Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9d89b843 by security tracker role at 2021-05-18T20:10:39+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,43 @@ +CVE-2021-3555 + RESERVED +CVE-2021-33186 + RESERVED +CVE-2021-33185 + RESERVED +CVE-2021-33184 + RESERVED +CVE-2021-33183 + RESERVED +CVE-2021-33182 + RESERVED +CVE-2021-33181 + RESERVED +CVE-2021-33180 + RESERVED +CVE-2021-33179 + RESERVED +CVE-2021-33178 + RESERVED +CVE-2021-33177 + RESERVED +CVE-2021-33176 + RESERVED +CVE-2021-33175 + RESERVED +CVE-2021-33174 + RESERVED +CVE-2021-33173 + RESERVED +CVE-2021-33172 + RESERVED +CVE-2021-33171 + RESERVED +CVE-2021-33170 + RESERVED +CVE-2021-33169 + RESERVED +CVE-2021-33168 + RESERVED CVE-2021-33167 RESERVED CVE-2021-33166 @@ -1839,8 +1879,8 @@ CVE-2021-32307 RESERVED CVE-2021-32306 RESERVED -CVE-2021-32305 - RESERVED +CVE-2021-32305 (WebSVN before 2.6.1 allows remote attackers to execute arbitrary comma ...) + TODO: check CVE-2021-32304 RESERVED CVE-2021-32303 @@ -1973,8 +2013,8 @@ CVE-2021-32240 RESERVED CVE-2021-32239 RESERVED -CVE-2021-32238 - RESERVED +CVE-2021-32238 (Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Ove ...) + TODO: check CVE-2021-32237 RESERVED CVE-2021-32236 @@ -2575,8 +2615,7 @@ CVE-2021-3532 [buster] - ansible <no-dsa> (Minor issue) - ansible-base <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956464 -CVE-2021-3531 - RESERVED +CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...) - ceph <unfixed> [stretch] - ceph <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/5 @@ -3057,8 +3096,7 @@ CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Ph NOTE: Introduced by: https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9 (6.1.8) NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/26f2848d3bbb57add5f34a467a1e3b2f9ce5cd2a (v6.4.1) NOTE: Also backport: https://github.com/PHPMailer/PHPMailer/commit/7f267fb4aadfcf62e3ddc50494c469c6b9c4405a (v6.4.1) -CVE-2021-3518 [use-after-free in xmlXIncludeDoProcess() in xinclude.c] - RESERVED +CVE-2021-3518 (There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ...) {DLA-2653-1} - libxml2 2.9.10+dfsg-6.6 (bug #987737) [buster] - libxml2 <no-dsa> (Minor issue) @@ -3092,8 +3130,8 @@ CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 perform NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4 CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...) NOT-FOR-US: OpenDistro for Elasticsearch -CVE-2021-31827 - RESERVED +CVE-2021-31827 (In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vuln ...) + TODO: check CVE-2021-31825 RESERVED CVE-2021-31824 @@ -4232,7 +4270,7 @@ CVE-2021-31343 RESERVED CVE-2021-31342 RESERVED -CVE-2021-31341 (A vulnerability has been identified in Mendix Database Replication (Al ...) +CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...) NOT-FOR-US: Mendix Database Replication CVE-2021-31340 RESERVED @@ -7021,8 +7059,7 @@ CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of lib [bullseye] - seafile-client <no-dsa> (Minor issue) [buster] - seafile-client <no-dsa> (Minor issue) NOTE: https://github.com/Security-AVS/CVE-2021-30146 -CVE-2021-30145 - RESERVED +CVE-2021-30145 (A format string vulnerability in mpv through 0.33.0 allows user-assist ...) - mpv 0.32.0-3 (bug #986839) [buster] - mpv <no-dsa> (Minor issue) [stretch] - mpv <postponed> (Minor issue; can be fixed in next update) @@ -12044,8 +12081,8 @@ CVE-2021-28043 RESERVED CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...) NOT-FOR-US: Deutsche Post Mailoptimizer -CVE-2021-3423 - RESERVED +CVE-2021-3423 (Uncontrolled Search Path Element vulnerability in the openssl componen ...) + TODO: check CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...) - openssh 1:8.4p1-5 (bug #984940) [buster] - openssh <not-affected> (Vulnerable code introduced later) @@ -17360,8 +17397,8 @@ CVE-2021-3202 RESERVED CVE-2021-3201 RESERVED -CVE-2021-3200 - RESERVED +CVE-2021-3200 (Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * t ...) + TODO: check CVE-2021-3199 (Directory traversal with remote code execution can occur in /upload in ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2021-3198 @@ -25787,8 +25824,8 @@ CVE-2021-22119 RESERVED CVE-2021-22118 RESERVED -CVE-2021-22117 - RESERVED +CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not harden p ...) + TODO: check CVE-2021-22116 RESERVED CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service broker cre ...) @@ -39357,8 +39394,7 @@ CVE-2020-25710 [assertion failure in CSN normalization with invalid input] - openldap 2.4.56+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384 NOTE: https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2 (OPENLDAP_REL_ENG_2_4_56) -CVE-2020-25709 [assertion failure in Certificate List syntax validation] - RESERVED +CVE-2020-25709 (A flaw was found in OpenLDAP. This flaw allows an attacker who can sen ...) {DSA-4792-1 DLA-2481-1} - openldap 2.4.56+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383 @@ -48034,7 +48070,7 @@ CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_i [stretch] - cacti <no-dsa> (Minor issue) NOTE: https://github.com/Cacti/cacti/issues/3723 NOTE: https://github.com/Cacti/cacti/commit/39458efcd5286d50e6b7f905fedcdc1059354e6e -CVE-2020-25705 (A flaw in the way reply ICMP packets are limited in the Linux kernel f ...) +CVE-2020-25705 (A flaw in ICMP packets in the Linux kernel may allow an attacker to qu ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.6-1 [buster] - linux 4.19.160-1 @@ -50437,8 +50473,8 @@ CVE-2020-24742 RESERVED CVE-2020-24741 RESERVED -CVE-2020-24740 - RESERVED +CVE-2020-24740 (An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerab ...) + TODO: check CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...) NOT-FOR-US: idreamsoft iCMS CVE-2020-24738 @@ -52036,8 +52072,8 @@ CVE-2020-24027 (In Live Networks, Inc., liblivemedia version 20200625, there is NOTE: http://lists.live555.com/pipermail/live-devel/2020-July/021662.html NOTE: Fixed in 2020.07.09 upstream, cf. NOTE: http://www.live555.com/liveMedia/public/changelog.txt -CVE-2020-24026 - RESERVED +CVE-2020-24026 (TinyShop, a free and open source mall based on RageFrame2, has a store ...) + TODO: check CVE-2020-24025 (Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when r ...) - node-node-sass <unfixed> [bullseye] - node-node-sass <ignored> (Minor issue) @@ -52386,8 +52422,8 @@ CVE-2020-23863 RESERVED CVE-2020-23862 RESERVED -CVE-2020-23861 - RESERVED +CVE-2020-23861 (A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 v ...) + TODO: check CVE-2020-23860 RESERVED CVE-2020-23859 @@ -52396,18 +52432,18 @@ CVE-2020-23858 RESERVED CVE-2020-23857 RESERVED -CVE-2020-23856 - RESERVED +CVE-2020-23856 (Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, ...) + TODO: check CVE-2020-23855 RESERVED CVE-2020-23854 RESERVED CVE-2020-23853 RESERVED -CVE-2020-23852 - RESERVED -CVE-2020-23851 - RESERVED +CVE-2020-23852 (A heap based buffer overflow vulnerability exists in ffjpeg through 20 ...) + TODO: check +CVE-2020-23851 (A stack-based buffer overflow vulnerability exists in ffjpeg through 2 ...) + TODO: check CVE-2020-23850 RESERVED CVE-2020-23849 (Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 ...) @@ -58211,8 +58247,8 @@ CVE-2020-20953 RESERVED CVE-2020-20952 RESERVED -CVE-2020-20951 - RESERVED +CVE-2020-20951 (In Pluck-4.7.10-dev2 admin background, a remote command execution vuln ...) + TODO: check CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip L ...) NOT-FOR-US: Microchip Libraries for Applications CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...) @@ -59613,10 +59649,10 @@ CVE-2020-20256 RESERVED CVE-2020-20255 RESERVED -CVE-2020-20254 - RESERVED -CVE-2020-20253 - RESERVED +CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) + TODO: check +CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by ...) + TODO: check CVE-2020-20252 RESERVED CVE-2020-20251 @@ -59647,10 +59683,10 @@ CVE-2020-20239 RESERVED CVE-2020-20238 RESERVED -CVE-2020-20237 - RESERVED -CVE-2020-20236 - RESERVED +CVE-2020-20237 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...) + TODO: check +CVE-2020-20236 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...) + TODO: check CVE-2020-20235 RESERVED CVE-2020-20234 @@ -59677,8 +59713,8 @@ CVE-2020-20224 RESERVED CVE-2020-20223 RESERVED -CVE-2020-20222 - RESERVED +CVE-2020-20222 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) + TODO: check CVE-2020-20221 RESERVED CVE-2020-20220 @@ -59693,8 +59729,8 @@ CVE-2020-20216 RESERVED CVE-2020-20215 RESERVED -CVE-2020-20214 - RESERVED +CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion fa ...) + TODO: check CVE-2020-20213 RESERVED CVE-2020-20212 @@ -63780,8 +63816,8 @@ CVE-2020-18180 RESERVED CVE-2020-18179 RESERVED -CVE-2020-18178 - RESERVED +CVE-2020-18178 (Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit ...) + TODO: check CVE-2020-18177 RESERVED CVE-2020-18176 @@ -70508,8 +70544,8 @@ CVE-2020-15281 REJECTED CVE-2020-15280 RESERVED -CVE-2020-15279 - RESERVED +CVE-2020-15279 (An Improper Access Control vulnerability in the logging component of B ...) + TODO: check CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized privilege esc ...) NOT-FOR-US: Red Discord Bot CVE-2020-15277 (baserCMS before version 4.4.1 is affected by Remote Code Execution (RC ...) @@ -109765,7 +109801,7 @@ CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9 CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine fla ...) NOT-FOR-US: Adaware CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...) - {DLA-2389-1 DLA-2096-1} + {DSA-4918-1 DLA-2389-1 DLA-2096-1} - ruby-rack-cors 1.1.1-1 (bug #944849) NOTE: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4 @@ -391640,8 +391676,7 @@ CVE-2002-2439 (Integer overflow in the new[] operator in gcc before 4.8.0 allows NOTE: This should be addressed in jessie by getting this fixed in gcc 4.7, so that the archive is NOTE: properly rebuild with a fixed version from the start NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439 -CVE-2002-2438 - RESERVED +CVE-2002-2438 (TCP firewalls could be circumvented by sending a SYN Packets with othe ...) NOT-FOR-US: ancient linux 2.4 issue CVE-2001-1592 REJECTED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d89b843ba6821f0b980bc7411fe71798ac36239 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d89b843ba6821f0b980bc7411fe71798ac36239 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits