Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ebb47b3 by security tracker role at 2021-04-13T08:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,277 @@
+CVE-2021-30638
+ RESERVED
+CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or
Descript ...)
+ TODO: check
+CVE-2021-30636
+ RESERVED
+CVE-2021-30635
+ RESERVED
+CVE-2021-30634
+ RESERVED
+CVE-2021-30633
+ RESERVED
+CVE-2021-30632
+ RESERVED
+CVE-2021-30631
+ RESERVED
+CVE-2021-30630
+ RESERVED
+CVE-2021-30629
+ RESERVED
+CVE-2021-30628
+ RESERVED
+CVE-2021-30627
+ RESERVED
+CVE-2021-30626
+ RESERVED
+CVE-2021-30625
+ RESERVED
+CVE-2021-30624
+ RESERVED
+CVE-2021-30623
+ RESERVED
+CVE-2021-30622
+ RESERVED
+CVE-2021-30621
+ RESERVED
+CVE-2021-30620
+ RESERVED
+CVE-2021-30619
+ RESERVED
+CVE-2021-30618
+ RESERVED
+CVE-2021-30617
+ RESERVED
+CVE-2021-30616
+ RESERVED
+CVE-2021-30615
+ RESERVED
+CVE-2021-30614
+ RESERVED
+CVE-2021-30613
+ RESERVED
+CVE-2021-30612
+ RESERVED
+CVE-2021-30611
+ RESERVED
+CVE-2021-30610
+ RESERVED
+CVE-2021-30609
+ RESERVED
+CVE-2021-30608
+ RESERVED
+CVE-2021-30607
+ RESERVED
+CVE-2021-30606
+ RESERVED
+CVE-2021-30605
+ RESERVED
+CVE-2021-30604
+ RESERVED
+CVE-2021-30603
+ RESERVED
+CVE-2021-30602
+ RESERVED
+CVE-2021-30601
+ RESERVED
+CVE-2021-30600
+ RESERVED
+CVE-2021-30599
+ RESERVED
+CVE-2021-30598
+ RESERVED
+CVE-2021-30597
+ RESERVED
+CVE-2021-30596
+ RESERVED
+CVE-2021-30595
+ RESERVED
+CVE-2021-30594
+ RESERVED
+CVE-2021-30593
+ RESERVED
+CVE-2021-30592
+ RESERVED
+CVE-2021-30591
+ RESERVED
+CVE-2021-30590
+ RESERVED
+CVE-2021-30589
+ RESERVED
+CVE-2021-30588
+ RESERVED
+CVE-2021-30587
+ RESERVED
+CVE-2021-30586
+ RESERVED
+CVE-2021-30585
+ RESERVED
+CVE-2021-30584
+ RESERVED
+CVE-2021-30583
+ RESERVED
+CVE-2021-30582
+ RESERVED
+CVE-2021-30581
+ RESERVED
+CVE-2021-30580
+ RESERVED
+CVE-2021-30579
+ RESERVED
+CVE-2021-30578
+ RESERVED
+CVE-2021-30577
+ RESERVED
+CVE-2021-30576
+ RESERVED
+CVE-2021-30575
+ RESERVED
+CVE-2021-30574
+ RESERVED
+CVE-2021-30573
+ RESERVED
+CVE-2021-30572
+ RESERVED
+CVE-2021-30571
+ RESERVED
+CVE-2021-30570
+ RESERVED
+CVE-2021-30569
+ RESERVED
+CVE-2021-30568
+ RESERVED
+CVE-2021-30567
+ RESERVED
+CVE-2021-30566
+ RESERVED
+CVE-2021-30565
+ RESERVED
+CVE-2021-30564
+ RESERVED
+CVE-2021-30563
+ RESERVED
+CVE-2021-30562
+ RESERVED
+CVE-2021-30561
+ RESERVED
+CVE-2021-30560
+ RESERVED
+CVE-2021-30559
+ RESERVED
+CVE-2021-30558
+ RESERVED
+CVE-2021-30557
+ RESERVED
+CVE-2021-30556
+ RESERVED
+CVE-2021-30555
+ RESERVED
+CVE-2021-30554
+ RESERVED
+CVE-2021-30553
+ RESERVED
+CVE-2021-30552
+ RESERVED
+CVE-2021-30551
+ RESERVED
+CVE-2021-30550
+ RESERVED
+CVE-2021-30549
+ RESERVED
+CVE-2021-30548
+ RESERVED
+CVE-2021-30547
+ RESERVED
+CVE-2021-30546
+ RESERVED
+CVE-2021-30545
+ RESERVED
+CVE-2021-30544
+ RESERVED
+CVE-2021-30543
+ RESERVED
+CVE-2021-30542
+ RESERVED
+CVE-2021-30541
+ RESERVED
+CVE-2021-30540
+ RESERVED
+CVE-2021-30539
+ RESERVED
+CVE-2021-30538
+ RESERVED
+CVE-2021-30537
+ RESERVED
+CVE-2021-30536
+ RESERVED
+CVE-2021-30535
+ RESERVED
+CVE-2021-30534
+ RESERVED
+CVE-2021-30533
+ RESERVED
+CVE-2021-30532
+ RESERVED
+CVE-2021-30531
+ RESERVED
+CVE-2021-30530
+ RESERVED
+CVE-2021-30529
+ RESERVED
+CVE-2021-30528
+ RESERVED
+CVE-2021-30527
+ RESERVED
+CVE-2021-30526
+ RESERVED
+CVE-2021-30525
+ RESERVED
+CVE-2021-30524
+ RESERVED
+CVE-2021-30523
+ RESERVED
+CVE-2021-30522
+ RESERVED
+CVE-2021-30521
+ RESERVED
+CVE-2021-30520
+ RESERVED
+CVE-2021-30519
+ RESERVED
+CVE-2021-30518
+ RESERVED
+CVE-2021-30517
+ RESERVED
+CVE-2021-30516
+ RESERVED
+CVE-2021-30515
+ RESERVED
+CVE-2021-30514
+ RESERVED
+CVE-2021-30513
+ RESERVED
+CVE-2021-30512
+ RESERVED
+CVE-2021-30511
+ RESERVED
+CVE-2021-30510
+ RESERVED
+CVE-2021-30509
+ RESERVED
+CVE-2021-30508
+ RESERVED
+CVE-2021-30507
+ RESERVED
+CVE-2021-30506
+ RESERVED
+CVE-2021-30505
+ RESERVED
+CVE-2021-30504
+ RESERVED
+CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual
Studio C ...)
+ TODO: check
+CVE-2021-30502
+ RESERVED
CVE-2021-3495
RESERVED
CVE-2021-3494
@@ -1072,18 +1346,18 @@ CVE-2021-30046 (VIGRA Computer Vision Library
Version-1-11-1 contains a segmenta
NOT-FOR-US: VIGRA Computer Vision Library
CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability
in the ...)
NOT-FOR-US: SerenityOS
-CVE-2021-30044
- RESERVED
+CVE-2021-30044 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First
Name or ...)
+ TODO: check
CVE-2021-30043
RESERVED
-CVE-2021-30042
- RESERVED
+CVE-2021-30042 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the
"Clinic Name" ...)
+ TODO: check
CVE-2021-30041
RESERVED
CVE-2021-30040
RESERVED
-CVE-2021-30039
- RESERVED
+CVE-2021-30039 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the
"Fever" or "B ...)
+ TODO: check
CVE-2021-30038
RESERVED
CVE-2021-30037
@@ -1092,16 +1366,16 @@ CVE-2021-30036
RESERVED
CVE-2021-30035
RESERVED
-CVE-2021-30034
- RESERVED
+CVE-2021-30034 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the
Symptons fiel ...)
+ TODO: check
CVE-2021-30033
RESERVED
CVE-2021-30032
RESERVED
CVE-2021-30031
RESERVED
-CVE-2021-30030
- RESERVED
+CVE-2021-30030 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full
Name fie ...)
+ TODO: check
CVE-2021-30029
RESERVED
CVE-2021-30028
@@ -1297,8 +1571,8 @@ CVE-2021-3481 [Out of bounds read in function
QRadialFetchSimd from crafted svg
NOTE:
https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=9f7ccbfc68d20d0dc2ddc1e7dee5572dcf7dcd48
(qt/qtsvg/6.1)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668
NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/337587
-CVE-2021-29943
- RESERVED
+CVE-2021-29943 (When using ConfigurableInternodeAuthHadoopPlugin for
authentication, A ...)
+ TODO: check
CVE-2021-29942 (An issue was discovered in the reorder crate through
2021-02-24 for Ru ...)
NOT-FOR-US: reorder crate
CVE-2021-29941 (An issue was discovered in the reorder crate through
2021-02-24 for Ru ...)
@@ -2404,16 +2678,15 @@ CVE-2021-29431
RESERVED
CVE-2021-29430
RESERVED
-CVE-2021-29429
- RESERVED
+CVE-2021-29429 (In Gradle before version 7.0, files created with open
permissions in t ...)
+ TODO: check
CVE-2021-29428
RESERVED
CVE-2021-29427
RESERVED
CVE-2021-29426
RESERVED
-CVE-2021-29425
- RESERVED
+CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method
FileNameUtil ...)
- commons-io 2.8.0-1
NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1
NOTE: https://issues.apache.org/jira/browse/IO-556
@@ -2817,8 +3090,8 @@ CVE-2021-3468 [Local DoS by event-busy-loop from writing
long lines to /run/avah
[stretch] - avahi <postponed> (Minor issue; can be fixed in next DLA)
NOTE: https://github.com/lathiat/avahi/pull/330
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3
-CVE-2021-29262
- RESERVED
+CVE-2021-29262 (When starting Apache Solr versions prior to 8.8.2, configured
with the ...)
+ TODO: check
CVE-2021-29261 (The unofficial Svelte extension before 104.8.0 for Visual
Studio Code ...)
NOT-FOR-US: vscode extension Svelte
CVE-2021-29260
@@ -3266,8 +3539,8 @@ CVE-2021-29056
RESERVED
CVE-2021-29055
RESERVED
-CVE-2021-29054
- RESERVED
+CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request
Forgery (CS ...)
+ TODO: check
CVE-2021-29053
RESERVED
CVE-2021-29052
@@ -3368,8 +3641,8 @@ CVE-2021-29005
RESERVED
CVE-2021-29004
RESERVED
-CVE-2021-29003
- RESERVED
+CVE-2021-29003 (Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote
attackers ...)
+ TODO: check
CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS
5.2.3 e ...)
NOT-FOR-US: Plone
CVE-2021-29001
@@ -3541,8 +3814,8 @@ CVE-2021-28940 (Because of a incorrect escaped exec
command in MagpieRSS in 0.72
NOT-FOR-US: MagpieRSS
CVE-2021-28939
RESERVED
-CVE-2021-28938
- RESERVED
+CVE-2021-28938 (Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x
before 7.6.2- ...)
+ TODO: check
CVE-2021-28937 (The /password.html page of the Web management interface of the
Acexy W ...)
NOT-FOR-US: Acexy Wireless-N WiFi Repeater
CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web
management ...)
@@ -5973,8 +6246,8 @@ CVE-2021-27906 (A carefully crafted PDF file can trigger
an OutOfMemory-Exceptio
[stretch] - libpdfbox-java <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/10
NOTE: https://issues.apache.org/jira/browse/PDFBOX-5112
-CVE-2021-27905
- RESERVED
+CVE-2021-27905 (The ReplicationHandler (normally registered at "/replication"
under a ...)
+ TODO: check
CVE-2021-27904 (An issue was discovered in app/Model/SharingGroupServer.php in
MISP 2. ...)
NOT-FOR-US: MISP
CVE-2021-27903
@@ -12256,8 +12529,8 @@ CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly
attacker to create a SuperUser
NOT-FOR-US: SmartAgent
CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code
execution. ...)
NOT-FOR-US: ChurchRota
-CVE-2021-3163
- RESERVED
+CVE-2021-3163 (A vulnerability in the HTML editor of Slab Quill 4.8.0 allows
an attac ...)
+ TODO: check
CVE-2021-25301
RESERVED
CVE-2021-25300
@@ -18394,8 +18667,8 @@ CVE-2021-22499 (Persistent Cross-Site scripting
vulnerability in Micro Focus App
NOT-FOR-US: Micro Focus
CVE-2021-22498 (XML External Entity Injection vulnerability in Micro Focus
Application ...)
NOT-FOR-US: Micro Focus
-CVE-2021-22497
- RESERVED
+CVE-2021-22497 (Advanced Authentication versions prior to 6.3 SP4 have a
potential bro ...)
+ TODO: check
CVE-2021-22496 (Authentication Bypass Vulnerability in Micro Focus Access
Manager Prod ...)
NOT-FOR-US: Micro Focus
CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x),
P(9.0), ...)
@@ -20365,8 +20638,8 @@ CVE-2021-21547
RESERVED
CVE-2021-21546
RESERVED
-CVE-2021-21545
- RESERVED
+CVE-2021-21545 (Dell Peripheral Manager 1.3.1 or greater contains remediation
for a lo ...)
+ TODO: check
CVE-2021-21544
RESERVED
CVE-2021-21543
@@ -20407,8 +20680,8 @@ CVE-2021-21526
RESERVED
CVE-2021-21525
RESERVED
-CVE-2021-21524
- RESERVED
+CVE-2021-21524 (Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior
to 4.5. ...)
+ TODO: check
CVE-2021-21523
RESERVED
CVE-2021-21522
@@ -21938,16 +22211,13 @@ CVE-2021-21396 (wire-server is an open-source back
end for Wire, a secure collab
NOT-FOR-US: wire-server
CVE-2021-21395
RESERVED
-CVE-2021-21394
- RESERVED
+CVE-2021-21394 (Synapse is a Matrix reference homeserver written in python
(pypi packa ...)
- matrix-synapse 1.28.0-1
NOTE:
https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362
-CVE-2021-21393
- RESERVED
+CVE-2021-21393 (Synapse is a Matrix reference homeserver written in python
(pypi packa ...)
- matrix-synapse 1.28.0-1
NOTE:
https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88
-CVE-2021-21392
- RESERVED
+CVE-2021-21392 (Synapse is a Matrix reference homeserver written in python
(pypi packa ...)
- matrix-synapse 1.28.0-1
NOTE:
https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
CVE-2021-21391
@@ -117203,8 +117473,8 @@ CVE-2019-15061
RESERVED
CVE-2019-15060 (The traceroute function on the TP-Link TL-WR840N v4 router
with firmwa ...)
NOT-FOR-US: TP-Link
-CVE-2019-15059
- RESERVED
+CVE-2019-15059 (In Liberty lisPBX 2.0-4, configuration backup files can be
retrieved r ...)
+ TODO: check
CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based
buffer ov ...)
- libstb <unfixed> (bug #934973)
[bullseye] - libstb <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ebb47b392f60f5ffb038011812e174feeb43e7c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ebb47b392f60f5ffb038011812e174feeb43e7c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
