Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fa58a1cf by security tracker role at 2021-04-06T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,67 @@ +CVE-2021-3484 + RESERVED +CVE-2021-3483 + RESERVED +CVE-2021-30177 + RESERVED +CVE-2021-30176 + RESERVED +CVE-2021-30175 + RESERVED +CVE-2021-30174 + RESERVED +CVE-2021-30173 + RESERVED +CVE-2021-30172 + RESERVED +CVE-2021-30171 + RESERVED +CVE-2021-30170 + RESERVED +CVE-2021-30169 + RESERVED +CVE-2021-30168 + RESERVED +CVE-2021-30167 + RESERVED +CVE-2021-30166 + RESERVED +CVE-2021-30165 + RESERVED +CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...) + TODO: check +CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) + TODO: check +CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) + TODO: check +CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) + TODO: check +CVE-2021-26948 + RESERVED +CVE-2021-26259 + RESERVED +CVE-2021-26252 + RESERVED +CVE-2021-23206 + RESERVED +CVE-2021-23191 + RESERVED +CVE-2021-23180 + RESERVED +CVE-2021-23165 + RESERVED +CVE-2021-23158 + RESERVED +CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...) + TODO: check +CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...) + TODO: check +CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...) + TODO: check +CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...) + TODO: check +CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...) + TODO: check CVE-2021-30160 RESERVED CVE-2021-30159 @@ -27,8 +91,8 @@ CVE-2021-30148 RESERVED CVE-2021-30147 RESERVED -CVE-2021-30146 - RESERVED +CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...) + TODO: check CVE-2021-30145 RESERVED CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...) @@ -39,8 +103,8 @@ CVE-2021-30142 RESERVED CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...) NOT-FOR-US: Friendica -CVE-2021-30140 - RESERVED +CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...) + TODO: check CVE-2021-30139 RESERVED CVE-2021-30138 @@ -59,8 +123,8 @@ CVE-2021-30132 RESERVED CVE-2021-30131 RESERVED -CVE-2021-30130 - RESERVED +CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...) + TODO: check CVE-2021-30129 RESERVED CVE-2021-30128 @@ -227,10 +291,10 @@ CVE-2021-30048 RESERVED CVE-2021-30047 RESERVED -CVE-2021-30046 - RESERVED -CVE-2021-30045 - RESERVED +CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...) + TODO: check +CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...) + TODO: check CVE-2021-30044 RESERVED CVE-2021-30043 @@ -1102,10 +1166,10 @@ CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/0217ed2848e8538bcf9172d97ed2eeb4a26041bb -CVE-2020-36285 - RESERVED -CVE-2020-36284 - RESERVED +CVE-2020-36285 (Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Impro ...) + TODO: check +CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper ...) + TODO: check CVE-2021-3480 RESERVED CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...) @@ -2234,8 +2298,7 @@ CVE-2021-29138 RESERVED CVE-2021-29137 RESERVED -CVE-2021-29136 - RESERVED +CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers to overw ...) - umoci 0.4.7+ds-1 NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v NOTE: https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 (v0.4.7) @@ -2815,8 +2878,8 @@ CVE-2021-28876 RESERVED CVE-2021-28875 RESERVED -CVE-2021-28874 - RESERVED +CVE-2021-28874 (SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contai ...) + TODO: check CVE-2021-28873 RESERVED CVE-2021-28872 @@ -3198,8 +3261,7 @@ CVE-2021-28690 RESERVED CVE-2021-28689 RESERVED -CVE-2021-28688 [blkback driver may leak persistent grants] - RESERVED +CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such that subs ...) - linux <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-371.html NOTE: https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432 @@ -3279,8 +3341,7 @@ CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux. NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7 CVE-2021-28659 RESERVED -CVE-2021-28658 - RESERVED +CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, ...) - python-django 2:2.2.20-1 (bug #986447) NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main) @@ -4335,12 +4396,12 @@ CVE-2021-28175 (The Radius configuration function in ASUS BMC’s firmware W NOT-FOR-US: ASUS CVE-2021-28174 RESERVED -CVE-2021-28173 - RESERVED -CVE-2021-28172 - RESERVED -CVE-2021-28171 - RESERVED +CVE-2021-28173 (The file upload function of Vangene deltaFlow E-platform does not perf ...) + TODO: check +CVE-2021-28172 (There is a Path Traversal vulnerability in the file download function ...) + TODO: check +CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...) + TODO: check CVE-2021-28170 RESERVED CVE-2021-28169 @@ -4458,8 +4519,8 @@ CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows re NOT-FOR-US: D-Link CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated ...) NOT-FOR-US: D-Link -CVE-2021-28142 - RESERVED +CVE-2021-28142 (CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." ...) + TODO: check CVE-2021-28141 (** DISPUTED ** An issue was discovered in Progress Telerik UI for ASP. ...) NOT-FOR-US: Telerik CVE-2021-28140 @@ -4685,8 +4746,8 @@ CVE-2021-28077 RESERVED CVE-2021-28076 RESERVED -CVE-2021-28075 - RESERVED +CVE-2021-28075 (iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulner ...) + TODO: check CVE-2021-28074 RESERVED CVE-2021-28073 @@ -5555,10 +5616,10 @@ CVE-2021-27700 RESERVED CVE-2021-27699 RESERVED -CVE-2021-27698 - RESERVED -CVE-2021-27697 - RESERVED +CVE-2021-27698 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/g ...) + TODO: check +CVE-2021-27697 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gn ...) + TODO: check CVE-2021-27696 RESERVED CVE-2021-27695 (Multiple stored cross-site scripting (XSS) vulnerabilities in openMAIN ...) @@ -6307,8 +6368,8 @@ CVE-2021-27359 RESERVED CVE-2021-27358 (The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unaut ...) - grafana <removed> -CVE-2021-27357 - RESERVED +CVE-2021-27357 (RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/g ...) + TODO: check CVE-2021-27356 RESERVED CVE-2021-27355 @@ -6340,8 +6401,8 @@ CVE-2021-27345 RESERVED CVE-2021-27344 RESERVED -CVE-2021-27343 - RESERVED +CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...) + TODO: check CVE-2021-27342 RESERVED CVE-2021-27341 @@ -7530,8 +7591,8 @@ CVE-2021-26835 RESERVED CVE-2021-26834 RESERVED -CVE-2021-26833 - RESERVED +CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...) + TODO: check CVE-2021-26832 RESERVED CVE-2021-26831 @@ -14055,10 +14116,10 @@ CVE-2021-24029 (A packet of death scenario is possible in mvfst via a specially NOT-FOR-US: mvfst CVE-2021-24028 RESERVED -CVE-2021-24027 - RESERVED -CVE-2021-24026 - RESERVED +CVE-2021-24027 (A cache configuration issue prior to WhatsApp for Android v2.21.4.18 a ...) + TODO: check +CVE-2021-24026 (A missing bounds check within the audio decoding pipeline for WhatsApp ...) + TODO: check CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote functi ...) - hhvm <removed> CVE-2021-24024 @@ -14192,6 +14253,7 @@ CVE-2021-23981 (A texture upload of a Pixel Buffer Object could have confused th NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23981 CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False] RESERVED + {DLA-2620-1} - python-bleach <unfixed> (bug #986251) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1689399 @@ -20977,8 +21039,8 @@ CVE-2021-21425 RESERVED CVE-2021-21424 RESERVED -CVE-2021-21423 - RESERVED +CVE-2021-21423 (`projen` is a project generation tool that synthesizes project configu ...) + TODO: check CVE-2021-21422 RESERVED CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications that a ...) @@ -21553,130 +21615,170 @@ CVE-2021-21200 RESERVED CVE-2021-21199 RESERVED + {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21198 RESERVED + {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21197 RESERVED + {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21196 RESERVED + {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21195 RESERVED + {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21194 RESERVED + {DSA-4886-1} - chromium 89.0.4389.114-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21193 (Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed ...) + {DSA-4886-1} - chromium 89.0.4389.90-1 (bug #985142) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21192 (Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389 ...) + {DSA-4886-1} - chromium 89.0.4389.90-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21191 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowe ...) + {DSA-4886-1} - chromium 89.0.4389.90-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21190 (Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 al ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21189 (Insufficient policy enforcement in payments in Google Chrome prior to ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21188 (Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21187 (Insufficient data validation in URL formatting in Google Chrome prior ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21186 (Insufficient policy enforcement in QR scanning in Google Chrome on iOS ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21185 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21184 (Inappropriate implementation in performance APIs in Google Chrome prio ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21183 (Inappropriate implementation in performance APIs in Google Chrome prio ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21182 (Insufficient policy enforcement in navigations in Google Chrome prior ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21181 (Side-channel information leakage in autofill in Google Chrome prior to ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21180 (Use after free in tab search in Google Chrome prior to 89.0.4389.72 al ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21179 (Use after free in Network Internals in Google Chrome on Linux prior to ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21178 (Inappropriate implementation in Compositing in Google Chrome on Linux ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21177 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21176 (Inappropriate implementation in full screen mode in Google Chrome prio ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21175 (Inappropriate implementation in Site isolation in Google Chrome prior ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21174 (Inappropriate implementation in Referrer in Google Chrome prior to 89. ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21173 (Side-channel information leakage in Network Internals in Google Chrome ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21172 (Insufficient policy enforcement in File System API in Google Chrome on ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21171 (Incorrect security UI in TabStrip and Navigation in Google Chrome on A ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21170 (Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21169 (Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389. ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21168 (Insufficient policy enforcement in appcache in Google Chrome prior to ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21167 (Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 all ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21166 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21165 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21164 (Insufficient data validation in Chrome on iOS in Google Chrome on iOS ...) - chromium <not-affected> (MacOS specific) CVE-2021-21163 (Insufficient data validation in Reader Mode in Google Chrome on iOS pr ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21162 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowe ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21161 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21160 (Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.7 ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21159 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...) + {DSA-4886-1} - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21158 @@ -23601,8 +23703,8 @@ CVE-2021-20336 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cro NOT-FOR-US: IBM CVE-2021-20335 (For MongoDB Ops Manager 4.2.X with multiple OM application servers, th ...) NOT-FOR-US: MongoDB Ops Manager -CVE-2021-20334 - RESERVED +CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine where M ...) + TODO: check CVE-2021-20333 RESERVED CVE-2021-20332 @@ -45119,8 +45221,8 @@ CVE-2020-23535 RESERVED CVE-2020-23534 (A server-side request forgery (SSRF) vulnerability in Upgrade.php of g ...) NOT-FOR-US: gopeak masterlab -CVE-2020-23533 - RESERVED +CVE-2020-23533 (Union Pay up to 1.2.0, for web based versions contains a CWE-347: Impr ...) + TODO: check CVE-2020-23532 RESERVED CVE-2020-23531 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa58a1cfc075da7e1748d91395933211b3bf7eaf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa58a1cfc075da7e1748d91395933211b3bf7eaf You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits