Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9ee8450b by security tracker role at 2021-07-26T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,189 @@
-CVE-2021-37438
+CVE-2021-37530
+ RESERVED
+CVE-2021-37529
+ RESERVED
+CVE-2021-37528
+ RESERVED
+CVE-2021-37527
+ RESERVED
+CVE-2021-37526
+ RESERVED
+CVE-2021-37525
+ RESERVED
+CVE-2021-37524
+ RESERVED
+CVE-2021-37523
+ RESERVED
+CVE-2021-37522
+ RESERVED
+CVE-2021-37521
+ RESERVED
+CVE-2021-37520
+ RESERVED
+CVE-2021-37519
+ RESERVED
+CVE-2021-37518
+ RESERVED
+CVE-2021-37517
+ RESERVED
+CVE-2021-37516
+ RESERVED
+CVE-2021-37515
+ RESERVED
+CVE-2021-37514
+ RESERVED
+CVE-2021-37513
+ RESERVED
+CVE-2021-37512
+ RESERVED
+CVE-2021-37511
+ RESERVED
+CVE-2021-37510
+ RESERVED
+CVE-2021-37509
+ RESERVED
+CVE-2021-37508
+ RESERVED
+CVE-2021-37507
+ RESERVED
+CVE-2021-37506
+ RESERVED
+CVE-2021-37505
+ RESERVED
+CVE-2021-37504
+ RESERVED
+CVE-2021-37503
+ RESERVED
+CVE-2021-37502
+ RESERVED
+CVE-2021-37501
+ RESERVED
+CVE-2021-37500
+ RESERVED
+CVE-2021-37499
+ RESERVED
+CVE-2021-37498
+ RESERVED
+CVE-2021-37497
+ RESERVED
+CVE-2021-37496
+ RESERVED
+CVE-2021-37495
+ RESERVED
+CVE-2021-37494
+ RESERVED
+CVE-2021-37493
+ RESERVED
+CVE-2021-37492
+ RESERVED
+CVE-2021-37491
+ RESERVED
+CVE-2021-37490
+ RESERVED
+CVE-2021-37489
+ RESERVED
+CVE-2021-37488
+ RESERVED
+CVE-2021-37487
+ RESERVED
+CVE-2021-37486
+ RESERVED
+CVE-2021-37485
+ RESERVED
+CVE-2021-37484
+ RESERVED
+CVE-2021-37483
+ RESERVED
+CVE-2021-37482
+ RESERVED
+CVE-2021-37481
+ RESERVED
+CVE-2021-37480
+ RESERVED
+CVE-2021-37479
+ RESERVED
+CVE-2021-37478
RESERVED
+CVE-2021-37477
+ RESERVED
+CVE-2021-37476
+ RESERVED
+CVE-2021-37475
+ RESERVED
+CVE-2021-37474
+ RESERVED
+CVE-2021-37473
+ RESERVED
+CVE-2021-37472
+ RESERVED
+CVE-2021-37471
+ RESERVED
+CVE-2021-37470 (In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS)
exists ...)
+ TODO: check
+CVE-2021-37469 (In NCH WebDictate v2.13 and earlier, authenticated users can
abuse log ...)
+ TODO: check
+CVE-2021-37468 (NCH Reflect CRM 3.01 allows local users to discover cleartext
user acc ...)
+ TODO: check
+CVE-2021-37467 (In NCH Quorum v2.03 and earlier, XSS exists via
/conferencebrowseuploa ...)
+ TODO: check
+CVE-2021-37466 (In NCH Quorum v2.03 and earlier, XSS exists via
/conference?id= (refle ...)
+ TODO: check
+CVE-2021-37465 (In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id=
(reflec ...)
+ TODO: check
+CVE-2021-37464 (In NCH Quorum v2.03 and earlier, XSS exists via Conference
Description ...)
+ TODO: check
+CVE-2021-37463 (In NCH Quorum v2.03 and earlier, XSS exists via User Display
Name (sto ...)
+ TODO: check
+CVE-2021-37462 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and
earlier vi ...)
+ TODO: check
+CVE-2021-37461 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and
earlier vi ...)
+ TODO: check
+CVE-2021-37460 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and
earlier vi ...)
+ TODO: check
+CVE-2021-37459 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and
earlier vi ...)
+ TODO: check
+CVE-2021-37458 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and
earlier vi ...)
+ TODO: check
+CVE-2021-37457 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and
earlier vi ...)
+ TODO: check
+CVE-2021-37456 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and
earlier vi ...)
+ TODO: check
+CVE-2021-37455 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and
earlier vi ...)
+ TODO: check
+CVE-2021-37454 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and
earlier vi ...)
+ TODO: check
+CVE-2021-37453 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and
earlier vi ...)
+ TODO: check
+CVE-2021-37452 (NCH Quorum v2.03 and earlier allows local users to discover
cleartext ...)
+ TODO: check
+CVE-2021-37451 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12
and earli ...)
+ TODO: check
+CVE-2021-37450 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12
and earli ...)
+ TODO: check
+CVE-2021-37449 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12
and earli ...)
+ TODO: check
+CVE-2021-37448 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12
and earli ...)
+ TODO: check
+CVE-2021-37447 (In NCH Quorum v2.03 and earlier, an authenticated user can use
directo ...)
+ TODO: check
+CVE-2021-37446 (In NCH Quorum v2.03 and earlier, an authenticated user can use
directo ...)
+ TODO: check
+CVE-2021-37445 (In NCH Quorum v2.03 and earlier, an authenticated user can use
directo ...)
+ TODO: check
+CVE-2021-37444 (NCH IVM Attendant v5.12 and earlier suffers from a directory
traversal ...)
+ TODO: check
+CVE-2021-37443 (NCH IVM Attendant v5.12 and earlier allows path traversal via
the logd ...)
+ TODO: check
+CVE-2021-37442 (NCH IVM Attendant v5.12 and earlier allows path traversal via
viewfile ...)
+ TODO: check
+CVE-2021-37441 (NCH Axon PBX v2.22 and earlier allows path traversal for file
deletion ...)
+ TODO: check
+CVE-2021-37440 (NCH Axon PBX v2.22 and earlier allows path traversal for file
disclosu ...)
+ TODO: check
+CVE-2021-37439 (NCH FlexiServer v6.00 suffers from a syslog?file=/.. path
traversal vu ...)
+ TODO: check
+CVE-2021-37438
+ REJECTED
CVE-2021-37437
RESERVED
CVE-2021-37436 (Amazon Echo Dot devices through 2021-07-02 sometimes allow
attackers, ...)
@@ -1337,6 +1521,7 @@ CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18
through 1.5.21 has a hea
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml
CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow
in acom ...)
+ {DLA-2720-1}
- aspell 0.60.8-3 (bug #991307)
NOTE:
https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml
@@ -2905,10 +3090,10 @@ CVE-2021-36094
RESERVED
CVE-2021-36093
RESERVED
-CVE-2021-36092
- RESERVED
-CVE-2021-36091
- RESERVED
+CVE-2021-36092 (It's possible to create an email which contains specially
crafted link ...)
+ TODO: check
+CVE-2021-36091 (Agents are able to list appointments in the calendars without
required ...)
+ TODO: check
CVE-2021-3632
RESERVED
NOT-FOR-US: Keycloak
@@ -7877,8 +8062,7 @@ CVE-2021-33902
RESERVED
CVE-2021-33901
RESERVED
-CVE-2021-33900
- RESERVED
+CVE-2021-33900 (While investigating DIRSTUDIO-1219 it was noticed that
configured Star ...)
- apache-directory-server <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/07/24/1
TODO: check
@@ -38533,10 +38717,10 @@ CVE-2020-35852 (Chatbox is affected by cross-site
scripting (XSS). An attacker h
NOT-FOR-US: Chatbox
CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters
properly. Att ...)
NOT-FOR-US: HGiga MailSherlock
-CVE-2021-21443
- RESERVED
-CVE-2021-21442
- RESERVED
+CVE-2021-21443 (Agents are able to list customer user emails without required
permissi ...)
+ TODO: check
+CVE-2021-21442 (In the project create screen it's possible to inject malicious
JS code ...)
+ TODO: check
CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens.
It's poss ...)
- otrs2 6.0.32-5 (bug #989992)
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -38544,8 +38728,8 @@ CVE-2021-21441 (There is a XSS vulnerability in the
ticket overview screens. It'
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-11/
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
NOTE: src:otrs2 is the znuny fork)
-CVE-2021-21440
- RESERVED
+CVE-2021-21440 (Generated Support Bundles contains private S/MIME and PGP keys
if cont ...)
+ TODO: check
CVE-2021-21439 (DoS attack can be performed when an email contains specially
designed ...)
- otrs2 6.0.32-5 (bug #989992)
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -127977,7 +128161,7 @@ CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy
double free in OGRExpatReal
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
NOTE:
https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
CVE-2019-17544 (libaspell.a in GNU Aspell before 0.60.8 has a stack-based
buffer over- ...)
- {DLA-1966-1}
+ {DLA-2720-1 DLA-1966-1}
- aspell 0.60.8-1 (low)
[buster] - aspell <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee8450b34112119fcdc6d0b71230bbe35e65811
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee8450b34112119fcdc6d0b71230bbe35e65811
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
