[Git][security-tracker-team/security-tracker][master] automatic update

Wed Oct 6 09:10:33 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1dba81c9 by security tracker role at 2021-10-06T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-42012
+	RESERVED
+CVE-2021-42011
+	RESERVED
+CVE-2021-3863
+	RESERVED
 CVE-2021-42010
 	RESERVED
 CVE-2021-42009
@@ -1963,16 +1969,16 @@ CVE-2021-41126
 	RESERVED
 CVE-2021-41125
 	RESERVED
-CVE-2021-41124
-	RESERVED
+CVE-2021-41124 (Scrapy-splash is a library which provides Scrapy and JavaScript integr ...)
+	TODO: check
 CVE-2021-41123 (Survey Solutions is a survey management and data collection system. In ...)
 	NOT-FOR-US: Survey Solutions
-CVE-2021-41122
-	RESERVED
+CVE-2021-41122 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...)
+	TODO: check
 CVE-2021-41121
 	RESERVED
-CVE-2021-41120
-	RESERVED
+CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius development pla ...)
+	TODO: check
 CVE-2021-41119
 	RESERVED
 CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
@@ -14266,8 +14272,8 @@ CVE-2021-35936 (If remote logging is not used, the worker (in the case of Celery
 	- airflow <itp> (bug #819700)
 CVE-2021-3626 (The Windows version of Multipass before 1.7.0 allowed any local proces ...)
 	NOT-FOR-US: Multipass
-CVE-2021-3625
-	RESERVED
+CVE-2021-3625 (Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 ...)
+	TODO: check
 CVE-2021-35935
 	RESERVED
 CVE-2021-35934
@@ -18950,10 +18956,10 @@ CVE-2021-33851
 	RESERVED
 CVE-2021-33850
 	RESERVED
-CVE-2021-33849
-	RESERVED
-CVE-2021-3581
-	RESERVED
+CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...)
+	TODO: check
+CVE-2021-3581 (Buffer Access with Incorrect Length Value in zephyr. Zephyr versions & ...)
+	TODO: check
 CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions handled  ...)
 	{DSA-4933-1 DLA-2760-1}
 	- nettle 3.7.3-1 (bug #989631)
@@ -23710,12 +23716,12 @@ CVE-2021-31990
 	RESERVED
 CVE-2021-31989 (A user with permission to log on to the machine hosting the AXIS Devic ...)
 	NOT-FOR-US: AXIS
-CVE-2021-31988
-	RESERVED
-CVE-2021-31987
-	RESERVED
-CVE-2021-31986
-	RESERVED
+CVE-2021-31988 (A user controlled parameter related to SMTP test functionality is not  ...)
+	TODO: check
+CVE-2021-31987 (A user controlled parameter related to SMTP test functionality is not  ...)
+	TODO: check
+CVE-2021-31986 (User controlled parameters related to SMTP notifications are not corre ...)
+	TODO: check
 CVE-2021-31985 (Microsoft Defender Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-31984 (Power BI Remote Code Execution Vulnerability ...)
@@ -25016,8 +25022,8 @@ CVE-2021-31524
 	RESERVED
 CVE-2021-31522
 	RESERVED
-CVE-2021-3510
-	RESERVED
+CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...)
+	TODO: check
 CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...)
 	- ceph 14.2.21-1 (bug #988888)
 	[buster] - ceph <not-affected> (Vulnerable code introduced later)
@@ -33360,8 +33366,8 @@ CVE-2021-3438 (A potential buffer overflow in the software drivers for certain H
 	NOT-FOR-US: HP LaserJet products and Samsung product printers
 CVE-2021-3437
 	RESERVED
-CVE-2021-3436
-	RESERVED
+CVE-2021-3436 (BT: Possible to overwrite an existing bond during keys distribution ph ...)
+	TODO: check
 CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...)
 	- edk2 <unfixed>
 	[bullseye] - edk2 <no-dsa> (Minor issue)
@@ -38158,8 +38164,8 @@ CVE-2021-3321
 	RESERVED
 CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2 ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
-CVE-2021-3319
-	RESERVED
+CVE-2021-3319 (DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addre ...)
+	TODO: check
 CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...)
 	NOT-FOR-US: DzzOffice
 CVE-2021-26274 (The Agent in NinjaRMM 5.0.909 has Insecure Permissions. ...)
@@ -80196,14 +80202,14 @@ CVE-2020-21508
 	RESERVED
 CVE-2020-21507
 	RESERVED
-CVE-2020-21506
-	RESERVED
-CVE-2020-21505
-	RESERVED
-CVE-2020-21504
-	RESERVED
-CVE-2020-21503
-	RESERVED
+CVE-2020-21506 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...)
+	TODO: check
+CVE-2020-21505 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...)
+	TODO: check
+CVE-2020-21504 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...)
+	TODO: check
+CVE-2020-21503 (waimai Super Cms 20150505 has a logic flaw allowing attackers to modif ...)
+	TODO: check
 CVE-2020-21502
 	RESERVED
 CVE-2020-21501



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dba81c98b533aa66522a4911a2206d7fb2e2bf0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dba81c98b533aa66522a4911a2206d7fb2e2bf0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211006/12f961e0/attachment.htm>
