Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f3c3cfca by security tracker role at 2021-07-27T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,84 @@
-CVE-2021-37576 [KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow]
+CVE-2021-37578
+ RESERVED
+CVE-2021-37577
+ RESERVED
+CVE-2021-37575
+ RESERVED
+CVE-2021-37574
+ RESERVED
+CVE-2021-37573
+ RESERVED
+CVE-2021-37572
+ RESERVED
+CVE-2021-37571
+ RESERVED
+CVE-2021-37570
+ RESERVED
+CVE-2021-37569
+ RESERVED
+CVE-2021-37568
+ RESERVED
+CVE-2021-37567
+ RESERVED
+CVE-2021-37566
+ RESERVED
+CVE-2021-37565
+ RESERVED
+CVE-2021-37564
+ RESERVED
+CVE-2021-37563
+ RESERVED
+CVE-2021-37562
+ RESERVED
+CVE-2021-37561
+ RESERVED
+CVE-2021-37560
+ RESERVED
+CVE-2021-37559
+ RESERVED
+CVE-2021-37558
+ RESERVED
+CVE-2021-37557
+ RESERVED
+CVE-2021-37556
+ RESERVED
+CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a
shell a ...)
+ TODO: check
+CVE-2021-37554
+ RESERVED
+CVE-2021-37553
+ RESERVED
+CVE-2021-37552
+ RESERVED
+CVE-2021-37551
+ RESERVED
+CVE-2021-37550
+ RESERVED
+CVE-2021-37549
+ RESERVED
+CVE-2021-37548
+ RESERVED
+CVE-2021-37547
+ RESERVED
+CVE-2021-37546
+ RESERVED
+CVE-2021-37545
+ RESERVED
+CVE-2021-37544
+ RESERVED
+CVE-2021-37543
+ RESERVED
+CVE-2021-37542
+ RESERVED
+CVE-2021-37541
+ RESERVED
+CVE-2021-37540
+ RESERVED
+CVE-2021-37539
+ RESERVED
+CVE-2021-3666
+ RESERVED
+CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through
5.13.5 on t ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3)
CVE-2021-37538
@@ -1665,8 +1745,8 @@ CVE-2021-3652 [CRYPT password hash with asterisk allows
any bind attempt to succ
NOTE:
https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964
(1.4.4.x)
CVE-2021-36767
RESERVED
-CVE-2021-36766
- RESERVED
+CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The
vulnerable co ...)
+ TODO: check
CVE-2021-36765
RESERVED
CVE-2021-36764
@@ -1691,8 +1771,7 @@ CVE-2021-36756
RESERVED
CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows
XSS via ...)
NOT-FOR-US: Nightscout Web Monitor
-CVE-2021-36754
- RESERVED
+CVE-2021-36754 (PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows
anybody to cra ...)
- pdns <not-affected> (Vulnerable code introduced in 4.5.0)
NOTE: https://www.openwall.com/lists/oss-security/2021/07/26/2
CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current
working d ...)
@@ -4619,8 +4698,7 @@ CVE-2021-35473 [Access token lifetime is not verified
with OAuth2 Handler]
[buster] - lemonldap-ng <not-affected> (OAuth2 Handler introduced later)
[stretch] - lemonldap-ng <not-affected> (OAuth2 Handler introduced
later)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549
-CVE-2021-35472 [Session cache corruption can lead to authorization bypass or
spoofing]
- RESERVED
+CVE-2021-35472 (An issue was discovered in LemonLDAP::NG before 2.0.12.
Session cache ...)
{DSA-4943-1}
- lemonldap-ng 2.0.11+ds-4
[stretch] - lemonldap-ng <not-affected> (Vulnerable code not present;
updateSession doesn't use in-memory cache)
@@ -4651,8 +4729,8 @@ CVE-2021-35460
RESERVED
CVE-2021-35459
RESERVED
-CVE-2021-35458
- RESERVED
+CVE-2021-35458 (Online Pet Shop We App 1.0 is vulnerable to Union SQL
Injection in pro ...)
+ TODO: check
CVE-2021-35457
RESERVED
CVE-2021-35456 (Online Pet Shop We App 1.0 is vulnerable to remote SQL
injection and s ...)
@@ -10719,10 +10797,10 @@ CVE-2021-32797
RESERVED
CVE-2021-32796
RESERVED
-CVE-2021-32795
- RESERVED
-CVE-2021-32794
- RESERVED
+CVE-2021-32795 (ArchiSteamFarm is a C# application with primary purpose of
idling Stea ...)
+ TODO: check
+CVE-2021-32794 (ArchiSteamFarm is a C# application with primary purpose of
idling Stea ...)
+ TODO: check
CVE-2021-32793
RESERVED
CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
@@ -11178,8 +11256,7 @@ CVE-2021-32611 (A NULL pointer dereference
vulnerability exists in eXcall_api.c
[buster] - libexosip2 <no-dsa> (Minor issue)
[stretch] - libexosip2 <no-dsa> (Minor issue)
NOTE:
http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054
-CVE-2021-32610
- RESERVED
+CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks can refer to targets
outside of ...)
{DLA-2721-1}
- drupal7 <removed>
- php-pear <unfixed> (bug #991541)
@@ -11337,8 +11414,8 @@ CVE-2021-32560 (The Logging subsystem in OctoPrint
before 1.6.0 has incorrect ac
NOT-FOR-US: OctoPrint
CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301
when addin ...)
NOT-FOR-US: pywin32
-CVE-2021-32558
- RESERVED
+CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before
13.38.3, 16.x ...)
+ TODO: check
CVE-2021-32557 (It was discovered that the process_report() function in
data/whoopsie- ...)
NOT-FOR-US: Apport
CVE-2021-32556 (It was discovered that the get_modified_conffiles() function
in backen ...)
@@ -12945,8 +13022,8 @@ CVE-2021-31879 (GNU Wget through 1.21.1 does not omit
the Authorization header u
[buster] - wget <no-dsa> (Minor issue)
[stretch] - wget <postponed> (Minor issue; can be fixed in next update)
NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
-CVE-2021-31878
- RESERVED
+CVE-2021-31878 (An issue was discovered in PJSIP in Asterisk before 16.19.1
and before ...)
+ TODO: check
CVE-2021-31877
REJECTED
CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1 does not properly implement
the rep ...)
@@ -22538,12 +22615,12 @@ CVE-2021-28097
RESERVED
CVE-2021-28096
RESERVED
-CVE-2021-28095
- RESERVED
-CVE-2021-28094
- RESERVED
-CVE-2021-28093
- RESERVED
+CVE-2021-28095 (OX Documents before 7.10.5-rev5 has Incorrect Access Control
for docum ...)
+ TODO: check
+CVE-2021-28094 (OX Documents before 7.10.5-rev7 has Incorrect Access Control
for conve ...)
+ TODO: check
+CVE-2021-28093 (OX Documents before 7.10.5-rev5 has Incorrect Access Control
of conver ...)
+ TODO: check
CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1 for Node.js uses a
regular expr ...)
NOT-FOR-US: Node is-svg
CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single
Sign-On 7.4 ...)
@@ -64705,26 +64782,26 @@ CVE-2020-23245
RESERVED
CVE-2020-23244
RESERVED
-CVE-2020-23243
- RESERVED
-CVE-2020-23242
- RESERVED
-CVE-2020-23241
- RESERVED
-CVE-2020-23240
- RESERVED
-CVE-2020-23239
- RESERVED
-CVE-2020-23238
- RESERVED
+CVE-2020-23243 (Cross Site Scripting (XSS) vulnerability in NavigateCMS
NavigateCMS 2. ...)
+ TODO: check
+CVE-2020-23242 (Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9
when perfo ...)
+ TODO: check
+CVE-2020-23241 (Cross Site Scripting (XSS) vulnerability in CMS Made Simple
2.2.14 in ...)
+ TODO: check
+CVE-2020-23240 (Cross Site Scripting (XSS) vulnerablity in CMS Made Simple
2.2.14 via ...)
+ TODO: check
+CVE-2020-23239 (Cross Site Scripting (XSS) vulnerability in Textpattern CMS
4.8.1 via ...)
+ TODO: check
+CVE-2020-23238 (Cross Site Scripting (XSS) vulnerability in Evolution CMS
2.0.2 via th ...)
+ TODO: check
CVE-2020-23237
RESERVED
CVE-2020-23236
RESERVED
CVE-2020-23235
RESERVED
-CVE-2020-23234
- RESERVED
+CVE-2020-23234 (Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS
5.8.0 v ...)
+ TODO: check
CVE-2020-23233
RESERVED
CVE-2020-23232
@@ -74524,12 +74601,12 @@ CVE-2020-18432
RESERVED
CVE-2020-18431
RESERVED
-CVE-2020-18430
- RESERVED
+CVE-2020-18430 (tinyexr 0.9.5 was discovered to contain an array index error
in the ti ...)
+ TODO: check
CVE-2020-18429
RESERVED
-CVE-2020-18428
- RESERVED
+CVE-2020-18428 (tinyexr commit 0.9.5 was discovered to contain an array index
error in ...)
+ TODO: check
CVE-2020-18427
RESERVED
CVE-2020-18426
@@ -75042,18 +75119,18 @@ CVE-2020-18176
RESERVED
CVE-2020-18175
RESERVED
-CVE-2020-18174
- RESERVED
-CVE-2020-18173
- RESERVED
-CVE-2020-18172
- RESERVED
-CVE-2020-18171
- RESERVED
-CVE-2020-18170
- RESERVED
-CVE-2020-18169
- RESERVED
+CVE-2020-18174 (A process injection vulnerability in setup.exe of AutoHotkey
1.1.32.00 ...)
+ TODO: check
+CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password
7.3.712 al ...)
+ TODO: check
+CVE-2020-18172 (A code injection vulnerability in the SeDebugPrivilege
component of Tr ...)
+ TODO: check
+CVE-2020-18171 (TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding
(OLE) w ...)
+ TODO: check
+CVE-2020-18170 (An issue in the SeChangeNotifyPrivilege component of Abloy Key
Manager ...)
+ TODO: check
+CVE-2020-18169 (A vulnerability in the Windows installer XML (WiX) toolset of
TechSmit ...)
+ TODO: check
CVE-2020-18168
RESERVED
CVE-2020-18167 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote
attackers t ...)
@@ -75489,8 +75566,8 @@ CVE-2020-17954
RESERVED
CVE-2020-17953
RESERVED
-CVE-2020-17952
- RESERVED
+CVE-2020-17952 (A remote code execution (RCE) vulnerability in
/library/think/App.php ...)
+ TODO: check
CVE-2020-17951
RESERVED
CVE-2020-17950
@@ -93284,8 +93361,8 @@ CVE-2020-11513
RESERVED
CVE-2020-11512 (Stored XSS in the IMPress for IDX Broker WordPress plugin
before 2.6.2 ...)
NOT-FOR-US: IMPress for IDX Broker WordPress plugin
-CVE-2020-11511
- RESERVED
+CVE-2020-11511 (The LearnPress plugin before 3.2.6.9 for WordPress allows
remote attac ...)
+ TODO: check
CVE-2020-11510
RESERVED
CVE-2020-11509 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98
for Wor ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3c3cfca618fa02012477985a5041b65d450b721
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3c3cfca618fa02012477985a5041b65d450b721
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
