[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 14 09:10:32 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6d664e21 by security tracker role at 2021-09-14T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,185 @@
+CVE-2021-41076
+ RESERVED
+CVE-2021-41075
+ RESERVED
+CVE-2021-41074
+ RESERVED
+CVE-2021-41073
+ RESERVED
+CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...)
+ TODO: check
+CVE-2021-41071
+ RESERVED
+CVE-2021-41070
+ RESERVED
+CVE-2021-41069
+ RESERVED
+CVE-2021-41068
+ RESERVED
+CVE-2021-41067
+ RESERVED
+CVE-2021-41066
+ RESERVED
+CVE-2021-41065
+ RESERVED
+CVE-2021-41064
+ RESERVED
+CVE-2021-41063
+ RESERVED
+CVE-2021-41062
+ RESERVED
+CVE-2021-41061
+ RESERVED
+CVE-2021-41060
+ RESERVED
+CVE-2021-41059
+ RESERVED
+CVE-2021-41058
+ RESERVED
+CVE-2021-41057
+ RESERVED
+CVE-2021-41056
+ RESERVED
+CVE-2021-41055
+ RESERVED
+CVE-2021-41053
+ RESERVED
+CVE-2021-41052
+ RESERVED
+CVE-2021-41051
+ RESERVED
+CVE-2021-41050
+ RESERVED
+CVE-2021-41049
+ RESERVED
+CVE-2021-41048
+ RESERVED
+CVE-2021-41047
+ RESERVED
+CVE-2021-41046
+ RESERVED
+CVE-2021-41045
+ RESERVED
+CVE-2021-41044
+ RESERVED
+CVE-2021-41043
+ RESERVED
+CVE-2021-41042
+ RESERVED
+CVE-2021-41041
+ RESERVED
+CVE-2021-41040
+ RESERVED
+CVE-2021-41039
+ RESERVED
+CVE-2021-41038
+ RESERVED
+CVE-2021-41037
+ RESERVED
+CVE-2021-41036
+ RESERVED
+CVE-2021-41035
+ RESERVED
+CVE-2021-41034
+ RESERVED
+CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...)
+ TODO: check
+CVE-2021-41032
+ RESERVED
+CVE-2021-41031
+ RESERVED
+CVE-2021-41030
+ RESERVED
+CVE-2021-41029
+ RESERVED
+CVE-2021-41028
+ RESERVED
+CVE-2021-41027
+ RESERVED
+CVE-2021-41026
+ RESERVED
+CVE-2021-41025
+ RESERVED
+CVE-2021-41024
+ RESERVED
+CVE-2021-41023
+ RESERVED
+CVE-2021-41022
+ RESERVED
+CVE-2021-41021
+ RESERVED
+CVE-2021-41020
+ RESERVED
+CVE-2021-41019
+ RESERVED
+CVE-2021-41018
+ RESERVED
+CVE-2021-41017
+ RESERVED
+CVE-2021-41016
+ RESERVED
+CVE-2021-41015
+ RESERVED
+CVE-2021-41014
+ RESERVED
+CVE-2021-41013
+ RESERVED
+CVE-2021-41012
+ RESERVED
+CVE-2021-41011
+ RESERVED
+CVE-2021-41010
+ RESERVED
+CVE-2021-41009
+ RESERVED
+CVE-2021-41008
+ RESERVED
+CVE-2021-41007
+ RESERVED
+CVE-2021-41006
+ RESERVED
+CVE-2021-41005
+ RESERVED
+CVE-2021-41004
+ RESERVED
+CVE-2021-41003
+ RESERVED
+CVE-2021-41002
+ RESERVED
+CVE-2021-41001
+ RESERVED
+CVE-2021-41000
+ RESERVED
+CVE-2021-40999
+ RESERVED
+CVE-2021-40998
+ RESERVED
+CVE-2021-40997
+ RESERVED
+CVE-2021-40996
+ RESERVED
+CVE-2021-40995
+ RESERVED
+CVE-2021-40994
+ RESERVED
+CVE-2021-40993
+ RESERVED
+CVE-2021-40992
+ RESERVED
+CVE-2021-40991
+ RESERVED
+CVE-2021-40990
+ RESERVED
+CVE-2021-40989
+ RESERVED
+CVE-2021-40988
+ RESERVED
+CVE-2021-40987
+ RESERVED
+CVE-2021-40986
+ RESERVED
+CVE-2021-3800
+ RESERVED
CVE-2021-40985
RESERVED
CVE-2021-40984
@@ -240,7 +422,7 @@ CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin pa
NOT-FOR-US: Netgear
CVE-2021-3799
RESERVED
-CVE-2021-41054 [buffer overflow in atftpd]
+CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...)
- atftp <unfixed>
NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
CVE-2021-3798
@@ -4266,12 +4448,12 @@ CVE-2021-39127
RESERVED
CVE-2021-39126
RESERVED
-CVE-2021-39125
- RESERVED
-CVE-2021-39124
- RESERVED
-CVE-2021-39123
- RESERVED
+CVE-2021-39125 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ TODO: check
+CVE-2021-39124 (The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassi ...)
+ TODO: check
+CVE-2021-39123 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ TODO: check
CVE-2021-39122 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
NOT-FOR-US: Atlassian
CVE-2021-39121 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
@@ -4280,8 +4462,8 @@ CVE-2021-39120
RESERVED
CVE-2021-39119 (Affected versions of Atlassian Jira Server and Data Center allow users ...)
NOT-FOR-US: Atlassian
-CVE-2021-39118
- RESERVED
+CVE-2021-39118 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ TODO: check
CVE-2021-39117 (The AssociateFieldToScreens page in Atlassian Jira Server and Data Cen ...)
NOT-FOR-US: Atlassian
CVE-2021-39116 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -17514,20 +17696,20 @@ CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/commit/0a85029d694f992f3631e2f249e4999daee15cbf
NOTE: https://github.com/gpac/gpac/issues/1785
-CVE-2021-33365
- RESERVED
+CVE-2021-33365 (Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0. ...)
+ TODO: check
CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ...)
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7
NOTE: https://github.com/gpac/gpac/issues/1783
-CVE-2021-33363
- RESERVED
+CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allo ...)
+ TODO: check
CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function in MP4B ...)
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d
NOTE: https://github.com/gpac/gpac/issues/1780
-CVE-2021-33361
- RESERVED
+CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...)
+ TODO: check
CVE-2021-33360
RESERVED
CVE-2021-33359 (A vulnerability exists in gowitness < 2.3.6 that allows an unauthen ...)
@@ -20461,10 +20643,10 @@ CVE-2021-32141
RESERVED
CVE-2021-32140
RESERVED
-CVE-2021-32139
- RESERVED
-CVE-2021-32138
- RESERVED
+CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to c ...)
+ TODO: check
+CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...)
+ TODO: check
CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4Box in ...)
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca
@@ -78875,12 +79057,12 @@ CVE-2020-20674
RESERVED
CVE-2020-20673
RESERVED
-CVE-2020-20672
- RESERVED
-CVE-2020-20671
- RESERVED
-CVE-2020-20670
- RESERVED
+CVE-2020-20672 (An arbitrary file upload vulnerability in /admin/upload/uploadfile of ...)
+ TODO: check
+CVE-2020-20671 (A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers t ...)
+ TODO: check
+CVE-2020-20670 (An arbitrary file upload vulnerability in /admin/media/upload of ZKEAC ...)
+ TODO: check
CVE-2020-20669
RESERVED
CVE-2020-20668
@@ -121804,8 +121986,8 @@ CVE-2019-20103
RESERVED
CVE-2019-20102 (The attachment-uploading feature in Atlassian Confluence Server from v ...)
NOT-FOR-US: Atlassian
-CVE-2019-20101
- RESERVED
+CVE-2019-20101 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ TODO: check
CVE-2019-20100 (The Atlassian Application Links plugin is vulnerable to cross-site req ...)
NOT-FOR-US: Atlassian Application Links plugin
CVE-2019-20099 (The VerifyPopServerConnection!add.jspa component in Atlassian Jira Ser ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d664e211d79966f7fb335d009481935c632cf5f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d664e211d79966f7fb335d009481935c632cf5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210914/7dd13724/attachment.htm>
More information about the debian-security-tracker-commits
mailing list