Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f87f0c1c by security tracker role at 2021-07-02T20:10:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2021-36134
+ RESERVED
+CVE-2021-36133
+ RESERVED
+CVE-2021-36132 (An issue was discovered in the FileImporter extension in
MediaWiki thr ...)
+ TODO: check
+CVE-2021-36131 (An XSS issue was discovered in the SportsTeams extension in
MediaWiki ...)
+ TODO: check
+CVE-2021-36130 (An XSS issue was discovered in the SocialProfile extension in
MediaWik ...)
+ TODO: check
+CVE-2021-36129 (An issue was discovered in the Translate extension in
MediaWiki throug ...)
+ TODO: check
+CVE-2021-36128 (An issue was discovered in the CentralAuth extension in
MediaWiki thro ...)
+ TODO: check
+CVE-2021-36127 (An issue was discovered in the CentralAuth extension in
MediaWiki thro ...)
+ TODO: check
+CVE-2021-36126 (An issue was discovered in the AbuseFilter extension in
MediaWiki thro ...)
+ TODO: check
+CVE-2021-36125 (An issue was discovered in the CentralAuth extension in
MediaWiki thro ...)
+ TODO: check
+CVE-2021-36124
+ RESERVED
+CVE-2021-36123
+ RESERVED
+CVE-2021-36122
+ RESERVED
+CVE-2021-36121
+ RESERVED
CVE-2021-3633
RESERVED
CVE-2021-36120
@@ -65,24 +93,24 @@ CVE-2021-3632
NOT-FOR-US: Keycloak
CVE-2021-36090
RESERVED
-CVE-2020-36416
- RESERVED
-CVE-2020-36415
- RESERVED
-CVE-2020-36414
- RESERVED
-CVE-2020-36413
- RESERVED
-CVE-2020-36412
- RESERVED
-CVE-2020-36411
- RESERVED
-CVE-2020-36410
- RESERVED
-CVE-2020-36409
- RESERVED
-CVE-2020-36408
- RESERVED
+CVE-2020-36416 (A stored cross scripting (XSS) vulnerability in CMS Made
Simple 2.2.14 ...)
+ TODO: check
+CVE-2020-36415 (A stored cross scripting (XSS) vulnerability in CMS Made
Simple 2.2.14 ...)
+ TODO: check
+CVE-2020-36414 (A stored cross scripting (XSS) vulnerability in CMS Made
Simple 2.2.14 ...)
+ TODO: check
+CVE-2020-36413 (A stored cross scripting (XSS) vulnerability in CMS Made
Simple 2.2.14 ...)
+ TODO: check
+CVE-2020-36412 (A stored cross scripting (XSS) vulnerability in CMS Made
Simple 2.2.14 ...)
+ TODO: check
+CVE-2020-36411 (A stored cross scripting (XSS) vulnerability in CMS Made
Simple 2.2.14 ...)
+ TODO: check
+CVE-2020-36410 (A stored cross scripting (XSS) vulnerability in CMS Made
Simple 2.2.14 ...)
+ TODO: check
+CVE-2020-36409 (A stored cross scripting (XSS) vulnerability in CMS Made
Simple 2.2.14 ...)
+ TODO: check
+CVE-2020-36408 (A stored cross scripting (XSS) vulnerability in CMS Made
Simple 2.2.14 ...)
+ TODO: check
CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in
grk::File ...)
- libgrokj2k <unfixed> (bug #990525)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
@@ -158,16 +186,16 @@ CVE-2020-36400 (ZeroMQ libzmq 4.3.3 has a heap-based
buffer overflow in zmq::tcp
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libzmq/OSV-2020-1887.yaml
NOTE: Introduced by:
https://github.com/zeromq/libzmq/commit/b56195e995e0875afabf405826d97b1dd9817bb0
(v4.3.3)
NOTE: Fixed by:
https://github.com/zeromq/libzmq/commit/397ac80850bf8d010fae23dd215db0ee2c677306
(v4.3.3)
-CVE-2020-36399
- RESERVED
-CVE-2020-36398
- RESERVED
-CVE-2020-36397
- RESERVED
-CVE-2020-36396
- RESERVED
-CVE-2020-36395
- RESERVED
+CVE-2020-36399 (A stored cross site scripting (XSS) vulnerability in phplist
3.5.4 and ...)
+ TODO: check
+CVE-2020-36398 (A stored cross site scripting (XSS) vulnerability in phplist
3.5.4 and ...)
+ TODO: check
+CVE-2020-36397 (A stored cross site scripting (XSS) vulnerability in the
/admin/contac ...)
+ TODO: check
+CVE-2020-36396 (A stored cross site scripting (XSS) vulnerability in the
/admin/roles/ ...)
+ TODO: check
+CVE-2020-36395 (A stored cross site scripting (XSS) vulnerability in the
/admin/user/t ...)
+ TODO: check
CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in
asn1_item_pr ...)
- libressl <itp> (bug #754513)
CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read
in do_p ...)
@@ -2008,16 +2036,16 @@ CVE-2020-36394 (pam_setquota.c in the pam_setquota
module before 2020-05-29 for
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171721
NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/5
NOTE:
https://github.com/linux-pam/linux-pam/commit/27ded8954a1235bb65ffc9c730ae5a50b1dfed61
-CVE-2021-3613
- RESERVED
+CVE-2021-3613 (OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load
arbitra ...)
+ TODO: check
CVE-2021-35210 (Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through
4.11.x be ...)
NOT-FOR-US: Contao CMS
-CVE-2021-35209
- RESERVED
-CVE-2021-35208
- RESERVED
-CVE-2021-35207
- RESERVED
+CVE-2021-35209 (An issue was discovered in ProxyServlet.java in the /proxy
servlet in ...)
+ TODO: check
+CVE-2021-35208 (An issue was discovered in ZmMailMsgView.js in the Calendar
Invite com ...)
+ TODO: check
+CVE-2021-35207 (An issue was discovered in Zimbra Collaboration Suite 8.8
before 8.8.1 ...)
+ TODO: check
CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects. ...)
NOT-FOR-US: Gitpod
CVE-2021-35205
@@ -2036,8 +2064,7 @@ CVE-2021-35199
RESERVED
CVE-2021-35198
RESERVED
-CVE-2021-35197
- RESERVED
+CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before
1.35.3, and ...)
- mediawiki <unfixed>
[bullseye] - mediawiki <postponed> (Minor issue, wait until next 1.35.x
release)
[buster] - mediawiki <postponed> (Minor issue, wait until next 1.31.x
release)
@@ -2386,8 +2413,7 @@ CVE-2021-35044
RESERVED
CVE-2021-35043
RESERVED
-CVE-2021-35042 [Potential SQL injection via unsanitized QuerySet.order_by()
input]
- RESERVED
+CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows
QuerySet.orde ...)
- python-django <not-affected> (Vulnerable code introduced in 3.1)
NOTE:
https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
NOTE: Issue did affect only the experimental version and fixed in
2:3.2.5-1
@@ -2419,8 +2445,8 @@ CVE-2021-35031
RESERVED
CVE-2021-35030
RESERVED
-CVE-2021-35029
- RESERVED
+CVE-2021-35029 (An authentication bypasss vulnerability in the web-based
management in ...)
+ TODO: check
CVE-2021-35028
RESERVED
CVE-2021-35027
@@ -2835,8 +2861,8 @@ CVE-2021-3607 [pvrdma: unchecked malloc size due to
integer overflow in init_dev
- qemu <unfixed> (bug #990564)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349
-CVE-2021-3606
- RESERVED
+CVE-2021-3606 (OpenVPN before version 2.5.3 on Windows allows local users to
load arb ...)
+ TODO: check
CVE-2021-34826
RESERVED
CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled,
launches withou ...)
@@ -2891,8 +2917,8 @@ CVE-2021-34809 (Improper neutralization of special
elements used in a command ('
NOT-FOR-US: Synology
CVE-2021-34808 (Server-Side Request Forgery (SSRF) vulnerability in cgi
component in S ...)
NOT-FOR-US: Synology
-CVE-2021-34807
- RESERVED
+CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet
in Zimbr ...)
+ TODO: check
CVE-2021-34806
RESERVED
CVE-2021-34805
@@ -4911,8 +4937,8 @@ CVE-2021-33891
RESERVED
CVE-2021-33890
RESERVED
-CVE-2021-33889
- RESERVED
+CVE-2021-33889 (OpenThread wpantund through 2021-07-02 has a stack-based
Buffer Overfl ...)
+ TODO: check
CVE-2021-33888
RESERVED
CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that
exceed four d ...)
@@ -7582,14 +7608,14 @@ CVE-2021-32740
RESERVED
CVE-2021-32739
RESERVED
-CVE-2021-32738
- RESERVED
-CVE-2021-32737
- RESERVED
+CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with
a Stella ...)
+ TODO: check
+CVE-2021-32737 (Sulu is an open-source PHP content management system based on
the Symf ...)
+ TODO: check
CVE-2021-32736 (think-helper defines a set of helper functions for ThinkJS. In
version ...)
NOT-FOR-US: think-helper
-CVE-2021-32735
- RESERVED
+CVE-2021-32735 (Kirby is a content management system. In Kirby CMS versions
3.5.5 and ...)
+ TODO: check
CVE-2021-32734
RESERVED
CVE-2021-32733
@@ -7795,8 +7821,8 @@ CVE-2021-32640 (ws is an open source WebSocket client and
server library for Nod
[stretch] - node-ws <no-dsa> (Minor issue)
NOTE:
https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
NOTE:
https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
-CVE-2021-32639
- RESERVED
+CVE-2021-32639 (Emissary is a P2P-based, data-driven workflow engine. Emissary
version ...)
+ TODO: check
CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code
scanning o ...)
NOT-FOR-US: Github
CVE-2021-32637 (Authelia is a a single sign-on multi-factor portal for web
apps. This ...)
@@ -9644,8 +9670,8 @@ CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1 does
not properly implement t
NOTE:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html
CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously
formed JSO ...)
NOT-FOR-US: Cesanta MongooseOS mJS
-CVE-2021-31874
- RESERVED
+CVE-2021-31874 (Zoho ManageEngine ADSelfService Plus before 6104, in rare
situations, ...)
+ TODO: check
CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in
the malloc ...)
{DLA-2695-1}
- klibc 2.0.8-6 (bug #989505)
@@ -12832,20 +12858,16 @@ CVE-2021-30559
RESERVED
CVE-2021-30558
RESERVED
-CVE-2021-30557
- RESERVED
+CVE-2021-30557 (Use after free in TabGroups in Google Chrome prior to
91.0.4472.114 al ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30556
- RESERVED
+CVE-2021-30556 (Use after free in WebAudio in Google Chrome prior to
91.0.4472.114 all ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30555
- RESERVED
+CVE-2021-30555 (Use after free in Sharing in Google Chrome prior to
91.0.4472.114 allo ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30554
- RESERVED
+CVE-2021-30554 (Use after free in WebGL in Google Chrome prior to
91.0.4472.114 allowe ...)
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30553 (Use after free in Network service in Google Chrome prior to
91.0.4472. ...)
@@ -19361,8 +19383,8 @@ CVE-2021-27952
RESERVED
CVE-2021-27951
RESERVED
-CVE-2021-27950
- RESERVED
+CVE-2021-27950 (A SQL injection vulnerability in azurWebEngine in Sita AzurCMS
through ...)
+ TODO: check
CVE-2021-27949 (Cross-site Scripting vulnerability in MyBB before 1.8.26 via
Custom mo ...)
NOT-FOR-US: MyBB
CVE-2021-27948 (SQL Injection vulnerability in MyBB before 1.8.26 via User
Groups. (is ...)
@@ -20484,8 +20506,8 @@ CVE-2021-27457 (A vulnerability has been found in
multiple revisions of Emerson
NOT-FOR-US: Emerson
CVE-2021-27456
RESERVED
-CVE-2021-27455
- RESERVED
+CVE-2021-27455 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are
vulnerable ...)
+ TODO: check
CVE-2021-27454 (The software performs an operation at a privilege level higher
than th ...)
NOT-FOR-US: GE
CVE-2021-27453
@@ -20570,8 +20592,8 @@ CVE-2021-27414
RESERVED
CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, including CX-Server
Versions 5.0 ...)
NOT-FOR-US: Omron CX-One
-CVE-2021-27412
- RESERVED
+CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are
vulnerable ...)
+ TODO: check
CVE-2021-27411
RESERVED
CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write,
which ma ...)
@@ -21748,8 +21770,7 @@ CVE-2021-26922
RESERVED
CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4,
tokens cont ...)
NOT-FOR-US: Argo CD
-CVE-2021-26920
- RESERVED
+CVE-2021-26920 (In the Druid ingestion system, the InputSource is used for
reading dat ...)
- druid <itp> (bug #825797)
CVE-2021-26919 (Apache Druid allows users to read data from other database
systems usi ...)
- druid <itp> (bug #825797)
@@ -30129,10 +30150,10 @@ CVE-2021-23405
RESERVED
CVE-2021-23404
RESERVED
-CVE-2021-23403
- RESERVED
-CVE-2021-23402
- RESERVED
+CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype
Pollutio ...)
+ TODO: check
+CVE-2021-23402 (All versions of package record-like-deep-assign are vulnerable
to Prot ...)
+ TODO: check
CVE-2021-23401
RESERVED
CVE-2021-23400 (The package nodemailer before 6.6.1 are vulnerable to HTTP
Header Inje ...)
@@ -61079,16 +61100,16 @@ CVE-2020-23196
RESERVED
CVE-2020-23195
RESERVED
-CVE-2020-23194
- RESERVED
+CVE-2020-23194 (A stored cross site scripting (XSS) vulnerability in the
"Import Subsc ...)
+ TODO: check
CVE-2020-23193
RESERVED
-CVE-2020-23192
- RESERVED
+CVE-2020-23192 (A stored cross site scripting (XSS) vulnerability in phplist
3.5.4 and ...)
+ TODO: check
CVE-2020-23191
RESERVED
-CVE-2020-23190
- RESERVED
+CVE-2020-23190 (A stored cross site scripting (XSS) vulnerability in the
"Import email ...)
+ TODO: check
CVE-2020-23189
RESERVED
CVE-2020-23188
@@ -61097,22 +61118,22 @@ CVE-2020-23187
RESERVED
CVE-2020-23186
RESERVED
-CVE-2020-23185
- RESERVED
-CVE-2020-23184
- RESERVED
+CVE-2020-23185 (A stored cross site scripting (XSS) vulnerability in
/administration/s ...)
+ TODO: check
+CVE-2020-23184 (A stored cross site scripting (XSS) vulnerability in
/administration/s ...)
+ TODO: check
CVE-2020-23183
RESERVED
-CVE-2020-23182
- RESERVED
-CVE-2020-23181
- RESERVED
+CVE-2020-23182 (The component
/php-fusion/infusions/shoutbox_panel/shoutbox_archive.ph ...)
+ TODO: check
+CVE-2020-23181 (A reflected cross site scripting (XSS) vulnerability in
/administratio ...)
+ TODO: check
CVE-2020-23180
RESERVED
-CVE-2020-23179
- RESERVED
-CVE-2020-23178
- RESERVED
+CVE-2020-23179 (A stored cross site scripting (XSS) vulnerability in
administration/se ...)
+ TODO: check
+CVE-2020-23178 (An issue exists in PHP-Fusion 9.03.50 where session cookies
are not de ...)
+ TODO: check
CVE-2020-23177
RESERVED
CVE-2020-23176
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f87f0c1ca44c0ceec91c4c3c3e9982b63dbcc81b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f87f0c1ca44c0ceec91c4c3c3e9982b63dbcc81b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
