Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca50966d by security tracker role at 2021-05-21T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2021-3563
+ RESERVED
+CVE-2021-33497
+ RESERVED
+CVE-2021-33496
+ RESERVED
+CVE-2021-33495
+ RESERVED
+CVE-2021-33494
+ RESERVED
+CVE-2021-33493
+ RESERVED
+CVE-2021-33492
+ RESERVED
+CVE-2021-33491
+ RESERVED
+CVE-2021-33490
+ RESERVED
+CVE-2021-33489
+ RESERVED
+CVE-2021-33488
+ RESERVED
+CVE-2021-33487
+ RESERVED
+CVE-2021-33486
+ RESERVED
+CVE-2021-33485
+ RESERVED
CVE-2021-3562
RESERVED
CVE-2021-33484
@@ -1800,10 +1828,10 @@ CVE-2021-32636
RESERVED
CVE-2021-32635
RESERVED
-CVE-2021-32634
- RESERVED
-CVE-2021-32633
- RESERVED
+CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow
framewor ...)
+ TODO: check
+CVE-2021-32633 (Zope is an open-source web application server. In Zope
versions prior ...)
+ TODO: check
CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are
vulnera ...)
TODO: check
CVE-2021-32631
@@ -3216,8 +3244,7 @@ CVE-2021-32027
- postgresql-9.6 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb
(REL_13_3)
-CVE-2018-25014 [heap-based buffer overflow in ReadSymbol()]
- RESERVED
+CVE-2018-25014 (A flaw was found in libwebp in versions before 1.0.1. An
unitialized v ...)
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
CVE-2021-3534
@@ -3609,28 +3636,23 @@ CVE-2021-31870 (An issue was discovered in klibc before
2.0.9. Multiplication in
[stretch] - klibc <no-dsa> (Minor issue; only used in initramfs and not
dealing with untrusted data)
NOTE:
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
-CVE-2020-36332 [extreme memory allocation when reading a file]
- RESERVED
+CVE-2020-36332 (A flaw was found in libwebp in versions before 1.0.1. When
reading a f ...)
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=391
NOTE:
https://chromium.googlesource.com/webm/libwebp/+/39cb9aad85ca7bb1d193013460db1f8cc6bff109
-CVE-2020-36331 [heap-based buffer overflow in ChunkAssignData() in
mux/muxinternal.c]
- RESERVED
+CVE-2020-36331 (A flaw was found in libwebp in versions before 1.0.1. An
out-of-bounds ...)
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=388
NOTE:
https://chromium.googlesource.com/webm/libwebp/+/be738c6d396fa5a272c1b209be4379a7532debfe
-CVE-2020-36330 [heap-based buffer overflow in ChunkVerifyAndAssign() in
mux/muxread.c]
- RESERVED
+CVE-2020-36330 (A flaw was found in libwebp in versions before 1.0.1. An
out-of-bounds ...)
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=386
NOTE:
https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01
-CVE-2020-36329 [use-after-free in EmitFancyRGB() in dec/io_dec.c]
- RESERVED
+CVE-2020-36329 (A flaw was found in libwebp in versions before 1.0.1. A
use-after-free ...)
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=385
NOTE:
https://chromium.googlesource.com/webm/libwebp/+/569001f19fc81fcb5ab358f587a54c62e7c4665c
-CVE-2020-36328 [heap-based buffer overflow in WebPDecode*Into functions]
- RESERVED
+CVE-2020-36328 (A flaw was found in libwebp in versions before 1.0.1. A
heap-based buf ...)
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=383
NOTE:
https://chromium.googlesource.com/webm/libwebp/+/71ed73cf86132394ea25ae9c7ed431e0d71043f5
@@ -3642,7 +3664,7 @@ CVE-2021-3521
RESERVED
CVE-2021-3520 [memory corruption due to an integer overflow bug caused by
memmove argument]
RESERVED
- {DLA-2657-1}
+ {DSA-4919-1 DLA-2657-1}
- lz4 1.9.3-2 (bug #987856)
NOTE: https://github.com/lz4/lz4/pull/972
NOTE: Fixed by:
https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
@@ -4651,12 +4673,12 @@ CVE-2021-31477
RESERVED
CVE-2021-31476
RESERVED
-CVE-2021-31475
- RESERVED
-CVE-2021-31474
- RESERVED
-CVE-2021-31473
- RESERVED
+CVE-2021-31475 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31474 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31473 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
CVE-2021-31472 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Foxit Reader
CVE-2021-31471 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
@@ -4721,10 +4743,10 @@ CVE-2021-31442 (This vulnerability allows remote
attackers to execute arbitrary
NOT-FOR-US: Foxit Reader
CVE-2021-31441 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Foxit Reader
-CVE-2021-31440
- RESERVED
-CVE-2021-31439
- RESERVED
+CVE-2021-31440 (This vulnerability allows local attackers to escalate
privileges on af ...)
+ TODO: check
+CVE-2021-31439 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
CVE-2021-31438 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Foxit
CVE-2021-31437 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
@@ -6391,27 +6413,22 @@ CVE-2020-36323 (In the standard library in Rust before
1.52.0, there is an optim
CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation
in the L ...)
- linux 5.10.9-1
NOTE:
https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454
-CVE-2018-25013 [heap-based buffer overflow in ShiftBytes()]
- RESERVED
+CVE-2018-25013 (A flaw was found in libwebp in versions before 1.0.1. An
out-of-bounds ...)
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417
NOTE:
https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6
-CVE-2018-25012 [heap-based buffer overflow in GetLE24()]
- RESERVED
+CVE-2018-25012 (A flaw was found in libwebp in versions before 1.0.1. An
out-of-bounds ...)
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
NOTE:
https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
-CVE-2018-25011 [heap-based buffer overflow in PutLE16()]
- RESERVED
+CVE-2018-25011 (A flaw was found in libwebp in versions before 1.0.1. A
heap-based buf ...)
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119
-CVE-2018-25010 [heap-based buffer overflow in ApplyFilter()]
- RESERVED
+CVE-2018-25010 (A flaw was found in libwebp in versions before 1.0.1. An
out-of-bounds ...)
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105
NOTE:
https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63%5E%21/#F0
-CVE-2018-25009 [heap-based buffer overflow in GetLE16()]
- RESERVED
+CVE-2018-25009 (A flaw was found in libwebp in versions before 1.0.1. An
out-of-bounds ...)
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100
NOTE:
https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
@@ -8775,8 +8792,8 @@ CVE-2021-29683 (IBM Security Identity Manager 7.0.2
stores user credentials in p
NOT-FOR-US: IBM
CVE-2021-29682 (IBM Security Identity Manager 7.0.2 could allow a remote
attacker to o ...)
NOT-FOR-US: IBM
-CVE-2021-29681
- RESERVED
+CVE-2021-29681 (IBM InfoSphere Information Server 11.7 could allow an attacker
to obta ...)
+ TODO: check
CVE-2021-29680
RESERVED
CVE-2021-29679
@@ -9553,10 +9570,10 @@ CVE-2021-29417 (gitjacker before 0.1.0 allows remote
attackers to execute arbitr
NOT-FOR-US: gitjacker
CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before
2021.2. Durin ...)
NOT-FOR-US: Burp Suite (different from src:burp)
-CVE-2021-29415
- RESERVED
-CVE-2021-29414
- RESERVED
+CVE-2021-29415 (The elliptic curve cryptography (ECC) hardware accelerator,
part of th ...)
+ TODO: check
+CVE-2021-29414 (STMicroelectronics STM32L4 devices through 2021-03-29 have
incorrect p ...)
+ TODO: check
CVE-2021-29413
RESERVED
CVE-2021-29412
@@ -13350,8 +13367,8 @@ CVE-2021-27813
RESERVED
CVE-2021-27812
RESERVED
-CVE-2021-27811
- RESERVED
+CVE-2021-27811 (A code injection vulnerability has been discovered in the
Upgrade func ...)
+ TODO: check
CVE-2021-27810
RESERVED
CVE-2021-27809
@@ -45248,16 +45265,16 @@ CVE-2020-27214
RESERVED
CVE-2020-27213
RESERVED
-CVE-2020-27212
- RESERVED
-CVE-2020-27211
- RESERVED
+CVE-2020-27212 (STMicroelectronics STM32L4 devices through 2020-10-19 have
incorrect a ...)
+ TODO: check
+CVE-2020-27211 (Nordic Semiconductor nRF52840 devices through 2020-10-19 have
improper ...)
+ TODO: check
CVE-2020-27210
RESERVED
CVE-2020-27209 (The ECDSA operation of the micro-ecc library 1.0 is vulnerable
to simp ...)
TODO: check
-CVE-2020-27208
- RESERVED
+CVE-2020-27208 (The flash read-out protection (RDP) level is not enforced
during the d ...)
+ TODO: check
CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free,
related to sq ...)
NOT-FOR-US: Zetetic SQLCipher
CVE-2020-27206
@@ -53344,14 +53361,14 @@ CVE-2020-23770
RESERVED
CVE-2020-23769
RESERVED
-CVE-2020-23768
- RESERVED
+CVE-2020-23768 (An information disclosure vulnerability was discovered in
alipay_funct ...)
+ TODO: check
CVE-2020-23767
RESERVED
-CVE-2020-23766
- RESERVED
-CVE-2020-23765
- RESERVED
+CVE-2020-23766 (An arbitrary file deletion vulnerability was discovered on
htmly v2.7. ...)
+ TODO: check
+CVE-2020-23765 (A file upload vulnerability was discovered in the file path
/bl-plugin ...)
+ TODO: check
CVE-2020-23764
RESERVED
CVE-2020-23763 (SQL injection in admin.php in Online Book Store 1.0 allows
remote atta ...)
@@ -80109,8 +80126,8 @@ CVE-2020-12062 (** DISPUTED ** The scp client in
OpenSSH 8.2 incorrectly sends d
NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/1
NOTE: Negligible security impact, a malicious peer can achieve no more
than already
NOTE: able o achieve within the scp protocol.
-CVE-2020-12061
- RESERVED
+CVE-2020-12061 (An issue was discovered in Nitrokey FIDO U2F firmware through
1.1. Com ...)
+ TODO: check
CVE-2020-12060
RESERVED
CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request
with an ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca50966d676a961e34aeb97926185e56767bfeb8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca50966d676a961e34aeb97926185e56767bfeb8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
