Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
92a065de by security tracker role at 2021-08-27T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,16 @@
-CVE-2021-40153 [Unsquashfs: fix write outside destination directory exploit ]
+CVE-2021-40154
+ RESERVED
+CVE-2021-40152
+ RESERVED
+CVE-2021-40151
+ RESERVED
+CVE-2021-3746
+ RESERVED
+CVE-2021-3745
+ RESERVED
+CVE-2021-3744
+ RESERVED
+CVE-2021-40153 (squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores
the file ...)
[experimental] - squashfs-tools 1:4.5-1
- squashfs-tools <unfixed>
NOTE:
https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
@@ -2138,8 +2150,8 @@ CVE-2021-39171
RESERVED
CVE-2021-39170
RESERVED
-CVE-2021-39169
- RESERVED
+CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions
of Miss ...)
+ TODO: check
CVE-2021-39168 (OpenZepplin is a library for smart contract development. In
affected v ...)
TODO: check
CVE-2021-39167 (OpenZepplin is a library for smart contract development. In
affected v ...)
@@ -3011,7 +3023,7 @@ CVE-2021-38760
RESERVED
CVE-2021-38759
RESERVED
-CVE-2021-38758 (Directory traversal in Online Catering Reservation System due
to lack ...)
+CVE-2021-38758 (Directory traversal vulnerability in Online Catering
Reservation Syste ...)
NOT-FOR-US: Directory traversal in Online Catering Reservation System
CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management
System ta ...)
NOT-FOR-US: Hospital Management System
@@ -8088,10 +8100,10 @@ CVE-2021-36533
RESERVED
CVE-2021-36532
RESERVED
-CVE-2021-36531
- RESERVED
-CVE-2021-36530
- RESERVED
+CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70
in NGIFLI ...)
+ TODO: check
+CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at
ngiflib.c:108 in NG ...)
+ TODO: check
CVE-2021-36529
RESERVED
CVE-2021-36528
@@ -10853,8 +10865,8 @@ CVE-2021-35344
RESERVED
CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the
/op/op.Ajax.php ...)
NOT-FOR-US: SeedDMS
-CVE-2021-35342
- RESERVED
+CVE-2021-35342 (The useradm service 1.14.0 (in Northern.tech Mender Enterprise
2.7.x b ...)
+ TODO: check
CVE-2021-35341
RESERVED
CVE-2021-35340
@@ -16836,7 +16848,7 @@ CVE-2021-32763 (OpenProject is open-source, web-based
project management softwar
CVE-2021-32762
RESERVED
CVE-2021-32761 (Redis is an in-memory database that persists on disk. A
vulnerability ...)
- {DLA-2717-1}
+ {DLA-2717-2 DLA-2717-1}
- redis 5:6.0.15-1 (bug #991375)
[buster] - redis <no-dsa> (Minor issue)
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj
@@ -16845,8 +16857,8 @@ CVE-2021-32760 (containerd is a container runtime. A
bug was found in containerd
NOTE:
https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
CVE-2021-32759
RESERVED
-CVE-2021-32758
- RESERVED
+CVE-2021-32758 (OpenMage Magento LTS is an alternative to the Magento CE
official rele ...)
+ TODO: check
CVE-2021-32757
RESERVED
CVE-2021-32756 (ManageIQ is an open-source management platform. In versions
prior to j ...)
@@ -24639,8 +24651,8 @@ CVE-2021-29746
RESERVED
CVE-2021-29745
RESERVED
-CVE-2021-29744
- RESERVED
+CVE-2021-29744 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to
cross-sit ...)
+ TODO: check
CVE-2021-29743
RESERVED
CVE-2021-29742 (IBM Security Verify Access Docker 10.0.0 could allow a user to
imperso ...)
@@ -27210,39 +27222,32 @@ CVE-2021-28702
RESERVED
CVE-2021-28701
RESERVED
-CVE-2021-28700 [xen/arm: No memory limit for dom0less domUs]
- RESERVED
+CVE-2021-28700 (xen/arm: No memory limit for dom0less domUs The dom0less
feature allow ...)
- xen <unfixed>
[buster] - xen <not-affected> (Only affects 4.12 and later)
[stretch] - xen <not-affected> (Only affects 4.12 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-383.html
-CVE-2021-28699 [inadequate grant-v2 status frames array bounds check]
- RESERVED
+CVE-2021-28699 (inadequate grant-v2 status frames array bounds check The v2
grant tabl ...)
- xen <unfixed>
[stretch] - xen <not-affected> (Only affects 4.10 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-382.html
-CVE-2021-28698 [long running loops in grant table handling]
- RESERVED
+CVE-2021-28698 (long running loops in grant table handling In order to
properly monito ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-380.html
-CVE-2021-28697 [grant table v2 status pages may remain accessible after
de-allocation]
- RESERVED
+CVE-2021-28697 (grant table v2 status pages may remain accessible after
de-allocation ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-379.html
-CVE-2021-28696
- RESERVED
+CVE-2021-28696 (IOMMU page mapping issues on x86 T[his CNA information record
relates ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-378.html
-CVE-2021-28695
- RESERVED
+CVE-2021-28695 (IOMMU page mapping issues on x86 T[his CNA information record
relates ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-378.html
-CVE-2021-28694
- RESERVED
+CVE-2021-28694 (IOMMU page mapping issues on x86 T[his CNA information record
relates ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-378.html
@@ -28310,8 +28315,8 @@ CVE-2021-28235
RESERVED
CVE-2021-28234
RESERVED
-CVE-2021-28233
- RESERVED
+CVE-2021-28233 (Heap-based Buffer Overflow vulnerability exists in
ok-file-formats 1 v ...)
+ TODO: check
CVE-2021-28232
RESERVED
CVE-2021-28231
@@ -34204,8 +34209,8 @@ CVE-2021-3266
RESERVED
CVE-2021-3265
RESERVED
-CVE-2021-3264
- RESERVED
+CVE-2021-3264 (SQL Injection vulnerability in cxuucms 3.1 ivia the pid
parameter in p ...)
+ TODO: check
CVE-2021-3263
RESERVED
CVE-2021-3262
@@ -39857,8 +39862,8 @@ CVE-2021-23436
RESERVED
CVE-2021-23435
RESERVED
-CVE-2021-23434
- RESERVED
+CVE-2021-23434 (This affects the package object-path before 0.11.6. A type
confusion v ...)
+ TODO: check
CVE-2021-23433
RESERVED
CVE-2021-23432 (This affects all versions of package mootools. This is due to
the abil ...)
@@ -71282,8 +71287,8 @@ CVE-2020-23228
RESERVED
CVE-2020-23227
RESERVED
-CVE-2020-23226
- RESERVED
+CVE-2020-23226 (Multiple Cross Site Scripting (XSS) vulneratiblities exist in
Cacti 1. ...)
+ TODO: check
CVE-2020-23225
RESERVED
CVE-2020-23224
@@ -79996,16 +80001,16 @@ CVE-2020-19004
RESERVED
CVE-2020-19003
RESERVED
-CVE-2020-19002
- RESERVED
-CVE-2020-19001
- RESERVED
-CVE-2020-19000
- RESERVED
-CVE-2020-18999
- RESERVED
-CVE-2020-18998
- RESERVED
+CVE-2020-19002 (Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote
attackers ...)
+ TODO: check
+CVE-2020-19001 (Command Injection in Simiki v1.6.2.1 and prior allows remote
attackers ...)
+ TODO: check
+CVE-2020-19000 (Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows
remote ...)
+ TODO: check
+CVE-2020-18999 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote
attackers t ...)
+ TODO: check
+CVE-2020-18998 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote
attackers t ...)
+ TODO: check
CVE-2020-18997
RESERVED
CVE-2020-18996
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92a065de80a317d2105e39fcaae9c14b1cf2db5f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92a065de80a317d2105e39fcaae9c14b1cf2db5f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
