[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 3 09:10:27 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd66fd36 by security tracker role at 2021-09-03T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,14 +1,126 @@
+CVE-2021-40494 (A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI throu ...)
+	TODO: check
+CVE-2021-40493
+	RESERVED
+CVE-2021-40492
+	RESERVED
+CVE-2021-40489
+	RESERVED
+CVE-2021-40488
+	RESERVED
+CVE-2021-40487
+	RESERVED
+CVE-2021-40486
+	RESERVED
+CVE-2021-40485
+	RESERVED
+CVE-2021-40484
+	RESERVED
+CVE-2021-40483
+	RESERVED
+CVE-2021-40482
+	RESERVED
+CVE-2021-40481
+	RESERVED
+CVE-2021-40480
+	RESERVED
+CVE-2021-40479
+	RESERVED
+CVE-2021-40478
+	RESERVED
+CVE-2021-40477
+	RESERVED
+CVE-2021-40476
+	RESERVED
+CVE-2021-40475
+	RESERVED
+CVE-2021-40474
+	RESERVED
+CVE-2021-40473
+	RESERVED
+CVE-2021-40472
+	RESERVED
+CVE-2021-40471
+	RESERVED
+CVE-2021-40470
+	RESERVED
+CVE-2021-40469
+	RESERVED
+CVE-2021-40468
+	RESERVED
+CVE-2021-40467
+	RESERVED
+CVE-2021-40466
+	RESERVED
+CVE-2021-40465
+	RESERVED
+CVE-2021-40464
+	RESERVED
+CVE-2021-40463
+	RESERVED
+CVE-2021-40462
+	RESERVED
+CVE-2021-40461
+	RESERVED
+CVE-2021-40460
+	RESERVED
+CVE-2021-40459
+	RESERVED
+CVE-2021-40458
+	RESERVED
+CVE-2021-40457
+	RESERVED
+CVE-2021-40456
+	RESERVED
+CVE-2021-40455
+	RESERVED
+CVE-2021-40454
+	RESERVED
+CVE-2021-40453
+	RESERVED
+CVE-2021-40452
+	RESERVED
+CVE-2021-40451
+	RESERVED
+CVE-2021-40450
+	RESERVED
+CVE-2021-40449
+	RESERVED
+CVE-2021-40448
+	RESERVED
+CVE-2021-40447
+	RESERVED
+CVE-2021-40446
+	RESERVED
+CVE-2021-40445
+	RESERVED
+CVE-2021-40444
+	RESERVED
+CVE-2021-40443
+	RESERVED
+CVE-2021-40442
+	RESERVED
+CVE-2021-40441
+	RESERVED
+CVE-2021-40440
+	RESERVED
+CVE-2021-3764
+	RESERVED
+CVE-2021-3763
+	RESERVED
+CVE-2021-3762
+	RESERVED
 CVE-2021-40439
 	RESERVED
 CVE-2021-40438
 	RESERVED
-CVE-2021-40491 [inetutils: ftp client didn't validate that PASV/LSPV addresse match]
+CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate addresses ...)
 	- inetutils 2:2.2-1 (bug #993476)
 	[bullseye] - inetutils <no-dsa> (Minor issue)
 	[buster] - inetutils <no-dsa> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
 	NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
-CVE-2021-40490 [ext4: fix race writing to an inline_data file while its xattrs are changing]
+CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/
 CVE-2021-40437
@@ -3977,10 +4089,10 @@ CVE-2021-38644
 	RESERVED
 CVE-2021-38643
 	RESERVED
-CVE-2021-38642
-	RESERVED
-CVE-2021-38641
-	RESERVED
+CVE-2021-38642 (Microsoft Edge for iOS Spoofing Vulnerability ...)
+	TODO: check
+CVE-2021-38641 (Microsoft Edge for Android Spoofing Vulnerability ...)
+	TODO: check
 CVE-2021-38640
 	RESERVED
 CVE-2021-38639
@@ -7869,8 +7981,8 @@ CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosur
 	NOT-FOR-US: Microsoft
 CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
 	NOT-FOR-US: Microsoft
-CVE-2021-36930
-	RESERVED
+CVE-2021-36930 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+	TODO: check
 CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-36928 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
@@ -13637,8 +13749,8 @@ CVE-2021-3589
 	NOT-FOR-US: Foreman Ansible
 CVE-2021-34437
 	RESERVED
-CVE-2021-34436
-	RESERVED
+CVE-2021-34436 (In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default ...)
+	TODO: check
 CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a ...)
 	NOT-FOR-US: Eclipse Theia
 CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...)
@@ -33522,14 +33634,14 @@ CVE-2021-26441
 	RESERVED
 CVE-2021-26440
 	RESERVED
-CVE-2021-26439
-	RESERVED
+CVE-2021-26439 (Microsoft Edge for Android Information Disclosure Vulnerability ...)
+	TODO: check
 CVE-2021-26438
 	RESERVED
 CVE-2021-26437
 	RESERVED
-CVE-2021-26436
-	RESERVED
+CVE-2021-26436 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+	TODO: check
 CVE-2021-26435
 	RESERVED
 CVE-2021-26434



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd66fd36bde566cba6cf94ddddf4a9f61ea62568

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd66fd36bde566cba6cf94ddddf4a9f61ea62568
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210903/d07c7f7e/attachment.htm>

More information about the debian-security-tracker-commits mailing list