Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8fc67763 by security tracker role at 2021-06-04T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to
cause a d ...)
+ TODO: check
+CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to
obtain sensit ...)
+ TODO: check
+CVE-2021-33838 (Luca through 1.7.4 on Android allows remote attackers to
obtain sensit ...)
+ TODO: check
+CVE-2021-33837
+ RESERVED
+CVE-2021-33836
+ RESERVED
+CVE-2021-33835
+ RESERVED
+CVE-2021-33834
+ RESERVED
CVE-2021-33833
RESERVED
CVE-2021-33832
@@ -2600,16 +2614,16 @@ CVE-2021-32668
RESERVED
CVE-2021-32667
RESERVED
-CVE-2021-32666
- RESERVED
-CVE-2021-32665
- RESERVED
+CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure
messaging a ...)
+ TODO: check
+CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure
messaging a ...)
+ TODO: check
CVE-2021-32664
RESERVED
CVE-2021-32663
RESERVED
-CVE-2021-32662
- RESERVED
+CVE-2021-32662 (Backstage is an open platform for building developer portals,
and tech ...)
+ TODO: check
CVE-2021-32661 (Backstage is an open platform for building developer portals.
In versi ...)
TODO: check
CVE-2021-32660 (Backstage is an open platform for building developer portals,
and tech ...)
@@ -7863,21 +7877,18 @@ CVE-2021-3492 (Shiftfs, an out-of-tree stacking file
system included in Ubuntu L
- linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
NOTE: Debian does not include the (not yet upstream accepted) shiftfs
-CVE-2021-3491
- RESERVED
+CVE-2021-3491 (The io_uring subsystem in the Linux kernel allowed the
MAX_RW_COUNT li ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/13
NOTE:
https://git.kernel.org/linus/d1f82808877bb10d3deee7cf3374a4eb3fb582db
-CVE-2021-3490
- RESERVED
+CVE-2021-3490 (The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and
XOR) in th ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/11
-CVE-2021-3489
- RESERVED
+CVE-2021-3489 (The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux
kernel di ...)
- linux 5.10.38-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -10924,8 +10935,7 @@ CVE-2021-3470 (A heap overflow issue was found in Redis
in versions before 5.0.1
NOTE: https://github.com/redis/redis/pull/7963
NOTE:
https://github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95
NOTE: Only an issue if not using a heap allocator other than jemalloc
or glibc's malloc
-CVE-2021-3469
- RESERVED
+CVE-2021-3469 (Foreman versions before 2.3.4 and before 2.4.0 is affected by
an impro ...)
- foreman <itp> (bug #663101)
CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event
used to ...)
- avahi <unfixed> (bug #984938)
@@ -13731,6 +13741,7 @@ CVE-2021-3424 (A flaw was found in keycloak as shipped
in Red Hat Single Sign-On
NOT-FOR-US: Keycloak
CVE-2021-28091 [XML signature wrapping vulnerability when parsing SAML
responses]
RESERVED
+ {DSA-4926-1}
- lasso 2.6.1-3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1940089
NOTE:
https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
@@ -18803,8 +18814,8 @@ CVE-2021-25949
RESERVED
CVE-2021-25948
RESERVED
-CVE-2021-25947
- RESERVED
+CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0
through 1 ...)
+ TODO: check
CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions
0.0.1 throu ...)
NOT-FOR-US: Node nconf-toml
CVE-2021-25945 (Prototype pollution vulnerability in 'js-extend' versions
0.0.1 throug ...)
@@ -27129,16 +27140,16 @@ CVE-2021-22339 (There is a denial of service
vulnerability in some versions of M
NOT-FOR-US: Huawei
CVE-2021-22338
RESERVED
-CVE-2021-22337
- RESERVED
+CVE-2021-22337 (There is an Information Disclosure vulnerability in Huawei
Smartphone. ...)
+ TODO: check
CVE-2021-22336 (There is an Improper Control of Generation of Code
vulnerability in Hu ...)
NOT-FOR-US: Huawei
-CVE-2021-22335
- RESERVED
-CVE-2021-22334
- RESERVED
-CVE-2021-22333
- RESERVED
+CVE-2021-22335 (There is a Memory Buffer Improper Operation Limit
vulnerability in Hua ...)
+ TODO: check
+CVE-2021-22334 (There is an Improper Access Control vulnerability in Huawei
Smartphone ...)
+ TODO: check
+CVE-2021-22333 (There is an Improper Validation of Array Index vulnerability
in Huawei ...)
+ TODO: check
CVE-2021-22332 (There is a pointer double free vulnerability in some versions
of Cloud ...)
NOT-FOR-US: CloudEngine (Huawei)
CVE-2021-22331 (There is a JavaScript injection vulnerability in certain
Huawei smartp ...)
@@ -29221,18 +29232,18 @@ CVE-2020-36011 (A cross-site scripting (XSS) issue in
Add Patient Form in QDOCS
NOT-FOR-US: QDOCS Smart Hospital Management System
CVE-2020-36010
RESERVED
-CVE-2020-36009
- RESERVED
-CVE-2020-36008
- RESERVED
-CVE-2020-36007
- RESERVED
-CVE-2020-36006
- RESERVED
-CVE-2020-36005
- RESERVED
-CVE-2020-36004
- RESERVED
+CVE-2020-36009 (OBottle 2.0 in \c\g.php contains an arbitrary file download
vulnerabil ...)
+ TODO: check
+CVE-2020-36008 (OBottle 2.0 in \c\t.php contains an arbitrary file write
vulnerability ...)
+ TODO: check
+CVE-2020-36007 (AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site
scripti ...)
+ TODO: check
+CVE-2020-36006 (AppCMS 2.0.101 in /admin/info.php has an arbitrary file
deletion vulne ...)
+ TODO: check
+CVE-2020-36005 (AppCMS 2.0.101 in /admin/app.php has an arbitrary file
deletion vulner ...)
+ TODO: check
+CVE-2020-36004 (AppCMS 2.0.101 in /admin/download_frame.php has a SQL
injection vulner ...)
+ TODO: check
CVE-2020-36003 (The id parameter in detail.php of Online Book Store v1.0 is
vulnerable ...)
NOT-FOR-US: Online Book Store
CVE-2020-36002 (Seat-Reservation-System 1.0 has a SQL injection vulnerability
in index ...)
@@ -29301,14 +29312,14 @@ CVE-2020-35975
RESERVED
CVE-2020-35974
RESERVED
-CVE-2020-35973
- RESERVED
-CVE-2020-35972
- RESERVED
-CVE-2020-35971
- RESERVED
-CVE-2020-35970
- RESERVED
+CVE-2020-35973 (An issue was discovered in zzcms2020. There is a XSS
vulnerability tha ...)
+ TODO: check
+CVE-2020-35972 (An issue was discovered in YzmCMS V5.8. There is a CSRF
vulnerability ...)
+ TODO: check
+CVE-2020-35971 (A storage XSS vulnerability is found in YzmCMS v5.8, which can
be used ...)
+ TODO: check
+CVE-2020-35970 (An issue was discovered in YzmCMS 5.8. There is a SSRF
vulnerability i ...)
+ TODO: check
CVE-2020-35969
RESERVED
CVE-2020-35968
@@ -127825,8 +127836,7 @@ CVE-2019-14586 (Use after free vulnerability in EDK
II may allow an authenticate
[jessie] - edk2 <end-of-life> (non-free)
CVE-2019-14585
RESERVED
-CVE-2019-14584
- RESERVED
+CVE-2019-14584 (Null pointer dereference in Tianocore EDK2 may allow an
authenticated ...)
{DLA-2645-1}
- edk2 2020.11-1 (bug #977300)
[buster] - edk2 0~20181115.85588389-3+deb10u3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fc677633b3fe6cba15a48b59b066ed70c05f078
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fc677633b3fe6cba15a48b59b066ed70c05f078
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
