Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c19f2d2a by security tracker role at 2021-08-10T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2021-38364
+ RESERVED
+CVE-2021-38363
+ RESERVED
+CVE-2021-38362
+ RESERVED
+CVE-2021-38361
+ RESERVED
+CVE-2021-38360
+ RESERVED
+CVE-2021-38359
+ RESERVED
+CVE-2021-38358
+ RESERVED
+CVE-2021-38357
+ RESERVED
+CVE-2021-38356
+ RESERVED
+CVE-2021-38355
+ RESERVED
+CVE-2021-38354
+ RESERVED
+CVE-2021-38353
+ RESERVED
+CVE-2021-38352
+ RESERVED
+CVE-2021-38351
+ RESERVED
+CVE-2021-38350
+ RESERVED
+CVE-2021-38349
+ RESERVED
+CVE-2021-38348
+ RESERVED
+CVE-2021-38347
+ RESERVED
+CVE-2021-38346
+ RESERVED
+CVE-2021-38345
+ RESERVED
+CVE-2021-38344
+ RESERVED
+CVE-2021-38343
+ RESERVED
+CVE-2021-38342
+ RESERVED
+CVE-2021-38341
+ RESERVED
+CVE-2021-38340
+ RESERVED
+CVE-2021-38339
+ RESERVED
+CVE-2021-38338
+ RESERVED
+CVE-2021-38337
+ RESERVED
+CVE-2021-38336
+ RESERVED
+CVE-2021-38335
+ RESERVED
+CVE-2021-38334
+ RESERVED
+CVE-2021-38333
+ RESERVED
+CVE-2021-38332
+ RESERVED
+CVE-2021-38331
+ RESERVED
+CVE-2021-38330
+ RESERVED
+CVE-2021-38329
+ RESERVED
+CVE-2021-38328
+ RESERVED
+CVE-2021-38327
+ RESERVED
+CVE-2021-38326
+ RESERVED
+CVE-2021-38325
+ RESERVED
+CVE-2021-38324
+ RESERVED
+CVE-2021-38323
+ RESERVED
+CVE-2021-38322
+ RESERVED
+CVE-2021-38321
+ RESERVED
+CVE-2021-38320
+ RESERVED
+CVE-2021-38319
+ RESERVED
+CVE-2021-38318
+ RESERVED
+CVE-2021-38317
+ RESERVED
+CVE-2021-38316
+ RESERVED
+CVE-2021-38315
+ RESERVED
+CVE-2021-38314
+ RESERVED
+CVE-2021-38313
+ RESERVED
+CVE-2021-38312
+ RESERVED
+CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops
exist in ...)
+ TODO: check
+CVE-2021-38310
+ RESERVED
+CVE-2021-38309
+ RESERVED
+CVE-2021-38308
+ RESERVED
+CVE-2021-38307
+ RESERVED
+CVE-2021-38306
+ RESERVED
+CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute
arbitra ...)
+ TODO: check
+CVE-2021-38304
+ RESERVED
+CVE-2021-38303
+ RESERVED
+CVE-2021-38302
+ RESERVED
+CVE-2021-38301
+ RESERVED
CVE-2021-38300
RESERVED
CVE-2021-38299
@@ -408,7 +536,7 @@ CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before
16.0.2, 17.x before
[stretch] - keystone <end-of-life> (Keystone not supported in stretch)
NOTE: https://launchpad.net/bugs/1688137
CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a
URI, whic ...)
- {DLA-2736-1}
+ {DSA-4953-1 DLA-2736-1}
[experimental] - lynx 2.9.0dev.9-1
- lynx 2.9.0dev.6-3 (bug #991971)
[bullseye] - lynx 2.9.0dev.6-3~deb11u1
@@ -1305,6 +1433,7 @@ CVE-2021-37746 (textview_uri_security_check in textview.c
in Claws Mail before 3
NOTE:
https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431
CVE-2021-3672 [Missing input validation on hostnames returned by DNS servers]
RESERVED
+ {DSA-4954-1 DLA-2738-1}
- c-ares <unfixed> (bug #992053)
[bullseye] - c-ares 1.17.1-1+deb11u1
NOTE: https://c-ares.haxx.se/adv_20210810.html
@@ -1536,10 +1665,10 @@ CVE-2021-37636
RESERVED
CVE-2021-37635
RESERVED
-CVE-2021-37634
- RESERVED
-CVE-2021-37633
- RESERVED
+CVE-2021-37634 (Leafkit is a templating language with Swift-inspired syntax.
Versions ...)
+ TODO: check
+CVE-2021-37633 (Discourse is an open source discussion platform. In versions
prior to ...)
+ TODO: check
CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of
mods for ...)
NOT-FOR-US: SuperMartijn642's Config Lib (lib for Minecraft)
CVE-2021-37631
@@ -1584,13 +1713,11 @@ CVE-2021-37618 (Exiv2 is a command-line utility and C++
library for reading, wri
NOTE: https://github.com/Exiv2/exiv2/pull/1759
CVE-2021-37617
RESERVED
-CVE-2021-37616 [Null pointer dereference in Exiv2::Internal::resolveLens0x8ff]
- RESERVED
+CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 <unfixed>
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
NOTE: https://github.com/Exiv2/exiv2/pull/1758
-CVE-2021-37615 [Null pointer dereference in Exiv2::Internal::resolveLens0x319]
- RESERVED
+CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 <unfixed>
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
NOTE: https://github.com/Exiv2/exiv2/pull/1758
@@ -4548,10 +4675,10 @@ CVE-2021-36279
RESERVED
CVE-2021-36278
RESERVED
-CVE-2021-36277
- RESERVED
-CVE-2021-36276
- RESERVED
+CVE-2021-36277 (Dell Command Update, Dell Update, and Alienware Update
versions prior ...)
+ TODO: check
+CVE-2021-36276 (Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an
insuffic ...)
+ TODO: check
CVE-2021-36275
RESERVED
CVE-2021-36274
@@ -9040,8 +9167,7 @@ CVE-2021-34337
RESERVED
CVE-2021-34336
RESERVED
-CVE-2021-34335 [Denial of service due to FPE in
Exiv2::Internal::resolveLens0xffff]
- RESERVED
+CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 <unfixed>
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
NOTE: https://github.com/Exiv2/exiv2/pull/1750
@@ -12058,7 +12184,7 @@ CVE-2021-33038 (An issue was discovered in
management/commands/hyperkitty_import
NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
NOTE:
https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/
CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and
8.5.0 to 8.5 ...)
- {DLA-2733-1}
+ {DSA-4952-1 DLA-2733-1}
- tomcat9 9.0.43-2 (bug #991046)
[bullseye] - tomcat9 9.0.43-2~deb11u1
- tomcat8 <removed>
@@ -12603,10 +12729,10 @@ CVE-2021-32800
RESERVED
CVE-2021-32799
RESERVED
-CVE-2021-32798
- RESERVED
-CVE-2021-32797
- RESERVED
+CVE-2021-32798 (The Jupyter notebook is a web-based notebook environment for
interacti ...)
+ TODO: check
+CVE-2021-32797 (JupyterLab is a user interface for Project Jupyter which will
eventual ...)
+ TODO: check
CVE-2021-32796 (xmldom is an open source pure JavaScript W3C standard-based
(XML DOM L ...)
- node-xmldom <unfixed> (bug #991612)
[bullseye] - node-xmldom <ignored> (Minor issue, too intrusive to
backport)
@@ -18040,7 +18166,7 @@ CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to
2.4.46 Unexpected matching
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238
NOTE:
https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1
CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an
attacker ...)
- {DLA-2733-1}
+ {DSA-4952-1 DLA-2733-1}
- tomcat9 9.0.43-2 (bug #991046)
[bullseye] - tomcat9 9.0.43-2~deb11u1
- tomcat8 <removed>
@@ -39757,8 +39883,8 @@ CVE-2021-21598
RESERVED
CVE-2021-21597
RESERVED
-CVE-2021-21596
- RESERVED
+CVE-2021-21596 (Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell
OpenMan ...)
+ TODO: check
CVE-2021-21595
RESERVED
CVE-2021-21594
@@ -39779,10 +39905,10 @@ CVE-2021-21587 (Dell Wyse Management Suite versions
3.2 and earlier contain a fu
NOT-FOR-US: Dell
CVE-2021-21586 (Wyse Management Suite versions 3.2 and earlier contain an
absolute pat ...)
NOT-FOR-US: Dell
-CVE-2021-21585
- RESERVED
-CVE-2021-21584
- RESERVED
+CVE-2021-21585 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an
OS comma ...)
+ TODO: check
+CVE-2021-21584 (Dell OpenManage Enterprise version 3.5 and OpenManage
Enterprise-Modul ...)
+ TODO: check
CVE-2021-21583
RESERVED
CVE-2021-21582
@@ -39821,8 +39947,8 @@ CVE-2021-21566
RESERVED
CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a
denial of ...)
NOT-FOR-US: Dell
-CVE-2021-21564
- RESERVED
+CVE-2021-21564 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an
improper ...)
+ TODO: check
CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an
Improper C ...)
NOT-FOR-US: EMC
CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path
vulnerabil ...)
@@ -63579,10 +63705,10 @@ CVE-2020-24744
RESERVED
CVE-2020-24743
RESERVED
-CVE-2020-24742
- RESERVED
-CVE-2020-24741
- RESERVED
+CVE-2020-24742 (An issue has been fixed in Qt versions 5.14.0 where
QPluginLoader atte ...)
+ TODO: check
+CVE-2020-24741 (An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where
QLibrar ...)
+ TODO: check
CVE-2020-24740 (An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF
vulnerab ...)
NOT-FOR-US: Pluck CMS
CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the
background deleti ...)
@@ -67052,14 +67178,14 @@ CVE-2020-23153
RESERVED
CVE-2020-23152
RESERVED
-CVE-2020-23151
- RESERVED
-CVE-2020-23150
- RESERVED
-CVE-2020-23149
- RESERVED
-CVE-2020-23148
- RESERVED
+CVE-2020-23151 (rConfig 3.9.5 allows command injection by sending a crafted
GET reques ...)
+ TODO: check
+CVE-2020-23150 (A SQL injection vulnerability in config.inc.php of rConfig
3.9.5 allow ...)
+ TODO: check
+CVE-2020-23149 (The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is
unsaniti ...)
+ TODO: check
+CVE-2020-23148 (The userLogin parameter in ldap/login.php of rConfig 3.9.5 is
unsaniti ...)
+ TODO: check
CVE-2020-23147
RESERVED
CVE-2020-23146
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c19f2d2a8a37adef5411227d15cf4b0c439e64c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c19f2d2a8a37adef5411227d15cf4b0c439e64c3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
