Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
434f5796 by security tracker role at 2021-06-04T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-3581
+ RESERVED
+CVE-2021-3580
+ RESERVED
+CVE-2021-33844
+ RESERVED
+CVE-2021-33842
+ RESERVED
+CVE-2021-33841
+ RESERVED
+CVE-2021-23210
+ RESERVED
+CVE-2021-23172
+ RESERVED
+CVE-2021-23159
+ RESERVED
CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to
cause a d ...)
NOT-FOR-US: Luca
CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to
obtain sensit ...)
@@ -124,8 +140,8 @@ CVE-2021-3571
RESERVED
CVE-2021-3570
RESERVED
-CVE-2020-36382
- RESERVED
+CVE-2020-36382 (OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers
to trigge ...)
+ TODO: check
CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code
execution becau ...)
NOT-FOR-US: RebornCore
CVE-2021-33789
@@ -654,8 +670,7 @@ CVE-2016-20011 (libgrss through 0.7.0 fails to perform TLS
certificate verificat
[stretch] - libgrss <ignored> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=772647
NOTE: https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
-CVE-2021-3565 [during tpm2_import command invocation a fixed AES wrapping key
is used]
- RESERVED
+CVE-2021-3565 (A flaw was found in tpm2-tools in versions before 5.1.1 and
before 4.3 ...)
- tpm2-tools 5.0-2 (bug #989148)
[buster] - tpm2-tools <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964427
@@ -1781,8 +1796,7 @@ CVE-2021-33056
RESERVED
CVE-2021-33055
RESERVED
-CVE-2021-33054
- RESERVED
+CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does
not valida ...)
- sogo <unfixed>
NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html
NOTE:
https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
@@ -5105,9 +5119,9 @@ CVE-2021-31686
CVE-2021-31685
RESERVED
CVE-2021-31684 (A vulnerability was discovered in the indexOf function of
JSONParserBy ...)
- - json-smart <unfixed>
- NOTE: https://github.com/netplex/json-smart-v2/issues/67
- NOTE:
https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
+ - json-smart <unfixed>
+ NOTE: https://github.com/netplex/json-smart-v2/issues/67
+ NOTE:
https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
CVE-2021-31683
RESERVED
CVE-2021-31682
@@ -7711,78 +7725,63 @@ CVE-2021-30521
RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30520
- RESERVED
+CVE-2021-30520 (Use after free in Tab Strip in Google Chrome prior to
90.0.4430.212 al ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30519
- RESERVED
+CVE-2021-30519 (Use after free in Payments in Google Chrome prior to
90.0.4430.212 all ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30518
- RESERVED
+CVE-2021-30518 (Heap buffer overflow in Reader Mode in Google Chrome prior to
90.0.443 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30517
- RESERVED
+CVE-2021-30517 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212
allowed a ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30516
- RESERVED
+CVE-2021-30516 (Heap buffer overflow in History in Google Chrome prior to
90.0.4430.21 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30515
- RESERVED
+CVE-2021-30515 (Use after free in File API in Google Chrome prior to
90.0.4430.212 all ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30514
- RESERVED
+CVE-2021-30514 (Use after free in Autofill in Google Chrome prior to
90.0.4430.212 all ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30513
- RESERVED
+CVE-2021-30513 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212
allowed a ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30512
- RESERVED
+CVE-2021-30512 (Use after free in Notifications in Google Chrome prior to
90.0.4430.21 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30511
- RESERVED
+CVE-2021-30511 (Out of bounds read in Tab Groups in Google Chrome prior to
90.0.4430.2 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30510
- RESERVED
+CVE-2021-30510 (Use after free in Aura in Google Chrome prior to 90.0.4430.212
allowed ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30509
- RESERVED
+CVE-2021-30509 (Out of bounds write in Tab Strip in Google Chrome prior to
90.0.4430.2 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30508
- RESERVED
+CVE-2021-30508 (Heap buffer overflow in Media Feeds in Google Chrome prior to
90.0.443 ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30507
- RESERVED
+CVE-2021-30507 (Inappropriate implementation in Offline in Google Chrome on
Android pr ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30506
- RESERVED
+CVE-2021-30506 (Incorrect security UI in Web App Installs in Google Chrome on
Android ...)
{DSA-4917-1}
- chromium 90.0.4430.212-1
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -7919,8 +7918,8 @@ CVE-2021-3487 (There's a flaw in the BFD library of
binutils in versions before
CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its
possible to in ...)
- glpi <removed>
NOTE:
https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS
-CVE-2021-30475
- RESERVED
+CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24
has a buf ...)
+ TODO: check
CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30
has a use ...)
- aom <unfixed>
NOTE:
https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e
@@ -10266,7 +10265,7 @@ CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server
for Ruby/Rack applications.
NOTE: CVE is related to an incomplete fix for CVE-2019-16770
CVE-2021-29508 (Due to how Wire handles type information in its serialization
format, ...)
NOT-FOR-US: Wire
-CVE-2021-29507 (### Impact _What kind of vulnerability is it? Who is
impacted?_ The vu ...)
+CVE-2021-29507 (GENIVI Diagnostic Log and Trace (DLT) provides a log and trace
interfa ...)
- dlt-daemon <unfixed> (unimportant)
NOTE:
https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f
(useless boilerplate only)
NOTE:
https://github.com/GENIVI/dlt-daemon/commit/f5344f8cf036e6dcb899522e8e679639dd23e1a4
@@ -13748,8 +13747,7 @@ CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1
for Node.js uses a regula
NOT-FOR-US: Node is-svg
CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single
Sign-On 7.4 ...)
NOT-FOR-US: Keycloak
-CVE-2021-28091 [XML signature wrapping vulnerability when parsing SAML
responses]
- RESERVED
+CVE-2021-28091 (Lasso all versions prior to 2.7.0 has improper verification of
a crypt ...)
{DSA-4926-1}
- lasso 2.6.1-3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1940089
@@ -14757,8 +14755,8 @@ CVE-2021-27659
RESERVED
CVE-2021-27658
RESERVED
-CVE-2021-27657
- RESERVED
+CVE-2021-27657 (Successful exploitation of this vulnerability could give an
authentica ...)
+ TODO: check
CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior
could a ...)
NOT-FOR-US: exacqVision Web Service
CVE-2021-27655
@@ -16231,8 +16229,8 @@ CVE-2021-26996
RESERVED
CVE-2021-26995
RESERVED
-CVE-2021-26994
- RESERVED
+CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are
susceptibl ...)
+ TODO: check
CVE-2021-26993
RESERVED
CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a
vulnerabili ...)
@@ -26792,8 +26790,8 @@ CVE-2021-22518
RESERVED
CVE-2021-22517
RESERVED
-CVE-2021-22516
- RESERVED
+CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability
in Micr ...)
+ TODO: check
CVE-2021-22515
RESERVED
CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro
Focus Applic ...)
@@ -28963,14 +28961,14 @@ CVE-2020-36144 (Redash 8.0.0 is affected by LDAP
Injection. There is an informat
NOT-FOR-US: Redash
CVE-2020-36143
RESERVED
-CVE-2020-36142
- RESERVED
-CVE-2020-36141
- RESERVED
-CVE-2020-36140
- RESERVED
-CVE-2020-36139
- RESERVED
+CVE-2020-36142 (BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by
inserti ...)
+ TODO: check
+CVE-2020-36141 (BloofoxCMS 0.5.2.1 allows Unrestricted File Upload
vulnerability via b ...)
+ TODO: check
+CVE-2020-36140 (BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF)
via 'mode= ...)
+ TODO: check
+CVE-2020-36139 (BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS)
vulnera ...)
+ TODO: check
CVE-2020-36138
RESERVED
CVE-2020-36137
@@ -39627,10 +39625,10 @@ CVE-2021-1566
RESERVED
CVE-2021-1565
RESERVED
-CVE-2021-1564
- RESERVED
-CVE-2021-1563
- RESERVED
+CVE-2021-1564 (Multiple vulnerabilities in the implementation of the Cisco
Discovery ...)
+ TODO: check
+CVE-2021-1563 (Multiple vulnerabilities in the implementation of the Cisco
Discovery ...)
+ TODO: check
CVE-2021-1562
RESERVED
CVE-2021-1561
@@ -39667,24 +39665,24 @@ CVE-2021-1546
RESERVED
CVE-2021-1545
RESERVED
-CVE-2021-1544
- RESERVED
+CVE-2021-1544 (A vulnerability in logging mechanisms of Cisco Webex Meetings
client s ...)
+ TODO: check
CVE-2021-1543
RESERVED
CVE-2021-1542
RESERVED
CVE-2021-1541
RESERVED
-CVE-2021-1540
- RESERVED
-CVE-2021-1539
- RESERVED
-CVE-2021-1538
- RESERVED
-CVE-2021-1537
- RESERVED
-CVE-2021-1536
- RESERVED
+CVE-2021-1540 (Multiple vulnerabilities in the authorization process of Cisco
ASR 500 ...)
+ TODO: check
+CVE-2021-1539 (Multiple vulnerabilities in the authorization process of Cisco
ASR 500 ...)
+ TODO: check
+CVE-2021-1538 (A vulnerability in the configuration dashboard of Cisco Common
Service ...)
+ TODO: check
+CVE-2021-1537 (A vulnerability in the installer software of Cisco ThousandEyes
Record ...)
+ TODO: check
+CVE-2021-1536 (A vulnerability in Cisco Webex Meetings Desktop App for
Windows, Cisco ...)
+ TODO: check
CVE-2021-1535 (A vulnerability in the cluster management interface of Cisco
SD-WAN vM ...)
NOT-FOR-US: Cisco
CVE-2021-1534
@@ -39699,14 +39697,14 @@ CVE-2021-1530 (A vulnerability in the web-based
management interface of Cisco Br
NOT-FOR-US: Cisco
CVE-2021-1529
RESERVED
-CVE-2021-1528
- RESERVED
-CVE-2021-1527
- RESERVED
-CVE-2021-1526
- RESERVED
-CVE-2021-1525
- RESERVED
+CVE-2021-1528 (A vulnerability in the CLI of Cisco SD-WAN Software could allow
an aut ...)
+ TODO: check
+CVE-2021-1527 (A vulnerability in Cisco Webex Player for Windows and MacOS
could allo ...)
+ TODO: check
+CVE-2021-1526 (A vulnerability in Cisco Webex Player for Windows and MacOS
could allo ...)
+ TODO: check
+CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex
Meetings Serve ...)
+ TODO: check
CVE-2021-1524
RESERVED
CVE-2021-1523
@@ -39721,8 +39719,8 @@ CVE-2021-1519 (A vulnerability in the interprocess
communication (IPC) channel o
NOT-FOR-US: Cisco
CVE-2021-1518
RESERVED
-CVE-2021-1517
- RESERVED
+CVE-2021-1517 (A vulnerability in the multimedia viewer feature of Cisco Webex
Meetin ...)
+ TODO: check
CVE-2021-1516 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
NOT-FOR-US: Cisco
CVE-2021-1515 (A vulnerability in Cisco SD-WAN vManage Software could allow an
unauth ...)
@@ -39749,10 +39747,10 @@ CVE-2021-1505 (Multiple vulnerabilities in Cisco
SD-WAN vManage Software could a
NOT-FOR-US: Cisco
CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance
(ASA) So ...)
NOT-FOR-US: Cisco
-CVE-2021-1503
- RESERVED
-CVE-2021-1502
- RESERVED
+CVE-2021-1503 (A vulnerability in Cisco Webex Network Recording Player for
Windows an ...)
+ TODO: check
+CVE-2021-1502 (A vulnerability in Cisco Webex Network Recording Player for
Windows an ...)
+ TODO: check
CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive
Securit ...)
NOT-FOR-US: Cisco
CVE-2021-1500
@@ -46138,10 +46136,10 @@ CVE-2020-27304
RESERVED
CVE-2020-27303
RESERVED
-CVE-2020-27302
- RESERVED
-CVE-2020-27301
- RESERVED
+CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other
Ameba-based devi ...)
+ TODO: check
+CVE-2020-27301 (A stack buffer overflow in Realtek RTL8710 (and other
Ameba-based devi ...)
+ TODO: check
CVE-2020-27300
RESERVED
CVE-2020-27299 (The affected product is vulnerable to an out-of-bounds read,
which may ...)
@@ -73045,8 +73043,8 @@ CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions
allows a remote attackers to
NOTE:
https://github.com/OpenVPN/openvpn/commit/3d18e308c4e7e6f7ab7c2826c70d2d07b031c18a
(v2.5.2)
NOTE:
https://github.com/OpenVPN/openvpn/commit/3aca477a1b58714754fea3a26d0892fffc51db6b
(v2.5.2)
NOTE:
https://github.com/OpenVPN/openvpn/commit/0e5516a9d656ce86f7fb370c824344ea1760c255
(2.4.11)
-CVE-2020-15077
- RESERVED
+CVE-2020-15077 (OpenVPN Access Server 2.8.7 and earlier versions allows a
remote attac ...)
+ TODO: check
CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older
versions ma ...)
NOT-FOR-US: Private Tunnel installer for macOS
CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older
may corrup ...)
@@ -85521,7 +85519,7 @@ CVE-2020-10942 (In the Linux kernel before 5.5.8,
get_raw_socket in drivers/vhos
{DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
NOTE:
https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
-CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain
sensitive inform ...)
+CVE-2020-10941 (Arm Mbed TLS before 2.16.5 allows attackers to obtain
sensitive inform ...)
- mbedtls 2.16.5-1
[buster] - mbedtls <no-dsa> (Minor issue)
[stretch] - mbedtls <no-dsa> (Minor issue)
@@ -94509,8 +94507,8 @@ CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before
2.2.10, and 3.0 before 3.0
NOTE:
https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd
(1.11.28)
CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS
via the ...)
NOT-FOR-US: Sonoff TH 10 and 16 devices
-CVE-2020-7469
- RESERVED
+CVE-2020-7469 (In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before
r368202, 12. ...)
+ TODO: check
CVE-2020-7468 (In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before
r365773, 12. ...)
NOT-FOR-US: FreeBSD ftpd
CVE-2020-7467 (In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before
r365769, 12. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434f57960d54729ed1ffc0716659ebc9394a6bd0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434f57960d54729ed1ffc0716659ebc9394a6bd0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
