Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2adedd54 by security tracker role at 2021-04-28T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2021-3519
+ RESERVED
+CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker
to lear ...)
+ TODO: check
+CVE-2021-31865 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before
4.2.1 allow ...)
+ TODO: check
+CVE-2021-31864 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before
4.2.1 allow ...)
+ TODO: check
+CVE-2021-31863 (Insufficient input validation in the Git repository
integration of Red ...)
+ TODO: check
+CVE-2021-31862
+ RESERVED
+CVE-2021-31861
+ RESERVED
+CVE-2021-31860
+ RESERVED
+CVE-2021-31859
+ RESERVED
+CVE-2021-31858
+ RESERVED
+CVE-2021-31857
+ RESERVED
+CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5
Meshery 0.5.2 ...)
+ TODO: check
+CVE-2021-31855
+ RESERVED
+CVE-2021-31854
+ RESERVED
+CVE-2021-31853
+ RESERVED
+CVE-2021-31852
+ RESERVED
+CVE-2021-31851
+ RESERVED
+CVE-2021-31850
+ RESERVED
+CVE-2021-31849
+ RESERVED
+CVE-2021-31848
+ RESERVED
+CVE-2021-31847
+ RESERVED
+CVE-2021-31846
+ RESERVED
+CVE-2021-31845
+ RESERVED
+CVE-2021-31844
+ RESERVED
+CVE-2021-31843
+ RESERVED
+CVE-2021-31842
+ RESERVED
+CVE-2021-31841
+ RESERVED
+CVE-2021-31840
+ RESERVED
+CVE-2021-31839
+ RESERVED
+CVE-2021-31838
+ RESERVED
+CVE-2021-31837
+ RESERVED
+CVE-2021-31836
+ RESERVED
+CVE-2021-31835
+ RESERVED
+CVE-2021-31834
+ RESERVED
+CVE-2021-31833
+ RESERVED
+CVE-2021-31832
+ RESERVED
+CVE-2021-31831
+ RESERVED
+CVE-2021-31830
+ RESERVED
+CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through
Phar Des ...)
+ TODO: check
CVE-2021-3518 [use-after-free in xmlXIncludeDoProcess() in xinclude.c]
RESERVED
- libxml2 <unfixed>
@@ -83,8 +161,8 @@ CVE-2019-25031 (Unbound before 1.9.5 allows configuration
injection in create_un
NOTE:
https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587
CVE-2021-3513
NOT-FOR-US: Keycloak
-CVE-2021-31815
- RESERVED
+CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through
2021-04-27 on A ...)
+ TODO: check
CVE-2021-31814
RESERVED
CVE-2021-31813
@@ -105,7 +183,7 @@ CVE-2021-31806
RESERVED
CVE-2021-31805
RESERVED
-CVE-2020-36325 (An issue was discovered in Jansson through 2.13.1. Due to a
parsing er ...)
+CVE-2020-36325 (** DISPUTED ** An issue was discovered in Jansson through
2.13.1. Due ...)
- jansson <unfixed> (unimportant)
NOTE: https://github.com/akheron/jansson/issues/548
NOTE: Disputed security impact between reporter and upstream
@@ -168,12 +246,12 @@ CVE-2021-31781
RESERVED
CVE-2021-31780 (In app/Model/MispObject.php in MISP 2.4.141, an incorrect
sharing grou ...)
NOT-FOR-US: MISP
-CVE-2021-31779
- RESERVED
-CVE-2021-31778
- RESERVED
-CVE-2021-31777
- RESERVED
+CVE-2021-31779 (The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3
allows ...)
+ TODO: check
+CVE-2021-31778 (The media2click (aka 2 Clicks for External Media) extension
1.x before ...)
+ TODO: check
+CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through
2.6.x be ...)
+ TODO: check
CVE-2019-25030
RESERVED
CVE-2019-25029
@@ -596,10 +674,10 @@ CVE-2021-31574
RESERVED
CVE-2021-31573
RESERVED
-CVE-2021-3512
- RESERVED
-CVE-2021-3511
- RESERVED
+CVE-2021-3512 (Improper access control vulnerability in Buffalo broadband
routers (BH ...)
+ TODO: check
+CVE-2021-3511 (Disclosure of sensitive information to an unauthorized user
vulnerabil ...)
+ TODO: check
CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has
an intege ...)
NOT-FOR-US: Amazon Web Services FreeRTOS kernel
CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has
an intege ...)
@@ -3809,8 +3887,8 @@ CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before
3.0.7 mishandles RSA PKCS
NOTE: https://github.com/phpseclib/phpseclib/pull/1635
CVE-2021-30129
RESERVED
-CVE-2021-30128
- RESERVED
+CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07
version ...)
+ TODO: check
CVE-2021-30127 (TerraMaster F2-210 devices through 2021-04-03 use UPnP to make
the adm ...)
NOT-FOR-US: Terramaster
CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1
allows anyon ...)
@@ -5259,8 +5337,8 @@ CVE-2021-29478
RESERVED
CVE-2021-29477
RESERVED
-CVE-2021-29476
- RESERVED
+CVE-2021-29476 (Requests is a HTTP library written in PHP. Requests mishandles
deseria ...)
+ TODO: check
CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source
collaborative ma ...)
NOT-FOR-US: HedgeDoc
CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source
collaborative ma ...)
@@ -5270,8 +5348,7 @@ CVE-2021-29473 (Exiv2 is a C++ library and a command-line
utility to read, write
[buster] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
NOTE: https://github.com/github/advisory-review/pull/1587
-CVE-2021-29472
- RESERVED
+CVE-2021-29472 (Composer is a dependency manager for PHP. URLs for Mercurial
repositor ...)
- composer 2.0.9-2
NOTE:
https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx
NOTE:
https://github.com/composer/composer/commit/083b73515d1d72bc61c6374440b3f8a37531f8cf
@@ -5309,8 +5386,8 @@ CVE-2021-29462 (The Portable SDK for UPnP Devices is an
SDK for development of U
NOTE: https://www.openwall.com/lists/oss-security/2021/04/20/4
CVE-2021-29461 (### Impact - This issue could be exploited to read internal
files from ...)
NOT-FOR-US: Discord-Recon
-CVE-2021-29460
- RESERVED
+CVE-2021-29460 (Kirby is an open source CMS. An editor with write access to
the Kirby ...)
+ TODO: check
CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
@@ -5360,10 +5437,10 @@ CVE-2021-29444 (jose-browser-runtime is an npm package
which provides a number o
NOT-FOR-US: Node jose-browser-runtime
CVE-2021-29443 (jose is an npm library providing a number of cryptographic
operations. ...)
NOT-FOR-US: Node jose
-CVE-2021-29442
- RESERVED
-CVE-2021-29441
- RESERVED
+CVE-2021-29442 (Nacos is a platform designed for dynamic service discovery and
configu ...)
+ TODO: check
+CVE-2021-29441 (Nacos is a platform designed for dynamic service discovery and
configu ...)
+ TODO: check
CVE-2021-29440 (Grav is a file based Web-platform. Twig processing of static
pages can ...)
NOT-FOR-US: Grav CMS
CVE-2021-29439 (The Grav admin plugin prior to version 1.10.11 does not
correctly veri ...)
@@ -5941,8 +6018,8 @@ CVE-2021-29202
RESERVED
CVE-2021-29201
RESERVED
-CVE-2021-29200
- RESERVED
+CVE-2021-29200 (Apache OFBiz has unsafe deserialization prior to 17.12.07
version An u ...)
+ TODO: check
CVE-2021-29199
RESERVED
CVE-2021-29198
@@ -8890,8 +8967,8 @@ CVE-2021-27935 (An issue was discovered in AdGuard before
0.105.2. An attacker a
NOT-FOR-US: AdGuard
CVE-2021-27934
RESERVED
-CVE-2021-27933
- RESERVED
+CVE-2021-27933 (pfSense 2.5.0 allows XSS via the services_wol_edit.php
Description fie ...)
+ TODO: check
CVE-2021-27932
RESERVED
CVE-2021-27931 (LumisXP (aka Lumis Experience Platform) before 10.0.0 allows
unauthent ...)
@@ -24976,8 +25053,8 @@ CVE-2021-21431 (sopel-channelmgnt is a channelmgnt
plugin for sopel. In versions
NOT-FOR-US: sopel-channelmgnt
CVE-2021-21430
RESERVED
-CVE-2021-21429
- RESERVED
+CVE-2021-21429 (OpenAPI Generator allows generation of API client libraries,
server st ...)
+ TODO: check
CVE-2021-21428
RESERVED
CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento
Community Ed ...)
@@ -25135,8 +25212,8 @@ CVE-2021-21366 (xmldom is a pure JavaScript W3C
standard-based (XML DOM Level 2
[buster] - node-xmldom <no-dsa> (Minor issue)
NOTE:
https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
NOTE:
https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
-CVE-2021-21365
- RESERVED
+CVE-2021-21365 (Bootstrap Package is a theme for TYPO3. It has been discovered
that re ...)
+ TODO: check
CVE-2021-21364 (swagger-codegen is an open-source project which contains a
template-dr ...)
- swagger-codegen <itp> (bug #950318)
CVE-2021-21363 (swagger-codegen is an open-source project which contains a
template-dr ...)
@@ -25545,81 +25622,105 @@ CVE-2021-21227
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21226 (Use after free in navigation in Google Chrome prior to
90.0.4430.85 al ...)
+ {DSA-4906-1}
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21225 (Out of bounds memory access in V8 in Google Chrome prior to
90.0.4430. ...)
+ {DSA-4906-1}
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21224 (Type confusion in V8 in Google Chrome prior to 90.0.4430.85
allowed a ...)
+ {DSA-4906-1}
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21223 (Integer overflow in Mojo in Google Chrome prior to
90.0.4430.85 allowe ...)
+ {DSA-4906-1}
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21222 (Heap buffer overflow in V8 in Google Chrome prior to
90.0.4430.85 allo ...)
+ {DSA-4906-1}
- chromium 90.0.4430.85-1 (bug #987358)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21221 (Insufficient validation of untrusted input in Mojo in Google
Chrome pr ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21220 (Insufficient validation of untrusted input in V8 in Google
Chrome prio ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21219 (Uninitialized data in PDFium in Google Chrome prior to
90.0.4430.72 al ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21218 (Uninitialized data in PDFium in Google Chrome prior to
90.0.4430.72 al ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21217 (Uninitialized data in PDFium in Google Chrome prior to
90.0.4430.72 al ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21216 (Inappropriate implementation in Autofill in Google Chrome
prior to 90. ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21215 (Inappropriate implementation in Autofill in Google Chrome
prior to 90. ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21214 (Use after free in Network API in Google Chrome prior to
90.0.4430.72 a ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21213 (Use after free in WebMIDI in Google Chrome prior to
90.0.4430.72 allow ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21212 (Incorrect security UI in Network Config UI in Google Chrome on
ChromeO ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21211 (Inappropriate implementation in Navigation in Google Chrome on
iOS pri ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21210 (Inappropriate implementation in Network in Google Chrome prior
to 90.0 ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21209 (Inappropriate implementation in storage in Google Chrome prior
to 90.0 ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21208 (Insufficient data validation in QR scanner in Google Chrome on
iOS pri ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21207 (Use after free in IndexedDB in Google Chrome prior to
90.0.4430.72 all ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21206 (Use after free in Blink in Google Chrome prior to
89.0.4389.128 allowe ...)
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21205 (Insufficient policy enforcement in navigation in Google Chrome
on iOS ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21204 (Use after free in Blink in Google Chrome on OS X prior to
90.0.4430.72 ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21203 (Use after free in Blink in Google Chrome prior to 90.0.4430.72
allowed ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21202 (Use after free in extensions in Google Chrome prior to
90.0.4430.72 al ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21201 (Use after free in permissions in Google Chrome prior to
90.0.4430.72 a ...)
+ {DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21200
@@ -26944,8 +27045,8 @@ CVE-2021-20718
RESERVED
CVE-2021-20717
RESERVED
-CVE-2021-20716
- RESERVED
+CVE-2021-20716 (Hidden functionality in multiple Buffalo network devices
(BHR-4RV firm ...)
+ TODO: check
CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet
App for An ...)
NOT-FOR-US: Hot Pepper Gourmet App
CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions
prior t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2adedd54e678fea47a211549ec511b03def1883b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2adedd54e678fea47a211549ec511b03def1883b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
