[Git][security-tracker-team/security-tracker][master] new ruby-bindata, postsrsd issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 28 22:17:52 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4d5e7ad5 by Moritz Muehlenhoff at 2021-06-28T23:15:59+02:00
new ruby-bindata, postsrsd issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,11 +3,13 @@ CVE-2021-3624
CVE-2021-3623
RESERVED
CVE-2021-35525 (PostSRSd before 1.11 allows a denial of service (subprocess hang) if P ...)
- TODO: check
+ - postsrsd <unfixed>
+ NOTE: https://bugs.gentoo.org/793674
+ NOTE: https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2
CVE-2021-35524
RESERVED
CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe conf ...)
- TODO: check
+ NOT-FOR-US: Securepoint
CVE-2021-35522
RESERVED
CVE-2021-35521
@@ -25,7 +27,7 @@ CVE-2021-35516
CVE-2021-35515
RESERVED
CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...)
- TODO: check
+ NOT-FOR-US: Narou
CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature is used. ...)
- node-mermaid <unfixed>
NOTE: https://github.com/mermaid-js/mermaid/issues/2122
@@ -169,7 +171,7 @@ CVE-2021-35458
CVE-2021-35457
RESERVED
CVE-2021-35456 (Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and s ...)
- TODO: check
+ NOT-FOR-US: Online Pet Shop We App
CVE-2021-35455
RESERVED
CVE-2021-35454
@@ -476,17 +478,17 @@ CVE-2021-35305
CVE-2021-35304
RESERVED
CVE-2021-35303 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...)
- TODO: check
+ - zammad <itp> (bug #841355)
CVE-2021-35302 (Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0. ...)
- TODO: check
+ - zammad <itp> (bug #841355)
CVE-2021-35301 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote att ...)
- TODO: check
+ - zammad <itp> (bug #841355)
CVE-2021-35300 (Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0. ...)
- TODO: check
+ - zammad <itp> (bug #841355)
CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers ...)
- TODO: check
+ - zammad <itp> (bug #841355)
CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...)
- TODO: check
+ - zammad <itp> (bug #841355)
CVE-2021-35297
RESERVED
CVE-2021-35296
@@ -2803,7 +2805,7 @@ CVE-2021-34256
CVE-2021-34255
RESERVED
CVE-2021-34254 (Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to ins ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2021-34253
RESERVED
CVE-2021-34252
@@ -2937,7 +2939,7 @@ CVE-2021-34189
CVE-2021-34188
RESERVED
CVE-2021-34187 (main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Inj ...)
- TODO: check
+ NOT-FOR-US: Chamilo
CVE-2021-34186
RESERVED
CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by an ou ...)
@@ -6072,7 +6074,10 @@ CVE-2021-32825
CVE-2021-32824
RESERVED
CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...)
- TODO: check
+ - ruby-bindata <unfixed>
+ NOTE: https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323
+ NOTE: https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency
+ NOTE: https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18-
CVE-2021-32822
RESERVED
CVE-2021-32821
@@ -6278,7 +6283,7 @@ CVE-2021-32722
CVE-2021-32721
RESERVED
CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. In vers ...)
- TODO: check
+ NOT-FOR-US: Sylius
CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
TODO: check
CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
@@ -6310,7 +6315,7 @@ CVE-2021-32706
CVE-2021-32705
RESERVED
CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...)
- TODO: check
+ NOT-FOR-US: DHIS 2
CVE-2021-32703
RESERVED
CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
@@ -6320,7 +6325,7 @@ CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Acces
CVE-2021-32700 (Ballerina is an open source programming language and platform for clou ...)
NOT-FOR-US: Ballerina
CVE-2021-32699 (Wings is the control plane software for the open source Pterodactyl ga ...)
- TODO: check
+ NOT-FOR-US: Wings
CVE-2021-32698 (eLabFTW is an open source electronic lab notebook for research labs. T ...)
NOT-FOR-US: eLabFTW
CVE-2021-32697 (neos/forms is an open source framework to build web forms. By crafting ...)
@@ -6813,7 +6818,7 @@ CVE-2021-32498
CVE-2021-32497
RESERVED
CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...)
- TODO: check
+ NOT-FOR-US: SICK Visionary-S CX
CVE-2021-32495
RESERVED
CVE-2021-32494
@@ -8971,7 +8976,7 @@ CVE-2021-31651
CVE-2021-31650
RESERVED
CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a deserializat ...)
- TODO: check
+ NOT-FOR-US: jfinal
CVE-2021-31648
RESERVED
CVE-2021-31647
@@ -9759,7 +9764,7 @@ CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Mod
CVE-2021-31338
RESERVED
CVE-2021-31337 (The Telnet service of the SIMATIC HMI Comfort Panels system component ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-31336
RESERVED
CVE-2021-31335
@@ -13512,7 +13517,7 @@ CVE-2021-29777 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server
CVE-2021-29776
RESERVED
CVE-2021-29775 (IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak fo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29774
RESERVED
CVE-2021-29773
@@ -13560,7 +13565,7 @@ CVE-2021-29753
CVE-2021-29752
RESERVED
CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29750
RESERVED
CVE-2021-29749
@@ -13676,7 +13681,7 @@ CVE-2021-29695 (IBM Host firmware for LC-class Systems could allow a remote atta
CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expec ...)
NOT-FOR-US: IBM
CVE-2021-29693 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29692 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
NOT-FOR-US: IBM
CVE-2021-29691 (IBM Security Identity Manager 7.0.2 contains hard-coded credentials, s ...)
@@ -16411,7 +16416,7 @@ CVE-2021-28625
CVE-2021-28624
RESERVED
CVE-2021-28623 (Adobe Premiere Elements version 5.2 (and earlier) is affected by an in ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28622
RESERVED
CVE-2021-28621
@@ -16463,7 +16468,7 @@ CVE-2021-28599
CVE-2021-28598
RESERVED
CVE-2021-28597 (Adobe Photoshop Elements version 5.2 (and earlier) is affected by an i ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28596
RESERVED
CVE-2021-28595
@@ -16481,11 +16486,11 @@ CVE-2021-28590
CVE-2021-28589
RESERVED
CVE-2021-28588 (Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28587 (After Effects versions 18.0 (and earlier) are affected by an out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28586 (After Effects version 18.0 (and earlier) are affected by an out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28585 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
TODO: check
CVE-2021-28584 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
@@ -16499,25 +16504,25 @@ CVE-2021-28581
CVE-2021-28580
RESERVED
CVE-2021-28579 (Adobe Connect version 11.2.1 (and earlier) is affected by an Improper ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28578
RESERVED
CVE-2021-28577
RESERVED
CVE-2021-28576 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28575 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28574 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28573 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28572
RESERVED
CVE-2021-28571
RESERVED
CVE-2021-28570 (Adobe After Effects version 18.1 (and earlier) is affected by an Uncon ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28569
RESERVED
CVE-2021-28568
@@ -16533,7 +16538,7 @@ CVE-2021-28564
CVE-2021-28563 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
TODO: check
CVE-2021-28562 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-28561
RESERVED
CVE-2021-28560
@@ -28789,7 +28794,7 @@ CVE-2021-23401
CVE-2021-23400
RESERVED
CVE-2021-23399 (This affects all versions of package wincred. If attacker-controlled u ...)
- TODO: check
+ NOT-FOR-US: wincred
CVE-2021-23398 (All versions of package react-bootstrap-table are vulnerable to Cross- ...)
NOT-FOR-US: react-bootstrap-table
CVE-2021-23397
@@ -35557,15 +35562,15 @@ CVE-2021-21104
CVE-2021-21103
RESERVED
CVE-2021-21102 (Adobe Illustrator version 25.2 (and earlier) is affected by a Path Tra ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21101 (Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21100 (Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected ...)
NOT-FOR-US: Adobe
CVE-2021-21099 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21098 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21097
RESERVED
CVE-2021-21096 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
@@ -35581,7 +35586,7 @@ CVE-2021-21092 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earli
CVE-2021-21091 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
NOT-FOR-US: Adobe
CVE-2021-21090 (Adobe InCopy version 16.0 (and earlier) is affected by an path travers ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21089
RESERVED
CVE-2021-21088
@@ -35593,9 +35598,9 @@ CVE-2021-21086
CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an Input Val ...)
NOT-FOR-US: Adobe
CVE-2021-21084 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21083 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21082 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...)
NOT-FOR-US: Adobe
CVE-2021-21081
@@ -36314,7 +36319,7 @@ CVE-2021-20751 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4
CVE-2021-20750 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18- ...)
NOT-FOR-US: EC-CUBE
CVE-2021-20749 (Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and ear ...)
- TODO: check
+ NOT-FOR-US: Fudousan plugin
CVE-2021-20748
RESERVED
CVE-2021-20747
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d5e7ad5b0c44bddad2c76860565c527ecc476e0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d5e7ad5b0c44bddad2c76860565c527ecc476e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210628/aa73b4bb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list