Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
080817a7 by security tracker role at 2021-08-05T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2021-38135
+ RESERVED
+CVE-2021-38134
+ RESERVED
+CVE-2021-38133
+ RESERVED
+CVE-2021-38132
+ RESERVED
+CVE-2021-38131
+ RESERVED
+CVE-2021-38130
+ RESERVED
+CVE-2021-38129
+ RESERVED
+CVE-2021-38128
+ RESERVED
+CVE-2021-38127
+ RESERVED
+CVE-2021-38126
+ RESERVED
+CVE-2021-38125
+ RESERVED
+CVE-2021-38124
+ RESERVED
+CVE-2021-38123
+ RESERVED
+CVE-2021-38122
+ RESERVED
+CVE-2021-38121
+ RESERVED
+CVE-2021-38120
+ RESERVED
+CVE-2021-38119
+ RESERVED
+CVE-2021-38118
+ RESERVED
+CVE-2021-38117
+ RESERVED
+CVE-2021-38116
+ RESERVED
+CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka
LibGD) thr ...)
+ TODO: check
+CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return
value of ...)
+ TODO: check
+CVE-2021-3687
+ RESERVED
+CVE-2021-3686
+ RESERVED
+CVE-2021-3685
+ RESERVED
+CVE-2021-3684
+ RESERVED
+CVE-2021-3683
+ RESERVED
CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka
e2openplugin-OpenWebif) t ...)
NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
CVE-2021-38112
@@ -1860,7 +1914,7 @@ CVE-2021-37231 (A stack-buffer-overflow occurs in
Atomicparsley 20210124.204813.
- atomicparsley <undetermined>
NOTE: https://github.com/wez/atomicparsley/issues/30
NOTE: https://github.com/wez/atomicparsley/pull/31#issue-687280335
- TODO: check, old version in Debian possibly unaffected, gtkpod embedds
atomic-parsley and might be affected
+ TODO: check, old version in Debian possibly unaffected, gtkpod embedds
atomic-parsley and might be affected
CVE-2021-37230
RESERVED
CVE-2021-37229
@@ -2804,18 +2858,18 @@ CVE-2019-25050 (netCDF in GDAL 2.4.2 through 3.0.4 has
a stack-based buffer over
NOTE:
https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a
(v3.1.0RC1)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156
-CVE-2021-36805
- RESERVED
-CVE-2021-36804
- RESERVED
-CVE-2021-36803
- RESERVED
-CVE-2021-36802
- RESERVED
-CVE-2021-36801
- RESERVED
-CVE-2021-36800
- RESERVED
+CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent
(type I ...)
+ TODO: check
+CVE-2021-36804 (Akaunting version 2.1.12 and earlier suffers from a password
reset spo ...)
+ TODO: check
+CVE-2021-36803 (Akaunting version 2.1.12 and earlier suffers from a persistent
(type I ...)
+ TODO: check
+CVE-2021-36802 (Akaunting version 2.1.12 and earlier suffers from a
denial-of-service ...)
+ TODO: check
+CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an
authentication by ...)
+ TODO: check
+CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code
injection iss ...)
+ TODO: check
CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a
salt value ...)
NOT-FOR-US: KNX ETS5
CVE-2021-36798
@@ -8240,6 +8294,7 @@ CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42,
10.0.1-10.0.5 & 11
NOTE:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
NOTE: Fixed by https://github.com/eclipse/jetty.project/pull/6477
CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <=
11.0.2, i ...)
+ {DSA-4949-1}
- jetty9 9.4.39-2 (bug #990578)
[stretch] - jetty9 <not-affected> (vulnerable code is not present)
- jetty8 <removed>
@@ -13664,8 +13719,8 @@ CVE-2021-32078 (An Out-of-Bounds Read was discovered in
arch/arm/mach-footbridge
- linux <unfixed> (unimportant)
NOTE: https://kirtikumarar.com/CVE-2021-32078.txt
NOTE:
https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1)
-CVE-2021-3539
- RESERVED
+CVE-2021-3539 (EspoCRM 6.1.6 and prior suffers from a persistent (type II)
cross-site ...)
+ TODO: check
CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from
commit ...)
- golang-github-satori-go.uuid <not-affected> (Vulnerable code
introduced later and not in any released version)
NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
@@ -14340,12 +14395,12 @@ CVE-2021-3520 (There's a flaw in lz4. An attacker who
submits a crafted file to
- lz4 1.9.3-2 (bug #987856)
NOTE: https://github.com/lz4/lz4/pull/972
NOTE: Fixed by:
https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
-CVE-2021-31869
- RESERVED
+CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a
SQL injec ...)
+ TODO: check
CVE-2021-31868
RESERVED
-CVE-2021-31867
- RESERVED
+CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier
suffers from ...)
+ TODO: check
CVE-2021-3519
RESERVED
CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker
to lear ...)
@@ -23626,7 +23681,7 @@ CVE-2021-28170 (In the Jakarta Expression Language
implementation 3.0.3 and earl
NOTE:
https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
NOTE: Only affects the EL reference implementation which isn't built
into the binary packages
CVE-2021-28169 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <=
11.0.2, i ...)
- {DLA-2688-1}
+ {DSA-4949-1 DLA-2688-1}
- jetty9 9.4.39-2 (bug #989999)
- jetty8 <removed>
- jetty <removed>
@@ -23643,6 +23698,7 @@ CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to
2.0.9, if an authenticated
[stretch] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608
CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and
11.0.0. ...)
+ {DSA-4949-1}
- jetty9 9.4.39-1
[stretch] - jetty9 <ignored> (Minor issue, cpu-spin DoS w/o service
outage, no patch for 9.2 while 9.4 refactoring in core SSL code)
NOTE:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
@@ -44860,8 +44916,8 @@ CVE-2021-20030
RESERVED
CVE-2021-20029
RESERVED
-CVE-2021-20028
- RESERVED
+CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a
SQL Comma ...)
+ TODO: check
CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote
attacker to ...)
NOT-FOR-US: SonicWall
CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an
authent ...)
@@ -56905,6 +56961,7 @@ CVE-2020-27225 (In versions 4.18 and earlier of the
Eclipse Platform, the Help S
CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the
Markdown Prev ...)
NOT-FOR-US: Eclipse Theia
CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114
(inclusive), 10.0 ...)
+ {DSA-4949-1}
- jetty9 9.4.38-1
[stretch] - jetty9 <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128
@@ -56930,7 +56987,7 @@ CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to
9.4.34.v20201102, 10.0.0.a
CVE-2020-27217 (In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol
adapter does ...)
NOT-FOR-US: Eclipse Hono
CVE-2020-27216 (In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930,
10.0.0.alpha1 thr ...)
- {DLA-2661-1}
+ {DSA-4949-1 DLA-2661-1}
- jetty9 9.4.33-1
- jetty8 <removed>
- jetty <removed>
@@ -62754,8 +62811,8 @@ CVE-2020-24831
RESERVED
CVE-2020-24830
RESERVED
-CVE-2020-24829
- RESERVED
+CVE-2020-24829 (An issue was discovered in GPAC v0.8.0, as demonstrated by
MP4Box. It ...)
+ TODO: check
CVE-2020-24828
RESERVED
CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of
Libelfin v ...)
@@ -68007,8 +68064,8 @@ CVE-2020-22354
RESERVED
CVE-2020-22353
RESERVED
-CVE-2020-22352
- RESERVED
+CVE-2020-22352 (The gf_dash_segmenter_probe_input function in GPAC v0.8 allows
attacke ...)
+ TODO: check
CVE-2020-22351
RESERVED
CVE-2020-22350
@@ -152448,7 +152505,7 @@ CVE-2019-10249 (All Xtext & Xtend versions prior
to 2.18.0 were built using
CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build
artifacts fo ...)
NOT-FOR-US: Eclipse Vorto
CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26
and older, ...)
- {DLA-2661-1}
+ {DSA-4949-1 DLA-2661-1}
[experimental] - jetty9 9.4.18-1
- jetty9 9.4.18-2 (bug #928444)
- jetty8 <removed>
@@ -152472,7 +152529,7 @@ CVE-2019-10243 (In Eclipse Kura versions up to 4.0.0,
Kura exposes the underlyin
CVE-2019-10242 (In Eclipse Kura versions up to 4.0.0, the SkinServlet did not
checked ...)
NOT-FOR-US: Eclipse Kura
CVE-2019-10241 (In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older,
and 9.4.1 ...)
- {DLA-2661-1}
+ {DSA-4949-1 DLA-2661-1}
[experimental] - jetty9 9.4.18-1
- jetty9 9.4.18-2 (bug #928444)
- jetty8 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080817a7e79abee8f34f1d70811c79f320a247a9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080817a7e79abee8f34f1d70811c79f320a247a9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
