Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
313dc603 by security tracker role at 2021-07-20T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,331 @@
+CVE-2021-37139
+ RESERVED
+CVE-2021-37138
+ RESERVED
+CVE-2021-37137
+ RESERVED
+CVE-2021-37136
+ RESERVED
+CVE-2021-37135
+ RESERVED
+CVE-2021-37134
+ RESERVED
+CVE-2021-37133
+ RESERVED
+CVE-2021-37132
+ RESERVED
+CVE-2021-37131
+ RESERVED
+CVE-2021-37130
+ RESERVED
+CVE-2021-37129
+ RESERVED
+CVE-2021-37128
+ RESERVED
+CVE-2021-37127
+ RESERVED
+CVE-2021-37126
+ RESERVED
+CVE-2021-37125
+ RESERVED
+CVE-2021-37124
+ RESERVED
+CVE-2021-37123
+ RESERVED
+CVE-2021-37122
+ RESERVED
+CVE-2021-37121
+ RESERVED
+CVE-2021-37120
+ RESERVED
+CVE-2021-37119
+ RESERVED
+CVE-2021-37118
+ RESERVED
+CVE-2021-37117
+ RESERVED
+CVE-2021-37116
+ RESERVED
+CVE-2021-37115
+ RESERVED
+CVE-2021-37114
+ RESERVED
+CVE-2021-37113
+ RESERVED
+CVE-2021-37112
+ RESERVED
+CVE-2021-37111
+ RESERVED
+CVE-2021-37110
+ RESERVED
+CVE-2021-37109
+ RESERVED
+CVE-2021-37108
+ RESERVED
+CVE-2021-37107
+ RESERVED
+CVE-2021-37106
+ RESERVED
+CVE-2021-37105
+ RESERVED
+CVE-2021-37104
+ RESERVED
+CVE-2021-37103
+ RESERVED
+CVE-2021-37102
+ RESERVED
+CVE-2021-37101
+ RESERVED
+CVE-2021-37100
+ RESERVED
+CVE-2021-37099
+ RESERVED
+CVE-2021-37098
+ RESERVED
+CVE-2021-37097
+ RESERVED
+CVE-2021-37096
+ RESERVED
+CVE-2021-37095
+ RESERVED
+CVE-2021-37094
+ RESERVED
+CVE-2021-37093
+ RESERVED
+CVE-2021-37092
+ RESERVED
+CVE-2021-37091
+ RESERVED
+CVE-2021-37090
+ RESERVED
+CVE-2021-37089
+ RESERVED
+CVE-2021-37088
+ RESERVED
+CVE-2021-37087
+ RESERVED
+CVE-2021-37086
+ RESERVED
+CVE-2021-37085
+ RESERVED
+CVE-2021-37084
+ RESERVED
+CVE-2021-37083
+ RESERVED
+CVE-2021-37082
+ RESERVED
+CVE-2021-37081
+ RESERVED
+CVE-2021-37080
+ RESERVED
+CVE-2021-37079
+ RESERVED
+CVE-2021-37078
+ RESERVED
+CVE-2021-37077
+ RESERVED
+CVE-2021-37076
+ RESERVED
+CVE-2021-37075
+ RESERVED
+CVE-2021-37074
+ RESERVED
+CVE-2021-37073
+ RESERVED
+CVE-2021-37072
+ RESERVED
+CVE-2021-37071
+ RESERVED
+CVE-2021-37070
+ RESERVED
+CVE-2021-37069
+ RESERVED
+CVE-2021-37068
+ RESERVED
+CVE-2021-37067
+ RESERVED
+CVE-2021-37066
+ RESERVED
+CVE-2021-37065
+ RESERVED
+CVE-2021-37064
+ RESERVED
+CVE-2021-37063
+ RESERVED
+CVE-2021-37062
+ RESERVED
+CVE-2021-37061
+ RESERVED
+CVE-2021-37060
+ RESERVED
+CVE-2021-37059
+ RESERVED
+CVE-2021-37058
+ RESERVED
+CVE-2021-37057
+ RESERVED
+CVE-2021-37056
+ RESERVED
+CVE-2021-37055
+ RESERVED
+CVE-2021-37054
+ RESERVED
+CVE-2021-37053
+ RESERVED
+CVE-2021-37052
+ RESERVED
+CVE-2021-37051
+ RESERVED
+CVE-2021-37050
+ RESERVED
+CVE-2021-37049
+ RESERVED
+CVE-2021-37048
+ RESERVED
+CVE-2021-37047
+ RESERVED
+CVE-2021-37046
+ RESERVED
+CVE-2021-37045
+ RESERVED
+CVE-2021-37044
+ RESERVED
+CVE-2021-37043
+ RESERVED
+CVE-2021-37042
+ RESERVED
+CVE-2021-37041
+ RESERVED
+CVE-2021-37040
+ RESERVED
+CVE-2021-37039
+ RESERVED
+CVE-2021-37038
+ RESERVED
+CVE-2021-37037
+ RESERVED
+CVE-2021-37036
+ RESERVED
+CVE-2021-37035
+ RESERVED
+CVE-2021-37034
+ RESERVED
+CVE-2021-37033
+ RESERVED
+CVE-2021-37032
+ RESERVED
+CVE-2021-37031
+ RESERVED
+CVE-2021-37030
+ RESERVED
+CVE-2021-37029
+ RESERVED
+CVE-2021-37028
+ RESERVED
+CVE-2021-37027
+ RESERVED
+CVE-2021-37026
+ RESERVED
+CVE-2021-37025
+ RESERVED
+CVE-2021-37024
+ RESERVED
+CVE-2021-37023
+ RESERVED
+CVE-2021-37022
+ RESERVED
+CVE-2021-37021
+ RESERVED
+CVE-2021-37020
+ RESERVED
+CVE-2021-37019
+ RESERVED
+CVE-2021-37018
+ RESERVED
+CVE-2021-37017
+ RESERVED
+CVE-2021-37016
+ RESERVED
+CVE-2021-37015
+ RESERVED
+CVE-2021-37014
+ RESERVED
+CVE-2021-37013
+ RESERVED
+CVE-2021-37012
+ RESERVED
+CVE-2021-37011
+ RESERVED
+CVE-2021-37010
+ RESERVED
+CVE-2021-37009
+ RESERVED
+CVE-2021-37008
+ RESERVED
+CVE-2021-37007
+ RESERVED
+CVE-2021-37006
+ RESERVED
+CVE-2021-37005
+ RESERVED
+CVE-2021-37004
+ RESERVED
+CVE-2021-37003
+ RESERVED
+CVE-2021-37002
+ RESERVED
+CVE-2021-37001
+ RESERVED
+CVE-2021-37000
+ RESERVED
+CVE-2021-36999
+ RESERVED
+CVE-2021-36998
+ RESERVED
+CVE-2021-36997
+ RESERVED
+CVE-2021-36996
+ RESERVED
+CVE-2021-36995
+ RESERVED
+CVE-2021-36994
+ RESERVED
+CVE-2021-36993
+ RESERVED
+CVE-2021-36992
+ RESERVED
+CVE-2021-36991
+ RESERVED
+CVE-2021-36990
+ RESERVED
+CVE-2021-36989
+ RESERVED
+CVE-2021-36988
+ RESERVED
+CVE-2021-36987
+ RESERVED
+CVE-2021-36986
+ RESERVED
+CVE-2021-36985
+ RESERVED
+CVE-2021-36984
+ RESERVED
+CVE-2021-36983
+ RESERVED
+CVE-2021-36982
+ RESERVED
+CVE-2021-36981
+ RESERVED
+CVE-2021-3655
+ RESERVED
+CVE-2021-3654
+ RESERVED
+CVE-2021-26263
+ RESERVED
+CVE-2021-23203
+ RESERVED
+CVE-2021-23184
+ RESERVED
CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a
use-after-f ...)
- openvswitch <unfixed> (bug #991308)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
@@ -4326,6 +4654,7 @@ CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2
may have a bug when dea
NOT-FOR-US: FISCO-BCOS
CVE-2021-3609
RESERVED
+ {DSA-4941-1 DLA-2714-1 DLA-2713-1}
- linux 5.10.46-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/19/1
CVE-2021-35040
@@ -5082,6 +5411,7 @@ CVE-2021-34695
CVE-2021-34694
RESERVED
CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local
users t ...)
+ {DSA-4941-1 DLA-2714-1 DLA-2713-1}
- linux 5.10.46-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1
NOTE:
https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693
@@ -6797,14 +7127,14 @@ CVE-2021-33912
RESERVED
CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote
code execut ...)
NOT-FOR-US: Zoho
-CVE-2021-33910
- RESERVED
+CVE-2021-33910 (basic/unit-name.c in systemd 220 through 248 has a Memory
Allocation w ...)
+ {DSA-4942-1 DLA-2715-1}
- systemd 247.3-6
NOTE:
https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt
NOTE: Introduced by:
https://github.com/systemd/systemd/commit/7410616cd9dbbec97cf98d75324da5cda2b2f7a2
(v220)
NOTE: https://github.com/systemd/systemd/pull/20256
-CVE-2021-33909
- RESERVED
+CVE-2021-33909 (fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before
5.13.4 do ...)
+ {DSA-4941-1 DLA-2714-1 DLA-2713-1}
- linux 5.10.46-2
NOTE:
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
NOTE:
https://git.kernel.org/linus/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
@@ -7063,7 +7393,7 @@ CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in
FFmpeg 4.4 allows an out-o
CVE-2021-33814
RESERVED
CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows
attackers to c ...)
- {DLA-2696-1}
+ {DLA-2712-1 DLA-2696-1}
- libjdom2-intellij-java <unfixed> (bug #990673)
[buster] - libjdom2-intellij-java <no-dsa> (Minor issue)
- libjdom2-java <unfixed> (bug #990671)
@@ -9538,16 +9868,16 @@ CVE-2021-32769 (Micronaut is a JVM-based, full stack
Java framework designed for
NOT-FOR-US: Micronaut
CVE-2021-32768
RESERVED
-CVE-2021-32767
- RESERVED
+CVE-2021-32767 (TYPO3 is an open source PHP based web content management
system. In ve ...)
+ TODO: check
CVE-2021-32766
RESERVED
CVE-2021-32765
RESERVED
CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse
versions ...)
NOT-FOR-US: Discourse
-CVE-2021-32763
- RESERVED
+CVE-2021-32763 (OpenProject is open-source, web-based project management
software. In ...)
+ TODO: check
CVE-2021-32762
RESERVED
CVE-2021-32761
@@ -9768,12 +10098,12 @@ CVE-2021-32671 (Flarum is a forum software for
building communities. Flarum's tr
NOT-FOR-US: Flarum
CVE-2021-32670 (Datasette is an open source multi-tool for exploring and
publishing da ...)
NOT-FOR-US: Datasette
-CVE-2021-32669
- RESERVED
-CVE-2021-32668
- RESERVED
-CVE-2021-32667
- RESERVED
+CVE-2021-32669 (TYPO3 is an open source PHP based web content management
system. Versi ...)
+ TODO: check
+CVE-2021-32668 (TYPO3 is an open source PHP based web content management
system. Versi ...)
+ TODO: check
+CVE-2021-32667 (TYPO3 is an open source PHP based web content management
system. Versi ...)
+ TODO: check
CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure
messaging a ...)
NOT-FOR-US: wire-ios (iOS version of Wire)
CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure
messaging a ...)
@@ -10301,8 +10631,8 @@ CVE-2021-32465
RESERVED
CVE-2021-32464
RESERVED
-CVE-2021-32463
- RESERVED
+CVE-2021-32463 (An incorrect permission assignment denial-of-service
vulnerability in ...)
+ TODO: check
CVE-2021-32462 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and
below i ...)
NOT-FOR-US: Trend Micro
CVE-2021-32461 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and
below i ...)
@@ -11350,11 +11680,11 @@ CVE-2021-32016
RESERVED
CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local
authenticated mal ...)
NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
-CVE-2021-32014 (SheetJS Pro through 0.16.9 allows attackers to cause a denial
of servi ...)
+CVE-2021-32014 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to
cause a den ...)
NOT-FOR-US: SheetJS
-CVE-2021-32013 (SheetJS Pro through 0.16.9 allows attackers to cause a denial
of servi ...)
+CVE-2021-32013 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to
cause a den ...)
NOT-FOR-US: SheetJS
-CVE-2021-32012 (SheetJS Pro through 0.16.9 allows attackers to cause a denial
of servi ...)
+CVE-2021-32012 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to
cause a den ...)
NOT-FOR-US: SheetJS
CVE-2021-3532 (A flaw was found in Ansible where the secret information
present in as ...)
- ansible <unfixed>
@@ -16049,6 +16379,7 @@ CVE-2020-36312 (An issue was discovered in the Linux
kernel before 5.8.10. virt/
[stretch] - linux 4.9.240-1
NOTE:
https://git.kernel.org/linus/f65886606c2d3b562716de030706dfe1bea4ed5e
CVE-2020-36311 (An issue was discovered in the Linux kernel before 5.9.
arch/x86/kvm/s ...)
+ {DSA-4941-1 DLA-2714-1}
- linux 5.9.1-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7be74942f184fdfba34ddd19a0d995deb34d4a03
@@ -22526,8 +22857,8 @@ CVE-2021-27519 (A cross-site scripting (XSS) issue in
FUDForum 3.1.0 allows remo
NOT-FOR-US: FUDForum
CVE-2021-27518
RESERVED
-CVE-2021-27517
- RESERVED
+CVE-2021-27517 (Foxit PDF SDK For Web through 7.5.0 allows XSS. There is
arbitrary Jav ...)
+ TODO: check
CVE-2021-27516 (URI.js (aka urijs) before 1.19.6 mishandles certain uses of
backslash ...)
NOT-FOR-US: urijs
CVE-2021-27515 (url-parse before 1.5.0 mishandles certain uses of backslash
such as ht ...)
@@ -22951,8 +23282,8 @@ CVE-2021-27340
RESERVED
CVE-2021-27339
RESERVED
-CVE-2021-27338
- RESERVED
+CVE-2021-27338 (Faraday Edge before 3.7 allows XSS via the network/create/
page and it ...)
+ TODO: check
CVE-2021-27337
RESERVED
CVE-2021-27336
@@ -23656,8 +23987,7 @@ CVE-2021-27023
RESERVED
CVE-2021-27022
RESERVED
-CVE-2021-27021
- RESERVED
+CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an
escalation ...)
- puppetdb <unfixed> (bug #990419)
NOTE: https://puppet.com/security/cve/cve-2021-27021/
NOTE:
https://github.com/puppetlabs/puppetdb/commit/c146e624d230f7410fb648d58ae28c0e3cd457a2
@@ -26072,8 +26402,8 @@ CVE-2021-26097
RESERVED
CVE-2021-26096
RESERVED
-CVE-2021-26095
- RESERVED
+CVE-2021-26095 (The combination of various cryptographic issues in the session
managem ...)
+ TODO: check
CVE-2021-26094
RESERVED
CVE-2021-26093
@@ -26660,8 +26990,8 @@ CVE-2021-3248
RESERVED
CVE-2021-3247
RESERVED
-CVE-2021-3246
- RESERVED
+CVE-2021-3246 (A heap buffer overflow vulnerability in msadpcm_decode_block of
libsnd ...)
+ TODO: check
CVE-2021-3245
RESERVED
CVE-2021-3244
@@ -30831,8 +31161,8 @@ CVE-2021-24024 (A clear text storage of sensitive
information into log file vuln
NOT-FOR-US: FortiADCManager
CVE-2021-24023 (An improper input validation in FortiAI v1.4.0 and earlier may
allow a ...)
NOT-FOR-US: FortiAI (FortiGuard)
-CVE-2021-24022
- RESERVED
+CVE-2021-24022 (A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and
below, ...)
+ TODO: check
CVE-2021-24021
RESERVED
CVE-2021-24020 (A missing cryptographic step in the implementation of the hash
digest ...)
@@ -34928,8 +35258,7 @@ CVE-2021-22237
RESERVED
CVE-2021-22236
RESERVED
-CVE-2021-22235
- RESERVED
+CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0
to 3.2.14 ...)
[experimental] - wireshark 3.4.7-1~exp1
- wireshark <unfixed>
[bullseye] - wireshark <postponed> (Minor issue, can be fixed along in
future update)
@@ -35214,8 +35543,8 @@ CVE-2021-22127
RESERVED
CVE-2021-22126
RESERVED
-CVE-2021-22125
- RESERVED
+CVE-2021-22125 (An instance of improper neutralization of special elements in
the snif ...)
+ TODO: check
CVE-2021-22124
RESERVED
CVE-2021-22123 (An OS command injection vulnerability in FortiWeb's management
interfa ...)
@@ -35932,6 +36261,7 @@ CVE-2021-21782 (An out-of-bounds write vulnerability
exists in the SGI format bu
NOT-FOR-US: ImageGear
CVE-2021-21781
RESERVED
+ {DLA-2713-1}
- linux 5.10.19-1
[buster] - linux 4.19.177-1
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243
@@ -40456,8 +40786,8 @@ CVE-2021-20480 (IBM WebSphere Application Server 7.0,
8.0, and 8.5 is vulnerable
NOT-FOR-US: IBM
CVE-2021-20479
RESERVED
-CVE-2021-20478
- RESERVED
+CVE-2021-20478 (IBM Cloud Pak System 2.3 could allow a local user in some
situations t ...)
+ TODO: check
CVE-2021-20477 (IBM Planning Analytics 2.0 is vulnerable to cross-site
scripting. This ...)
NOT-FOR-US: IBM
CVE-2021-20476
@@ -42246,8 +42576,8 @@ CVE-2020-35429
RESERVED
CVE-2020-35428
RESERVED
-CVE-2020-35427
- RESERVED
+CVE-2020-35427 (SQL injection vulnerability in PHPGurukul Employee Record
Management S ...)
+ TODO: check
CVE-2020-35426
RESERVED
CVE-2020-35425
@@ -58941,10 +59271,10 @@ CVE-2020-25208 (In JetBrains YouTrack before
2020.4.4701, an attacker could enum
NOT-FOR-US: JetBrains
CVE-2020-25207 (JetBrains ToolBox before version 1.18 is vulnerable to Remote
Code Exe ...)
NOT-FOR-US: JetBrains
-CVE-2020-25206
- RESERVED
-CVE-2020-25205
- RESERVED
+CVE-2020-25206 (The web console for Mimosa B5, B5c, and C5x firmware through
2.8.0.2 a ...)
+ TODO: check
+CVE-2020-25205 (The web console for Mimosa B5, B5c, and C5x firmware through
2.8.0.2 i ...)
+ TODO: check
CVE-2020-25204 (The God Kings application 0.60.1 for Android exposes a
broadcast recei ...)
NOT-FOR-US: God Kings application for Android
CVE-2020-25203 (The Framer Preview application 12 for Android exposes
com.framer.viewe ...)
@@ -71518,7 +71848,7 @@ CVE-2020-19206
RESERVED
CVE-2020-19205
RESERVED
-CVE-2020-19204 (Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 is
affected ...)
+CVE-2020-19204 (An authenticated Stored Cross-Site Scriptiong (XSS)
vulnerability exis ...)
NOT-FOR-US: IPFire
CVE-2020-19203 (Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is
affected by: C ...)
NOT-FOR-US: Netgate pfSense Community Edition
@@ -79353,8 +79683,8 @@ CVE-2020-15662 (A rogue webpage could override the
injected WKUserScript used by
CVE-2020-15661 (A rogue webpage could override the injected WKUserScript used
by the l ...)
- firefox <not-affected> (Specific to Firefox for iOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15661
-CVE-2020-15660
- RESERVED
+CVE-2020-15660 (Missing checks on Content-Type headers in geckodriver before
0.27.0 co ...)
+ TODO: check
CVE-2020-15659 (Mozilla developers and community members reported memory
safety bugs p ...)
{DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1}
- firefox 79.0-1
@@ -101443,8 +101773,8 @@ CVE-2020-7868 (A remote code execution vulnerability
exists in helpUS(remote adm
NOT-FOR-US: helpUS(remote administration tool)
CVE-2020-7867
RESERVED
-CVE-2020-7866
- RESERVED
+CVE-2020-7866 (When using XPLATFORM 9.2.2.270 or earlier versions ActiveX
component, ...)
+ TODO: check
CVE-2020-7865
RESERVED
CVE-2020-7864 (Parameter manipulation can bypass authentication to cause file
upload ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313dc6032dbe77f4128090ff31e10d38c2c7f586
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/313dc6032dbe77f4128090ff31e10d38c2c7f586
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
