Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e77d95f0 by security tracker role at 2021-06-23T20:10:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-35468
+ RESERVED
+CVE-2021-35467
+ RESERVED
+CVE-2021-35466
+ RESERVED
+CVE-2021-35465
+ RESERVED
+CVE-2021-35464
+ RESERVED
+CVE-2021-35463
+ RESERVED
CVE-2021-35462
RESERVED
CVE-2021-35461
@@ -46,8 +58,8 @@ CVE-2021-35440
RESERVED
CVE-2021-35439
RESERVED
-CVE-2021-35438
- RESERVED
+CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via
app/dashboard/widgets/ipcalc-re ...)
+ TODO: check
CVE-2021-35437
RESERVED
CVE-2021-35436
@@ -509,8 +521,8 @@ CVE-2020-36394 (pam_setquota.c in the pam_setquota module
before 2020-05-29 for
NOTE:
https://github.com/linux-pam/linux-pam/commit/27ded8954a1235bb65ffc9c730ae5a50b1dfed61
CVE-2021-3613
RESERVED
-CVE-2021-35210
- RESERVED
+CVE-2021-35210 (Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through
4.11.x be ...)
+ TODO: check
CVE-2021-35209
RESERVED
CVE-2021-35208
@@ -4048,8 +4060,7 @@ CVE-2021-33626
RESERVED
CVE-2021-33625
RESERVED
-CVE-2021-33624
- RESERVED
+CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a
branch ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1
for Node.j ...)
@@ -7998,7 +8009,7 @@ CVE-2021-3527 (A flaw was found in the USB redirector
device (usb-redir) of QEMU
NOTE: Revisited:
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html
CVE-2021-3526
- RESERVED
+ REJECTED
CVE-2021-3525
REJECTED
CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph
Object Gate ...)
@@ -8929,10 +8940,10 @@ CVE-2021-31588
RESERVED
CVE-2021-31587
RESERVED
-CVE-2021-31586
- RESERVED
-CVE-2021-31585
- RESERVED
+CVE-2021-31586 (Accellion Kiteworks before 7.4.0 allows an authenticated user
to perfo ...)
+ TODO: check
+CVE-2021-31585 (Accellion Kiteworks before 7.3.1 allows a user with Admin
privileges t ...)
+ TODO: check
CVE-2021-31584 (Sipwise C5 NGCP www_admin version 3.6.7 allows call/click2dial
CSRF at ...)
NOT-FOR-US: Sipwise
CVE-2021-31583 (Sipwise C5 NGCP CSC through CE_mr9.3.1 has multiple
authenticated stor ...)
@@ -13746,8 +13757,8 @@ CVE-2021-29622 (Prometheus is an open-source monitoring
system and time series d
NOTE: See https://bugs.debian.org/988804 for details.
CVE-2021-29621 (Flask-AppBuilder is a development framework, built on top of
Flask. Us ...)
NOT-FOR-US: Flask-AppBuilder
-CVE-2021-29620
- RESERVED
+CVE-2021-29620 (Report portal is an open source reporting and analysis
framework. Star ...)
+ TODO: check
CVE-2021-29619 (TensorFlow is an end-to-end open source platform for machine
learning. ...)
- tensorflow <itp> (bug #804612)
CVE-2021-29618 (TensorFlow is an end-to-end open source platform for machine
learning. ...)
@@ -15058,14 +15069,14 @@ CVE-2021-29089 (Improper neutralization of special
elements used in an SQL comma
NOT-FOR-US: Synology
CVE-2021-29088 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
NOT-FOR-US: Synology
-CVE-2021-29087
- RESERVED
-CVE-2021-29086
- RESERVED
-CVE-2021-29085
- RESERVED
-CVE-2021-29084
- RESERVED
+CVE-2021-29087 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
+ TODO: check
+CVE-2021-29086 (Exposure of sensitive information to an unauthorized actor
vulnerabili ...)
+ TODO: check
+CVE-2021-29085 (Improper neutralization of special elements in output used by
a downst ...)
+ TODO: check
+CVE-2021-29084 (Improper neutralization of special elements in output used by
a downst ...)
+ TODO: check
CVE-2021-29083 (Improper neutralization of special elements used in an OS
command in S ...)
NOT-FOR-US: Synology
CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not
proper ...)
@@ -15291,10 +15302,10 @@ CVE-2021-28979 (SafeNet KeySecure Management Console
8.12.0 is vulnerable to HTT
NOT-FOR-US: SafeNet KeySecure Management Console
CVE-2021-28978
RESERVED
-CVE-2021-28977
- RESERVED
-CVE-2021-28976
- RESERVED
+CVE-2021-28977 (Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in
admin/upl ...)
+ TODO: check
+CVE-2021-28976 (Remote Code Execution vulnerability in GetSimpleCMS before
3.3.16 in a ...)
+ TODO: check
CVE-2021-3457 (An improper authorization handling flaw was found in Foreman.
The Shel ...)
- foreman <itp> (bug #663101)
CVE-2021-3456
@@ -18541,8 +18552,8 @@ CVE-2021-3415
RESERVED
CVE-2021-27650
RESERVED
-CVE-2021-27649
- RESERVED
+CVE-2021-27649 (Use after free vulnerability in file transfer protocol
component in Sy ...)
+ TODO: check
CVE-2021-27648 (Externally controlled reference to a resource in another
sphere in qua ...)
NOT-FOR-US: Synology
CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core
in Synolo ...)
@@ -22651,7 +22662,7 @@ CVE-2021-25952
CVE-2021-25951
RESERVED
CVE-2021-25950
- RESERVED
+ REJECTED
CVE-2021-25949 (Prototype pollution vulnerability in ‘set-getter’
version ...)
NOT-FOR-US: Node set-getter
CVE-2021-25948 (Prototype pollution vulnerability in ‘expand-hash’
version ...)
@@ -31719,10 +31730,10 @@ CVE-2021-22001
RESERVED
CVE-2021-22000
RESERVED
-CVE-2021-21999
- RESERVED
-CVE-2021-21998
- RESERVED
+CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware
Remote Conso ...)
+ TODO: check
+CVE-2021-21998 (VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8,
and 8.6 ...)
+ TODO: check
CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a
denial-of ...)
NOT-FOR-US: VMware
CVE-2021-21996
@@ -31778,7 +31789,7 @@ CVE-2021-21972 (The vSphere Client (HTML5) contains a
remote code execution vuln
NOT-FOR-US: VMware
CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page
is vul ...)
NOT-FOR-US: MikroTik RouterOS
-CVE-2021-3013 (ripgrep before 13 allows attackers to trigger execution of
arbitrary p ...)
+CVE-2021-3013 (ripgrep before 13 on Windows allows attackers to trigger
execution of ...)
- rust-ripgrep <not-affected> (Only affects ripgrep on Windows)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0071.html
CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link
of doc ...)
@@ -57929,8 +57940,8 @@ CVE-2020-23964
RESERVED
CVE-2020-23963
RESERVED
-CVE-2020-23962
- RESERVED
+CVE-2020-23962 (A cross site scripting (XSS) vulnerability in Catfish CMS
4.9.90 allow ...)
+ TODO: check
CVE-2020-23961
RESERVED
CVE-2020-23960 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Admi ...)
@@ -65241,14 +65252,14 @@ CVE-2020-20394
RESERVED
CVE-2020-20393
RESERVED
-CVE-2020-20392
- RESERVED
-CVE-2020-20391
- RESERVED
+CVE-2020-20392 (SQL Injection vulnerability in imcat v5.2 via the fm[auser]
parameters ...)
+ TODO: check
+CVE-2020-20391 (Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in
admin/sni ...)
+ TODO: check
CVE-2020-20390
RESERVED
-CVE-2020-20389
- RESERVED
+CVE-2020-20389 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS
3.4.0a in adm ...)
+ TODO: check
CVE-2020-20388
RESERVED
CVE-2020-20387
@@ -68717,12 +68728,12 @@ CVE-2020-18661
RESERVED
CVE-2020-18660
RESERVED
-CVE-2020-18659
- RESERVED
-CVE-2020-18658
- RESERVED
-CVE-2020-18657
- RESERVED
+CVE-2020-18659 (Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15
via the ...)
+ TODO: check
+CVE-2020-18658 (Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS
<=3.3.15 ...)
+ TODO: check
+CVE-2020-18657 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <=
3.3.15 ...)
+ TODO: check
CVE-2020-18656
RESERVED
CVE-2020-18655
@@ -177797,6 +177808,7 @@ CVE-2018-18447
CVE-2018-18446
RESERVED
CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an
out-of-bound ...)
+ {DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (unimportant)
[jessie] - openexr <not-affected> (exrmultiview code not present in
tarball)
NOTE: Issue in exrmultiview which is not installed in the binary
package.
@@ -254007,7 +254019,7 @@ CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of
size 2 in the = operator fu
NOTE: https://github.com/openexr/openexr/issues/232
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310
(v2.4.0)
CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill
function in ...)
- {DLA-2358-1}
+ {DLA-2358-1 DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
[jessie] - openexr <not-affected> (ImfFastHuf.cpp / DWA compressor
introduced v2.2)
[wheezy] - openexr <not-affected> (ImfFastHuf.cpp / DWA compressor
introduced v2.2)
@@ -404689,7 +404701,7 @@ CVE-2011-2928 (The befs_follow_link function in
fs/befs/linuxvfs.c in the Linux
CVE-2011-2927 (Multiple cross-site scripting (XSS) vulnerabilities in
Spacewalk 1.6, ...)
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2926
- RESERVED
+ REJECTED
CVE-2011-2925 (Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG)
2.0 re ...)
NOT-FOR-US: Cumin
CVE-2011-2924 (foomatic-rip filter v4.0.12 and prior used insecurely creates
temporar ...)
@@ -407370,7 +407382,7 @@ CVE-2011-1956 (The bytes_repr_len function in
Wireshark 1.4.5 uses an incorrect
[squeeze] - wireshark <not-affected> (Affects 1.4.5 only)
NOTE: Crashes w/o code injection not treated as security issues, see
README.Security
CVE-2011-1955
- RESERVED
+ REJECTED
CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Post Rev ...)
NOT-FOR-US: Post Revolution
CVE-2011-1953 (Multiple cross-site scripting (XSS) vulnerabilities in
common.php in P ...)
@@ -407403,7 +407415,7 @@ CVE-2011-1943 (The destroy_one_secret function in
nm-setting-vpn.c in libnm-util
- network-manager-openvpn <not-affected> (Affected code was only in
experimental, see bug #628730)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
CVE-2011-1942
- RESERVED
+ REJECTED
CVE-2011-1941 (Open redirect vulnerability in the redirector feature in
phpMyAdmin 3. ...)
- phpmyadmin 4:3.4.1-1
[lenny] - phpmyadmin <not-affected> (3.4.x only)
@@ -409667,7 +409679,7 @@ CVE-2011-1178 (Multiple integer overflows in the
load_image function in file-pcx
- gimp 2.6.10-1
NOTE: Likely fixed earlier, but only the squeeze version was checked
CVE-2011-1177
- RESERVED
+ REJECTED
CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson
mpm-itk ...)
{DSA-2202-1}
- apache2 2.2.17-2 (bug #618857; medium)
@@ -413575,7 +413587,7 @@ CVE-2011-0025 (IcedTea 1.7 before 1.7.8, 1.8 before
1.8.5, and 1.9 before 1.9.5
CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in Wireshark
before 1.2 ...)
- wireshark 1.2-0-1
CVE-2011-0023
- RESERVED
+ REJECTED
CVE-2011-0022 (The setup scripts in 389 Directory Server 1.2.x (aka Red Hat
Directory ...)
NOT-FOR-US: 389 LDAP server
CVE-2011-0522 (The StripTags function in (1) the USF decoder
(modules/codec/subtitles ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e77d95f0a10e5a844dc57aabc3da04331eb56fa0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e77d95f0a10e5a844dc57aabc3da04331eb56fa0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
