Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7efbfd39 by security tracker role at 2021-06-10T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,203 @@
+CVE-2021-34537
+ RESERVED
+CVE-2021-34536
+ RESERVED
+CVE-2021-34535
+ RESERVED
+CVE-2021-34534
+ RESERVED
+CVE-2021-34533
+ RESERVED
+CVE-2021-34532
+ RESERVED
+CVE-2021-34531
+ RESERVED
+CVE-2021-34530
+ RESERVED
+CVE-2021-34529
+ RESERVED
+CVE-2021-34528
+ RESERVED
+CVE-2021-34527
+ RESERVED
+CVE-2021-34526
+ RESERVED
+CVE-2021-34525
+ RESERVED
+CVE-2021-34524
+ RESERVED
+CVE-2021-34523
+ RESERVED
+CVE-2021-34522
+ RESERVED
+CVE-2021-34521
+ RESERVED
+CVE-2021-34520
+ RESERVED
+CVE-2021-34519
+ RESERVED
+CVE-2021-34518
+ RESERVED
+CVE-2021-34517
+ RESERVED
+CVE-2021-34516
+ RESERVED
+CVE-2021-34515
+ RESERVED
+CVE-2021-34514
+ RESERVED
+CVE-2021-34513
+ RESERVED
+CVE-2021-34512
+ RESERVED
+CVE-2021-34511
+ RESERVED
+CVE-2021-34510
+ RESERVED
+CVE-2021-34509
+ RESERVED
+CVE-2021-34508
+ RESERVED
+CVE-2021-34507
+ RESERVED
+CVE-2021-34506
+ RESERVED
+CVE-2021-34505
+ RESERVED
+CVE-2021-34504
+ RESERVED
+CVE-2021-34503
+ RESERVED
+CVE-2021-34502
+ RESERVED
+CVE-2021-34501
+ RESERVED
+CVE-2021-34500
+ RESERVED
+CVE-2021-34499
+ RESERVED
+CVE-2021-34498
+ RESERVED
+CVE-2021-34497
+ RESERVED
+CVE-2021-34496
+ RESERVED
+CVE-2021-34495
+ RESERVED
+CVE-2021-34494
+ RESERVED
+CVE-2021-34493
+ RESERVED
+CVE-2021-34492
+ RESERVED
+CVE-2021-34491
+ RESERVED
+CVE-2021-34490
+ RESERVED
+CVE-2021-34489
+ RESERVED
+CVE-2021-34488
+ RESERVED
+CVE-2021-34487
+ RESERVED
+CVE-2021-34486
+ RESERVED
+CVE-2021-34485
+ RESERVED
+CVE-2021-34484
+ RESERVED
+CVE-2021-34483
+ RESERVED
+CVE-2021-34482
+ RESERVED
+CVE-2021-34481
+ RESERVED
+CVE-2021-34480
+ RESERVED
+CVE-2021-34479
+ RESERVED
+CVE-2021-34478
+ RESERVED
+CVE-2021-34477
+ RESERVED
+CVE-2021-34476
+ RESERVED
+CVE-2021-34475
+ RESERVED
+CVE-2021-34474
+ RESERVED
+CVE-2021-34473
+ RESERVED
+CVE-2021-34472
+ RESERVED
+CVE-2021-34471
+ RESERVED
+CVE-2021-34470
+ RESERVED
+CVE-2021-34469
+ RESERVED
+CVE-2021-34468
+ RESERVED
+CVE-2021-34467
+ RESERVED
+CVE-2021-34466
+ RESERVED
+CVE-2021-34465
+ RESERVED
+CVE-2021-34464
+ RESERVED
+CVE-2021-34463
+ RESERVED
+CVE-2021-34462
+ RESERVED
+CVE-2021-34461
+ RESERVED
+CVE-2021-34460
+ RESERVED
+CVE-2021-34459
+ RESERVED
+CVE-2021-34458
+ RESERVED
+CVE-2021-34457
+ RESERVED
+CVE-2021-34456
+ RESERVED
+CVE-2021-34455
+ RESERVED
+CVE-2021-34454
+ RESERVED
+CVE-2021-34453
+ RESERVED
+CVE-2021-34452
+ RESERVED
+CVE-2021-34451
+ RESERVED
+CVE-2021-34450
+ RESERVED
+CVE-2021-34449
+ RESERVED
+CVE-2021-34448
+ RESERVED
+CVE-2021-34447
+ RESERVED
+CVE-2021-34446
+ RESERVED
+CVE-2021-34445
+ RESERVED
+CVE-2021-34444
+ RESERVED
+CVE-2021-34443
+ RESERVED
+CVE-2021-34442
+ RESERVED
+CVE-2021-34441
+ RESERVED
+CVE-2021-34440
+ RESERVED
+CVE-2021-34439
+ RESERVED
+CVE-2021-34438
+ RESERVED
CVE-2021-3591
RESERVED
CVE-2021-3590
@@ -198,8 +398,8 @@ CVE-2021-34343
RESERVED
CVE-2022-20001
RESERVED
-CVE-2021-3588
- RESERVED
+CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not
perfor ...)
+ TODO: check
CVE-2021-34342
RESERVED
- ming <removed>
@@ -2328,8 +2528,8 @@ CVE-2021-33395
RESERVED
CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does
not gener ...)
NOT-FOR-US: Cubecart
-CVE-2021-33393
- RESERVED
+CVE-2021-33393 (lfs/backup in IPFire 2.25-core155 does not ensure that
/var/ipfire/bac ...)
+ TODO: check
CVE-2021-33392
RESERVED
CVE-2021-33391
@@ -9947,47 +10147,55 @@ CVE-2021-30161 (An issue was discovered on LG mobile
devices with Android OS 11
NOT-FOR-US: LG mobile devices
CVE-2021-26948
RESERVED
+ {DSA-4928-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/410
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2
NOTE: Crash in CLI tool, no security impact
CVE-2021-26259
RESERVED
+ {DSA-4928-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/417
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5
NOTE: Crash in CLI tool, no security impact
CVE-2021-26252
RESERVED
+ {DSA-4928-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/412
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
NOTE: Crash in CLI tool, no security impact
CVE-2021-23206
RESERVED
+ {DSA-4928-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/416
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8
NOTE: Crash in CLI tool, no security impact
CVE-2021-23191
RESERVED
+ {DSA-4928-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/415
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
NOTE: Crash in CLI tool, no security impact
CVE-2021-23180
RESERVED
+ {DSA-4928-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/418
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a
NOTE: Crash in CLI tool, no security impact
CVE-2021-23165
RESERVED
+ {DSA-4928-1}
- htmldoc 1.9.11-4 (bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/413
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f
CVE-2021-23158
RESERVED
+ {DSA-4928-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/414
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
@@ -15113,7 +15321,7 @@ CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1
for Node.js uses a regula
CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single
Sign-On 7.4 ...)
NOT-FOR-US: Keycloak
CVE-2021-28091 (Lasso all versions prior to 2.7.0 has improper verification of
a crypt ...)
- {DSA-4926-1}
+ {DSA-4926-1 DLA-2684-1}
- lasso 2.6.1-3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1940089
NOTE:
https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
@@ -27183,7 +27391,7 @@ CVE-2021-22905
RESERVED
CVE-2021-22904 [Possible DoS Vulnerability in Action Controller Token
Authentication]
RESERVED
- {DLA-2655-1}
+ {DSA-4929-1 DLA-2655-1}
- rails 2:6.0.3.7+dfsg-1 (bug #988214)
NOTE:
https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e
(main)
NOTE:
https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2
(v6.0.3.7)
@@ -27253,7 +27461,7 @@ CVE-2021-22887 (A vulnerability in the BIOS of Pulse
Secure (PSA-Series Hardware
CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to
persist ...)
NOT-FOR-US: Rocket.Chat
CVE-2021-22885 (A possible information disclosure / unintended method
execution vulner ...)
- {DLA-2655-1}
+ {DSA-4929-1 DLA-2655-1}
- rails 2:6.0.3.7+dfsg-1 (bug #988214)
NOTE:
https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c
(main)
NOTE:
https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce
(v6.0.3.7)
@@ -27279,6 +27487,7 @@ CVE-2021-22881 (The Host Authorization middleware in
Action Pack before 6.1.2.1,
NOTE:
https://github.com/rails/rails/commit/83a6ac3fee8fd538ce7e0088913ff54f0f9bcb6f
(main)
NOTE:
https://github.com/rails/rails/commit/e33092740b3cc05f5abee197a5982eac31947e92
(v6.0.3.5)
CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1,
6.0.3.5, 5.2.4 ...)
+ {DSA-4929-1}
- rails 2:6.0.3.5+dfsg-1
[stretch] - rails <not-affected> (Vulnerable asterisk in regex added
later)
NOTE:
https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
@@ -46480,18 +46689,17 @@ CVE-2021-0136
RESERVED
CVE-2021-0135
RESERVED
-CVE-2021-0134
- RESERVED
-CVE-2021-0133
- RESERVED
-CVE-2021-0132
- RESERVED
-CVE-2021-0131
- RESERVED
+CVE-2021-0134 (Improper input validation in an API for the Intel(R) Security
Library ...)
+ TODO: check
+CVE-2021-0133 (Key exchange without entity authentication in the Intel(R)
Security Li ...)
+ TODO: check
+CVE-2021-0132 (Missing release of resource after effective lifetime in an API
for the ...)
+ TODO: check
+CVE-2021-0131 (Use of cryptographically weak pseudo-random number generator
(PRNG) in ...)
+ TODO: check
CVE-2021-0130
RESERVED
-CVE-2021-0129
- RESERVED
+CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated
user to po ...)
- bluez <unfixed> (bug #989614)
- linux 5.10.40-1
NOTE:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738
@@ -46541,20 +46749,20 @@ CVE-2021-0108 (Uncontrolled search path in the Intel
Unite(R) Client for Windows
TODO: check
CVE-2021-0107
RESERVED
-CVE-2021-0106
- RESERVED
+CVE-2021-0106 (Incorrect default permissions in the Intel(R) Optane(TM) DC
Persistent ...)
+ TODO: check
CVE-2021-0105 (Insecure inherited permissions in some Intel(R) ProSet/Wireless
WiFi d ...)
TODO: check
-CVE-2021-0104
- RESERVED
+CVE-2021-0104 (Uncontrolled search path element in the installer for the
Intel(R) Rap ...)
+ TODO: check
CVE-2021-0103
RESERVED
CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for
Window ...)
TODO: check
CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server
BoardM10JNP2SB ...)
TODO: check
-CVE-2021-0100
- RESERVED
+CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R)
SSD Da ...)
+ TODO: check
CVE-2021-0099
RESERVED
CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for
Windows befor ...)
@@ -46583,7 +46791,7 @@ CVE-2021-0088
RESERVED
CVE-2021-0087
RESERVED
-CVE-2021-0086 (Observable response discrepancy in floating-point operations
for some ...)
+CVE-2021-0086 (Improper permissions in the installer for the Intel(R) Brand
Verificat ...)
TODO: check
CVE-2021-0085
RESERVED
@@ -46601,14 +46809,14 @@ CVE-2021-0079
RESERVED
CVE-2021-0078
RESERVED
-CVE-2021-0077
- RESERVED
+CVE-2021-0077 (Insecure inherited permissions in the installer for the
Intel(R) VTune ...)
+ TODO: check
CVE-2021-0076
RESERVED
CVE-2021-0075
RESERVED
-CVE-2021-0074
- RESERVED
+CVE-2021-0074 (Improper permissions in the installer for the Intel(R)
Computing Impro ...)
+ TODO: check
CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before
version 20 ...)
TODO: check
CVE-2021-0072
@@ -46651,8 +46859,8 @@ CVE-2021-0054 (Improper buffer restrictions in system
firmware for some Intel(R)
TODO: check
CVE-2021-0053
RESERVED
-CVE-2021-0052
- RESERVED
+CVE-2021-0052 (Incorrect default privileges in the Intel(R) Computing
Improvement Pro ...)
+ TODO: check
CVE-2021-0051 (Improper input validation in the Intel(R) SPS versions before
SPS_E5_0 ...)
TODO: check
CVE-2021-0050
@@ -54330,8 +54538,8 @@ CVE-2020-24490 (Improper buffer restrictions in BlueZ
may allow an unauthenticat
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
NOTE:
https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649
NOTE: Fixed by:
https://git.kernel.org/linus/a2ec905d1e160a33b2e210e45ad30445ef26ce0e (5.8)
-CVE-2020-24489
- RESERVED
+CVE-2020-24489 (Incomplete cleanup in some Intel(R) VT-d products may allow an
authent ...)
+ TODO: check
CVE-2020-24488
RESERVED
CVE-2020-24487
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7efbfd39a3efc033333b5816c90afe91b6b6aad0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7efbfd39a3efc033333b5816c90afe91b6b6aad0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
