[Git][security-tracker-team/security-tracker][master] automatic update

Sat May 29 21:10:38 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a06f3ac by security tracker role at 2021-05-29T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -509,8 +509,8 @@ CVE-2021-3565 [during tpm2_import command invocation a fixed AES wrapping key is
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964427
 	NOTE: https://github.com/tpm2-software/tpm2-tools/issues/2738
 	NOTE: https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
-CVE-2021-33564
-	RESERVED
+CVE-2021-33564 (An argument injection vulnerability in the Dragonfly gem before 1.4.0  ...)
+	TODO: check
 CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password strength po ...)
 	NOT-FOR-US: Koel
 CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer befor ...)
@@ -1653,6 +1653,7 @@ CVE-2021-33040
 CVE-2021-33039
 	RESERVED
 CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...)
+	{DSA-4922-1}
 	- hyperkitty 1.3.4-4 (bug #989183)
 	NOTE: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
 	NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
@@ -4872,10 +4873,10 @@ CVE-2021-31705
 	RESERVED
 CVE-2021-31704
 	RESERVED
-CVE-2021-31703
-	RESERVED
-CVE-2021-31702
-	RESERVED
+CVE-2021-31703 (Frontier ichris through 5.18 allows users to upload malicious executab ...)
+	TODO: check
+CVE-2021-31702 (Frontier ichris through 5.18 mishandles making a DNS request for the h ...)
+	TODO: check
 CVE-2021-31701
 	RESERVED
 CVE-2021-31700
@@ -7778,8 +7779,8 @@ CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges by
 	NOT-FOR-US: VestaCP
 CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate privileges  ...)
 	NOT-FOR-US: VestaCP
-CVE-2021-30461
-	RESERVED
+CVE-2021-30461 (A remote code execution issue was discovered in the web UI of VoIPmoni ...)
+	TODO: check
 CVE-2021-30460
 	RESERVED
 CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolba ...)
@@ -8354,8 +8355,8 @@ CVE-2021-30183 (Cleartext storage of sensitive information in multiple versions
 	NOT-FOR-US: Octopus Server
 CVE-2021-30182
 	RESERVED
-CVE-2021-30181
-	RESERVED
+CVE-2021-30181 (Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which wi ...)
+	TODO: check
 CVE-2021-30180
 	RESERVED
 CVE-2021-30179
@@ -19502,8 +19503,8 @@ CVE-2020-36199 (TinyCheck before commits 9fd360d and ea53de8 was vulnerable to c
 	NOT-FOR-US: TinyCheck
 CVE-2021-25642
 	RESERVED
-CVE-2021-25641
-	RESERVED
+CVE-2021-25641 (Each Apache Dubbo server will set a serialization id to tell the clien ...)
+	TODO: check
 CVE-2021-25640
 	RESERVED
 CVE-2021-25639



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a06f3ac2ef9dfb9b7829c6e8cb0f4bb05f568c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a06f3ac2ef9dfb9b7829c6e8cb0f4bb05f568c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210529/8c3c9c47/attachment.htm>
