[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 2 21:10:41 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9f936db9 by security tracker role at 2021-09-02T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-40439
+ RESERVED
+CVE-2021-40438
+ RESERVED
CVE-2021-XXXX [inetutils: ftp client didn't validate that PASV/LSPV addresse match]
- inetutils 2:2.2-1 (bug #993476)
[bullseye] - inetutils <no-dsa> (Minor issue)
@@ -226,10 +230,10 @@ CVE-2021-3759 [ unaccounted ipc objects in Linux kernel lead to breaking memcg l
RESERVED
- linux <unfixed>
NOTE: https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/
-CVE-2021-3758
- RESERVED
-CVE-2021-3757
- RESERVED
+CVE-2021-3758 (bookstack is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ TODO: check
+CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Object Pr ...)
+ TODO: check
CVE-2021-40331
RESERVED
CVE-2021-3756
@@ -2411,8 +2415,8 @@ CVE-2021-39324
RESERVED
CVE-2021-39323
RESERVED
-CVE-2021-39322
- RESERVED
+CVE-2021-39322 (The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the ...)
+ TODO: check
CVE-2021-39321
RESERVED
CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes out the r ...)
@@ -2792,8 +2796,8 @@ CVE-2021-39189
RESERVED
CVE-2021-39188
RESERVED
-CVE-2021-39187
- RESERVED
+CVE-2021-39187 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
CVE-2021-39186 (GlobalNewFiles is a package in Miraheze, a wiki hosting service. Prior ...)
NOT-FOR-US: Miraheze
CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services. In h ...)
@@ -4693,12 +4697,12 @@ CVE-2021-38316
RESERVED
CVE-2021-38315 (The SP Project & Document Manager WordPress plugin is vulnerable t ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-38314
- RESERVED
+CVE-2021-38314 (The Gutenberg Template Library & Redux Framework plugin <= 4.2. ...)
+ TODO: check
CVE-2021-38313
RESERVED
-CVE-2021-38312
- RESERVED
+CVE-2021-38312 (The Gutenberg Template Library & Redux Framework plugin <= 4.2. ...)
+ TODO: check
CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops exist in ...)
NOT-FOR-US: Contiki
CVE-2021-38310
@@ -10056,12 +10060,12 @@ CVE-2021-36021
RESERVED
CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
NOT-FOR-US: Magento
-CVE-2021-36019
- RESERVED
-CVE-2021-36018
- RESERVED
-CVE-2021-36017
- RESERVED
+CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...)
+ TODO: check
+CVE-2021-36018 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...)
+ TODO: check
+CVE-2021-36017 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...)
+ TODO: check
CVE-2021-36016 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
NOT-FOR-US: Adobe
CVE-2021-36015 (Adobe Media Encoder version 15.2 (and earlier) is affected by a memory ...)
@@ -10102,14 +10106,14 @@ CVE-2021-35998
RESERVED
CVE-2021-35997 (Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory ...)
NOT-FOR-US: Adobe
-CVE-2021-35996
- RESERVED
-CVE-2021-35995
- RESERVED
-CVE-2021-35994
- RESERVED
-CVE-2021-35993
- RESERVED
+CVE-2021-35996 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...)
+ TODO: check
+CVE-2021-35995 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Imp ...)
+ TODO: check
+CVE-2021-35994 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...)
+ TODO: check
+CVE-2021-35993 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...)
+ TODO: check
CVE-2021-35992 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
NOT-FOR-US: Adobe
CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitiali ...)
@@ -14677,8 +14681,8 @@ CVE-2021-33940
RESERVED
CVE-2021-33939
RESERVED
-CVE-2021-33938
- RESERVED
+CVE-2021-33938 (Buffer overflow vulnerability in function prune_to_recommended in src/ ...)
+ TODO: check
CVE-2021-33937
RESERVED
CVE-2021-33936
@@ -14693,12 +14697,12 @@ CVE-2021-33932
RESERVED
CVE-2021-33931
RESERVED
-CVE-2021-33930
- RESERVED
-CVE-2021-33929
- RESERVED
-CVE-2021-33928
- RESERVED
+CVE-2021-33930 (Buffer overflow vulnerability in function pool_installable_whatprovide ...)
+ TODO: check
+CVE-2021-33929 (Buffer overflow vulnerability in function pool_disabled_solvable in sr ...)
+ TODO: check
+CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in src/repo ...)
+ TODO: check
CVE-2021-33927
RESERVED
CVE-2021-33926
@@ -28398,38 +28402,38 @@ CVE-2021-28567
RESERVED
CVE-2021-28566
RESERVED
-CVE-2021-28565
- RESERVED
-CVE-2021-28564
- RESERVED
+CVE-2021-28565 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ TODO: check
+CVE-2021-28564 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-28563 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
NOT-FOR-US: Magento
CVE-2021-28562 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
NOT-FOR-US: Adobe
-CVE-2021-28561
- RESERVED
-CVE-2021-28560
- RESERVED
-CVE-2021-28559
- RESERVED
-CVE-2021-28558
- RESERVED
-CVE-2021-28557
- RESERVED
+CVE-2021-28561 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ TODO: check
+CVE-2021-28560 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ TODO: check
+CVE-2021-28559 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ TODO: check
+CVE-2021-28558 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ TODO: check
+CVE-2021-28557 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-28556 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
NOT-FOR-US: Magento
-CVE-2021-28555
- RESERVED
+CVE-2021-28555 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-28554 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
NOT-FOR-US: Adobe
-CVE-2021-28553
- RESERVED
+CVE-2021-28553 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-28552 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
NOT-FOR-US: Adobe
CVE-2021-28551 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
NOT-FOR-US: Adobe
-CVE-2021-28550
- RESERVED
+CVE-2021-28550 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-28549 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...)
NOT-FOR-US: Adobe
CVE-2021-28548 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...)
@@ -30758,8 +30762,7 @@ CVE-2021-27580
RESERVED
CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on ...)
NOT-FOR-US: Snow Inventory Agent
-CVE-2021-27578
- RESERVED
+CVE-2021-27578 (Cross Site Scripting vulnerability in markdown interpreter of Apache Z ...)
NOT-FOR-US: Apache Zeppelin
CVE-2021-27577 (Incorrect handling of url fragment vulnerability of Apache Traffic Ser ...)
{DSA-4957-1}
@@ -42089,16 +42092,16 @@ CVE-2021-22795
RESERVED
CVE-2021-22794
RESERVED
-CVE-2021-22793
- RESERVED
-CVE-2021-22792
- RESERVED
-CVE-2021-22791
- RESERVED
-CVE-2021-22790
- RESERVED
-CVE-2021-22789
- RESERVED
+CVE-2021-22793 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
+ TODO: check
+CVE-2021-22792 (A CWE-476: NULL Pointer Dereference vulnerability that could cause a D ...)
+ TODO: check
+CVE-2021-22791 (A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial ...)
+ TODO: check
+CVE-2021-22790 (A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial ...)
+ TODO: check
+CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
+ TODO: check
CVE-2021-22788
RESERVED
CVE-2021-22787
@@ -42125,8 +42128,8 @@ CVE-2021-22777 (A CWE-502: Deserialization of Untrusted Data vulnerability exist
NOT-FOR-US: Schneider Electric
CVE-2021-22776
RESERVED
-CVE-2021-22775
- RESERVED
+CVE-2021-22775 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP ...)
+ TODO: check
CVE-2021-22774 (A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists i ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22773 (A CWE-620: Unverified Password Change vulnerability exists in EVlink C ...)
@@ -42267,8 +42270,8 @@ CVE-2021-22706 (A CWE-79: Improper Neutralization of Input During Web Page Gener
NOT-FOR-US: Schneider Electric
CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
NOT-FOR-US: Schneider
-CVE-2021-22704
- RESERVED
+CVE-2021-22704 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
NOT-FOR-US: PowerLogic
CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
@@ -42786,8 +42789,8 @@ CVE-2021-22527
RESERVED
CVE-2021-22526
RESERVED
-CVE-2021-22525
- RESERVED
+CVE-2021-22525 (This release addresses a potential information leakage vulnerability i ...)
+ TODO: check
CVE-2021-22524
RESERVED
CVE-2021-22523 (XML External Entity vulnerability in Micro Focus Verastream Host Integ ...)
@@ -47830,8 +47833,8 @@ CVE-2021-21088
RESERVED
CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 1 ...)
NOT-FOR-US: Adobe
-CVE-2021-21086
- RESERVED
+CVE-2021-21086 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an Input Val ...)
NOT-FOR-US: Adobe
CVE-2021-21084 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
@@ -82851,8 +82854,8 @@ CVE-2020-18050
RESERVED
CVE-2020-18049
RESERVED
-CVE-2020-18048
- RESERVED
+CVE-2020-18048 (An issue in craigms/main.php of CraigMS 1.0 allows attackers to execut ...)
+ TODO: check
CVE-2020-18047
RESERVED
CVE-2020-18046
@@ -93207,8 +93210,7 @@ CVE-2020-13931 (If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.
NOT-FOR-US: Apache TomEE
CVE-2020-13930
RESERVED
-CVE-2020-13929
- RESERVED
+CVE-2020-13929 (Authentication bypass vulnerability in Apache Zeppelin allows an attac ...)
NOT-FOR-US: Apache Zeppelin
CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving se ...)
NOT-FOR-US: Apache Atlas
@@ -159070,8 +159072,7 @@ CVE-2019-10097 (In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was confi
NOTE: https://svn.apache.org/r1864613
CVE-2019-10096
REJECTED
-CVE-2019-10095
- RESERVED
+CVE-2019-10095 (bash command injection vulnerability in Apache Zeppelin allows an atta ...)
NOT-FOR-US: Apache Zeppelin
CVE-2019-10094 (A carefully crafted package/compressed file that, when unzipped/uncomp ...)
- tika 1.22-1 (bug #933746)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f936db95adc56c1982747376cb54b753fec842a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f936db95adc56c1982747376cb54b753fec842a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210902/ddc07dfa/attachment.htm>
More information about the debian-security-tracker-commits
mailing list