[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 14 09:10:23 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d304be2a by security tracker role at 2021-05-14T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,205 @@
+CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on Pickle  ...)
+	TODO: check
+CVE-2021-33025
+	RESERVED
+CVE-2021-33024
+	RESERVED
+CVE-2021-33023
+	RESERVED
+CVE-2021-33022
+	RESERVED
+CVE-2021-33021
+	RESERVED
+CVE-2021-33020
+	RESERVED
+CVE-2021-33019
+	RESERVED
+CVE-2021-33018
+	RESERVED
+CVE-2021-33017
+	RESERVED
+CVE-2021-33016
+	RESERVED
+CVE-2021-33015
+	RESERVED
+CVE-2021-33014
+	RESERVED
+CVE-2021-33013
+	RESERVED
+CVE-2021-33012
+	RESERVED
+CVE-2021-33011
+	RESERVED
+CVE-2021-33010
+	RESERVED
+CVE-2021-33009
+	RESERVED
+CVE-2021-33008
+	RESERVED
+CVE-2021-33007
+	RESERVED
+CVE-2021-33006
+	RESERVED
+CVE-2021-33005
+	RESERVED
+CVE-2021-33004
+	RESERVED
+CVE-2021-33003
+	RESERVED
+CVE-2021-33002
+	RESERVED
+CVE-2021-33001
+	RESERVED
+CVE-2021-33000
+	RESERVED
+CVE-2021-32999
+	RESERVED
+CVE-2021-32998
+	RESERVED
+CVE-2021-32997
+	RESERVED
+CVE-2021-32996
+	RESERVED
+CVE-2021-32995
+	RESERVED
+CVE-2021-32994
+	RESERVED
+CVE-2021-32993
+	RESERVED
+CVE-2021-32992
+	RESERVED
+CVE-2021-32991
+	RESERVED
+CVE-2021-32990
+	RESERVED
+CVE-2021-32989
+	RESERVED
+CVE-2021-32988
+	RESERVED
+CVE-2021-32987
+	RESERVED
+CVE-2021-32986
+	RESERVED
+CVE-2021-32985
+	RESERVED
+CVE-2021-32984
+	RESERVED
+CVE-2021-32983
+	RESERVED
+CVE-2021-32982
+	RESERVED
+CVE-2021-32981
+	RESERVED
+CVE-2021-32980
+	RESERVED
+CVE-2021-32979
+	RESERVED
+CVE-2021-32978
+	RESERVED
+CVE-2021-32977
+	RESERVED
+CVE-2021-32976
+	RESERVED
+CVE-2021-32975
+	RESERVED
+CVE-2021-32974
+	RESERVED
+CVE-2021-32973
+	RESERVED
+CVE-2021-32972
+	RESERVED
+CVE-2021-32971
+	RESERVED
+CVE-2021-32970
+	RESERVED
+CVE-2021-32969
+	RESERVED
+CVE-2021-32968
+	RESERVED
+CVE-2021-32967
+	RESERVED
+CVE-2021-32966
+	RESERVED
+CVE-2021-32965
+	RESERVED
+CVE-2021-32964
+	RESERVED
+CVE-2021-32963
+	RESERVED
+CVE-2021-32962
+	RESERVED
+CVE-2021-32961
+	RESERVED
+CVE-2021-32960
+	RESERVED
+CVE-2021-32959
+	RESERVED
+CVE-2021-32958
+	RESERVED
+CVE-2021-32957
+	RESERVED
+CVE-2021-32956
+	RESERVED
+CVE-2021-32955
+	RESERVED
+CVE-2021-32954
+	RESERVED
+CVE-2021-32953
+	RESERVED
+CVE-2021-32952
+	RESERVED
+CVE-2021-32951
+	RESERVED
+CVE-2021-32950
+	RESERVED
+CVE-2021-32949
+	RESERVED
+CVE-2021-32948
+	RESERVED
+CVE-2021-32947
+	RESERVED
+CVE-2021-32946
+	RESERVED
+CVE-2021-32945
+	RESERVED
+CVE-2021-32944
+	RESERVED
+CVE-2021-32943
+	RESERVED
+CVE-2021-32942
+	RESERVED
+CVE-2021-32941
+	RESERVED
+CVE-2021-32940
+	RESERVED
+CVE-2021-32939
+	RESERVED
+CVE-2021-32938
+	RESERVED
+CVE-2021-32937
+	RESERVED
+CVE-2021-32936
+	RESERVED
+CVE-2021-32935
+	RESERVED
+CVE-2021-32934
+	RESERVED
+CVE-2021-32933
+	RESERVED
+CVE-2021-32932
+	RESERVED
+CVE-2021-32931
+	RESERVED
+CVE-2021-32930
+	RESERVED
+CVE-2021-32929
+	RESERVED
+CVE-2021-32928
+	RESERVED
+CVE-2021-32927
+	RESERVED
+CVE-2021-32926
+	RESERVED
 CVE-2021-3551
 	RESERVED
 CVE-2021-3550
@@ -649,8 +851,8 @@ CVE-2021-32616
 	RESERVED
 CVE-2021-3549
 	RESERVED
-CVE-2021-32615
-	RESERVED
+CVE-2021-32615 (Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Inj ...)
+	TODO: check
 CVE-2021-32614 [read in memcpy() for up to 204 bytes in fill_mishblk()]
 	RESERVED
 	- dmg2img <unfixed>
@@ -1877,8 +2079,8 @@ CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3
 	- python-django 2:2.2.22-1 (bug #988136; unimportant)
 	NOTE: https://www.djangoproject.com/weblog/2021/may/06/security-releases/
 	NOTE: Only an issue in combination with python3.9 3.9.5+
-CVE-2021-32051
-	RESERVED
+CVE-2021-32051 (Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via ...)
+	TODO: check
 CVE-2021-32050
 	RESERVED
 CVE-2021-32049
@@ -2250,8 +2452,8 @@ CVE-2021-31924
 	RESERVED
 CVE-2021-31923
 	RESERVED
-CVE-2021-31922
-	RESERVED
+CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffi ...)
+	TODO: check
 CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...)
 	NOT-FOR-US: noobaa
 CVE-2021-3527 [usb: unbounded stack allocation in usbredir]
@@ -2368,8 +2570,8 @@ CVE-2021-31878
 	RESERVED
 CVE-2021-31877
 	REJECTED
-CVE-2021-31876
-	RESERVED
+CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the rep ...)
+	TODO: check
 CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSO ...)
 	NOT-FOR-US: Cesanta MongooseOS mJS
 CVE-2021-31874
@@ -51497,10 +51699,10 @@ CVE-2020-23998
 	RESERVED
 CVE-2020-23997
 	RESERVED
-CVE-2020-23996
-	RESERVED
-CVE-2020-23995
-	RESERVED
+CVE-2020-23996 (A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 an ...)
+	TODO: check
+CVE-2020-23995 (An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 ...)
+	TODO: check
 CVE-2020-23994
 	RESERVED
 CVE-2020-23993
@@ -139622,8 +139824,8 @@ CVE-2019-10063 (Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x be
 	[stretch] - flatpak 0.8.9-0+deb9u3
 	NOTE: https://github.com/flatpak/flatpak/issues/2782
 	NOTE: https://github.com/flatpak/flatpak/commit/a9107feeb4b8275b78965b36bf21b92d5724699e
-CVE-2019-10062
-	RESERVED
+CVE-2019-10062 (The HTMLSanitizer class in html-sanitizer.ts in all released versions  ...)
+	TODO: check
 CVE-2019-10061 (utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js)  ...)
 	- node-opencv 6.0.0+git20180416.cfc96ba0-3 (unimportant; bug #925571)
 	NOTE: https://www.npmjs.com/advisories/789



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d304be2a7748377ad2b99811e19ca0369c2ab5ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d304be2a7748377ad2b99811e19ca0369c2ab5ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210514/37524c64/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list