Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8a6d20bc by Moritz Muehlenhoff at 2021-08-20T21:15:48+02:00 zint confirmed n/a NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -145,11 +145,10 @@ CVE-2021-39249 (Invision Community (aka IPS Community Suite or IP-Board) before CVE-2021-39248 (Open edX through Lilac.1 allows XSS in common/static/common/js/discuss ...) NOT-FOR-US: Open edX CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, ...) - - zint <unfixed> - [bullseye] - zint <no-dsa> (Minor issue) + - zint <not-affected> (Introduced and fixed between 2.9.1 and 2.10.0) NOTE: https://sourceforge.net/p/zint/code/ci/9b02cd52214e80f945bff41fc94bc1e17e15810c/ NOTE: https://sourceforge.net/p/zint/tickets/232/ - TODO: check, supsect the issue has only been introduced upstream with 6274140c73aa39c42271644ef8c9b4551ca06fc2 (but need confirmation) + NOTE: Introduced in https://sourceforge.net/p/zint/code/ci/6274140c73aa39c42271644ef8c9b4551ca06fc2/ CVE-2021-39246 RESERVED CVE-2021-3716 [NBD_OPT_STRUCTURED_REPLY injection on STARTTLS] @@ -401,7 +400,7 @@ CVE-2021-39140 CVE-2021-39139 RESERVED CVE-2021-39138 (Parse Server is an open source backend that can be deployed to any inf ...) - TODO: check + NOT-FOR-US: Parse Server CVE-2021-39137 RESERVED CVE-2021-39136 @@ -415,7 +414,7 @@ CVE-2021-39133 CVE-2021-39132 RESERVED CVE-2021-39131 (ced detects character encoding using Google’s compact_enc_det li ...) - TODO: check + NOT-FOR-US: Node ced CVE-2021-39130 RESERVED CVE-2021-39129 @@ -4618,7 +4617,7 @@ CVE-2021-37224 CVE-2021-37223 RESERVED CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow remote at ...) - TODO: check + NOT-FOR-US: RCDCAP CVE-2021-37221 RESERVED CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...) @@ -7015,7 +7014,7 @@ CVE-2021-36161 CVE-2021-36160 RESERVED CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...) - TODO: check + NOT-FOR-US: libfetch CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...) - xrdp <not-affected> (xrdp as packaged in Alpine) CVE-2021-36157 (An issue was discovered in Grafana Cortex through 1.9.0. The header va ...) @@ -10254,7 +10253,7 @@ CVE-2021-34747 CVE-2021-34746 RESERVED CVE-2021-34745 (A vulnerability in the AppDynamics .NET Agent for Windows could allow ...) - TODO: check + NOT-FOR-US: .NET Agent for Windows CVE-2021-34744 RESERVED CVE-2021-34743 @@ -14752,17 +14751,17 @@ CVE-2021-32832 CVE-2021-32831 RESERVED CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont ...) - TODO: check + NOT-FOR-US: Node @diez/generation CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...) - TODO: check + NOT-FOR-US: ZStack CVE-2021-32828 RESERVED CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...) - TODO: check + NOT-FOR-US: MockServer CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being able to ...) - TODO: check + NOT-FOR-US: Proxyee-Down CVE-2021-32825 (bblfshd is an open source self-hosted server for source code parsing. ...) - TODO: check + NOT-FOR-US: bblfshd CVE-2021-32824 RESERVED CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...) @@ -14774,7 +14773,7 @@ CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potentia NOTE: https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency NOTE: https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18- CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handlebars. ...) - TODO: check + NOT-FOR-US: Node hbs CVE-2021-32821 RESERVED CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...) @@ -24511,7 +24510,7 @@ CVE-2021-29058 CVE-2021-29057 RESERVED CVE-2021-29056 (Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via ...) - TODO: check + NOT-FOR-US: Pixelimity CVE-2021-29055 RESERVED CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...) @@ -36502,7 +36501,7 @@ CVE-2021-24040 CVE-2021-24039 RESERVED CVE-2021-24038 (Due to a bug with management of handles in OVRServiceLauncher.exe, an ...) - TODO: check + NOT-FOR-US: Oculus Desktop CVE-2021-24037 (A use after free in hermes, while emitting certain error messages, pri ...) NOT-FOR-US: Facebook Hermes CVE-2021-24036 (Passing an attacker controlled size when creating an IOBuf could cause ...) @@ -37976,19 +37975,19 @@ CVE-2021-23427 CVE-2021-23426 RESERVED CVE-2021-23425 (All versions of package trim-off-newlines are vulnerable to Regular Ex ...) - TODO: check + NOT-FOR-US: Node trim-off-newlines CVE-2021-23424 (This affects all versions of package ansi-html. If an attacker provide ...) - TODO: check + NOT-FOR-US: Node ansi-html CVE-2021-23423 (This affects the package bikeshed before 3.0.0. This can occur when an ...) - TODO: check + NOT-FOR-US: Bikeshed CVE-2021-23422 (This affects the package bikeshed before 3.0.0. This can occur when an ...) - TODO: check + NOT-FOR-US: Bikeshed CVE-2021-23421 (All versions of package merge-change are vulnerable to Prototype Pollu ...) - TODO: check + NOT-FOR-US: Node merge-change CVE-2021-23420 (This affects the package codeception/codeception from 4.0.0 and before ...) - TODO: check + NOT-FOR-US: codeception CVE-2021-23419 (This affects the package open-graph before 0.2.6. The function parse c ...) - TODO: check + NOT-FOR-US: Node open-graph CVE-2021-23418 (The package glances before 3.2.1 are vulnerable to XML External Entity ...) - glances <unfixed> [bullseye] - glances <no-dsa> (Minor issue) @@ -54274,7 +54273,7 @@ CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objpar CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() ...) NOT-FOR-US: PrusaSlicer CVE-2020-28594 (A use-after-free vulnerability exists in the _3MF_Importer::_handle_en ...) - TODO: check + NOT-FOR-US: PrusaSlicer CVE-2020-28593 (A unauthenticated backdoor exists in the configuration server function ...) NOT-FOR-US: Cosori Smart 5.8-Quart Air Fryer CS158-AF CVE-2020-28592 (A heap-based buffer overflow vulnerability exists in the configuration ...) @@ -55954,11 +55953,11 @@ CVE-2021-0630 CVE-2021-0629 RESERVED CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to improper inpu ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2021-0627 (In OMA DRM, there is a possible memory corruption due to an integer ov ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2021-0626 (In ged, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2021-0625 RESERVED CVE-2021-0624 @@ -56379,17 +56378,17 @@ CVE-2021-0422 CVE-2021-0421 RESERVED CVE-2021-0420 (In memory management driver, there is a possible system crash due to a ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2021-0419 (In memory management driver, there is a possible system crash due to i ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2021-0418 (In memory management driver, there is a possible system crash due to i ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2021-0417 (In memory management driver, there is a possible system crash due to i ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2021-0416 (In memory management driver, there is a possible system crash due to i ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2021-0415 (In memory management driver, there is a possible information disclosur ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2021-0414 RESERVED CVE-2021-0413 @@ -56403,9 +56402,9 @@ CVE-2021-0410 CVE-2021-0409 RESERVED CVE-2021-0408 (In asf extractor, there is a possible out of bounds read due to an inc ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2021-0407 (In clk driver, there is a possible out of bounds write due to an incor ...) - TODO: check + NOT-FOR-US: Mediatek CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2021-0405 (In performance driver, there is a possible out of bounds write due to ...) @@ -69713,7 +69712,7 @@ CVE-2020-23071 CVE-2020-23070 RESERVED CVE-2020-23069 (Path Traversal vulneraility exists in webTareas 2.0 via the extpath pa ...) - TODO: check + NOT-FOR-US: webTareas CVE-2020-23068 RESERVED CVE-2020-23067 @@ -78316,7 +78315,7 @@ CVE-2020-18902 CVE-2020-18901 RESERVED CVE-2020-18900 (A heap-based buffer overflow in the libexe_io_handle_read_coff_optiona ...) - TODO: check + NOT-FOR-US: libyal CVE-2020-18899 (An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof( ...) - exiv2 0.27.2-6 [buster] - exiv2 <no-dsa> (Minor issue) @@ -78628,7 +78627,7 @@ CVE-2020-18750 (Buffer overflow in pdf2json 0.69 allows local users to execute a CVE-2020-18749 RESERVED CVE-2020-18748 (Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execu ...) - TODO: check + NOT-FOR-US: Typora CVE-2020-18747 RESERVED CVE-2020-18746 (SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbit ...) @@ -78716,19 +78715,19 @@ CVE-2020-18706 CVE-2020-18705 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...) NOT-FOR-US: Quokka CVE-2020-18704 (Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 ...) - TODO: check + NOT-FOR-US: Django-Widgy CVE-2020-18703 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...) NOT-FOR-US: Quokka CVE-2020-18702 (Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to ...) NOT-FOR-US: Quokka CVE-2020-18701 (Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attacke ...) - TODO: check + NOT-FOR-US: Lin-CMS-Flask CVE-2020-18700 RESERVED CVE-2020-18699 (Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attac ...) - TODO: check + NOT-FOR-US: Lin-CMS-Flask CVE-2020-18698 (Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attacker ...) - TODO: check + NOT-FOR-US: Lin-CMS-Flask CVE-2020-18697 RESERVED CVE-2020-18696 @@ -84707,7 +84706,7 @@ CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Dec CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...) NOT-FOR-US: ACTi NVR3 Standard Server CVE-2020-15955 (In s/qmail through 4.0.07, an active MitM can inject arbitrary plainte ...) - TODO: check + NOT-FOR-US: s/qmail CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...) {DLA-2300-1} - kdepim-runtime 4:20.04.1-2 (bug #966666) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a6d20bc27b1c19992a006485dc5ccdcc0f47510 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a6d20bc27b1c19992a006485dc5ccdcc0f47510 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits