[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 27 Apr 2021 01:10:36 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
18766e3a by security tracker role at 2021-04-27T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2021-31829
+       RESERVED
+CVE-2021-31828
+       RESERVED
+CVE-2021-31827
+       RESERVED
+CVE-2021-31825
+       RESERVED
+CVE-2021-31824
+       RESERVED
+CVE-2021-31823
+       RESERVED
+CVE-2021-31822
+       RESERVED
+CVE-2021-31821
+       RESERVED
+CVE-2021-31820
+       RESERVED
+CVE-2021-31819
+       RESERVED
+CVE-2021-31818
+       RESERVED
+CVE-2021-31817
+       RESERVED
+CVE-2021-31816
+       RESERVED
+CVE-2019-25042 (Unbound before 1.9.5 allows an out-of-bounds write via a 
compressed na ...)
+       TODO: check
+CVE-2019-25041 (Unbound before 1.9.5 allows an assertion failure via a 
compressed name ...)
+       TODO: check
+CVE-2019-25040 (Unbound before 1.9.5 allows an infinite loop via a compressed 
name in  ...)
+       TODO: check
+CVE-2019-25039 (Unbound before 1.9.5 allows an integer overflow in a size 
calculation  ...)
+       TODO: check
+CVE-2019-25038 (Unbound before 1.9.5 allows an integer overflow in a size 
calculation  ...)
+       TODO: check
+CVE-2019-25037 (Unbound before 1.9.5 allows an assertion failure and denial of 
service ...)
+       TODO: check
+CVE-2019-25036 (Unbound before 1.9.5 allows an assertion failure and denial of 
service ...)
+       TODO: check
+CVE-2019-25035 (Unbound before 1.9.5 allows an out-of-bounds write in 
sldns_bget_token ...)
+       TODO: check
+CVE-2019-25034 (Unbound before 1.9.5 allows an integer overflow in 
sldns_str2wire_dnam ...)
+       TODO: check
+CVE-2019-25033 (Unbound before 1.9.5 allows an integer overflow in the 
regional alloca ...)
+       TODO: check
+CVE-2019-25032 (Unbound before 1.9.5 allows an integer overflow in the 
regional alloca ...)
+       TODO: check
+CVE-2019-25031 (Unbound before 1.9.5 allows configuration injection in 
create_unbound_ ...)
+       TODO: check
 CVE-2021-3513
        NOT-FOR-US: Keycloak
 CVE-2021-31815
@@ -25,7 +75,7 @@ CVE-2021-31805
 CVE-2020-36325 (An issue was discovered in Jansson through 2.13.1. Due to a 
parsing er ...)
        - jansson <unfixed>
        NOTE: https://github.com/akheron/jansson/issues/548
-CVE-2021-31826 [Session recovery feature contains a null pointer deference]
+CVE-2021-31826 (Shibboleth Service Provider 3.x before 3.2.2 is prone to a 
NULL pointe ...)
        - shibboleth-sp <unfixed> (bug #987608)
        NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt
        NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927
@@ -306,8 +356,8 @@ CVE-2021-31673
        RESERVED
 CVE-2021-31672
        RESERVED
-CVE-2021-31671
-       RESERVED
+CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of 
sensitive ...)
+       TODO: check
 CVE-2021-31670
        RESERVED
 CVE-2021-31669
@@ -2525,8 +2575,8 @@ CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the 
blog title, Tagline, or De
        NOT-FOR-US: htmly
 CVE-2021-30636
        RESERVED
-CVE-2021-30635
-       RESERVED
+CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a 
remote at ...)
+       TODO: check
 CVE-2021-30634
        RESERVED
 CVE-2021-30633
@@ -3562,8 +3612,8 @@ CVE-2021-30167
        RESERVED
 CVE-2021-30166
        RESERVED
-CVE-2021-30165
-       RESERVED
+CVE-2021-30165 (The default administrator account &amp; password of the EDIMAX 
wireles ...)
+       TODO: check
 CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers 
to bypass ...)
        - redmine <unfixed> (bug #986800)
 CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers 
to discov ...)
@@ -5170,8 +5220,8 @@ CVE-2021-29476
        RESERVED
 CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source 
collaborative ma ...)
        NOT-FOR-US: HedgeDoc
-CVE-2021-29474
-       RESERVED
+CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source 
collaborative ma ...)
+       TODO: check
 CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, 
write, dele ...)
        - exiv2 <unfixed>
        NOTE: 
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
@@ -26835,10 +26885,10 @@ CVE-2021-20717
        RESERVED
 CVE-2021-20716
        RESERVED
-CVE-2021-20715
-       RESERVED
-CVE-2021-20714
-       RESERVED
+CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet 
App for An ...)
+       TODO: check
+CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions 
prior t ...)
+       TODO: check
 CVE-2021-20713
        RESERVED
 CVE-2021-20712 (Improper access control vulnerability in NEC Aterm WG2600HS 
firmware V ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18766e3a1e56123581ebdfb333fca657dc8910e8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18766e3a1e56123581ebdfb333fca657dc8910e8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to