[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 29 09:10:31 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
baac55b8 by security tracker role at 2021-05-29T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,135 @@
+CVE-2021-33788
+ RESERVED
+CVE-2021-33787
+ RESERVED
+CVE-2021-33786
+ RESERVED
+CVE-2021-33785
+ RESERVED
+CVE-2021-33784
+ RESERVED
+CVE-2021-33783
+ RESERVED
+CVE-2021-33782
+ RESERVED
+CVE-2021-33781
+ RESERVED
+CVE-2021-33780
+ RESERVED
+CVE-2021-33779
+ RESERVED
+CVE-2021-33778
+ RESERVED
+CVE-2021-33777
+ RESERVED
+CVE-2021-33776
+ RESERVED
+CVE-2021-33775
+ RESERVED
+CVE-2021-33774
+ RESERVED
+CVE-2021-33773
+ RESERVED
+CVE-2021-33772
+ RESERVED
+CVE-2021-33771
+ RESERVED
+CVE-2021-33770
+ RESERVED
+CVE-2021-33769
+ RESERVED
+CVE-2021-33768
+ RESERVED
+CVE-2021-33767
+ RESERVED
+CVE-2021-33766
+ RESERVED
+CVE-2021-33765
+ RESERVED
+CVE-2021-33764
+ RESERVED
+CVE-2021-33763
+ RESERVED
+CVE-2021-33762
+ RESERVED
+CVE-2021-33761
+ RESERVED
+CVE-2021-33760
+ RESERVED
+CVE-2021-33759
+ RESERVED
+CVE-2021-33758
+ RESERVED
+CVE-2021-33757
+ RESERVED
+CVE-2021-33756
+ RESERVED
+CVE-2021-33755
+ RESERVED
+CVE-2021-33754
+ RESERVED
+CVE-2021-33753
+ RESERVED
+CVE-2021-33752
+ RESERVED
+CVE-2021-33751
+ RESERVED
+CVE-2021-33750
+ RESERVED
+CVE-2021-33749
+ RESERVED
+CVE-2021-33748
+ RESERVED
+CVE-2021-33747
+ RESERVED
+CVE-2021-33746
+ RESERVED
+CVE-2021-33745
+ RESERVED
+CVE-2021-33744
+ RESERVED
+CVE-2021-33743
+ RESERVED
+CVE-2021-33742
+ RESERVED
+CVE-2021-33741
+ RESERVED
+CVE-2021-33740
+ RESERVED
+CVE-2021-33739
+ RESERVED
+CVE-2020-36381
+ RESERVED
+CVE-2020-36380
+ RESERVED
+CVE-2020-36379
+ RESERVED
+CVE-2020-36378
+ RESERVED
+CVE-2020-36377
+ RESERVED
+CVE-2020-36376
+ RESERVED
+CVE-2020-36375 (Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, all ...)
+ TODO: check
+CVE-2020-36374 (Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, a ...)
+ TODO: check
+CVE-2020-36373 (Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allow ...)
+ TODO: check
+CVE-2020-36372 (Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, a ...)
+ TODO: check
+CVE-2020-36371 (Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, ...)
+ TODO: check
+CVE-2020-36370 (Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows ...)
+ TODO: check
+CVE-2020-36369 (Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20. ...)
+ TODO: check
+CVE-2020-36368 (Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, al ...)
+ TODO: check
+CVE-2020-36367 (Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows ...)
+ TODO: check
+CVE-2020-36366 (Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows ...)
+ TODO: check
CVE-2021-3569
RESERVED
CVE-2021-3568
@@ -309,8 +441,8 @@ CVE-2021-33589
RESERVED
CVE-2021-33588
RESERVED
-CVE-2021-33587
- RESERVED
+CVE-2021-33587 (The css-what package before 5.0.1 for Node.js does not ensure that att ...)
+ TODO: check
CVE-2021-33585
RESERVED
CVE-2021-33584
@@ -2343,8 +2475,8 @@ CVE-2021-32649
RESERVED
CVE-2021-32648
RESERVED
-CVE-2021-32647
- RESERVED
+CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...)
+ TODO: check
CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides automatic voice ...)
TODO: check
CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller for the ...)
@@ -2372,8 +2504,7 @@ CVE-2021-32637 (Authelia is a a single sign-on multi-factor portal for web apps.
NOT-FOR-US: Authelia
CVE-2021-32636
RESERVED
-CVE-2021-32635 [Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint]
- RESERVED
+CVE-2021-32635 (### Impact Due to incorrect use of a default URL, `singularity` action ...)
- singularity-container <undetermined>
NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jq42-hfch-42f3
TODO: might only affect 3.7.2 and 3.7.3 according to GHSA-jq42-hfch-42f3 and so not-affected
@@ -2403,12 +2534,12 @@ CVE-2021-32623
RESERVED
CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip ...)
NOT-FOR-US: Matrix-React-SDK
-CVE-2021-32621
- RESERVED
-CVE-2021-32620
- RESERVED
-CVE-2021-32619
- RESERVED
+CVE-2021-32621 (### Impact A user without Script or Programming right is able to execu ...)
+ TODO: check
+CVE-2021-32620 (### Impact A user disabled on a wiki using email verification for regi ...)
+ TODO: check
+CVE-2021-32619 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...)
+ TODO: check
CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...)
NOT-FOR-US: Flask-Security-Too
CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
@@ -2418,8 +2549,8 @@ CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, wri
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
NOTE: https://github.com/Exiv2/exiv2/pull/1657
-CVE-2021-32616
- RESERVED
+CVE-2021-32616 (1CDN is open-source file sharing software. In 1CDN before commit f88a2 ...)
+ TODO: check
CVE-2021-3549 (An out of bounds flaw was found in GNU binutils objdump utility versio ...)
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27294
@@ -9874,12 +10005,12 @@ CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications.
NOTE: CVE is related to an incomplete fix for CVE-2019-16770
CVE-2021-29508 (Due to how Wire handles type information in its serialization format, ...)
NOT-FOR-US: Wire
-CVE-2021-29507
- RESERVED
+CVE-2021-29507 (### Impact _What kind of vulnerability is it? Who is impacted?_ The vu ...)
+ TODO: check
CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In GrassHopper from ...)
NOT-FOR-US: GraphHopper
-CVE-2021-29505
- RESERVED
+CVE-2021-29505 (### Impact The vulnerability may allow a remote attacker has sufficien ...)
+ TODO: check
CVE-2021-29504
RESERVED
CVE-2021-29503 (HedgeDoc is a platform to write and share markdown. HedgeDoc before ve ...)
@@ -9909,8 +10040,7 @@ CVE-2021-29494
RESERVED
CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has ...)
NOT-FOR-US: Kennnyshiwa-cogs
-CVE-2021-29492
- RESERVED
+CVE-2021-29492 (### Description Envoy does not decode escaped slash sequences `%2F` an ...)
- envoyproxy <itp> (bug #987544)
CVE-2021-29491 (Mixme is a library for recursive merging of Javascript objects. In Nod ...)
NOT-FOR-US: mixme nodejs module
@@ -26386,8 +26516,8 @@ CVE-2021-22521
RESERVED
CVE-2021-22520
RESERVED
-CVE-2021-22519
- RESERVED
+CVE-2021-22519 (Execute arbitrary code vulnerability in Micro Focus SiteScope product, ...)
+ TODO: check
CVE-2021-22518
RESERVED
CVE-2021-22517
@@ -33012,6 +33142,7 @@ CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was fou
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
CVE-2021-20254 (A flaw was found in samba. The Samba smbd file server must map Windows ...)
+ {DLA-2668-1}
- samba 2:4.13.5+dfsg-2 (bug #987811)
[buster] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2021-20254.html
@@ -47254,10 +47385,10 @@ CVE-2020-26644
RESERVED
CVE-2020-26643
RESERVED
-CVE-2020-26642
- RESERVED
-CVE-2020-26641
- RESERVED
+CVE-2020-26642 (A cross-site scripting (XSS) vulnerability has been discovered in the ...)
+ TODO: check
+CVE-2020-26641 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in iC ...)
+ TODO: check
CVE-2020-26640
RESERVED
CVE-2020-26639
@@ -64847,14 +64978,14 @@ CVE-2020-18397
RESERVED
CVE-2020-18396
RESERVED
-CVE-2020-18395
- RESERVED
+CVE-2020-18395 (A NULL-pointer deference issue was discovered in GNU_gama::set() in el ...)
+ TODO: check
CVE-2020-18394
RESERVED
CVE-2020-18393
RESERVED
-CVE-2020-18392
- RESERVED
+CVE-2020-18392 (Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows ...)
+ TODO: check
CVE-2020-18391
RESERVED
CVE-2020-18390
@@ -126262,6 +126393,7 @@ CVE-2019-14909 (A vulnerability was found in Keycloak 7.x where the user federat
CVE-2019-14908
REJECTED
CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11 ...)
+ {DLA-2668-1}
- samba 2:4.11.5+dfsg-1
[buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
@@ -126287,6 +126419,7 @@ CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible Com
CVE-2019-14903
REJECTED
CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, all samb ...)
+ {DLA-2668-1}
- samba 2:4.11.5+dfsg-1
[buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <ignored> (difficult and risky backport to 4.2 in jessie)
@@ -126447,6 +126580,7 @@ CVE-2019-14871 (The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as u
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14870 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11 ...)
+ {DLA-2668-1}
- samba 2:4.11.3+dfsg-1
[buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
@@ -126511,6 +126645,7 @@ CVE-2019-14862 (There is a vulnerability in knockout before version 3.5.0-beta,
NOTE: https://github.com/knockout/knockout/commit/7e280b2b8a04cc19176b5171263a5c68bda98efb
NOTE: Only impacts browsers which are totally insecure and EOLed anyway
CVE-2019-14861 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11 ...)
+ {DLA-2668-1}
- samba 2:4.11.3+dfsg-1
[buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
@@ -126601,6 +126736,7 @@ CVE-2019-14849 (A vulnerability was found in 3scale before version 2.6, did not
CVE-2019-14848
REJECTED
CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x b ...)
+ {DLA-2668-1}
- samba 2:4.11.0+dfsg-6
[buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
@@ -126646,6 +126782,7 @@ CVE-2019-14834 (A vulnerability was found in dnsmasq before version 2.81, where
NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764425
CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0 before sa ...)
+ {DLA-2668-1}
- samba 2:4.11.1+dfsg-2
[buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
@@ -141102,6 +141239,7 @@ CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml v
NOTE: https://hibernate.atlassian.net/browse/HV-1739
NOTE: Fixed by https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
CVE-2019-10218 (A flaw was found in the samba client, all samba versions before samba ...)
+ {DLA-2668-1}
- samba 2:4.11.1+dfsg-2
[buster] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baac55b8d61dabecd7a5f2b3df0227716e853640
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baac55b8d61dabecd7a5f2b3df0227716e853640
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210529/185c481a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list