filter v4.0.12 and prior used insecurely creates temporar ...)
@@ -407370,7 +407382,7 @@ CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect
[squeeze] - wireshark <not-affected> (Affects 1.4.5 only)
NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1955
- RESERVED
+ REJECTED
CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in Post Rev ...)
NOT-FOR-US: Post Revolution
CVE-2011-1953 (Multiple cross-site scripting (XSS) vulnerabilities in common.php in P ...)
@@ -407403,7 +407415,7 @@ CVE-2011-1943 (The destroy_one_secret function in nm-setting-vpn.c in libnm-util
- network-manager-openvpn <not-affected> (Affected code was only in experimental, see bug #628730)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
CVE-2011-1942
- RESERVED
+ REJECTED
CVE-2011-1941 (Open redirect vulnerability in the redirector feature in phpMyAdmin 3. ...)
- phpmyadmin 4:3.4.1-1
[lenny] - phpmyadmin <not-affected> (3.4.x only)
@@ -409667,7 +409679,7 @@ CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx
- gimp 2.6.10-1
NOTE: Likely fixed earlier, but only the squeeze version was checked
CVE-2011-1177
- RESERVED
+ REJECTED
CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ...)
{DSA-2202-1}
- apache2 2.2.17-2 (bug #618857; medium)
@@ -413575,7 +413587,7 @@ CVE-2011-0025 (IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5
CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 ...)
- wireshark 1.2-0-1
CVE-2011-0023
- RESERVED
+ REJECTED
CVE-2011-0022 (The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory ...)
NOT-FOR-US: 389 LDAP server
CVE-2011-0522 (The StripTags function in (1) the USF decoder (modules/codec/subtitles ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e77d95f0a10e5a844dc57aabc3da04331eb56fa0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e77d95f0a10e5a844dc57aabc3da04331eb56fa0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210623/b0897951/attachment.htm>
More information about the debian-security-tracker-commits
mailing list