[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: e8ca41e5 by Henri Salo at 2021-06-16T08:04:48+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91495,6 +91495,7 @@ CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 NOTE: https://github.com/apache/trafficserver/pull/6922 CVE-2020-9493 RESERVED + NOT-FOR-US: Apache Chainsaw CVE-2020-9492 (In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alph ...) - hadoop (bug #793644) CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ca41e56c93d2f1110379460e1f1e04714e26c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ca41e56c93d2f1110379460e1f1e04714e26c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cbd560ad by Moritz Mühlenhoff at 2021-06-15T22:50:15+02:00 xen DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[15 Jun 2021] DSA-4931-1 xen - security update + {CVE-2021-0089 CVE-2021-26313 CVE-2021-28690 CVE-2021-28692} + [buster] - xen 4.11.4+107-gef32c7afa2-1 [10 Jun 2021] DSA-4930-1 libwebp - security update {CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332} [buster] - libwebp 0.6.1-2+deb10u1 = data/dsa-needed.txt = @@ -37,5 +37,3 @@ runc -- salt -- -xen (jmm) --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd560ad922817219b42cd574591dab88e62b4c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd560ad922817219b42cd574591dab88e62b4c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: LTS: Add note aboue CVE-2021-32920 f0r stretch
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ffcd211 by Anton Gladky at 2021-06-15T22:42:50+02:00 LTS: Add note aboue CVE-2021-32920 f0r stretch - - - - - 0ed7dc74 by Anton Gladky at 2021-06-15T22:42:50+02:00 Reserve DLA-2687-1 for prosody - - - - - 7285bb9a by Anton Gladky at 2021-06-15T22:42:50+02:00 LTS: take scilab - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -3980,6 +3980,7 @@ CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not us CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood ...) {DSA-4916-1} - prosody 0.11.9-1 (bug #988668) + [stretch] - prosody (Fix is consisting of many patches. Not appliable. Ingored) NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 NOTE: https://prosody.im/security/advisory_20210512.txt NOTE: https://hg.prosody.im/trunk/rev/55ef50d6cf65 = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Jun 2021] DLA-2687-1 prosody - security update + {CVE-2021-32917 CVE-2021-32921} + [stretch] - prosody 0.9.12-2+deb9u3 [15 Jun 2021] DLA-2686-1 python-urllib3 - security update {CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2020-26137} [stretch] - python-urllib3 1.19.1-1+deb9u1 = data/dla-needed.txt = @@ -75,11 +75,6 @@ nvidia-graphics-drivers -- openexr -- -prosody (Anton Gladky) - NOTE: 20210519: at least the 10MB limit mentioned in CVE-2021-32918 is present - NOTE: 20210530: WIP - NOTE: 20210613: WIP --- python-babel (Abhijith PA) -- python-pip (Abhijith PA) @@ -113,7 +108,7 @@ salt NOTE: 20210510: will try to release ASAP; also preparing update for buster (DSA). (utkarsh) NOTE: 20210607: new CVE patch proposed by damien; donfede to provide a debdiff. (utkarsh) -- -scilab +scilab (Anton Gladky) NOTE: 20210615: vulnerability in embedded ezXML.(abhijith) -- shiro (Roberto C. Sánchez) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8beba61e4e8eb176c1692f5fe30a2d3ba17169e8...7285bb9ab5c1db89a86e0dcadd4bc2cb55566f36 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8beba61e4e8eb176c1692f5fe30a2d3ba17169e8...7285bb9ab5c1db89a86e0dcadd4bc2cb55566f36 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references for CVE-2021-34693
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8beba61e by Salvatore Bonaccorso at 2021-06-15T22:40:20+02:00 Add references for CVE-2021-34693 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8,6 +8,8 @@ CVE-2021-34694 RESERVED CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...) - linux + NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1 + NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693 NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/ CVE-2021-34692 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8beba61e4e8eb176c1692f5fe30a2d3ba17169e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8beba61e4e8eb176c1692f5fe30a2d3ba17169e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-31215/slurm-wlm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3508304d by Salvatore Bonaccorso at 2021-06-15T22:24:55+02:00 Track fixed version for CVE-2021-31215/slurm-wlm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8129,7 +8129,7 @@ CVE-2021-31217 CVE-2021-31216 RESERVED CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...) - - slurm-wlm (bug #988439) + - slurm-wlm 20.11.7-1 (bug #988439) - slurm-llnl [stretch] - slurm-llnl (env is already SPANKed) NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3508304dfa1556c78dde4962e7fcccd2c9aedc6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3508304dfa1556c78dde4962e7fcccd2c9aedc6e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 854d9422 by security tracker role at 2021-06-15T20:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2021-3603 + RESERVED +CVE-2021-3602 + RESERVED CVE-2021-34695 RESERVED CVE-2021-34694 @@ -7129,8 +7133,7 @@ CVE-2021-31620 RESERVED CVE-2021-31619 RESERVED -CVE-2021-31618 [httpd: NULL pointer dereference on specially crafted HTTP/2 request] - RESERVED +CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ...) [experimental] - apache2 2.4.48-1 - apache2 2.4.46-5 (bug #989562) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618 @@ -50993,6 +50996,7 @@ CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access P CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brackets in ...) NOT-FOR-US: SilverStripe CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...) + {DLA-2686-1} - python-urllib3 1.25.9-1 [buster] - python-urllib3 (Minor issue) NOTE: https://bugs.python.org/issue39603 @@ -140870,6 +140874,7 @@ CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, whic NOTE: Introduced in: https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2 NOTE: Fixed by: https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles certain cases ...) + {DLA-2686-1} - python-urllib3 1.25.6-4 (bug #927412) [buster] - python-urllib3 (Minor issue) [jessie] - python-urllib3 (Vulnerable code introduced later) @@ -141096,7 +141101,7 @@ CVE-2019-11238 CVE-2019-11237 RESERVED CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...) - {DLA-1828-1} + {DLA-2686-1 DLA-1828-1} [experimental] - python-urllib3 1.25.6-1 - python-urllib3 1.25.6-4 (bug #927172) [buster] - python-urllib3 (Minor issue) @@ -166650,6 +166655,7 @@ CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/ CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through ...) NOT-FOR-US: Frappe ERPNext CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP hea ...) + {DLA-2686-1} - python-urllib3 1.24-1 [jessie] - python-urllib3 (Minor issue) NOTE: https://github.com/urllib3/urllib3/issues/1316 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/854d9422e8b475425fd714144b4b524a6400ba5a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/854d9422e8b475425fd714144b4b524a6400ba5a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add more (potential) iotjs issues (embedding jerryscript)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 76453146 by Salvatore Bonaccorso at 2021-06-15T21:18:23+02:00 Add more (potential) iotjs issues (embedding jerryscript) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -57441,15 +57441,20 @@ CVE-2020-23325 CVE-2020-23324 RESERVED CVE-2020-23323 (There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3871 CVE-2020-23322 (There is an Assertion in 'context_p-token.type == LEXER_RIGHT_BRAC ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3869 CVE-2020-23321 (There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_ ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3870 CVE-2020-23320 (There is an Assertion in 'context_p-next_scanner_info_p-type = ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3835 CVE-2020-23319 (There is an Assertion in '(flags CBC_STACK_ADJUST_SHIFT) ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3834 CVE-2020-23318 RESERVED CVE-2020-23317 @@ -57459,31 +57464,41 @@ CVE-2020-23316 CVE-2020-23315 RESERVED CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3825 CVE-2020-23313 (There is an Assertion 'scope_stack_p context_p-scope_stack_p' ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3823 CVE-2020-23312 (There is an Assertion 'context.status_flags PARSER_SCANNING_SUCC ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3824 CVE-2020-23311 (There is an Assertion 'context_p-token.type == LEXER_RIGHT_BRACE | ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3822 CVE-2020-23310 (There is an Assertion 'context_p-next_scanner_info_p-type == S ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3821 CVE-2020-23309 (There is an Assertion 'context_p-stack_depth == context_p-cont ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3820 CVE-2020-23308 (There is an Assertion 'context_p-stack_top_uint8 == LEXER_EXPRESSI ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3819 CVE-2020-23307 RESERVED CVE-2020-23306 (There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_m ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3753 CVE-2020-23305 RESERVED CVE-2020-23304 RESERVED CVE-2020-23303 (There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_co ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3749 CVE-2020-23302 (There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_re ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3748 CVE-2020-23301 RESERVED CVE-2020-23300 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76453146d0815081682f14d2e1271c737a93adc5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76453146d0815081682f14d2e1271c737a93adc5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e696f687 by Salvatore Bonaccorso at 2021-06-15T21:17:50+02:00 Process several NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47244,7 +47244,7 @@ CVE-2021-0086 (Improper permissions in the installer for the Intel(R) Brand Veri NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314"). - TODO: check + NOT-FOR-US: Intel CVE-2021-0085 RESERVED CVE-2021-0084 @@ -54946,13 +54946,13 @@ CVE-2020-24511 (Improper isolation of shared resources in some Intel(R) Processo CVE-2020-24510 RESERVED CVE-2020-24509 (Insufficient control flow management in subsystem in Intel(R) SPS vers ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-24508 RESERVED CVE-2020-24507 (Improper initialization in a subsystem in the Intel(R) CSME versions b ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-24506 (Out of bound read in a subsystem in the Intel(R) CSME versions before ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R) 700-ser ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapt ...) @@ -54999,7 +54999,7 @@ CVE-2020-24488 CVE-2020-24487 RESERVED CVE-2020-24486 (Improper input validation in the firmware for some Intel(R) Processors ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-24485 (Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux b ...) NOT-FOR-US: Intel CVE-2020-24484 @@ -55021,11 +55021,11 @@ CVE-2020-24477 CVE-2020-24476 RESERVED CVE-2020-24475 (Improper initialization in the BMC firmware for some Intel(R) Server B ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-24474 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-24473 (Out of bounds write in the BMC firmware for some Intel(R) Server Board ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-24472 RESERVED CVE-2020-24471 @@ -74373,27 +74373,27 @@ CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-f CVE-2020-15388 RESERVED CVE-2020-15387 (The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7. ...) - TODO: check + NOT-FOR-US: Brocade CVE-2020-15386 (Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2 ...) - TODO: check + NOT-FOR-US: Brocade CVE-2020-15385 (Brocade SANnav before version 2.1.1 allows an authenticated attacker t ...) - TODO: check + NOT-FOR-US: Brocade CVE-2020-15384 (Brocade SANNav before version 2.1.1 contains an information disclosure ...) - TODO: check + NOT-FOR-US: Brocade CVE-2020-15383 (Running security scans against the SAN switch can cause config and sec ...) - TODO: check + NOT-FOR-US: Brocade CVE-2020-15382 (Brocade SANnav before version 2.1.1 uses a hard-coded administrator ac ...) - TODO: check + NOT-FOR-US: Brocade CVE-2020-15381 (Brocade SANnav before version 2.1.1 contains an Improper Authenticatio ...) - TODO: check + NOT-FOR-US: Brocade CVE-2020-15380 (Brocade SANnav before version 2.1.1 logs account credentials at the
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-21382/restund
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 91781ab4 by Salvatore Bonaccorso at 2021-06-15T21:07:39+02:00 Add CVE-2021-21382/restund - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32516,7 +32516,7 @@ CVE-2021-21384 (shescape is a simple shell escape package for JavaScript. In she CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before versi ...) NOT-FOR-US: Wiki.js CVE-2021-21382 (Restund is an open source NAT traversal server. The restund TURN serve ...) - TODO: check + - restund (bug #804846) CVE-2021-21380 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime services fo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91781ab441551a45c046de1db3e1a96a73cd0b00 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91781ab441551a45c046de1db3e1a96a73cd0b00 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3013/rust-ripgrep
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 63e4a8ac by Salvatore Bonaccorso at 2021-06-15T21:05:42+02:00 Add CVE-2021-3013/rust-ripgrep - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -30003,7 +30003,7 @@ CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vuln CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...) NOT-FOR-US: MikroTik RouterOS CVE-2021-3013 (ripgrep before 13 allows attackers to trigger execution of arbitrary p ...) - TODO: check + - rust-ripgrep (Only affects ripgrep on Windows) CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...) NOT-FOR-US: ESRI ArcGIS Online CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e4a8ac820f83b0c268363afebfd3f91acc8375 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e4a8ac820f83b0c268363afebfd3f91acc8375 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add python-babel python-pip and scilab to dla
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: df5f1fb4 by Abhijith PA at 2021-06-15T23:55:47+05:30 Add python-babel python-pip and scilab to dla - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -80,6 +80,10 @@ prosody (Anton Gladky) NOTE: 20210530: WIP NOTE: 20210613: WIP -- +python-babel (Abhijith PA) +-- +python-pip (Abhijith PA) +-- ruby-actionpack-page-caching (Markus Koschany) NOTE: 20200819: Upstream's patch on does not apply due to subsequent NOTE: 20200819: refactoring. However, a quick look at the private @@ -109,6 +113,9 @@ salt NOTE: 20210510: will try to release ASAP; also preparing update for buster (DSA). (utkarsh) NOTE: 20210607: new CVE patch proposed by damien; donfede to provide a debdiff. (utkarsh) -- +scilab + NOTE: 20210615: vulnerability in embedded ezXML.(abhijith) +-- shiro (Roberto C. Sánchez) NOTE: 20200920: WIP NOTE: 20200928: Still awaiting reponse to request for assistance sent to upstream dev list. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df5f1fb4d12399f30f3b70aa3ae080ca7e4a2491 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df5f1fb4d12399f30f3b70aa3ae080ca7e4a2491 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-34363 CVE-2021-33204 CVE-2021-34557 no-dsa for stretch
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 27de3130 by Abhijith PA at 2021-06-15T16:37:29+05:30 Mark CVE-2021-34363 CVE-2021-33204 CVE-2021-34557 no-dsa for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -703,6 +703,7 @@ CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow X NOT-FOR-US: Refined GitHub browser extension CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows Path ...) - thefuck + [stretch] - thefuck (Minor issue) NOTE: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31) NOTE: https://github.com/nvbn/thefuck/pull/1206 CVE-2021-34362 @@ -3291,6 +3292,7 @@ CVE-2021-3556 TODO: cleanup after official reject CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.5.1 fo ...) - pg-partman 4.5.1-1 (bug #988917) + [stretch] - pg-partman (Minor issue) NOTE: https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3 CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...) {DLA-2676-1} @@ -7410,6 +7412,7 @@ CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/no NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuch...@huawei.com/ CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than ten dis ...) - xscreensaver 5.45+dfsg1-2 (bug #989508) + [stretch] - xscreensaver (Minor issue, fix along with next dla) NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/2 NOTE: https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27de31304970bb3c32ddc6e224d0fe95ce469a13 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27de31304970bb3c32ddc6e224d0fe95ce469a13 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2686-1 for python-urllib3
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 5b4b852d by Abhijith PA at 2021-06-15T16:26:13+05:30 Reserve DLA-2686-1 for python-urllib3 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Jun 2021] DLA-2686-1 python-urllib3 - security update + {CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2020-26137} + [stretch] - python-urllib3 1.19.1-1+deb9u1 [14 Jun 2021] DLA-2685-1 squid3 - security update {CVE-2021-28651 CVE-2021-28652 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620} [stretch] - squid3 3.5.23-5+deb9u7 = data/dla-needed.txt = @@ -75,8 +75,6 @@ nvidia-graphics-drivers -- openexr -- -python-urllib3 (Abhijith PA) --- prosody (Anton Gladky) NOTE: 20210519: at least the 10MB limit mentioned in CVE-2021-32918 is present NOTE: 20210530: WIP View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4b852d4f4118431ab93a8bbf1cdfc5dc70245b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4b852d4f4118431ab93a8bbf1cdfc5dc70245b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] urllib3 in stretch seems vulnerable to CVE-2021-33503. Upstream changed
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: c3235556 by Abhijith PA at 2021-06-15T15:32:37+05:30 urllib3 in stretch seems vulnerable to CVE-2021-33503. Upstream changed URL parsing to RFC 3986 standards. Fixes are on top of this change. Thus marking CVE-2021-33503 ignored. Remove no-dsa tags for CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2020-26137. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2651,6 +2651,7 @@ CVE-2021-33504 CVE-2021-33503 [Catastrophic backtracking in URL authority parser when passed URL containing many @ characters] RESERVED - python-urllib3 (bug #989848) + [stretch] - python-urllib3 (Intrusive to backport) NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg NOTE: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...) @@ -50991,7 +50992,6 @@ CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brack CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...) - python-urllib3 1.25.9-1 [buster] - python-urllib3 (Minor issue) - [stretch] - python-urllib3 (Minor issue) NOTE: https://bugs.python.org/issue39603 NOTE: https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b (1.25.9) NOTE: https://github.com/urllib3/urllib3/pull/1800 @@ -140854,7 +140854,6 @@ CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, whic CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles certain cases ...) - python-urllib3 1.25.6-4 (bug #927412) [buster] - python-urllib3 (Minor issue) - [stretch] - python-urllib3 (Minor issue) [jessie] - python-urllib3 (Vulnerable code introduced later) NOTE: https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1 NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/3 @@ -141083,7 +141082,6 @@ CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection [experimental] - python-urllib3 1.25.6-1 - python-urllib3 1.25.6-4 (bug #927172) [buster] - python-urllib3 (Minor issue) - [stretch] - python-urllib3 (Minor issue) NOTE: https://github.com/urllib3/urllib3/issues/1553 NOTE: https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d NOTE: https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162 @@ -166635,7 +166633,6 @@ CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x th NOT-FOR-US: Frappe ERPNext CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP hea ...) - python-urllib3 1.24-1 - [stretch] - python-urllib3 (Minor issue) [jessie] - python-urllib3 (Minor issue) NOTE: https://github.com/urllib3/urllib3/issues/1316 NOTE: https://github.com/urllib3/urllib3/pull/1346 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3235556f7da9bec3b5a87c6bf6c138d8e46b1eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3235556f7da9bec3b5a87c6bf6c138d8e46b1eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-34693/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61bc1180 by Salvatore Bonaccorso at 2021-06-15T11:37:12+02:00 Add CVE-2021-34693/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,8 @@ CVE-2021-34695 CVE-2021-34694 RESERVED CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...) - TODO: check + - linux + NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/ CVE-2021-34692 RESERVED CVE-2021-34691 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61bc11805199ff512dfd4a439c48811e5ebd6187 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61bc11805199ff512dfd4a439c48811e5ebd6187 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new otrs issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f2a029b2 by Moritz Muehlenhoff at 2021-06-15T10:40:36+02:00 new otrs issue fill in details for keystone issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2667,9 +2667,11 @@ CVE-2021-33498 RESERVED CVE-2021-3563 RESERVED - - keystone + - keystone + [bullseye] - keystone (Minor issue) + [buster] - keystone (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908 - TODO: scarce details on it if there are upstream references, try to get more information + NOTE: https://bugs.launchpad.net/keystone/+bug/1901891 CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for de ...) NOT-FOR-US: Dutchcoders transfer.sh CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. ...) @@ -31821,7 +31823,10 @@ CVE-2021-21441 CVE-2021-21440 RESERVED CVE-2021-21439 (DoS attack can be performed when an email contains specially designed ...) - TODO: check + - otrs2 + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-09/ + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye + NOTE: src:otrs2 is the znuny fork) CVE-2021-21438 (Agents are able to see linked FAQ articles without permissions (define ...) NOT-FOR-US: OTRS FAQ addon (and OTRS 7 which is proprietary) CVE-2021-21437 (Agents are able to see linked Config Items without permissions, which ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2a029b2017593452dcd69be52fb5d7eb091ef5a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2a029b2017593452dcd69be52fb5d7eb091ef5a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a47100d by Moritz Muehlenhoff at 2021-06-15T10:23:22+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4464,7 +4464,7 @@ CVE-2021-32686 CVE-2021-32685 RESERVED CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...) - TODO: check + NOT-FOR-US: Create Magento app CVE-2021-32683 RESERVED CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...) @@ -16258,7 +16258,7 @@ CVE-2021-27889 (Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 v CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off ...) NOT-FOR-US: ZendTo CVE-2021-27887 (Cross-site Scripting (XSS) vulnerability in the main dashboard of Elli ...) - TODO: check + NOT-FOR-US: Ellipse APM CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command injection in ...) NOT-FOR-US: rakibtg Docker Dashboard CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...) @@ -17797,7 +17797,7 @@ CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server throug CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...) NOT-FOR-US: Pelco Digital Sentry Server CVE-2021-27196 (Improper Input Validation vulnerability in Hitachi ABB Power Grids Rel ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to and inc ...) NOT-FOR-US: Netop Vision Pro CVE-2021-27194 (Cleartext transmission of sensitive information in Netop Vision Pro up ...) @@ -18614,7 +18614,7 @@ CVE-2021-26847 CVE-2021-26846 RESERVED CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS al ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2021-26844 RESERVED CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems where th ...) @@ -29555,7 +29555,7 @@ CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE ver CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22175 (When requests to the internal network for webhooks are enabled, a serv ...) - TODO: check + - gitlab CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...) - wireshark 3.4.3-1 (bug #981791) [buster] - wireshark (Affected code not present) @@ -30847,13 +30847,13 @@ CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, CVE-2021-21558 (Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, co ...) NOT-FOR-US: EMC CVE-2021-21557 (Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-21556 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-21553 RESERVED CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier ...) @@ -36424,7 +36424,7 @@ CVE-2021-20029 CVE-2021-20028 RESERVED CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...) NOT-FOR-US: SonicWall CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and earlier ...) @@ -41417,7 +41417,7 @@ CVE-2020-28715 CVE-2020-28714 RESERVED CVE-2020-28713 (Incorrect access control in push notification service in Night Owl Sma ...) - TODO: check + NOT-FOR-US: Night Owl Smart Doorbell CVE-2020-28712 RESERVED CVE-2020-28711 @@ -48044,7 +48044,7 @@ CVE-2020-27385 (Incorrect Access Control in the FileEditor (/Admin/Views/FileEdi CVE-2020-27384 (The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an ...) NOT-FOR-US: Guild Wars 2 launcher CVE-2020-27383 (Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of ...) - TODO: check + NOT-FOR-US: Battle.Net CVE-2020-27382 RESERVED CVE-2020-27381 @@ -50075,11 +50075,11 @@ CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write w CVE-2020-26518 (Artica Pandora FMS before 743 allows
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e93f1f5 by security tracker role at 2021-06-15T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2021-34695 + RESERVED +CVE-2021-34694 + RESERVED +CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...) + TODO: check +CVE-2021-34692 + RESERVED +CVE-2021-34691 + RESERVED +CVE-2021-34690 + RESERVED +CVE-2021-34689 + RESERVED +CVE-2021-34688 + RESERVED +CVE-2021-34687 + RESERVED CVE-2021-3601 RESERVED CVE-2021-34686 @@ -4445,8 +4463,8 @@ CVE-2021-32686 RESERVED CVE-2021-32685 RESERVED -CVE-2021-32684 - RESERVED +CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...) + TODO: check CVE-2021-32683 RESERVED CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...) @@ -16239,8 +16257,8 @@ CVE-2021-27889 (Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 v NOT-FOR-US: MyBB CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off ...) NOT-FOR-US: ZendTo -CVE-2021-27887 - RESERVED +CVE-2021-27887 (Cross-site Scripting (XSS) vulnerability in the main dashboard of Elli ...) + TODO: check CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command injection in ...) NOT-FOR-US: rakibtg Docker Dashboard CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...) @@ -17778,8 +17796,8 @@ CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server throug NOT-FOR-US: Visualware MyConnection Server CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...) NOT-FOR-US: Pelco Digital Sentry Server -CVE-2021-27196 - RESERVED +CVE-2021-27196 (Improper Input Validation vulnerability in Hitachi ABB Power Grids Rel ...) + TODO: check CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to and inc ...) NOT-FOR-US: Netop Vision Pro CVE-2021-27194 (Cleartext transmission of sensitive information in Netop Vision Pro up ...) @@ -18595,8 +18613,8 @@ CVE-2021-26847 RESERVED CVE-2021-26846 RESERVED -CVE-2021-26845 - RESERVED +CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS al ...) + TODO: check CVE-2021-26844 RESERVED CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems where th ...) @@ -30828,14 +30846,14 @@ CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, NOT-FOR-US: EMC CVE-2021-21558 (Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, co ...) NOT-FOR-US: EMC -CVE-2021-21557 - RESERVED -CVE-2021-21556 - RESERVED -CVE-2021-21555 - RESERVED -CVE-2021-21554 - RESERVED +CVE-2021-21557 (Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain ...) + TODO: check +CVE-2021-21556 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) + TODO: check +CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) + TODO: check +CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) + TODO: check CVE-2021-21553 RESERVED CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier ...) @@ -36405,8 +36423,8 @@ CVE-2021-20029 RESERVED CVE-2021-20028 RESERVED -CVE-2021-20027 - RESERVED +CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...) + TODO: check CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...) NOT-FOR-US: SonicWall CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and earlier ...) @@ -44661,8 +44679,7 @@ CVE-2021-0469 RESERVED CVE-2021-0468 (In LK, there is a possible escalation of privilege due to an insecure ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0467 - RESERVED +CVE-2021-0467 (In Chromecast bootROM, there is a possible out of bounds write due to ...) NOT-FOR-US: AMLogic CVE-2021-0466 (In startIpClient of ClientModeImpl.java, there is a possible identifie ...) NOT-FOR-US: Android @@ -44959,8 +44976,7 @@ CVE-2021-0326 (In p2p_copy_client_info of p2p.c, there is a possible out of boun NOTE: https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e CVE-2021-0325 (In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible o ...)