[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 8 09:10:29 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9f89478f by security tracker role at 2021-09-08T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-40689
+ RESERVED
+CVE-2021-40688
+ RESERVED
+CVE-2021-40687
+ RESERVED
+CVE-2021-40686
+ RESERVED
+CVE-2021-40685
+ RESERVED
+CVE-2021-40684
+ RESERVED
CVE-2021-XXXX [webauthn buffer overflow]
- glewlwyd 2.5.2-3 (bug #993867)
NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2
@@ -754,6 +766,7 @@ CVE-2021-40347 [Check a user owns the email they are trying to unsubscribe]
NOTE: https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b
CVE-2021-40346 [fix missing header name length check in HTX]
RESERVED
+ {DSA-4968-1}
- haproxy 2.2.16-3
[buster] - haproxy <not-affected> (Vulnerable code not present)
[stretch] - haproxy <not-affected> (Vulnerable code not present)
@@ -1266,8 +1279,8 @@ CVE-2021-40145 (** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Libr
NOTE: https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af
CVE-2021-40144
RESERVED
-CVE-2021-40143
- RESERVED
+CVE-2021-40143 (Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HT ...)
+ TODO: check
CVE-2021-40142 (In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, re ...)
NOT-FOR-US: OPC Foundation Local Discovery Server (LDS)
CVE-2021-40141
@@ -2584,22 +2597,22 @@ CVE-2021-39505
RESERVED
CVE-2021-39504
RESERVED
-CVE-2021-39503
- RESERVED
+CVE-2021-39503 (PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is ...)
+ TODO: check
CVE-2021-39502
RESERVED
-CVE-2021-39501
- RESERVED
-CVE-2021-39500
- RESERVED
-CVE-2021-39499
- RESERVED
+CVE-2021-39501 (EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect ...)
+ TODO: check
+CVE-2021-39500 (Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of i ...)
+ TODO: check
+CVE-2021-39499 (A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouC ...)
+ TODO: check
CVE-2021-39498
RESERVED
-CVE-2021-39497
- RESERVED
-CVE-2021-39496
- RESERVED
+CVE-2021-39497 (eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...)
+ TODO: check
+CVE-2021-39496 (Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...)
+ TODO: check
CVE-2021-39495
RESERVED
CVE-2021-39494
@@ -3371,8 +3384,8 @@ CVE-2021-39196 (pcapture is an open source dumpcap web service interface . In af
NOT-FOR-US: pcapture
CVE-2021-39195 (Misskey is an open source, decentralized microblogging platform. In af ...)
NOT-FOR-US: Misskey
-CVE-2021-39194
- RESERVED
+CVE-2021-39194 (kaml is an open source implementation of the YAML format with support ...)
+ TODO: check
CVE-2021-39193 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...)
NOT-FOR-US: Frontier
CVE-2021-39192 (Ghost is a Node.js content management system. An error in the implemen ...)
@@ -3556,10 +3569,10 @@ CVE-2021-39124
RESERVED
CVE-2021-39123
RESERVED
-CVE-2021-39122
- RESERVED
-CVE-2021-39121
- RESERVED
+CVE-2021-39122 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ TODO: check
+CVE-2021-39121 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+ TODO: check
CVE-2021-39120
RESERVED
CVE-2021-39119 (Affected versions of Atlassian Jira Server and Data Center allow users ...)
@@ -3568,8 +3581,8 @@ CVE-2021-39118
RESERVED
CVE-2021-39117 (The AssociateFieldToScreens page in Atlassian Jira Server and Data Cen ...)
NOT-FOR-US: Atlassian
-CVE-2021-39116
- RESERVED
+CVE-2021-39116 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ TODO: check
CVE-2021-39115 (Affected versions of Atlassian Jira Service Management Server and Data ...)
NOT-FOR-US: Atlassian
CVE-2021-39114
@@ -4418,14 +4431,14 @@ CVE-2021-38711 (In gitit before 0.15.0.0, the Export feature can be exploited to
[buster] - gitit <no-dsa> (Minor issue)
[stretch] - gitit <no-dsa> (Minor issue)
NOTE: https://github.com/jgm/gitit/commit/eed32638f4f6e3b2f4b8a9a04c4b72001acf9ad8
-CVE-2021-38707
- RESERVED
-CVE-2021-38706
- RESERVED
-CVE-2021-38705
- RESERVED
-CVE-2021-38704
- RESERVED
+CVE-2021-38707 (Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7 ...)
+ TODO: check
+CVE-2021-38706 (messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL inject ...)
+ TODO: check
+CVE-2021-38705 (ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A ...)
+ TODO: check
+CVE-2021-38704 (Multiple reflected cross-site scripting (XSS) vulnerabilities in Clini ...)
+ TODO: check
CVE-2021-38703 (Wireless devices running certain Arcadyan-derived firmware (such as KP ...)
NOT-FOR-US: Wireless devices running certain Arcadyan-derived firmware
CVE-2021-3708 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...)
@@ -6936,14 +6949,14 @@ CVE-2021-37633 (Discourse is an open source discussion platform. In versions pri
NOT-FOR-US: Discourse
CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of mods for ...)
NOT-FOR-US: SuperMartijn642's Config Lib (lib for Minecraft)
-CVE-2021-37631
- RESERVED
-CVE-2021-37630
- RESERVED
-CVE-2021-37629
- RESERVED
-CVE-2021-37628
- RESERVED
+CVE-2021-37631 (Deck is an open source kanban style organization tool aimed at persona ...)
+ TODO: check
+CVE-2021-37630 (Nextcloud Circles is an open source social network built for the nextc ...)
+ TODO: check
+CVE-2021-37629 (Nextcloud Richdocuments is an open source collaborative office suite. ...)
+ TODO: check
+CVE-2021-37628 (Nextcloud Richdocuments is an open source collaborative office suite. ...)
+ TODO: check
CVE-2021-37627 (Contao is an open source CMS that allows creation of websites and scal ...)
NOT-FOR-US: Contao CMS
CVE-2021-37626 (Contao is an open source CMS that allows you to create websites and sc ...)
@@ -8001,8 +8014,8 @@ CVE-2021-37147
RESERVED
CVE-2021-37146
RESERVED
-CVE-2021-37145
- RESERVED
+CVE-2021-37145 (** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in a ...)
+ TODO: check
CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in ...)
NOT-FOR-US: CSZ CMS
CVE-2021-37143
@@ -10843,8 +10856,8 @@ CVE-2021-35950
RESERVED
CVE-2021-35949 (The shareinfo controller in the ownCloud Server before 10.8.0 allows a ...)
TODO: check
-CVE-2021-35948
- RESERVED
+CVE-2021-35948 (Session fixation on password protected public links in the ownCloud Se ...)
+ TODO: check
CVE-2021-35947 (The public share controller in the ownCloud server before version 10.8 ...)
TODO: check
CVE-2021-35946 (A receiver of a federated share with access to the database with ownCl ...)
@@ -18134,12 +18147,12 @@ CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.
[stretch] - node-tar <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
NOTE: https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
-CVE-2021-32802
- RESERVED
-CVE-2021-32801
- RESERVED
-CVE-2021-32800
- RESERVED
+CVE-2021-32802 (Nextcloud server is an open source, self hosted personal cloud. Nextcl ...)
+ TODO: check
+CVE-2021-32801 (Nextcloud server is an open source, self hosted personal cloud. In aff ...)
+ TODO: check
+CVE-2021-32800 (Nextcloud server is an open source, self hosted personal cloud. In aff ...)
+ TODO: check
CVE-2021-32799
RESERVED
CVE-2021-32798 (The Jupyter notebook is a web-based notebook environment for interacti ...)
@@ -18200,8 +18213,8 @@ CVE-2021-32784
RESERVED
CVE-2021-32783 (Contour is a Kubernetes ingress controller using Envoy proxy. In Conto ...)
NOT-FOR-US: Countour
-CVE-2021-32782
- RESERVED
+CVE-2021-32782 (Nextcloud Circles is an open source social network built for the nextc ...)
+ TODO: check
CVE-2021-32781 (Envoy is an open source L7 proxy and communication bus designed for la ...)
- envoyproxy <itp> (bug #987544)
CVE-2021-32780 (Envoy is an open source L7 proxy and communication bus designed for la ...)
@@ -18236,8 +18249,8 @@ CVE-2021-32768 (TYPO3 is an open source PHP based web content management system
NOT-FOR-US: Typo 3
CVE-2021-32767 (TYPO3 is an open source PHP based web content management system. In ve ...)
NOT-FOR-US: Typo 3
-CVE-2021-32766
- RESERVED
+CVE-2021-32766 (Nextcloud Text is an open source plaintext editing application which s ...)
+ TODO: check
CVE-2021-32765
RESERVED
CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse versions ...)
@@ -79790,12 +79803,12 @@ CVE-2020-19857
RESERVED
CVE-2020-19856
RESERVED
-CVE-2020-19855
- RESERVED
+CVE-2020-19855 (phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /i ...)
+ TODO: check
CVE-2020-19854
RESERVED
-CVE-2020-19853
- RESERVED
+CVE-2020-19853 (BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. ...)
+ TODO: check
CVE-2020-19852
RESERVED
CVE-2020-19851
@@ -79962,16 +79975,16 @@ CVE-2020-19771
RESERVED
CVE-2020-19770
RESERVED
-CVE-2020-19769
- RESERVED
-CVE-2020-19768
- RESERVED
-CVE-2020-19767
- RESERVED
-CVE-2020-19766
- RESERVED
-CVE-2020-19765
- RESERVED
+CVE-2020-19769 (A lack of target address verification in the BurnMe() function of Rob ...)
+ TODO: check
+CVE-2020-19768 (A lack of target address verification in the selfdestructs() function ...)
+ TODO: check
+CVE-2020-19767 (A lack of target address verification in the destroycontract() functio ...)
+ TODO: check
+CVE-2020-19766 (The time check operation of PepeAuctionSale 1.0 can be rendered ineffe ...)
+ TODO: check
+CVE-2020-19765 (An issue in the noReentrance() modifier of the Ethereum-based contract ...)
+ TODO: check
CVE-2020-19764
RESERVED
CVE-2020-19763
@@ -79996,12 +80009,12 @@ CVE-2020-19754
RESERVED
CVE-2020-19753
RESERVED
-CVE-2020-19752
- RESERVED
-CVE-2020-19751
- RESERVED
-CVE-2020-19750
- RESERVED
+CVE-2020-19752 (The find_color_or_error function in gifsicle 1.92 contains a NULL poin ...)
+ TODO: check
+CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool functi ...)
+ TODO: check
+CVE-2020-19750 (An issue was discovered in gpac 0.8.0. The strdup function in box_code ...)
+ TODO: check
CVE-2020-19749
RESERVED
CVE-2020-19748
@@ -133419,7 +133432,8 @@ CVE-2019-18353
RESERVED
CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices ...)
NOT-FOR-US: PHOENIX CONTACT FL NAT 2208 devices
-CVE-2019-18351 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk thr ...)
+CVE-2019-18351
+ REJECTED
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
NOTE: Technically CVE-2019-18790 exists because of an incomplete fix of CVE-2019-18351, both
NOTE: referring to AST-2019-006. The upstream advisory never used though CVE-2019-18351, but
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f89478fad1f2bfd4a21bcbf1d34acd1d3eaca44
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f89478fad1f2bfd4a21bcbf1d34acd1d3eaca44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210908/69ca505f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list