[Git][security-tracker-team/security-tracker][master] automatic update

Thu, 05 Aug 2021 13:10:41 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e9e3725b by security tracker role at 2021-08-05T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-38145
+       RESERVED
+CVE-2021-38144
+       RESERVED
+CVE-2021-38143
+       RESERVED
+CVE-2021-38142
+       RESERVED
+CVE-2021-38141
+       RESERVED
+CVE-2021-38140
+       RESERVED
+CVE-2021-38139
+       RESERVED
+CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: 
the vend ...)
+       TODO: check
+CVE-2021-38137
+       RESERVED
+CVE-2021-38136
+       RESERVED
+CVE-2021-3688
+       RESERVED
 CVE-2021-38135
        RESERVED
 CVE-2021-38134
@@ -92,8 +114,8 @@ CVE-2021-38097
        RESERVED
 CVE-2021-38096
        RESERVED
-CVE-2021-38095
-       RESERVED
+CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote 
unauthenticated at ...)
+       TODO: check
 CVE-2021-38094
        RESERVED
 CVE-2021-38093
@@ -1083,8 +1105,8 @@ CVE-2021-37627
        RESERVED
 CVE-2021-37626
        RESERVED
-CVE-2021-37625
-       RESERVED
+CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior 
to 0.6.4  ...)
+       TODO: check
 CVE-2021-37624
        RESERVED
 CVE-2021-37623
@@ -1127,10 +1149,10 @@ CVE-2021-3669 [reading /proc/sysvipc/shm does not scale 
with large shared memory
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473
 CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery 
by an a ...)
        NOT-FOR-US: Meow hash
-CVE-2021-37605
-       RESERVED
-CVE-2021-37604
-       RESERVED
+CVE-2021-37605 (In the Microchip MiWi v6.5 software stack, there is a 
possibility of f ...)
+       TODO: check
+CVE-2021-37604 (In the Microchip MiWi v6.5 software stack, there is a 
possibility of f ...)
+       TODO: check
 CVE-2021-37603
        RESERVED
 CVE-2021-37602
@@ -11537,6 +11559,7 @@ CVE-2021-33038 (An issue was discovered in 
management/commands/hyperkitty_import
        NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
        NOTE: 
https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/
 CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 
8.5.0 to 8.5 ...)
+       {DLA-2733-1}
        - tomcat9 <unfixed> (bug #991046)
        - tomcat8 <removed>
        NOTE: 
https://github.com/apache/tomcat/commit/45d70a86a901cbd534f8f570bed2aec9f7f7b88e
 (9.0.47)
@@ -12583,8 +12606,8 @@ CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows 
remote attackers to execute ar
        NOT-FOR-US: zzzcms
 CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 
mishandles ...)
        NOT-FOR-US: SolarWinds
-CVE-2021-32603
-       RESERVED
+CVE-2021-32603 (A server-side request forgery (SSRF) (CWE-918) vulnerability 
in FortiM ...)
+       TODO: check
 CVE-2021-32602
        RESERVED
 CVE-2021-32601
@@ -12593,8 +12616,8 @@ CVE-2021-32600
        RESERVED
 CVE-2021-32599
        RESERVED
-CVE-2021-32598
-       RESERVED
+CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers 
('HTTP Re ...)
+       TODO: check
 CVE-2021-32597
        RESERVED
 CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in 
the pas ...)
@@ -12629,16 +12652,16 @@ CVE-2021-32582 (An issue was discovered in 
ConnectWise Automate before 2021.5. A
        NOT-FOR-US: ConnectWise Automate
 CVE-2021-32581
        RESERVED
-CVE-2021-32580
-       RESERVED
-CVE-2021-32579
-       RESERVED
+CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed 
local pr ...)
+       TODO: check
+CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and 
Acronis True ...)
+       TODO: check
 CVE-2021-32578
        RESERVED
 CVE-2021-32577
        RESERVED
-CVE-2021-32576
-       RESERVED
+CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed 
local pr ...)
+       TODO: check
 CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in 
net/can/i ...)
        - linux <not-affected> (Vulnerable code introduced later)
        NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16
@@ -17510,6 +17533,7 @@ CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 
2.4.46 Unexpected matching
        NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238
        NOTE: 
https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1
 CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an 
attacker  ...)
+       {DLA-2733-1}
        - tomcat9 <unfixed> (bug #991046)
        - tomcat8 <removed>
        NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65224
@@ -67329,8 +67353,8 @@ CVE-2020-22734
        RESERVED
 CVE-2020-22733
        RESERVED
-CVE-2020-22732
-       RESERVED
+CVE-2020-22732 (CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the 
Extensions &g ...)
+       TODO: check
 CVE-2020-22731
        RESERVED
 CVE-2020-22730



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9e3725b049d31c94b3aa8773d845a1ca34558ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9e3725b049d31c94b3aa8773d845a1ca34558ff
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to