[Git][security-tracker-team/security-tracker][master] automatic update

Sat, 29 May 2021 13:10:49 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7a06f3ac by security tracker role at 2021-05-29T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -509,8 +509,8 @@ CVE-2021-3565 [during tpm2_import command invocation a 
fixed AES wrapping key is
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964427
        NOTE: https://github.com/tpm2-software/tpm2-tools/issues/2738
        NOTE: 
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
-CVE-2021-33564
-       RESERVED
+CVE-2021-33564 (An argument injection vulnerability in the Dragonfly gem 
before 1.4.0  ...)
+       TODO: check
 CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password 
strength po ...)
        NOT-FOR-US: Koel
 CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in 
Shopizer befor ...)
@@ -1653,6 +1653,7 @@ CVE-2021-33040
 CVE-2021-33039
        RESERVED
 CVE-2021-33038 (An issue was discovered in 
management/commands/hyperkitty_import.py in ...)
+       {DSA-4922-1}
        - hyperkitty 1.3.4-4 (bug #989183)
        NOTE: 
https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
        NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
@@ -4872,10 +4873,10 @@ CVE-2021-31705
        RESERVED
 CVE-2021-31704
        RESERVED
-CVE-2021-31703
-       RESERVED
-CVE-2021-31702
-       RESERVED
+CVE-2021-31703 (Frontier ichris through 5.18 allows users to upload malicious 
executab ...)
+       TODO: check
+CVE-2021-31702 (Frontier ichris through 5.18 mishandles making a DNS request 
for the h ...)
+       TODO: check
 CVE-2021-31701
        RESERVED
 CVE-2021-31700
@@ -7778,8 +7779,8 @@ CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers 
to gain privileges by
        NOT-FOR-US: VestaCP
 CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate 
privileges  ...)
        NOT-FOR-US: VestaCP
-CVE-2021-30461
-       RESERVED
+CVE-2021-30461 (A remote code execution issue was discovered in the web UI of 
VoIPmoni ...)
+       TODO: check
 CVE-2021-30460
        RESERVED
 CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django 
Debug Toolba ...)
@@ -8354,8 +8355,8 @@ CVE-2021-30183 (Cleartext storage of sensitive 
information in multiple versions
        NOT-FOR-US: Octopus Server
 CVE-2021-30182
        RESERVED
-CVE-2021-30181
-       RESERVED
+CVE-2021-30181 (Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing 
which wi ...)
+       TODO: check
 CVE-2021-30180
        RESERVED
 CVE-2021-30179
@@ -19502,8 +19503,8 @@ CVE-2020-36199 (TinyCheck before commits 9fd360d and 
ea53de8 was vulnerable to c
        NOT-FOR-US: TinyCheck
 CVE-2021-25642
        RESERVED
-CVE-2021-25641
-       RESERVED
+CVE-2021-25641 (Each Apache Dubbo server will set a serialization id to tell 
the clien ...)
+       TODO: check
 CVE-2021-25640
        RESERVED
 CVE-2021-25639



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a06f3ac2ef9dfb9b7829c6e8cb0f4bb05f568c0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a06f3ac2ef9dfb9b7829c6e8cb0f4bb05f568c0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to