Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a6d20bc by Moritz Muehlenhoff at 2021-08-20T21:15:48+02:00
zint confirmed n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -145,11 +145,10 @@ CVE-2021-39249 (Invision Community (aka IPS Community
Suite or IP-Board) before
CVE-2021-39248 (Open edX through Lilac.1 allows XSS in
common/static/common/js/discuss ...)
NOT-FOR-US: Open edX
CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer
over-read, ...)
- - zint <unfixed>
- [bullseye] - zint <no-dsa> (Minor issue)
+ - zint <not-affected> (Introduced and fixed between 2.9.1 and 2.10.0)
NOTE:
https://sourceforge.net/p/zint/code/ci/9b02cd52214e80f945bff41fc94bc1e17e15810c/
NOTE: https://sourceforge.net/p/zint/tickets/232/
- TODO: check, supsect the issue has only been introduced upstream with
6274140c73aa39c42271644ef8c9b4551ca06fc2 (but need confirmation)
+ NOTE: Introduced in
https://sourceforge.net/p/zint/code/ci/6274140c73aa39c42271644ef8c9b4551ca06fc2/
CVE-2021-39246
RESERVED
CVE-2021-3716 [NBD_OPT_STRUCTURED_REPLY injection on STARTTLS]
@@ -401,7 +400,7 @@ CVE-2021-39140
CVE-2021-39139
RESERVED
CVE-2021-39138 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2021-39137
RESERVED
CVE-2021-39136
@@ -415,7 +414,7 @@ CVE-2021-39133
CVE-2021-39132
RESERVED
CVE-2021-39131 (ced detects character encoding using Google’s
compact_enc_det li ...)
- TODO: check
+ NOT-FOR-US: Node ced
CVE-2021-39130
RESERVED
CVE-2021-39129
@@ -4618,7 +4617,7 @@ CVE-2021-37224
CVE-2021-37223
RESERVED
CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow
remote at ...)
- TODO: check
+ NOT-FOR-US: RCDCAP
CVE-2021-37221
RESERVED
CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the
cached col ...)
@@ -7015,7 +7014,7 @@ CVE-2021-36161
CVE-2021-36160
RESERVED
CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and
other prod ...)
- TODO: check
+ NOT-FOR-US: libfetch
CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine
Linux, RDP s ...)
- xrdp <not-affected> (xrdp as packaged in Alpine)
CVE-2021-36157 (An issue was discovered in Grafana Cortex through 1.9.0. The
header va ...)
@@ -10254,7 +10253,7 @@ CVE-2021-34747
CVE-2021-34746
RESERVED
CVE-2021-34745 (A vulnerability in the AppDynamics .NET Agent for Windows
could allow ...)
- TODO: check
+ NOT-FOR-US: .NET Agent for Windows
CVE-2021-34744
RESERVED
CVE-2021-34743
@@ -14752,17 +14751,17 @@ CVE-2021-32832
CVE-2021-32831
RESERVED
CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The
locateFont ...)
- TODO: check
+ NOT-FOR-US: Node @diez/generation
CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service)
software aimin ...)
- TODO: check
+ NOT-FOR-US: ZStack
CVE-2021-32828
RESERVED
CVE-2021-32827 (MockServer is open source software which enables easy mocking
of any s ...)
- TODO: check
+ NOT-FOR-US: MockServer
CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being
able to ...)
- TODO: check
+ NOT-FOR-US: Proxyee-Down
CVE-2021-32825 (bblfshd is an open source self-hosted server for source code
parsing. ...)
- TODO: check
+ NOT-FOR-US: bblfshd
CVE-2021-32824
RESERVED
CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a
potential deni ...)
@@ -14774,7 +14773,7 @@ CVE-2021-32823 (In the bindata RubyGem before version
2.4.10 there is a potentia
NOTE:
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency
NOTE:
https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18-
CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for
Handlebars. ...)
- TODO: check
+ NOT-FOR-US: Node hbs
CVE-2021-32821
RESERVED
CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express.
Express-ha ...)
@@ -24511,7 +24510,7 @@ CVE-2021-29058
CVE-2021-29057
RESERVED
CVE-2021-29056 (Cross Site Scripting (XSS) vulnerability exists in Pixelimity
1.0 via ...)
- TODO: check
+ NOT-FOR-US: Pixelimity
CVE-2021-29055
RESERVED
CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request
Forgery (CS ...)
@@ -36502,7 +36501,7 @@ CVE-2021-24040
CVE-2021-24039
RESERVED
CVE-2021-24038 (Due to a bug with management of handles in
OVRServiceLauncher.exe, an ...)
- TODO: check
+ NOT-FOR-US: Oculus Desktop
CVE-2021-24037 (A use after free in hermes, while emitting certain error
messages, pri ...)
NOT-FOR-US: Facebook Hermes
CVE-2021-24036 (Passing an attacker controlled size when creating an IOBuf
could cause ...)
@@ -37976,19 +37975,19 @@ CVE-2021-23427
CVE-2021-23426
RESERVED
CVE-2021-23425 (All versions of package trim-off-newlines are vulnerable to
Regular Ex ...)
- TODO: check
+ NOT-FOR-US: Node trim-off-newlines
CVE-2021-23424 (This affects all versions of package ansi-html. If an attacker
provide ...)
- TODO: check
+ NOT-FOR-US: Node ansi-html
CVE-2021-23423 (This affects the package bikeshed before 3.0.0. This can occur
when an ...)
- TODO: check
+ NOT-FOR-US: Bikeshed
CVE-2021-23422 (This affects the package bikeshed before 3.0.0. This can occur
when an ...)
- TODO: check
+ NOT-FOR-US: Bikeshed
CVE-2021-23421 (All versions of package merge-change are vulnerable to
Prototype Pollu ...)
- TODO: check
+ NOT-FOR-US: Node merge-change
CVE-2021-23420 (This affects the package codeception/codeception from 4.0.0
and before ...)
- TODO: check
+ NOT-FOR-US: codeception
CVE-2021-23419 (This affects the package open-graph before 0.2.6. The function
parse c ...)
- TODO: check
+ NOT-FOR-US: Node open-graph
CVE-2021-23418 (The package glances before 3.2.1 are vulnerable to XML
External Entity ...)
- glances <unfixed>
[bullseye] - glances <no-dsa> (Minor issue)
@@ -54274,7 +54273,7 @@ CVE-2020-28596 (A stack-based buffer overflow
vulnerability exists in the Objpar
CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp
load_obj() ...)
NOT-FOR-US: PrusaSlicer
CVE-2020-28594 (A use-after-free vulnerability exists in the
_3MF_Importer::_handle_en ...)
- TODO: check
+ NOT-FOR-US: PrusaSlicer
CVE-2020-28593 (A unauthenticated backdoor exists in the configuration server
function ...)
NOT-FOR-US: Cosori Smart 5.8-Quart Air Fryer CS158-AF
CVE-2020-28592 (A heap-based buffer overflow vulnerability exists in the
configuration ...)
@@ -55954,11 +55953,11 @@ CVE-2021-0630
CVE-2021-0629
RESERVED
CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to
improper inpu ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0627 (In OMA DRM, there is a possible memory corruption due to an
integer ov ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0626 (In ged, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0625
RESERVED
CVE-2021-0624
@@ -56379,17 +56378,17 @@ CVE-2021-0422
CVE-2021-0421
RESERVED
CVE-2021-0420 (In memory management driver, there is a possible system crash
due to a ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0419 (In memory management driver, there is a possible system crash
due to i ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0418 (In memory management driver, there is a possible system crash
due to i ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0417 (In memory management driver, there is a possible system crash
due to i ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0416 (In memory management driver, there is a possible system crash
due to i ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0415 (In memory management driver, there is a possible information
disclosur ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0414
RESERVED
CVE-2021-0413
@@ -56403,9 +56402,9 @@ CVE-2021-0410
CVE-2021-0409
RESERVED
CVE-2021-0408 (In asf extractor, there is a possible out of bounds read due to
an inc ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0407 (In clk driver, there is a possible out of bounds write due to
an incor ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a
missing ...)
NOT-FOR-US: MediaTek
CVE-2021-0405 (In performance driver, there is a possible out of bounds write
due to ...)
@@ -69713,7 +69712,7 @@ CVE-2020-23071
CVE-2020-23070
RESERVED
CVE-2020-23069 (Path Traversal vulneraility exists in webTareas 2.0 via the
extpath pa ...)
- TODO: check
+ NOT-FOR-US: webTareas
CVE-2020-23068
RESERVED
CVE-2020-23067
@@ -78316,7 +78315,7 @@ CVE-2020-18902
CVE-2020-18901
RESERVED
CVE-2020-18900 (A heap-based buffer overflow in the
libexe_io_handle_read_coff_optiona ...)
- TODO: check
+ NOT-FOR-US: libyal
CVE-2020-18899 (An uncontrolled memory allocation in
DataBufdata(subBox.length-sizeof( ...)
- exiv2 0.27.2-6
[buster] - exiv2 <no-dsa> (Minor issue)
@@ -78628,7 +78627,7 @@ CVE-2020-18750 (Buffer overflow in pdf2json 0.69 allows
local users to execute a
CVE-2020-18749
RESERVED
CVE-2020-18748 (Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers
to execu ...)
- TODO: check
+ NOT-FOR-US: Typora
CVE-2020-18747
RESERVED
CVE-2020-18746 (SQL Injection in AiteCMS v1.0 allows remote attackers to
execute arbit ...)
@@ -78716,19 +78715,19 @@ CVE-2020-18706
CVE-2020-18705 (XML External Entities (XXE) in Quokka v0.4.0 allows remote
attackers t ...)
NOT-FOR-US: Quokka
CVE-2020-18704 (Unrestricted Upload of File with Dangerous Type in
Django-Widgy v0.8.4 ...)
- TODO: check
+ NOT-FOR-US: Django-Widgy
CVE-2020-18703 (XML External Entities (XXE) in Quokka v0.4.0 allows remote
attackers t ...)
NOT-FOR-US: Quokka
CVE-2020-18702 (Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote
attackers to ...)
NOT-FOR-US: Quokka
CVE-2020-18701 (Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote
attacke ...)
- TODO: check
+ NOT-FOR-US: Lin-CMS-Flask
CVE-2020-18700
RESERVED
CVE-2020-18699 (Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows
remote attac ...)
- TODO: check
+ NOT-FOR-US: Lin-CMS-Flask
CVE-2020-18698 (Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote
attacker ...)
- TODO: check
+ NOT-FOR-US: Lin-CMS-Flask
CVE-2020-18697
RESERVED
CVE-2020-18696
@@ -84707,7 +84706,7 @@ CVE-2020-15957 (An issue was discovered in
DP3T-Backend-SDK before 1.1.1 for Dec
CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42
allows re ...)
NOT-FOR-US: ACTi NVR3 Standard Server
CVE-2020-15955 (In s/qmail through 4.0.07, an active MitM can inject arbitrary
plainte ...)
- TODO: check
+ NOT-FOR-US: s/qmail
CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3
communicati ...)
{DLA-2300-1}
- kdepim-runtime 4:20.04.1-2 (bug #966666)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a6d20bc27b1c19992a006485dc5ccdcc0f47510
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a6d20bc27b1c19992a006485dc5ccdcc0f47510
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
