[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: e8ca41e5 by Henri Salo at 2021-06-16T08:04:48+03:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91495,6 +91495,7 @@ CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 NOTE: https://github.com/apache/trafficserver/pull/6922 CVE-2020-9493 RESERVED + NOT-FOR-US: Apache Chainsaw CVE-2020-9492 (In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alph ...) - hadoop (bug #793644) CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ca41e56c93d2f1110379460e1f1e04714e26c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ca41e56c93d2f1110379460e1f1e04714e26c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cbd560ad by Moritz Mühlenhoff at 2021-06-15T22:50:15+02:00
xen DSA
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[15 Jun 2021] DSA-4931-1 xen - security update
+ {CVE-2021-0089 CVE-2021-26313 CVE-2021-28690 CVE-2021-28692}
+ [buster] - xen 4.11.4+107-gef32c7afa2-1
[10 Jun 2021] DSA-4930-1 libwebp - security update
{CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25013
CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331
CVE-2020-36332}
[buster] - libwebp 0.6.1-2+deb10u1
=
data/dsa-needed.txt
=
@@ -37,5 +37,3 @@ runc
--
salt
--
-xen (jmm)
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd560ad922817219b42cd574591dab88e62b4c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd560ad922817219b42cd574591dab88e62b4c3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: LTS: Add note aboue CVE-2021-32920 f0r stretch
Anton Gladky pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1ffcd211 by Anton Gladky at 2021-06-15T22:42:50+02:00
LTS: Add note aboue CVE-2021-32920 f0r stretch
- - - - -
0ed7dc74 by Anton Gladky at 2021-06-15T22:42:50+02:00
Reserve DLA-2687-1 for prosody
- - - - -
7285bb9a by Anton Gladky at 2021-06-15T22:42:50+02:00
LTS: take scilab
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -3980,6 +3980,7 @@ CVE-2021-32921 (An issue was discovered in Prosody before
0.11.9. It does not us
CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled CPU Consumption via
a flood ...)
{DSA-4916-1}
- prosody 0.11.9-1 (bug #988668)
+ [stretch] - prosody (Fix is consisting of many patches. Not
appliable. Ingored)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
NOTE: https://hg.prosody.im/trunk/rev/55ef50d6cf65
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[15 Jun 2021] DLA-2687-1 prosody - security update
+ {CVE-2021-32917 CVE-2021-32921}
+ [stretch] - prosody 0.9.12-2+deb9u3
[15 Jun 2021] DLA-2686-1 python-urllib3 - security update
{CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2020-26137}
[stretch] - python-urllib3 1.19.1-1+deb9u1
=
data/dla-needed.txt
=
@@ -75,11 +75,6 @@ nvidia-graphics-drivers
--
openexr
--
-prosody (Anton Gladky)
- NOTE: 20210519: at least the 10MB limit mentioned in CVE-2021-32918 is
present
- NOTE: 20210530: WIP
- NOTE: 20210613: WIP
---
python-babel (Abhijith PA)
--
python-pip (Abhijith PA)
@@ -113,7 +108,7 @@ salt
NOTE: 20210510: will try to release ASAP; also preparing update for buster
(DSA). (utkarsh)
NOTE: 20210607: new CVE patch proposed by damien; donfede to provide a
debdiff. (utkarsh)
--
-scilab
+scilab (Anton Gladky)
NOTE: 20210615: vulnerability in embedded ezXML.(abhijith)
--
shiro (Roberto C. Sánchez)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8beba61e4e8eb176c1692f5fe30a2d3ba17169e8...7285bb9ab5c1db89a86e0dcadd4bc2cb55566f36
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8beba61e4e8eb176c1692f5fe30a2d3ba17169e8...7285bb9ab5c1db89a86e0dcadd4bc2cb55566f36
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references for CVE-2021-34693
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8beba61e by Salvatore Bonaccorso at 2021-06-15T22:40:20+02:00 Add references for CVE-2021-34693 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8,6 +8,8 @@ CVE-2021-34694 RESERVED CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...) - linux + NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1 + NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693 NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/ CVE-2021-34692 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8beba61e4e8eb176c1692f5fe30a2d3ba17169e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8beba61e4e8eb176c1692f5fe30a2d3ba17169e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-31215/slurm-wlm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3508304d by Salvatore Bonaccorso at 2021-06-15T22:24:55+02:00 Track fixed version for CVE-2021-31215/slurm-wlm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8129,7 +8129,7 @@ CVE-2021-31217 CVE-2021-31216 RESERVED CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...) - - slurm-wlm (bug #988439) + - slurm-wlm 20.11.7-1 (bug #988439) - slurm-llnl [stretch] - slurm-llnl (env is already SPANKed) NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3508304dfa1556c78dde4962e7fcccd2c9aedc6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3508304dfa1556c78dde4962e7fcccd2c9aedc6e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
854d9422 by security tracker role at 2021-06-15T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2021-3603
+ RESERVED
+CVE-2021-3602
+ RESERVED
CVE-2021-34695
RESERVED
CVE-2021-34694
@@ -7129,8 +7133,7 @@ CVE-2021-31620
RESERVED
CVE-2021-31619
RESERVED
-CVE-2021-31618 [httpd: NULL pointer dereference on specially crafted HTTP/2
request]
- RESERVED
+CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol
checks rec ...)
[experimental] - apache2 2.4.48-1
- apache2 2.4.46-5 (bug #989562)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
@@ -50993,6 +50996,7 @@ CVE-2020-26139 (An issue was discovered in the kernel
in NetBSD 7.1. An Access P
CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square
brackets in ...)
NOT-FOR-US: SilverStripe
CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker
controls t ...)
+ {DLA-2686-1}
- python-urllib3 1.25.9-1
[buster] - python-urllib3 (Minor issue)
NOTE: https://bugs.python.org/issue39603
@@ -140870,6 +140874,7 @@ CVE-2019-11323 (HAProxy before 1.9.7 mishandles a
reload with rotated keys, whic
NOTE: Introduced in:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2
NOTE: Fixed by:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d
CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles
certain cases ...)
+ {DLA-2686-1}
- python-urllib3 1.25.6-4 (bug #927412)
[buster] - python-urllib3 (Minor issue)
[jessie] - python-urllib3 (Vulnerable code introduced
later)
@@ -141096,7 +141101,7 @@ CVE-2019-11238
CVE-2019-11237
RESERVED
CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF
injection is po ...)
- {DLA-1828-1}
+ {DLA-2686-1 DLA-1828-1}
[experimental] - python-urllib3 1.25.6-1
- python-urllib3 1.25.6-4 (bug #927172)
[buster] - python-urllib3 (Minor issue)
@@ -166650,6 +166655,7 @@ CVE-2018-20062 (An issue was discovered in NoneCms
V1.3. thinkphp/library/think/
CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x
through ...)
NOT-FOR-US: Frappe ERPNext
CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization
HTTP hea ...)
+ {DLA-2686-1}
- python-urllib3 1.24-1
[jessie] - python-urllib3 (Minor issue)
NOTE: https://github.com/urllib3/urllib3/issues/1316
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/854d9422e8b475425fd714144b4b524a6400ba5a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/854d9422e8b475425fd714144b4b524a6400ba5a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add more (potential) iotjs issues (embedding jerryscript)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 76453146 by Salvatore Bonaccorso at 2021-06-15T21:18:23+02:00 Add more (potential) iotjs issues (embedding jerryscript) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -57441,15 +57441,20 @@ CVE-2020-23325 CVE-2020-23324 RESERVED CVE-2020-23323 (There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3871 CVE-2020-23322 (There is an Assertion in 'context_p-token.type == LEXER_RIGHT_BRAC ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3869 CVE-2020-23321 (There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_ ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3870 CVE-2020-23320 (There is an Assertion in 'context_p-next_scanner_info_p-type = ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3835 CVE-2020-23319 (There is an Assertion in '(flags CBC_STACK_ADJUST_SHIFT) ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3834 CVE-2020-23318 RESERVED CVE-2020-23317 @@ -57459,31 +57464,41 @@ CVE-2020-23316 CVE-2020-23315 RESERVED CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3825 CVE-2020-23313 (There is an Assertion 'scope_stack_p context_p-scope_stack_p' ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3823 CVE-2020-23312 (There is an Assertion 'context.status_flags PARSER_SCANNING_SUCC ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3824 CVE-2020-23311 (There is an Assertion 'context_p-token.type == LEXER_RIGHT_BRACE | ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3822 CVE-2020-23310 (There is an Assertion 'context_p-next_scanner_info_p-type == S ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3821 CVE-2020-23309 (There is an Assertion 'context_p-stack_depth == context_p-cont ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3820 CVE-2020-23308 (There is an Assertion 'context_p-stack_top_uint8 == LEXER_EXPRESSI ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3819 CVE-2020-23307 RESERVED CVE-2020-23306 (There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_m ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3753 CVE-2020-23305 RESERVED CVE-2020-23304 RESERVED CVE-2020-23303 (There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_co ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3749 CVE-2020-23302 (There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_re ...) - TODO: check + - iotjs + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3748 CVE-2020-23301 RESERVED CVE-2020-23300 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76453146d0815081682f14d2e1271c737a93adc5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76453146d0815081682f14d2e1271c737a93adc5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e696f687 by Salvatore Bonaccorso at 2021-06-15T21:17:50+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -47244,7 +47244,7 @@ CVE-2021-0086 (Improper permissions in the installer
for the Intel(R) Brand Veri
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html
NOTE: Claimed to not affect Xen, Cf.
https://xenbits.xen.org/xsa/advisory-375.html in
NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0085
RESERVED
CVE-2021-0084
@@ -54946,13 +54946,13 @@ CVE-2020-24511 (Improper isolation of shared
resources in some Intel(R) Processo
CVE-2020-24510
RESERVED
CVE-2020-24509 (Insufficient control flow management in subsystem in Intel(R)
SPS vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-24508
RESERVED
CVE-2020-24507 (Improper initialization in a subsystem in the Intel(R) CSME
versions b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-24506 (Out of bound read in a subsystem in the Intel(R) CSME versions
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R)
700-ser ...)
NOT-FOR-US: Intel NIC firmware
CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet
E810 Adapt ...)
@@ -54999,7 +54999,7 @@ CVE-2020-24488
CVE-2020-24487
RESERVED
CVE-2020-24486 (Improper input validation in the firmware for some Intel(R)
Processors ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-24485 (Improper conditions check in the Intel(R) FPGA OPAE Driver for
Linux b ...)
NOT-FOR-US: Intel
CVE-2020-24484
@@ -55021,11 +55021,11 @@ CVE-2020-24477
CVE-2020-24476
RESERVED
CVE-2020-24475 (Improper initialization in the BMC firmware for some Intel(R)
Server B ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-24474 (Buffer overflow in the BMC firmware for some Intel(R) Server
Boards, S ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-24473 (Out of bounds write in the BMC firmware for some Intel(R)
Server Board ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-24472
RESERVED
CVE-2020-24471
@@ -74373,27 +74373,27 @@ CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG
through 2.3.1 has a use-after-f
CVE-2020-15388
RESERVED
CVE-2020-15387 (The host SSH servers of Brocade Fabric OS before Brocade
Fabric OS v7. ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2020-15386 (Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0
and 8.2 ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2020-15385 (Brocade SANnav before version 2.1.1 allows an authenticated
attacker t ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2020-15384 (Brocade SANNav before version 2.1.1 contains an information
disclosure ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2020-15383 (Running security scans against the SAN switch can cause config
and sec ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2020-15382 (Brocade SANnav before version 2.1.1 uses a hard-coded
administrator ac ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2020-15381 (Brocade SANnav before version 2.1.1 contains an Improper
Authenticatio ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2020-15380 (Brocade SANnav before version 2.1.1 logs account credentials
at the
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-21382/restund
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 91781ab4 by Salvatore Bonaccorso at 2021-06-15T21:07:39+02:00 Add CVE-2021-21382/restund - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32516,7 +32516,7 @@ CVE-2021-21384 (shescape is a simple shell escape package for JavaScript. In she CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before versi ...) NOT-FOR-US: Wiki.js CVE-2021-21382 (Restund is an open source NAT traversal server. The restund TURN serve ...) - TODO: check + - restund (bug #804846) CVE-2021-21380 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime services fo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91781ab441551a45c046de1db3e1a96a73cd0b00 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91781ab441551a45c046de1db3e1a96a73cd0b00 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3013/rust-ripgrep
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 63e4a8ac by Salvatore Bonaccorso at 2021-06-15T21:05:42+02:00 Add CVE-2021-3013/rust-ripgrep - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -30003,7 +30003,7 @@ CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vuln CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...) NOT-FOR-US: MikroTik RouterOS CVE-2021-3013 (ripgrep before 13 allows attackers to trigger execution of arbitrary p ...) - TODO: check + - rust-ripgrep (Only affects ripgrep on Windows) CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...) NOT-FOR-US: ESRI ArcGIS Online CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e4a8ac820f83b0c268363afebfd3f91acc8375 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e4a8ac820f83b0c268363afebfd3f91acc8375 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add python-babel python-pip and scilab to dla
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: df5f1fb4 by Abhijith PA at 2021-06-15T23:55:47+05:30 Add python-babel python-pip and scilab to dla - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -80,6 +80,10 @@ prosody (Anton Gladky) NOTE: 20210530: WIP NOTE: 20210613: WIP -- +python-babel (Abhijith PA) +-- +python-pip (Abhijith PA) +-- ruby-actionpack-page-caching (Markus Koschany) NOTE: 20200819: Upstream's patch on does not apply due to subsequent NOTE: 20200819: refactoring. However, a quick look at the private @@ -109,6 +113,9 @@ salt NOTE: 20210510: will try to release ASAP; also preparing update for buster (DSA). (utkarsh) NOTE: 20210607: new CVE patch proposed by damien; donfede to provide a debdiff. (utkarsh) -- +scilab + NOTE: 20210615: vulnerability in embedded ezXML.(abhijith) +-- shiro (Roberto C. Sánchez) NOTE: 20200920: WIP NOTE: 20200928: Still awaiting reponse to request for assistance sent to upstream dev list. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df5f1fb4d12399f30f3b70aa3ae080ca7e4a2491 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df5f1fb4d12399f30f3b70aa3ae080ca7e4a2491 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-34363 CVE-2021-33204 CVE-2021-34557 no-dsa for stretch
Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27de3130 by Abhijith PA at 2021-06-15T16:37:29+05:30
Mark CVE-2021-34363 CVE-2021-33204 CVE-2021-34557 no-dsa for stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -703,6 +703,7 @@ CVE-2021-34364 (The Refined GitHub browser extension before
21.6.8 might allow X
NOT-FOR-US: Refined GitHub browser extension
CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python
allows Path ...)
- thefuck
+ [stretch] - thefuck (Minor issue)
NOTE:
https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092
(3.31)
NOTE: https://github.com/nvbn/thefuck/pull/1206
CVE-2021-34362
@@ -3291,6 +3292,7 @@ CVE-2021-3556
TODO: cleanup after official reject
CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before
4.5.1 fo ...)
- pg-partman 4.5.1-1 (bug #988917)
+ [stretch] - pg-partman (Minor issue)
NOTE:
https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3
CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before
3.2.4 has a ...)
{DLA-2676-1}
@@ -7410,6 +7412,7 @@ CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw
was found in fs/f2fs/no
NOTE:
https://lore.kernel.org/lkml/20210322114730.71103-1-yuch...@huawei.com/
CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than
ten dis ...)
- xscreensaver 5.45+dfsg1-2 (bug #989508)
+ [stretch] - xscreensaver (Minor issue, fix along with next
dla)
NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/2
NOTE:
https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27de31304970bb3c32ddc6e224d0fe95ce469a13
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27de31304970bb3c32ddc6e224d0fe95ce469a13
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2686-1 for python-urllib3
Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5b4b852d by Abhijith PA at 2021-06-15T16:26:13+05:30
Reserve DLA-2686-1 for python-urllib3
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[15 Jun 2021] DLA-2686-1 python-urllib3 - security update
+ {CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2020-26137}
+ [stretch] - python-urllib3 1.19.1-1+deb9u1
[14 Jun 2021] DLA-2685-1 squid3 - security update
{CVE-2021-28651 CVE-2021-28652 CVE-2021-31806 CVE-2021-31807
CVE-2021-31808 CVE-2021-33620}
[stretch] - squid3 3.5.23-5+deb9u7
=
data/dla-needed.txt
=
@@ -75,8 +75,6 @@ nvidia-graphics-drivers
--
openexr
--
-python-urllib3 (Abhijith PA)
---
prosody (Anton Gladky)
NOTE: 20210519: at least the 10MB limit mentioned in CVE-2021-32918 is
present
NOTE: 20210530: WIP
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4b852d4f4118431ab93a8bbf1cdfc5dc70245b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4b852d4f4118431ab93a8bbf1cdfc5dc70245b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] urllib3 in stretch seems vulnerable to CVE-2021-33503. Upstream changed
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: c3235556 by Abhijith PA at 2021-06-15T15:32:37+05:30 urllib3 in stretch seems vulnerable to CVE-2021-33503. Upstream changed URL parsing to RFC 3986 standards. Fixes are on top of this change. Thus marking CVE-2021-33503 ignored. Remove no-dsa tags for CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2020-26137. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2651,6 +2651,7 @@ CVE-2021-33504 CVE-2021-33503 [Catastrophic backtracking in URL authority parser when passed URL containing many @ characters] RESERVED - python-urllib3 (bug #989848) + [stretch] - python-urllib3 (Intrusive to backport) NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg NOTE: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...) @@ -50991,7 +50992,6 @@ CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brack CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...) - python-urllib3 1.25.9-1 [buster] - python-urllib3 (Minor issue) - [stretch] - python-urllib3 (Minor issue) NOTE: https://bugs.python.org/issue39603 NOTE: https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b (1.25.9) NOTE: https://github.com/urllib3/urllib3/pull/1800 @@ -140854,7 +140854,6 @@ CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, whic CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles certain cases ...) - python-urllib3 1.25.6-4 (bug #927412) [buster] - python-urllib3 (Minor issue) - [stretch] - python-urllib3 (Minor issue) [jessie] - python-urllib3 (Vulnerable code introduced later) NOTE: https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1 NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/3 @@ -141083,7 +141082,6 @@ CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection [experimental] - python-urllib3 1.25.6-1 - python-urllib3 1.25.6-4 (bug #927172) [buster] - python-urllib3 (Minor issue) - [stretch] - python-urllib3 (Minor issue) NOTE: https://github.com/urllib3/urllib3/issues/1553 NOTE: https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d NOTE: https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162 @@ -166635,7 +166633,6 @@ CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x th NOT-FOR-US: Frappe ERPNext CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP hea ...) - python-urllib3 1.24-1 - [stretch] - python-urllib3 (Minor issue) [jessie] - python-urllib3 (Minor issue) NOTE: https://github.com/urllib3/urllib3/issues/1316 NOTE: https://github.com/urllib3/urllib3/pull/1346 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3235556f7da9bec3b5a87c6bf6c138d8e46b1eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3235556f7da9bec3b5a87c6bf6c138d8e46b1eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-34693/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61bc1180 by Salvatore Bonaccorso at 2021-06-15T11:37:12+02:00 Add CVE-2021-34693/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,8 @@ CVE-2021-34695 CVE-2021-34694 RESERVED CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...) - TODO: check + - linux + NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/ CVE-2021-34692 RESERVED CVE-2021-34691 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61bc11805199ff512dfd4a439c48811e5ebd6187 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61bc11805199ff512dfd4a439c48811e5ebd6187 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new otrs issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f2a029b2 by Moritz Muehlenhoff at 2021-06-15T10:40:36+02:00 new otrs issue fill in details for keystone issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2667,9 +2667,11 @@ CVE-2021-33498 RESERVED CVE-2021-3563 RESERVED - - keystone + - keystone + [bullseye] - keystone (Minor issue) + [buster] - keystone (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908 - TODO: scarce details on it if there are upstream references, try to get more information + NOTE: https://bugs.launchpad.net/keystone/+bug/1901891 CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for de ...) NOT-FOR-US: Dutchcoders transfer.sh CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. ...) @@ -31821,7 +31823,10 @@ CVE-2021-21441 CVE-2021-21440 RESERVED CVE-2021-21439 (DoS attack can be performed when an email contains specially designed ...) - TODO: check + - otrs2 + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-09/ + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye + NOTE: src:otrs2 is the znuny fork) CVE-2021-21438 (Agents are able to see linked FAQ articles without permissions (define ...) NOT-FOR-US: OTRS FAQ addon (and OTRS 7 which is proprietary) CVE-2021-21437 (Agents are able to see linked Config Items without permissions, which ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2a029b2017593452dcd69be52fb5d7eb091ef5a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2a029b2017593452dcd69be52fb5d7eb091ef5a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a47100d by Moritz Muehlenhoff at 2021-06-15T10:23:22+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4464,7 +4464,7 @@ CVE-2021-32686 CVE-2021-32685 RESERVED CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...) - TODO: check + NOT-FOR-US: Create Magento app CVE-2021-32683 RESERVED CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...) @@ -16258,7 +16258,7 @@ CVE-2021-27889 (Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 v CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off ...) NOT-FOR-US: ZendTo CVE-2021-27887 (Cross-site Scripting (XSS) vulnerability in the main dashboard of Elli ...) - TODO: check + NOT-FOR-US: Ellipse APM CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command injection in ...) NOT-FOR-US: rakibtg Docker Dashboard CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...) @@ -17797,7 +17797,7 @@ CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server throug CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...) NOT-FOR-US: Pelco Digital Sentry Server CVE-2021-27196 (Improper Input Validation vulnerability in Hitachi ABB Power Grids Rel ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to and inc ...) NOT-FOR-US: Netop Vision Pro CVE-2021-27194 (Cleartext transmission of sensitive information in Netop Vision Pro up ...) @@ -18614,7 +18614,7 @@ CVE-2021-26847 CVE-2021-26846 RESERVED CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS al ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2021-26844 RESERVED CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems where th ...) @@ -29555,7 +29555,7 @@ CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE ver CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22175 (When requests to the internal network for webhooks are enabled, a serv ...) - TODO: check + - gitlab CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...) - wireshark 3.4.3-1 (bug #981791) [buster] - wireshark (Affected code not present) @@ -30847,13 +30847,13 @@ CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, CVE-2021-21558 (Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, co ...) NOT-FOR-US: EMC CVE-2021-21557 (Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-21556 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-21553 RESERVED CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier ...) @@ -36424,7 +36424,7 @@ CVE-2021-20029 CVE-2021-20028 RESERVED CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...) NOT-FOR-US: SonicWall CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and earlier ...) @@ -41417,7 +41417,7 @@ CVE-2020-28715 CVE-2020-28714 RESERVED CVE-2020-28713 (Incorrect access control in push notification service in Night Owl Sma ...) - TODO: check + NOT-FOR-US: Night Owl Smart Doorbell CVE-2020-28712 RESERVED CVE-2020-28711 @@ -48044,7 +48044,7 @@ CVE-2020-27385 (Incorrect Access Control in the FileEditor (/Admin/Views/FileEdi CVE-2020-27384 (The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an ...) NOT-FOR-US: Guild Wars 2 launcher CVE-2020-27383 (Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of ...) - TODO: check + NOT-FOR-US: Battle.Net CVE-2020-27382 RESERVED CVE-2020-27381 @@ -50075,11 +50075,11 @@ CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write w CVE-2020-26518 (Artica Pandora FMS before 743 allows
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e93f1f5 by security tracker role at 2021-06-15T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2021-34695 + RESERVED +CVE-2021-34694 + RESERVED +CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...) + TODO: check +CVE-2021-34692 + RESERVED +CVE-2021-34691 + RESERVED +CVE-2021-34690 + RESERVED +CVE-2021-34689 + RESERVED +CVE-2021-34688 + RESERVED +CVE-2021-34687 + RESERVED CVE-2021-3601 RESERVED CVE-2021-34686 @@ -4445,8 +4463,8 @@ CVE-2021-32686 RESERVED CVE-2021-32685 RESERVED -CVE-2021-32684 - RESERVED +CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...) + TODO: check CVE-2021-32683 RESERVED CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...) @@ -16239,8 +16257,8 @@ CVE-2021-27889 (Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 v NOT-FOR-US: MyBB CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off ...) NOT-FOR-US: ZendTo -CVE-2021-27887 - RESERVED +CVE-2021-27887 (Cross-site Scripting (XSS) vulnerability in the main dashboard of Elli ...) + TODO: check CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command injection in ...) NOT-FOR-US: rakibtg Docker Dashboard CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...) @@ -17778,8 +17796,8 @@ CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server throug NOT-FOR-US: Visualware MyConnection Server CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...) NOT-FOR-US: Pelco Digital Sentry Server -CVE-2021-27196 - RESERVED +CVE-2021-27196 (Improper Input Validation vulnerability in Hitachi ABB Power Grids Rel ...) + TODO: check CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to and inc ...) NOT-FOR-US: Netop Vision Pro CVE-2021-27194 (Cleartext transmission of sensitive information in Netop Vision Pro up ...) @@ -18595,8 +18613,8 @@ CVE-2021-26847 RESERVED CVE-2021-26846 RESERVED -CVE-2021-26845 - RESERVED +CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS al ...) + TODO: check CVE-2021-26844 RESERVED CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems where th ...) @@ -30828,14 +30846,14 @@ CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, NOT-FOR-US: EMC CVE-2021-21558 (Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, co ...) NOT-FOR-US: EMC -CVE-2021-21557 - RESERVED -CVE-2021-21556 - RESERVED -CVE-2021-21555 - RESERVED -CVE-2021-21554 - RESERVED +CVE-2021-21557 (Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain ...) + TODO: check +CVE-2021-21556 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) + TODO: check +CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) + TODO: check +CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) + TODO: check CVE-2021-21553 RESERVED CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier ...) @@ -36405,8 +36423,8 @@ CVE-2021-20029 RESERVED CVE-2021-20028 RESERVED -CVE-2021-20027 - RESERVED +CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...) + TODO: check CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...) NOT-FOR-US: SonicWall CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and earlier ...) @@ -44661,8 +44679,7 @@ CVE-2021-0469 RESERVED CVE-2021-0468 (In LK, there is a possible escalation of privilege due to an insecure ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0467 - RESERVED +CVE-2021-0467 (In Chromecast bootROM, there is a possible out of bounds write due to ...) NOT-FOR-US: AMLogic CVE-2021-0466 (In startIpClient of ClientModeImpl.java, there is a possible identifie ...) NOT-FOR-US: Android @@ -44959,8 +44976,7 @@ CVE-2021-0326 (In p2p_copy_client_info of p2p.c, there is a possible out of boun NOTE: https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e CVE-2021-0325 (In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible o ...)
