Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 09164782 by security tracker role at 2021-06-17T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,39 @@ +CVE-2021-3608 + RESERVED +CVE-2021-3607 + RESERVED +CVE-2021-3606 + RESERVED +CVE-2021-34826 + RESERVED +CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches withou ...) + TODO: check +CVE-2021-34824 + RESERVED +CVE-2021-34823 + RESERVED +CVE-2021-34822 + RESERVED +CVE-2021-34821 + RESERVED +CVE-2021-34820 + RESERVED +CVE-2021-34819 + RESERVED +CVE-2021-34818 + RESERVED +CVE-2021-34817 + RESERVED +CVE-2021-34816 + RESERVED +CVE-2021-34815 + RESERVED +CVE-2020-36389 (In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEdit ...) + TODO: check +CVE-2020-36388 (In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, user ...) + TODO: check +CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...) + TODO: check CVE-2021-34814 RESERVED CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...) @@ -246,8 +282,8 @@ CVE-2021-3605 [Heap buffer overflow in the rleUncompress function] RESERVED - openexr <unfixed> NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036 -CVE-2021-3603 - RESERVED +CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can result in ...) + TODO: check CVE-2021-3602 RESERVED CVE-2021-34695 @@ -2821,8 +2857,8 @@ CVE-2021-33559 RESERVED CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...) - boa <removed> -CVE-2021-33557 - RESERVED +CVE-2021-33557 (An XSS issue was discovered in manage_custom_field_edit_page.php in Ma ...) + TODO: check CVE-2021-33556 RESERVED CVE-2021-33555 @@ -4187,40 +4223,40 @@ CVE-2021-32954 RESERVED CVE-2021-32953 RESERVED -CVE-2021-32952 - RESERVED +CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...) + TODO: check CVE-2021-32951 RESERVED -CVE-2021-32950 - RESERVED +CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...) + TODO: check CVE-2021-32949 RESERVED -CVE-2021-32948 - RESERVED +CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading procedure ...) + TODO: check CVE-2021-32947 RESERVED -CVE-2021-32946 - RESERVED +CVE-2021-32946 (An improper check for unusual or exceptional conditions issue exists w ...) + TODO: check CVE-2021-32945 RESERVED -CVE-2021-32944 - RESERVED +CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...) + TODO: check CVE-2021-32943 RESERVED CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...) NOT-FOR-US: AVEVA InTouch Runtime CVE-2021-32941 RESERVED -CVE-2021-32940 - RESERVED +CVE-2021-32940 (An out-of-bounds read issue exists in the DWG file-recovering procedur ...) + TODO: check CVE-2021-32939 RESERVED -CVE-2021-32938 - RESERVED +CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-o ...) + TODO: check CVE-2021-32937 RESERVED -CVE-2021-32936 - RESERVED +CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering procedu ...) + TODO: check CVE-2021-32935 RESERVED CVE-2021-32934 @@ -4768,8 +4804,8 @@ CVE-2021-32683 (wire-webapp is the web version of Wire, an open-source messenger NOT-FOR-US: wire-webapp CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...) NOT-FOR-US: elFinder -CVE-2021-32681 - RESERVED +CVE-2021-32681 (Wagtail is an open source content management system built on Django. A ...) + TODO: check CVE-2021-32680 RESERVED CVE-2021-32679 @@ -4998,8 +5034,8 @@ CVE-2021-32584 RESERVED CVE-2021-32583 RESERVED -CVE-2021-32582 - RESERVED +CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...) + TODO: check CVE-2021-32581 RESERVED CVE-2021-32580 @@ -5050,8 +5086,8 @@ CVE-2021-3543 (A flaw null pointer dereference in the Nitro Enclaves kernel driv [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f1ce3986baa62cffc3c5be156994de87524bab99 NOTE: nitro_enclaves not enabled in Debian binary builds -CVE-2021-32575 - RESERVED +CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networ ...) + TODO: check CVE-2021-32574 RESERVED CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.js all ...) @@ -6092,8 +6128,8 @@ CVE-2021-32080 RESERVED CVE-2021-32079 RESERVED -CVE-2021-32078 - RESERVED +CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/perso ...) + TODO: check CVE-2021-3539 RESERVED CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from commit ...) @@ -6912,8 +6948,8 @@ CVE-2021-31820 RESERVED CVE-2021-31819 RESERVED -CVE-2021-31818 - RESERVED +CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL ...) + TODO: check CVE-2021-31817 RESERVED CVE-2021-31816 @@ -7676,8 +7712,8 @@ CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard comp NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/4 NOTE: In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly NOTE: cookie, introducing the specific CVE-2021-3509 issue. -CVE-2021-31521 - RESERVED +CVE-2021-31521 (Trend Micro InterScan Web Security Virtual Appliance version 6.5 was f ...) + TODO: check CVE-2021-31520 (A weak session token authentication bypass vulnerability in Trend Micr ...) NOT-FOR-US: Trend Micro CVE-2021-31519 (An incorrect permission vulnerability in the product installer folders ...) @@ -12026,8 +12062,8 @@ CVE-2021-29708 (IBM Spectrum Scale 5.1.0.1 could allow a local with access to th NOT-FOR-US: IBM CVE-2021-29707 RESERVED -CVE-2021-29706 - RESERVED +CVE-2021-29706 (IBM AIX 7.1 could allow a non-privileged local user to exploit a vulne ...) + TODO: check CVE-2021-29705 RESERVED CVE-2021-29704 @@ -15722,6 +15758,7 @@ CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earl NOTE: https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/ NOTE: Only affects the EL reference implementation which isn't built into the binary packages CVE-2021-28169 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...) + {DLA-2688-1} - jetty9 <unfixed> (bug #989999) - jetty8 <removed> - jetty <removed> @@ -25590,7 +25627,7 @@ CVE-2021-24039 RESERVED CVE-2021-24038 RESERVED -CVE-2021-24037 +CVE-2021-24037 (A use after free in hermes, while emitting certain error messages, pri ...) NOT-FOR-US: Facebook Hermes CVE-2021-24036 RESERVED @@ -27130,8 +27167,8 @@ CVE-2021-23398 RESERVED CVE-2021-23397 RESERVED -CVE-2021-23396 - RESERVED +CVE-2021-23396 (All versions of package lutils are vulnerable to Prototype Pollution v ...) + TODO: check CVE-2021-23395 (This affects all versions of package nedb. The library could be tricke ...) TODO: check CVE-2021-23394 (The package studio-42/elfinder before 2.1.58 are vulnerable to Remote ...) @@ -30702,8 +30739,8 @@ CVE-2021-21779 RESERVED CVE-2021-21778 RESERVED -CVE-2021-21777 - RESERVED +CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/IP UDP ...) + TODO: check CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...) NOT-FOR-US: ImageGear CVE-2021-21775 @@ -37061,8 +37098,8 @@ CVE-2020-35375 RESERVED CVE-2020-35374 RESERVED -CVE-2020-35373 - RESERVED +CVE-2020-35373 (In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated ...) + TODO: check CVE-2020-35372 RESERVED CVE-2020-35371 @@ -40057,7 +40094,7 @@ CVE-2020-29447 (Affected versions of Atlassian Crucible allow remote attackers t NOT-FOR-US: Atlassian CVE-2020-29446 (Affected versions of Atlassian Fisheye & Crucible allow remote att ...) NOT-FOR-US: Atlassian -CVE-2020-29445 (Affected versions of Confluence Server before 7.11.0 allow attackers t ...) +CVE-2020-29445 (Affected versions of Confluence Server before 7.4.8, and versions from ...) NOT-FOR-US: Atlassian CVE-2020-29444 (Affected versions of Team Calendar in Confluence Server before 7.11.0 ...) NOT-FOR-US: Atlassian @@ -47420,8 +47457,8 @@ CVE-2021-0145 RESERVED CVE-2021-0144 RESERVED -CVE-2021-0143 - RESERVED +CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand Verificat ...) + TODO: check CVE-2021-0142 RESERVED CVE-2021-0141 @@ -47542,7 +47579,7 @@ CVE-2021-0088 RESERVED CVE-2021-0087 RESERVED -CVE-2021-0086 (Improper permissions in the installer for the Intel(R) Brand Verificat ...) +CVE-2021-0086 (Observable response discrepancy in floating-point operations for some ...) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314"). @@ -53162,8 +53199,8 @@ CVE-2020-25416 RESERVED CVE-2020-25415 RESERVED -CVE-2020-25414 - RESERVED +CVE-2020-25414 (A local file inclusion vulnerability was discovered in the captcha fun ...) + TODO: check CVE-2020-25413 RESERVED CVE-2020-25412 (com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write ...) @@ -66147,8 +66184,8 @@ CVE-2020-19204 RESERVED CVE-2020-19203 RESERVED -CVE-2020-19202 - RESERVED +CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...) + TODO: check CVE-2020-19201 RESERVED CVE-2020-19200 @@ -190362,7 +190399,7 @@ CVE-2018-13033 (The Binary File Descriptor (BFD) library (aka libbfd), as distri NOTE: binutils not covered by security support CVE-2018-13032 (ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser a ...) NOT-FOR-US: ECESSA ShieldLink -CVE-2018-13031 (DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an admi ...) +CVE-2018-13031 (DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to ...) NOT-FOR-US: DamiCMS CVE-2018-13030 (An issue was discovered in jpeg-compressor 0.1. The build_huffman func ...) NOT-FOR-US: jpeg-compressor View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/091647824525db75ebde1cad6060b3827fbeaf86 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/091647824525db75ebde1cad6060b3827fbeaf86 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits