[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 29 Apr 2021 01:11:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9b64a27e by security tracker role at 2021-04-29T08:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header 
upon a  ...)
+       TODO: check
+CVE-2021-31878
+       RESERVED
+CVE-2021-31877
+       RESERVED
+CVE-2021-31876
+       RESERVED
+CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously 
formed JSO ...)
+       TODO: check
+CVE-2021-31874
+       RESERVED
+CVE-2021-31873
+       RESERVED
+CVE-2021-31872
+       RESERVED
+CVE-2021-31871
+       RESERVED
+CVE-2021-31870
+       RESERVED
+CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 
sometimes choos ...)
+       TODO: check
 CVE-2021-3521
        RESERVED
 CVE-2021-3520 [memory corruption due to an integer overflow bug caused by 
memmove argument]
@@ -282,8 +304,8 @@ CVE-2020-13672 [SA-CORE-2021-002]
        {DLA-2637-1}
        - drupal7 <removed>
        NOTE: https://www.drupal.org/sa-core-2021-002
-CVE-2021-31776
-       RESERVED
+CVE-2021-31776 (Aviatrix VPN Client before 2.14.14 on Windows has an unquoted 
search p ...)
+       TODO: check
 CVE-2021-31775
        RESERVED
 CVE-2021-31774
@@ -2652,6 +2674,8 @@ CVE-2021-XXXX [out of bounds reads in ASF demuxer]
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f
 (master)
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29
 (1.18.4)
 CVE-2021-3522 [invalid reads during ID3v2 tag parsing]
+       RESERVED
+       {DSA-4903-1 DLA-2641-1}
        - gst-plugins-base1.0 1.18.4-2
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee
 (master)
@@ -5344,8 +5368,8 @@ CVE-2021-29485
        RESERVED
 CVE-2021-29484
        RESERVED
-CVE-2021-29483
-       RESERVED
+CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The 
'wikiconfig'  ...)
+       TODO: check
 CVE-2021-29482 (xz is a compression and decompression library focusing on the 
xz forma ...)
        - golang-github-ulikunitz-xz <unfixed>
        NOTE: 
https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
@@ -15637,16 +15661,13 @@ CVE-2021-25218
        RESERVED
 CVE-2021-25217
        RESERVED
-CVE-2021-25216 [A second vulnerability in BIND's GSSAPI security policy 
negotiation can be targeted by a buffer overflow attack]
-       RESERVED
+CVE-2021-25216 (In BIND 9.5.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and 
versions BIND 9 ...)
        - bind9 <unfixed> (bug #987743)
        NOTE: https://kb.isc.org/docs/cve-2021-25216
-CVE-2021-25215 [An assertion check can fail while answering queries for DNAME 
records that require the DNAME to be processed to resolve itself]
-       RESERVED
+CVE-2021-25215 (In BIND 9.0.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and 
versions BIND 9 ...)
        - bind9 <unfixed> (bug #987742)
        NOTE: https://kb.isc.org/docs/cve-2021-25215
-CVE-2021-25214 [A broken inbound incremental zone update (IXFR) can cause 
named to terminate unexpectedly]
-       RESERVED
+CVE-2021-25214 (In BIND 9.8.5 -&gt; 9.8.8, 9.9.3 -&gt; 9.11.29, 9.12.0 -&gt; 
9.16.13,  ...)
        - bind9 <unfixed> (bug #987741)
        NOTE: https://kb.isc.org/docs/cve-2021-25214
 CVE-2021-25213
@@ -15778,10 +15799,10 @@ CVE-2021-25167
        RESERVED
 CVE-2021-25166
        RESERVED
-CVE-2021-25165
-       RESERVED
-CVE-2021-25164
-       RESERVED
+CVE-2021-25165 (A remote XML external entity vulnerability was discovered in 
Aruba Air ...)
+       TODO: check
+CVE-2021-25164 (A remote XML external entity vulnerability was discovered in 
Aruba Air ...)
+       TODO: check
 CVE-2021-25163
        RESERVED
 CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was 
discovered  ...)
@@ -15804,8 +15825,8 @@ CVE-2021-25154 (A remote escalation of privilege 
vulnerability was discovered in
        NOT-FOR-US: Aruba
 CVE-2021-25153 (A remote SQL injection vulnerability was discovered in Aruba 
AirWave M ...)
        NOT-FOR-US: Aruba
-CVE-2021-25152
-       RESERVED
+CVE-2021-25152 (A remote insecure deserialization vulnerability was discovered 
in Arub ...)
+       TODO: check
 CVE-2021-25151 (A remote insecure deserialization vulnerability was discovered 
in Arub ...)
        NOT-FOR-US: Aruba
 CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was 
discovered  ...)
@@ -25138,8 +25159,8 @@ CVE-2021-21416 (django-registration is a user 
registration package for Django. T
        NOTE: 
https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c
 CVE-2021-21415
        RESERVED
-CVE-2021-21414
-       RESERVED
+CVE-2021-21414 (Prisma is an open source ORM for Node.js &amp; TypeScript. As 
of today ...)
+       TODO: check
 CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to 
v8's Iso ...)
        NOT-FOR-US: Node isolated-vm
 CVE-2021-21412 (Potential for arbitrary code execution in npm package 
@thi.ng/egf `#gp ...)
@@ -25198,8 +25219,8 @@ CVE-2021-21393 (Synapse is a Matrix reference 
homeserver written in python (pypi
 CVE-2021-21392 (Synapse is a Matrix reference homeserver written in python 
(pypi packa ...)
        - matrix-synapse 1.28.0-1
        NOTE: 
https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
-CVE-2021-21391
-       RESERVED
+CVE-2021-21391 (CKEditor 5 provides a WYSIWYG editing solution. This CVE 
affects the f ...)
+       TODO: check
 CVE-2021-21390 (MinIO is an open-source high performance object storage 
service and it ...)
        NOT-FOR-US: MinIO
 CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a 
community sit ...)
@@ -30372,8 +30393,8 @@ CVE-2021-2323
        RESERVED
 CVE-2021-2322
        RESERVED
-CVE-2021-2321
-       RESERVED
+CVE-2021-2321 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
+       TODO: check
 CVE-2021-2320 (Vulnerability in the Oracle Cloud Infrastructure Storage 
Gateway produ ...)
        NOT-FOR-US: Oracle
 CVE-2021-2319 (Vulnerability in the Oracle Cloud Infrastructure Storage 
Gateway produ ...)
@@ -51005,26 +51026,26 @@ CVE-2020-22792
        RESERVED
 CVE-2020-22791
        RESERVED
-CVE-2020-22790
-       RESERVED
-CVE-2020-22789
-       RESERVED
+CVE-2020-22790 (Authenticated Stored XSS in FME Server versions 2019.2 and 
2020.0 Beta ...)
+       TODO: check
+CVE-2020-22789 (Unauthenticated Stored XSS in FME Server versions 2019.2 and 
2020.0 Be ...)
+       TODO: check
 CVE-2020-22788
        RESERVED
 CVE-2020-22787
        RESERVED
 CVE-2020-22786
        RESERVED
-CVE-2020-22785
-       RESERVED
-CVE-2020-22784
-       RESERVED
-CVE-2020-22783
-       RESERVED
-CVE-2020-22782
-       RESERVED
-CVE-2020-22781
-       RESERVED
+CVE-2020-22785 (Etherpad &lt; 1.8.3 is affected by a missing lock check which 
could ca ...)
+       TODO: check
+CVE-2020-22784 (In Etherpad UeberDB &lt; 0.4.4, due to MySQL omitting trailing 
spaces  ...)
+       TODO: check
+CVE-2020-22783 (Etherpad &lt;1.8.3 stored passwords used by users insecurely 
in the da ...)
+       TODO: check
+CVE-2020-22782 (Etherpad &lt; 1.8.3 is affected by a denial of service in the 
import f ...)
+       TODO: check
+CVE-2020-22781 (In Etherpad &lt; 1.8.3, a specially crafted URI would raise an 
unhandl ...)
+       TODO: check
 CVE-2020-22780
        RESERVED
 CVE-2020-22779
@@ -90033,10 +90054,10 @@ CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 
4.1.0, as used in QEMU 4.2.0, m
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
        NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as 
fixed.
        NOTE: 
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vjwg-42w7-w64h
-CVE-2020-7038
-       RESERVED
-CVE-2020-7037
-       RESERVED
+CVE-2020-7038 (A vulnerability was discovered in Management component of Avaya 
Equino ...)
+       TODO: check
+CVE-2020-7037 (An XML External Entities (XXE) vulnerability in Media Server 
component ...)
+       TODO: check
 CVE-2020-7036 (An XML External Entities (XXE)vulnerability in Callback Assist 
could a ...)
        NOT-FOR-US: Callback Assist
 CVE-2020-7035 (An XML External Entities (XXE)vulnerability in the web-based 
user inte ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b64a27ef7042804c834674f569033430a33c4e9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b64a27ef7042804c834674f569033430a33c4e9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to