[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 24 21:10:35 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
260a19d1 by security tracker role at 2021-06-24T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-3619
+ RESERVED
+CVE-2021-35492
+ RESERVED
+CVE-2021-35491
+ RESERVED
+CVE-2021-35490
+ RESERVED
+CVE-2021-35489
+ RESERVED
+CVE-2021-35488
+ RESERVED
+CVE-2021-35487
+ RESERVED
+CVE-2021-35486
+ RESERVED
+CVE-2021-35485
+ RESERVED
+CVE-2021-35484
+ RESERVED
+CVE-2021-35483
+ RESERVED
+CVE-2021-35482
+ RESERVED
+CVE-2021-35481
+ RESERVED
+CVE-2021-35480
+ RESERVED
+CVE-2021-35479
+ RESERVED
+CVE-2021-35478
+ RESERVED
+CVE-2021-35477
+ RESERVED
+CVE-2021-35476
+ RESERVED
+CVE-2021-35475
+ RESERVED
CVE-2021-3618
RESERVED
CVE-2021-3617
@@ -4135,8 +4173,8 @@ CVE-2021-33606
RESERVED
CVE-2021-33605
RESERVED
-CVE-2021-33604
- RESERVED
+CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...)
+ TODO: check
CVE-2021-33603
RESERVED
CVE-2021-33602
@@ -4728,12 +4766,12 @@ CVE-2021-33350
RESERVED
CVE-2021-33349
RESERVED
-CVE-2021-33348
- RESERVED
+CVE-2021-33348 (An issue was discovered in JFinal framework v4.9.10 and below. The "se ...)
+ TODO: check
CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...)
NOT-FOR-US: JPress
-CVE-2021-33346
- RESERVED
+CVE-2021-33346 (There is an arbitrary password modification vulnerability in a D-LINK ...)
+ TODO: check
CVE-2021-33345
RESERVED
CVE-2021-33344
@@ -5539,16 +5577,16 @@ CVE-2021-33006
RESERVED
CVE-2021-33005
RESERVED
-CVE-2021-33004
- RESERVED
+CVE-2021-33004 (The affected product is vulnerable to memory corruption condition due ...)
+ TODO: check
CVE-2021-33003
RESERVED
-CVE-2021-33002
- RESERVED
+CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds ...)
+ TODO: check
CVE-2021-33001
RESERVED
-CVE-2021-33000
- RESERVED
+CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...)
+ TODO: check
CVE-2021-32999
RESERVED
CVE-2021-32998
@@ -6168,18 +6206,18 @@ CVE-2021-32711
RESERVED
CVE-2021-32710
RESERVED
-CVE-2021-32709
- RESERVED
-CVE-2021-32708
- RESERVED
+CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of order credi ...)
+ TODO: check
+CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The whitespa ...)
+ TODO: check
CVE-2021-32707
RESERVED
CVE-2021-32706
RESERVED
CVE-2021-32705
RESERVED
-CVE-2021-32704
- RESERVED
+CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...)
+ TODO: check
CVE-2021-32703
RESERVED
CVE-2021-32702
@@ -6714,26 +6752,22 @@ CVE-2021-3542
- linux <unfixed>
NOTE: https://seclists.org/oss-sec/2021/q2/46
NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
-CVE-2021-32493
- RESERVED
+CVE-2021-32493 (A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overfl ...)
{DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12)
-CVE-2021-32492
- RESERVED
+CVE-2021-32492 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds rea ...)
{DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10)
-CVE-2021-32491
- RESERVED
+CVE-2021-32491 (A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow ...)
{DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9)
-CVE-2021-32490
- RESERVED
+CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds wri ...)
{DLA-2667-1}
- djvulibre 3.5.28-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408
@@ -8828,8 +8862,8 @@ CVE-2021-31651
RESERVED
CVE-2021-31650
RESERVED
-CVE-2021-31649
- RESERVED
+CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a deserializat ...)
+ TODO: check
CVE-2021-31648
RESERVED
CVE-2021-31647
@@ -9424,8 +9458,8 @@ CVE-2021-31414 (The unofficial vscode-rpm-spec extension before 0.3.2 for Visual
NOT-FOR-US: vscode-rpm-spec extension for Visual Studio Code
CVE-2021-31413
RESERVED
-CVE-2021-31412
- RESERVED
+CVE-2021-31412 (Improper sanitization of path in default RouteNotFoundError view in co ...)
+ TODO: check
CVE-2021-31411 (Insecure temporary directory usage in frontend build functionality of ...)
NOT-FOR-US: Vaadin
CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...)
@@ -9451,8 +9485,7 @@ CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present
[stretch] - avahi <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/lathiat/avahi/issues/338
NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8)
-CVE-2021-3500
- RESERVED
+CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in ...)
{DLA-2667-1}
- djvulibre 3.5.28-2 (bug #988215)
[buster] - djvulibre <no-dsa> (Minor issue)
@@ -12897,12 +12930,10 @@ CVE-2021-29970
RESERVED
CVE-2021-29969
RESERVED
-CVE-2021-29968
- RESERVED
+CVE-2021-29968 (When drawing text onto a canvas with WebRender disabled, an out of bou ...)
- firefox <not-affected> (Only affects Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-27/#CVE-2021-29968
-CVE-2021-29967
- RESERVED
+CVE-2021-29967 (Mozilla developers reported memory safety bugs present in Firefox 88 a ...)
{DSA-4927-1 DSA-4925-1 DLA-2679-1 DLA-2673-1}
- firefox-esr 78.11.0esr-1
- firefox 89.0-1
@@ -12910,95 +12941,76 @@ CVE-2021-29967
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29967
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29967
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29967
-CVE-2021-29966
- RESERVED
+CVE-2021-29966 (Mozilla developers reported memory safety bugs present in Firefox 88. ...)
- firefox 89.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29966
-CVE-2021-29965
- RESERVED
+CVE-2021-29965 (A malicious website that causes an HTTP Authentication dialog to be sp ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29965
-CVE-2021-29964
- RESERVED
+CVE-2021-29964 (A locally-installed hostile program could send `WM_COPYDATA` messages ...)
- firefox-esr <not-affected> (Only affects Windows)
- firefox <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29964
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29964
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29964
-CVE-2021-29963
- RESERVED
+CVE-2021-29963 (Address bar search suggestions in private browsing mode were re-using ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29963
-CVE-2021-29962
- RESERVED
+CVE-2021-29962 (Firefox for Android would become unstable and hard-to-recover when a w ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29962
-CVE-2021-29961
- RESERVED
+CVE-2021-29961 (When styling and rendering an oversized `<select>` element, Fire ...)
- firefox 89.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29961
-CVE-2021-29960
- RESERVED
+CVE-2021-29960 (Firefox used to cache the last filename used for printing a file. When ...)
- firefox 89.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29960
-CVE-2021-29959
- RESERVED
+CVE-2021-29959 (When a user has already allowed a website to access microphone and cam ...)
- firefox 89.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29959
-CVE-2021-29958
- RESERVED
+CVE-2021-29958 (When a download was initiated, the client did not check whether it was ...)
- firefox <not-affected> (Only affects Firefox for iOS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29958
-CVE-2021-29957
- RESERVED
+CVE-2021-29957 (If a MIME encoded email contains an OpenPGP inline signed or encrypted ...)
{DSA-4927-1 DLA-2679-1}
- thunderbird 1:78.10.2-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29957
-CVE-2021-29956
- RESERVED
+CVE-2021-29956 (OpenPGP secret keys that were imported using Thunderbird version 78.8. ...)
{DSA-4927-1 DLA-2679-1}
- thunderbird 1:78.10.2-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29956
-CVE-2021-29955
- RESERVED
-CVE-2021-29954
- RESERVED
-CVE-2021-29953
- RESERVED
+CVE-2021-29955 (A transient execution vulnerability, named Floating Point Value Inject ...)
+ TODO: check
+CVE-2021-29954 (Proxy functionality built into Hubs Cloud’s Reticulum software a ...)
+ TODO: check
+CVE-2021-29953 (A malicious webpage could have forced a Firefox for Android user into ...)
- firefox <not-affected> (Only affects Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29953
-CVE-2021-29952
- RESERVED
+CVE-2021-29952 (When Web Render components were destructed, a race condition could hav ...)
- firefox 88.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29952
-CVE-2021-29951
- RESERVED
+CVE-2021-29951 (The Mozilla Maintenance Service granted SERVICE_START access to BUILTI ...)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-18/#CVE-2021-29951
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-19/#CVE-2021-29951
-CVE-2021-29950
- RESERVED
+CVE-2021-29950 (Thunderbird unprotects a secret OpenPGP key prior to using it for a de ...)
{DSA-4876-1 DLA-2609-1}
- thunderbird 1:78.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950
-CVE-2021-29949
- RESERVED
+CVE-2021-29949 (When loading the shared library that provides the OTR protocol impleme ...)
{DSA-4897-1 DLA-2632-1}
- thunderbird 1:78.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-29949
-CVE-2021-29948
- RESERVED
+CVE-2021-29948 (Signatures are written to disk before and read during verification, wh ...)
{DSA-4897-1 DLA-2632-1}
- thunderbird 1:78.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29948
-CVE-2021-29947
- RESERVED
+CVE-2021-29947 (Mozilla developers and community members reported memory safety bugs p ...)
- firefox 88.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29947
-CVE-2021-29946
- RESERVED
+CVE-2021-29946 (Ports that were written as an integer overflow above the bounds of a 1 ...)
{DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
@@ -13006,8 +13018,7 @@ CVE-2021-29946
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29946
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29946
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29946
-CVE-2021-29945
- RESERVED
+CVE-2021-29945 (The WebAssembly JIT could miscalculate the size of a return type, whic ...)
{DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
@@ -13015,8 +13026,7 @@ CVE-2021-29945
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29945
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29945
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29945
-CVE-2021-29944
- RESERVED
+CVE-2021-29944 (Lack of escaping allowed HTML injection when a webpage was viewed in R ...)
- firefox <not-affected> (Only affects Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29944
CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a webca ...)
@@ -13385,8 +13395,8 @@ CVE-2021-29779
RESERVED
CVE-2021-29778
RESERVED
-CVE-2021-29777
- RESERVED
+CVE-2021-29777 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2021-29776
RESERVED
CVE-2021-29775
@@ -13533,8 +13543,8 @@ CVE-2021-29705
RESERVED
CVE-2021-29704
RESERVED
-CVE-2021-29703
- RESERVED
+CVE-2021-29703 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulne ...)
+ TODO: check
CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 a ...)
NOT-FOR-US: IBM
CVE-2021-29701
@@ -18578,10 +18588,10 @@ CVE-2021-27661
RESERVED
CVE-2021-27660
RESERVED
-CVE-2021-27659
- RESERVED
-CVE-2021-27658
- RESERVED
+CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate, filter, ...)
+ TODO: check
+CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently validate, f ...)
+ TODO: check
CVE-2021-27657 (Successful exploitation of this vulnerability could give an authentica ...)
NOT-FOR-US: Johnson Controls Metasys
CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior could a ...)
@@ -21068,8 +21078,8 @@ CVE-2021-26587
RESERVED
CVE-2021-26586
RESERVED
-CVE-2021-26585
- RESERVED
+CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView Global Da ...)
+ TODO: check
CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter (OV4VC) cou ...)
NOT-FOR-US: HPE OneView for VMware vCenter (OV4VC)
CVE-2021-26583 (A potential security vulnerability was identified in HPE iLO Amplifier ...)
@@ -22769,8 +22779,8 @@ CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to St
NOT-FOR-US: SiCKRAGE
CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Reques ...)
NOT-FOR-US: GoCD
-CVE-2021-25923
- RESERVED
+CVE-2021-25923 (In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password ...)
+ TODO: check
CVE-2021-25922 (In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross- ...)
NOT-FOR-US: OpenEMR
CVE-2021-25921 (In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross ...)
@@ -23609,22 +23619,22 @@ CVE-2021-25658
RESERVED
CVE-2021-25657
RESERVED
-CVE-2021-25656
- RESERVED
-CVE-2021-25655
- RESERVED
+CVE-2021-25656 (Stored XSS injection vulnerabilities were discovered in the Avaya Aura ...)
+ TODO: check
+CVE-2021-25655 (A vulnerability in the system Service Menu component of Avaya Aura Exp ...)
+ TODO: check
CVE-2021-25654
RESERVED
-CVE-2021-25653
- RESERVED
-CVE-2021-25652
- RESERVED
-CVE-2021-25651
- RESERVED
-CVE-2021-25650
- RESERVED
-CVE-2021-25649
- RESERVED
+CVE-2021-25653 (A privilege escalation vulnerability was discovered in Avaya Aura Appl ...)
+ TODO: check
+CVE-2021-25652 (An information disclosure vulnerability was discovered in the director ...)
+ TODO: check
+CVE-2021-25651 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...)
+ TODO: check
+CVE-2021-25650 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...)
+ TODO: check
+CVE-2021-25649 (** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerabilit ...)
+ TODO: check
CVE-2021-25648 (Mobile application "Testes de Codigo" 11.4 and prior allows an attacke ...)
NOT-FOR-US: Mobile application "Testes de Codigo"
CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...)
@@ -27208,8 +27218,7 @@ CVE-2021-3139 (In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2,
NOTE: https://github.com/open-iscsi/tcmu-runner/commit/b202dc06ef391c6ab9a7561856238a258de04663
NOTE: https://github.com/open-iscsi/tcmu-runner/commit/170bfa63288a399b38c35eb646b2835d4ba7c08a
NOTE: https://github.com/open-iscsi/tcmu-runner/commit/01685b2ab8c430c0fb9ce397e7e76b60fe6cbde5
-CVE-2021-24002
- RESERVED
+CVE-2021-24002 (When a user clicked on an FTP URL containing encoded newline character ...)
{DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
@@ -27217,16 +27226,13 @@ CVE-2021-24002
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-24002
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-24002
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24002
-CVE-2021-24001
- RESERVED
+CVE-2021-24001 (A compromised content process could have performed session history man ...)
- firefox 88.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24001
-CVE-2021-24000
- RESERVED
+CVE-2021-24000 (A race condition with requestPointerLock() and setTimeout() could have ...)
- firefox 88.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24000
-CVE-2021-23999
- RESERVED
+CVE-2021-23999 (If a Blob URL was loaded through some unusual user interaction, it cou ...)
{DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
@@ -27234,8 +27240,7 @@ CVE-2021-23999
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23999
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23999
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999
-CVE-2021-23998
- RESERVED
+CVE-2021-23998 (Through complicated navigations with new windows, an HTTP page could h ...)
{DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
@@ -27243,16 +27248,13 @@ CVE-2021-23998
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23998
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23998
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23998
-CVE-2021-23997
- RESERVED
+CVE-2021-23997 (Due to unexpected data type conversions, a use-after-free could have o ...)
- firefox 88.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23997
-CVE-2021-23996
- RESERVED
+CVE-2021-23996 (By utilizing 3D CSS in conjunction with Javascript, content could have ...)
- firefox 88.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23996
-CVE-2021-23995
- RESERVED
+CVE-2021-23995 (When Responsive Design Mode was enabled, it used references to objects ...)
{DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
@@ -27260,8 +27262,7 @@ CVE-2021-23995
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23995
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23995
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23995
-CVE-2021-23994
- RESERVED
+CVE-2021-23994 (A WebGL framebuffer was not initialized early enough, resulting in mem ...)
{DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
@@ -27269,18 +27270,15 @@ CVE-2021-23994
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23994
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23994
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23994
-CVE-2021-23993
- RESERVED
+CVE-2021-23993 (An attacker may perform a DoS attack to prevent a user from sending en ...)
{DSA-4897-1 DLA-2632-1}
- thunderbird 1:78.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23993
-CVE-2021-23992
- RESERVED
+CVE-2021-23992 (Thunderbird did not check if the user ID associated with an OpenPGP ke ...)
{DSA-4897-1 DLA-2632-1}
- thunderbird 1:78.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23992
-CVE-2021-23991
- RESERVED
+CVE-2021-23991 (If a Thunderbird user has previously imported Alice's OpenPGP key, and ...)
{DSA-4897-1 DLA-2632-1}
- thunderbird 1:78.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991
@@ -28666,8 +28664,8 @@ CVE-2021-23400
RESERVED
CVE-2021-23399
RESERVED
-CVE-2021-23398
- RESERVED
+CVE-2021-23398 (All versions of package react-bootstrap-table are vulnerable to Cross- ...)
+ TODO: check
CVE-2021-23397
RESERVED
CVE-2021-23396 (All versions of package lutils are vulnerable to Prototype Pollution v ...)
@@ -32328,8 +32326,8 @@ CVE-2021-21739
RESERVED
CVE-2021-21738
RESERVED
-CVE-2021-21737
- RESERVED
+CVE-2021-21737 (A smart STB product of ZTE is impacted by a permission and access cont ...)
+ TODO: check
CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...)
NOT-FOR-US: ZTE
CVE-2021-21735 (A ZTE product has an information leak vulnerability. Due to improper p ...)
@@ -32661,14 +32659,14 @@ CVE-2021-21576
RESERVED
CVE-2021-21575
RESERVED
-CVE-2021-21574
- RESERVED
-CVE-2021-21573
- RESERVED
-CVE-2021-21572
- RESERVED
-CVE-2021-21571
- RESERVED
+CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
+ TODO: check
+CVE-2021-21573 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
+ TODO: check
+CVE-2021-21572 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
+ TODO: check
+CVE-2021-21571 (Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature a ...)
+ TODO: check
CVE-2021-21570
RESERVED
CVE-2021-21569
@@ -36528,8 +36526,8 @@ CVE-2021-20581
RESERVED
CVE-2021-20580
RESERVED
-CVE-2021-20579
- RESERVED
+CVE-2021-20579 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2021-20578
RESERVED
CVE-2021-20577 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to ...)
@@ -44763,7 +44761,7 @@ CVE-2021-1052 (NVIDIA GPU Display Driver for Windows and Linux, all versions, co
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[stretch] - nvidia-graphics-drivers <not-affected> (R390 not affected)
- nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675)
-CVE-2021-1051 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
+CVE-2021-1051 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA Windows drivers
CVE-2020-28576 (An improper access control information disclosure vulnerability in Tre ...)
NOT-FOR-US: Trend Micro
@@ -47363,8 +47361,8 @@ CVE-2020-28099
RESERVED
CVE-2020-28098
RESERVED
-CVE-2020-28097
- RESERVED
+CVE-2020-28097 (The vgacon subsystem in the Linux kernel before 5.8.10 mishandles soft ...)
+ TODO: check
CVE-2020-28096 (FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART acc ...)
NOT-FOR-US: FOSCAM FHD
CVE-2020-28095 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP PO ...)
@@ -62496,18 +62494,18 @@ CVE-2020-21790
RESERVED
CVE-2020-21789
RESERVED
-CVE-2020-21788
- RESERVED
-CVE-2020-21787
- RESERVED
-CVE-2020-21786
- RESERVED
-CVE-2020-21785
- RESERVED
-CVE-2020-21784
- RESERVED
-CVE-2020-21783
- RESERVED
+CVE-2020-21788 (In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side ...)
+ TODO: check
+CVE-2020-21787 (CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/se ...)
+ TODO: check
+CVE-2020-21786 (In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /syst ...)
+ TODO: check
+CVE-2020-21785 (In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerab ...)
+ TODO: check
+CVE-2020-21784 (phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setu ...)
+ TODO: check
+CVE-2020-21783 (In IBOS 4.5.4 the email function has a cross site scripting (XSS) vuln ...)
+ TODO: check
CVE-2020-21782
RESERVED
CVE-2020-21781
@@ -68772,28 +68770,28 @@ CVE-2020-18673
RESERVED
CVE-2020-18672
RESERVED
-CVE-2020-18671
- RESERVED
-CVE-2020-18670
- RESERVED
+CVE-2020-18671 (Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 ...)
+ TODO: check
+CVE-2020-18670 (Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via d ...)
+ TODO: check
CVE-2020-18669
RESERVED
-CVE-2020-18668
- RESERVED
-CVE-2020-18667
- RESERVED
+CVE-2020-18668 (Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via t ...)
+ TODO: check
+CVE-2020-18667 (SQL Injection vulnerability in WebPort <=1.19.1 via the new connect ...)
+ TODO: check
CVE-2020-18666
- RESERVED
-CVE-2020-18665
- RESERVED
-CVE-2020-18664
- RESERVED
-CVE-2020-18663
- RESERVED
-CVE-2020-18662
- RESERVED
-CVE-2020-18661
- RESERVED
+ REJECTED
+CVE-2020-18665 (Directory Traversal vulnerability in WebPort <=1.19.1 in tags of sy ...)
+ TODO: check
+CVE-2020-18664 (Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the ...)
+ TODO: check
+CVE-2020-18663 (Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 vi ...)
+ TODO: check
+CVE-2020-18662 (SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_p ...)
+ TODO: check
+CVE-2020-18661 (Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 vi ...)
+ TODO: check
CVE-2020-18660 (GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php ...)
NOT-FOR-US: GetSimpleCMS
CVE-2020-18659 (Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the ...)
@@ -97622,8 +97620,8 @@ CVE-2020-7864 (Parameter manipulation can bypass authentication to cause file up
NOT-FOR-US: Raonwiz DEXT5Editor
CVE-2020-7863
RESERVED
-CVE-2020-7862
- RESERVED
+CVE-2020-7862 (A vulnerability in agent program of HelpU remote control solution coul ...)
+ TODO: check
CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows directo ...)
NOT-FOR-US: AnySupport
CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, ...)
@@ -105348,8 +105346,8 @@ CVE-2020-4947
RESERVED
CVE-2020-4946
RESERVED
-CVE-2020-4945
- RESERVED
+CVE-2020-4945 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
CVE-2020-4944 (IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0 ...)
NOT-FOR-US: IBM
CVE-2020-4943
@@ -105468,8 +105466,8 @@ CVE-2020-4887 (IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exp
NOT-FOR-US: IBM
CVE-2020-4886 (IBM InfoSphere Information Server 11.7 stores sensitive information in ...)
NOT-FOR-US: IBM
-CVE-2020-4885
- RESERVED
+CVE-2020-4885 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
CVE-2020-4884 (IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user c ...)
NOT-FOR-US: IBM
CVE-2020-4883 (IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/260a19d19363b67d6ac86489e04ead717708c729
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/260a19d19363b67d6ac86489e04ead717708c729
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210624/f0a9db75/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list