[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 22 09:10:22 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2a97329 by security tracker role at 2021-09-22T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2021-41560
+	RESERVED
+CVE-2021-41559
+	RESERVED
+CVE-2021-41558
+	RESERVED
+CVE-2021-41557
+	RESERVED
+CVE-2021-41556
+	RESERVED
+CVE-2021-41555
+	RESERVED
+CVE-2021-41554
+	RESERVED
+CVE-2021-41553
+	RESERVED
+CVE-2021-41552
+	RESERVED
+CVE-2021-41551
+	RESERVED
+CVE-2021-41550
+	RESERVED
+CVE-2021-41549
+	RESERVED
+CVE-2021-41548
+	RESERVED
 CVE-2021-41547
 	RESERVED
 CVE-2021-41546
@@ -339,8 +365,8 @@ CVE-2021-41384
 	RESERVED
 CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute ...)
 	NOT-FOR-US: Netgear
-CVE-2021-41382
-	RESERVED
+CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server managem ...)
+	TODO: check
 CVE-2021-41381
 	RESERVED
 CVE-2021-3816
@@ -969,10 +995,10 @@ CVE-2021-41089
 	RESERVED
 CVE-2021-41088
 	RESERVED
-CVE-2021-41087
-	RESERVED
-CVE-2021-41086
-	RESERVED
+CVE-2021-41087 (in-toto-golang is a go implementation of the in-toto framework to prot ...)
+	TODO: check
+CVE-2021-41086 (jsuites is an open source collection of common required javascript web ...)
+	TODO: check
 CVE-2021-41085
 	RESERVED
 CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected version ...)
@@ -4825,7 +4851,7 @@ CVE-2021-39367 (Canon Oce Print Exec Workgroup 1.3.2 allows Host header injectio
 CVE-2021-39366
 	RESERVED
 CVE-2021-39365 (In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certifi ...)
-	{DSA-4964-1}
+	{DSA-4964-1 DLA-2762-1}
 	- grilo 0.3.13-1.1 (bug #992971)
 	NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
 	NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146
@@ -7916,8 +7942,8 @@ CVE-2021-3683
 	RESERVED
 CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...)
 	NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
-CVE-2021-38112
-	RESERVED
+CVE-2021-38112 (In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument  ...)
+	TODO: check
 CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...)
 	NOT-FOR-US: DEF CON 27 badge
 CVE-2021-38110
@@ -22897,8 +22923,8 @@ CVE-2021-31821
 	RESERVED
 CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...)
 	NOT-FOR-US: Octopus Server
-CVE-2021-31819
-	RESERVED
+CVE-2021-31819 (In Halibut versions prior to 4.4.7 there is a deserialisation vulnerab ...)
+	TODO: check
 CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL  ...)
 	NOT-FOR-US: Octopus Server
 CVE-2021-31817 (When configuring Octopus Server if it is configured with an external S ...)
@@ -53345,9 +53371,9 @@ CVE-2020-35543
 CVE-2020-35542 (Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize ...)
 	NOT-FOR-US: Unisys
 CVE-2020-35541
-	RESERVED
+	REJECTED
 CVE-2020-35540
-	RESERVED
+	REJECTED
 CVE-2020-35539
 	RESERVED
 CVE-2020-35538
@@ -75020,22 +75046,22 @@ CVE-2020-23275
 	RESERVED
 CVE-2020-23274
 	RESERVED
-CVE-2020-23273
-	RESERVED
+CVE-2020-23273 (Heap-buffer overflow in the randomize_iparp function in edit_packet.c. ...)
+	TODO: check
 CVE-2020-23272
 	RESERVED
 CVE-2020-23271
 	RESERVED
 CVE-2020-23270
 	RESERVED
-CVE-2020-23269
-	RESERVED
+CVE-2020-23269 (An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function ...)
+	TODO: check
 CVE-2020-23268
 	RESERVED
-CVE-2020-23267
-	RESERVED
-CVE-2020-23266
-	RESERVED
+CVE-2020-23267 (An issue was discovered in gpac 0.8.0. The gf_hinter_track_process fun ...)
+	TODO: check
+CVE-2020-23266 (An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function  ...)
+	TODO: check
 CVE-2020-23265
 	RESERVED
 CVE-2020-23264 (Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remot ...)
@@ -85693,11 +85719,11 @@ CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password 7.3.
 	NOT-FOR-US: 1Password
 CVE-2020-18172 (A code injection vulnerability in the SeDebugPrivilege component of Tr ...)
 	NOT-FOR-US: Trezor Bridge
-CVE-2020-18171 (TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) w ...)
+CVE-2020-18171 (** DISPUTED ** TechSmith Snagit 19.1.0.2653 uses Object Linking and Em ...)
 	NOT-FOR-US: TechSmith Snagit
 CVE-2020-18170 (An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager ...)
 	NOT-FOR-US: Abloy Key Manager
-CVE-2020-18169 (A vulnerability in the Windows installer XML (WiX) toolset of TechSmit ...)
+CVE-2020-18169 (** DISPUTED ** A vulnerability in the Windows installer XML (WiX) tool ...)
 	NOT-FOR-US: TechSmith Snagit
 CVE-2020-18168
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2a97329eb277944c7a59541a2f77ba35ca82e34

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2a97329eb277944c7a59541a2f77ba35ca82e34
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210922/766f8fd9/attachment.htm>

More information about the debian-security-tracker-commits mailing list