Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3ebb47b3 by security tracker role at 2021-04-13T08:10:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,277 @@ +CVE-2021-30638 + RESERVED +CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...) + TODO: check +CVE-2021-30636 + RESERVED +CVE-2021-30635 + RESERVED +CVE-2021-30634 + RESERVED +CVE-2021-30633 + RESERVED +CVE-2021-30632 + RESERVED +CVE-2021-30631 + RESERVED +CVE-2021-30630 + RESERVED +CVE-2021-30629 + RESERVED +CVE-2021-30628 + RESERVED +CVE-2021-30627 + RESERVED +CVE-2021-30626 + RESERVED +CVE-2021-30625 + RESERVED +CVE-2021-30624 + RESERVED +CVE-2021-30623 + RESERVED +CVE-2021-30622 + RESERVED +CVE-2021-30621 + RESERVED +CVE-2021-30620 + RESERVED +CVE-2021-30619 + RESERVED +CVE-2021-30618 + RESERVED +CVE-2021-30617 + RESERVED +CVE-2021-30616 + RESERVED +CVE-2021-30615 + RESERVED +CVE-2021-30614 + RESERVED +CVE-2021-30613 + RESERVED +CVE-2021-30612 + RESERVED +CVE-2021-30611 + RESERVED +CVE-2021-30610 + RESERVED +CVE-2021-30609 + RESERVED +CVE-2021-30608 + RESERVED +CVE-2021-30607 + RESERVED +CVE-2021-30606 + RESERVED +CVE-2021-30605 + RESERVED +CVE-2021-30604 + RESERVED +CVE-2021-30603 + RESERVED +CVE-2021-30602 + RESERVED +CVE-2021-30601 + RESERVED +CVE-2021-30600 + RESERVED +CVE-2021-30599 + RESERVED +CVE-2021-30598 + RESERVED +CVE-2021-30597 + RESERVED +CVE-2021-30596 + RESERVED +CVE-2021-30595 + RESERVED +CVE-2021-30594 + RESERVED +CVE-2021-30593 + RESERVED +CVE-2021-30592 + RESERVED +CVE-2021-30591 + RESERVED +CVE-2021-30590 + RESERVED +CVE-2021-30589 + RESERVED +CVE-2021-30588 + RESERVED +CVE-2021-30587 + RESERVED +CVE-2021-30586 + RESERVED +CVE-2021-30585 + RESERVED +CVE-2021-30584 + RESERVED +CVE-2021-30583 + RESERVED +CVE-2021-30582 + RESERVED +CVE-2021-30581 + RESERVED +CVE-2021-30580 + RESERVED +CVE-2021-30579 + RESERVED +CVE-2021-30578 + RESERVED +CVE-2021-30577 + RESERVED +CVE-2021-30576 + RESERVED +CVE-2021-30575 + RESERVED +CVE-2021-30574 + RESERVED +CVE-2021-30573 + RESERVED +CVE-2021-30572 + RESERVED +CVE-2021-30571 + RESERVED +CVE-2021-30570 + RESERVED +CVE-2021-30569 + RESERVED +CVE-2021-30568 + RESERVED +CVE-2021-30567 + RESERVED +CVE-2021-30566 + RESERVED +CVE-2021-30565 + RESERVED +CVE-2021-30564 + RESERVED +CVE-2021-30563 + RESERVED +CVE-2021-30562 + RESERVED +CVE-2021-30561 + RESERVED +CVE-2021-30560 + RESERVED +CVE-2021-30559 + RESERVED +CVE-2021-30558 + RESERVED +CVE-2021-30557 + RESERVED +CVE-2021-30556 + RESERVED +CVE-2021-30555 + RESERVED +CVE-2021-30554 + RESERVED +CVE-2021-30553 + RESERVED +CVE-2021-30552 + RESERVED +CVE-2021-30551 + RESERVED +CVE-2021-30550 + RESERVED +CVE-2021-30549 + RESERVED +CVE-2021-30548 + RESERVED +CVE-2021-30547 + RESERVED +CVE-2021-30546 + RESERVED +CVE-2021-30545 + RESERVED +CVE-2021-30544 + RESERVED +CVE-2021-30543 + RESERVED +CVE-2021-30542 + RESERVED +CVE-2021-30541 + RESERVED +CVE-2021-30540 + RESERVED +CVE-2021-30539 + RESERVED +CVE-2021-30538 + RESERVED +CVE-2021-30537 + RESERVED +CVE-2021-30536 + RESERVED +CVE-2021-30535 + RESERVED +CVE-2021-30534 + RESERVED +CVE-2021-30533 + RESERVED +CVE-2021-30532 + RESERVED +CVE-2021-30531 + RESERVED +CVE-2021-30530 + RESERVED +CVE-2021-30529 + RESERVED +CVE-2021-30528 + RESERVED +CVE-2021-30527 + RESERVED +CVE-2021-30526 + RESERVED +CVE-2021-30525 + RESERVED +CVE-2021-30524 + RESERVED +CVE-2021-30523 + RESERVED +CVE-2021-30522 + RESERVED +CVE-2021-30521 + RESERVED +CVE-2021-30520 + RESERVED +CVE-2021-30519 + RESERVED +CVE-2021-30518 + RESERVED +CVE-2021-30517 + RESERVED +CVE-2021-30516 + RESERVED +CVE-2021-30515 + RESERVED +CVE-2021-30514 + RESERVED +CVE-2021-30513 + RESERVED +CVE-2021-30512 + RESERVED +CVE-2021-30511 + RESERVED +CVE-2021-30510 + RESERVED +CVE-2021-30509 + RESERVED +CVE-2021-30508 + RESERVED +CVE-2021-30507 + RESERVED +CVE-2021-30506 + RESERVED +CVE-2021-30505 + RESERVED +CVE-2021-30504 + RESERVED +CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual Studio C ...) + TODO: check +CVE-2021-30502 + RESERVED CVE-2021-3495 RESERVED CVE-2021-3494 @@ -1072,18 +1346,18 @@ CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmenta NOT-FOR-US: VIGRA Computer Vision Library CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...) NOT-FOR-US: SerenityOS -CVE-2021-30044 - RESERVED +CVE-2021-30044 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or ...) + TODO: check CVE-2021-30043 RESERVED -CVE-2021-30042 - RESERVED +CVE-2021-30042 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name" ...) + TODO: check CVE-2021-30041 RESERVED CVE-2021-30040 RESERVED -CVE-2021-30039 - RESERVED +CVE-2021-30039 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "B ...) + TODO: check CVE-2021-30038 RESERVED CVE-2021-30037 @@ -1092,16 +1366,16 @@ CVE-2021-30036 RESERVED CVE-2021-30035 RESERVED -CVE-2021-30034 - RESERVED +CVE-2021-30034 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons fiel ...) + TODO: check CVE-2021-30033 RESERVED CVE-2021-30032 RESERVED CVE-2021-30031 RESERVED -CVE-2021-30030 - RESERVED +CVE-2021-30030 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name fie ...) + TODO: check CVE-2021-30029 RESERVED CVE-2021-30028 @@ -1297,8 +1571,8 @@ CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=9f7ccbfc68d20d0dc2ddc1e7dee5572dcf7dcd48 (qt/qtsvg/6.1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668 NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/337587 -CVE-2021-29943 - RESERVED +CVE-2021-29943 (When using ConfigurableInternodeAuthHadoopPlugin for authentication, A ...) + TODO: check CVE-2021-29942 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...) NOT-FOR-US: reorder crate CVE-2021-29941 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...) @@ -2404,16 +2678,15 @@ CVE-2021-29431 RESERVED CVE-2021-29430 RESERVED -CVE-2021-29429 - RESERVED +CVE-2021-29429 (In Gradle before version 7.0, files created with open permissions in t ...) + TODO: check CVE-2021-29428 RESERVED CVE-2021-29427 RESERVED CVE-2021-29426 RESERVED -CVE-2021-29425 - RESERVED +CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...) - commons-io 2.8.0-1 NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1 NOTE: https://issues.apache.org/jira/browse/IO-556 @@ -2817,8 +3090,8 @@ CVE-2021-3468 [Local DoS by event-busy-loop from writing long lines to /run/avah [stretch] - avahi <postponed> (Minor issue; can be fixed in next DLA) NOTE: https://github.com/lathiat/avahi/pull/330 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3 -CVE-2021-29262 - RESERVED +CVE-2021-29262 (When starting Apache Solr versions prior to 8.8.2, configured with the ...) + TODO: check CVE-2021-29261 (The unofficial Svelte extension before 104.8.0 for Visual Studio Code ...) NOT-FOR-US: vscode extension Svelte CVE-2021-29260 @@ -3266,8 +3539,8 @@ CVE-2021-29056 RESERVED CVE-2021-29055 RESERVED -CVE-2021-29054 - RESERVED +CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...) + TODO: check CVE-2021-29053 RESERVED CVE-2021-29052 @@ -3368,8 +3641,8 @@ CVE-2021-29005 RESERVED CVE-2021-29004 RESERVED -CVE-2021-29003 - RESERVED +CVE-2021-29003 (Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers ...) + TODO: check CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 e ...) NOT-FOR-US: Plone CVE-2021-29001 @@ -3541,8 +3814,8 @@ CVE-2021-28940 (Because of a incorrect escaped exec command in MagpieRSS in 0.72 NOT-FOR-US: MagpieRSS CVE-2021-28939 RESERVED -CVE-2021-28938 - RESERVED +CVE-2021-28938 (Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2- ...) + TODO: check CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...) NOT-FOR-US: Acexy Wireless-N WiFi Repeater CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...) @@ -5973,8 +6246,8 @@ CVE-2021-27906 (A carefully crafted PDF file can trigger an OutOfMemory-Exceptio [stretch] - libpdfbox-java <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/10 NOTE: https://issues.apache.org/jira/browse/PDFBOX-5112 -CVE-2021-27905 - RESERVED +CVE-2021-27905 (The ReplicationHandler (normally registered at "/replication" under a ...) + TODO: check CVE-2021-27904 (An issue was discovered in app/Model/SharingGroupServer.php in MISP 2. ...) NOT-FOR-US: MISP CVE-2021-27903 @@ -12256,8 +12529,8 @@ CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser NOT-FOR-US: SmartAgent CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. ...) NOT-FOR-US: ChurchRota -CVE-2021-3163 - RESERVED +CVE-2021-3163 (A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attac ...) + TODO: check CVE-2021-25301 RESERVED CVE-2021-25300 @@ -18394,8 +18667,8 @@ CVE-2021-22499 (Persistent Cross-Site scripting vulnerability in Micro Focus App NOT-FOR-US: Micro Focus CVE-2021-22498 (XML External Entity Injection vulnerability in Micro Focus Application ...) NOT-FOR-US: Micro Focus -CVE-2021-22497 - RESERVED +CVE-2021-22497 (Advanced Authentication versions prior to 6.3 SP4 have a potential bro ...) + TODO: check CVE-2021-22496 (Authentication Bypass Vulnerability in Micro Focus Access Manager Prod ...) NOT-FOR-US: Micro Focus CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) @@ -20365,8 +20638,8 @@ CVE-2021-21547 RESERVED CVE-2021-21546 RESERVED -CVE-2021-21545 - RESERVED +CVE-2021-21545 (Dell Peripheral Manager 1.3.1 or greater contains remediation for a lo ...) + TODO: check CVE-2021-21544 RESERVED CVE-2021-21543 @@ -20407,8 +20680,8 @@ CVE-2021-21526 RESERVED CVE-2021-21525 RESERVED -CVE-2021-21524 - RESERVED +CVE-2021-21524 (Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5. ...) + TODO: check CVE-2021-21523 RESERVED CVE-2021-21522 @@ -21938,16 +22211,13 @@ CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collab NOT-FOR-US: wire-server CVE-2021-21395 RESERVED -CVE-2021-21394 - RESERVED +CVE-2021-21394 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.28.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362 -CVE-2021-21393 - RESERVED +CVE-2021-21393 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.28.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88 -CVE-2021-21392 - RESERVED +CVE-2021-21392 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) - matrix-synapse 1.28.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78 CVE-2021-21391 @@ -117203,8 +117473,8 @@ CVE-2019-15061 RESERVED CVE-2019-15060 (The traceroute function on the TP-Link TL-WR840N v4 router with firmwa ...) NOT-FOR-US: TP-Link -CVE-2019-15059 - RESERVED +CVE-2019-15059 (In Liberty lisPBX 2.0-4, configuration backup files can be retrieved r ...) + TODO: check CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer ov ...) - libstb <unfixed> (bug #934973) [bullseye] - libstb <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ebb47b392f60f5ffb038011812e174feeb43e7c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ebb47b392f60f5ffb038011812e174feeb43e7c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits