Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
664bc9aa by security tracker role at 2021-08-30T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,299 @@
+CVE-2021-40319
+ RESERVED
+CVE-2021-40318
+ RESERVED
+CVE-2021-40317
+ RESERVED
+CVE-2021-40316
+ RESERVED
+CVE-2021-40315
+ RESERVED
+CVE-2021-40314
+ RESERVED
+CVE-2021-40313
+ RESERVED
+CVE-2021-40312
+ RESERVED
+CVE-2021-40311
+ RESERVED
+CVE-2021-40310
+ RESERVED
+CVE-2021-40309
+ RESERVED
+CVE-2021-40308
+ RESERVED
+CVE-2021-40307
+ RESERVED
+CVE-2021-40306
+ RESERVED
+CVE-2021-40305
+ RESERVED
+CVE-2021-40304
+ RESERVED
+CVE-2021-40303
+ RESERVED
+CVE-2021-40302
+ RESERVED
+CVE-2021-40301
+ RESERVED
+CVE-2021-40300
+ RESERVED
+CVE-2021-40299
+ RESERVED
+CVE-2021-40298
+ RESERVED
+CVE-2021-40297
+ RESERVED
+CVE-2021-40296
+ RESERVED
+CVE-2021-40295
+ RESERVED
+CVE-2021-40294
+ RESERVED
+CVE-2021-40293
+ RESERVED
+CVE-2021-40292
+ RESERVED
+CVE-2021-40291
+ RESERVED
+CVE-2021-40290
+ RESERVED
+CVE-2021-40289
+ RESERVED
+CVE-2021-40288
+ RESERVED
+CVE-2021-40287
+ RESERVED
+CVE-2021-40286
+ RESERVED
+CVE-2021-40285
+ RESERVED
+CVE-2021-40284
+ RESERVED
+CVE-2021-40283
+ RESERVED
+CVE-2021-40282
+ RESERVED
+CVE-2021-40281
+ RESERVED
+CVE-2021-40280
+ RESERVED
+CVE-2021-40279
+ RESERVED
+CVE-2021-40278
+ RESERVED
+CVE-2021-40277
+ RESERVED
+CVE-2021-40276
+ RESERVED
+CVE-2021-40275
+ RESERVED
+CVE-2021-40274
+ RESERVED
+CVE-2021-40273
+ RESERVED
+CVE-2021-40272
+ RESERVED
+CVE-2021-40271
+ RESERVED
+CVE-2021-40270
+ RESERVED
+CVE-2021-40269
+ RESERVED
+CVE-2021-40268
+ RESERVED
+CVE-2021-40267
+ RESERVED
+CVE-2021-40266
+ RESERVED
+CVE-2021-40265
+ RESERVED
+CVE-2021-40264
+ RESERVED
+CVE-2021-40263
+ RESERVED
+CVE-2021-40262
+ RESERVED
+CVE-2021-40261
+ RESERVED
+CVE-2021-40260
+ RESERVED
+CVE-2021-40259
+ RESERVED
+CVE-2021-40258
+ RESERVED
+CVE-2021-40257
+ RESERVED
+CVE-2021-40256
+ RESERVED
+CVE-2021-40255
+ RESERVED
+CVE-2021-40254
+ RESERVED
+CVE-2021-40253
+ RESERVED
+CVE-2021-40252
+ RESERVED
+CVE-2021-40251
+ RESERVED
+CVE-2021-40250
+ RESERVED
+CVE-2021-40249
+ RESERVED
+CVE-2021-40248
+ RESERVED
+CVE-2021-40247
+ RESERVED
+CVE-2021-40246
+ RESERVED
+CVE-2021-40245
+ RESERVED
+CVE-2021-40244
+ RESERVED
+CVE-2021-40243
+ RESERVED
+CVE-2021-40242
+ RESERVED
+CVE-2021-40241
+ RESERVED
+CVE-2021-40240
+ RESERVED
+CVE-2021-40239
+ RESERVED
+CVE-2021-40238
+ RESERVED
+CVE-2021-40237
+ RESERVED
+CVE-2021-40236
+ RESERVED
+CVE-2021-40235
+ RESERVED
+CVE-2021-40234
+ RESERVED
+CVE-2021-40233
+ RESERVED
+CVE-2021-40232
+ RESERVED
+CVE-2021-40231
+ RESERVED
+CVE-2021-40230
+ RESERVED
+CVE-2021-40229
+ RESERVED
+CVE-2021-40228
+ RESERVED
+CVE-2021-40227
+ RESERVED
+CVE-2021-40226
+ RESERVED
+CVE-2021-40225
+ RESERVED
+CVE-2021-40224
+ RESERVED
+CVE-2021-40223
+ RESERVED
+CVE-2021-40222
+ RESERVED
+CVE-2021-40221
+ RESERVED
+CVE-2021-40220
+ RESERVED
+CVE-2021-40219
+ RESERVED
+CVE-2021-40218
+ RESERVED
+CVE-2021-40217
+ RESERVED
+CVE-2021-40216
+ RESERVED
+CVE-2021-40215
+ RESERVED
+CVE-2021-40214
+ RESERVED
+CVE-2021-40213
+ RESERVED
+CVE-2021-40212
+ RESERVED
+CVE-2021-40211
+ RESERVED
+CVE-2021-40210
+ RESERVED
+CVE-2021-40209
+ RESERVED
+CVE-2021-40208
+ RESERVED
+CVE-2021-40207
+ RESERVED
+CVE-2021-40206
+ RESERVED
+CVE-2021-40205
+ RESERVED
+CVE-2021-40204
+ RESERVED
+CVE-2021-40203
+ RESERVED
+CVE-2021-40202
+ RESERVED
+CVE-2021-40201
+ RESERVED
+CVE-2021-40200
+ RESERVED
+CVE-2021-40199
+ RESERVED
+CVE-2021-40198
+ RESERVED
+CVE-2021-40197
+ RESERVED
+CVE-2021-40196
+ RESERVED
+CVE-2021-40195
+ RESERVED
+CVE-2021-40194
+ RESERVED
+CVE-2021-40193
+ RESERVED
+CVE-2021-40192
+ RESERVED
+CVE-2021-40191
+ RESERVED
+CVE-2021-40190
+ RESERVED
+CVE-2021-40189
+ RESERVED
+CVE-2021-40188
+ RESERVED
+CVE-2021-40187
+ RESERVED
+CVE-2021-40186
+ RESERVED
+CVE-2021-40185
+ RESERVED
+CVE-2021-40184
+ RESERVED
+CVE-2021-40183
+ RESERVED
+CVE-2021-40182
+ RESERVED
+CVE-2021-40181
+ RESERVED
+CVE-2021-40180
+ RESERVED
+CVE-2021-40179
+ RESERVED
+CVE-2021-40178 (Zoho ManageEngine Log360 before Build 5224 allows stored XSS
via the L ...)
+ TODO: check
+CVE-2021-40177 (Zoho ManageEngine Log360 before Build 5225 allows remote code
executio ...)
+ TODO: check
+CVE-2021-40176 (Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
...)
+ TODO: check
+CVE-2021-40175 (Zoho ManageEngine Log360 before Build 5219 allows unrestricted
file up ...)
+ TODO: check
+CVE-2021-40174 (Zoho ManageEngine Log360 before Build 5224 allows a CSRF
attack for di ...)
+ TODO: check
+CVE-2021-40173 (Zoho ManageEngine Cloud Security Plus before Build 4117 allows
a CSRF ...)
+ TODO: check
+CVE-2021-40172 (Zoho ManageEngine Log360 before Build 5219 allows a CSRF
attack on pro ...)
+ TODO: check
CVE-2021-40171
RESERVED
CVE-2021-40170
@@ -1947,15 +2243,14 @@ CVE-2021-39274 (In XeroSecurity Sn1per 9.0 (free
version), insecure directory pe
NOT-FOR-US: XeroSecurity Sn1per
CVE-2021-39273 (In XeroSecurity Sn1per 9.0 (free version), insecure
permissions (0777) ...)
NOT-FOR-US: XeroSecurity Sn1per
-CVE-2021-39272 [TLS bypass vulnerabilities ("NO STARTTLS")]
- RESERVED
+CVE-2021-39272 (Fetchmail before 6.4.22 fails to enforce STARTTLS session
encryption i ...)
- fetchmail <unfixed> (bug #993163)
[bullseye] - fetchmail <no-dsa> (Minor issue; safe recommendations
exists, implicit TLS, "ssl" mode exist)
[buster] - fetchmail <no-dsa> (Minor issue; safe recommendations
exists, implicit TLS, "ssl" mode exist)
[stretch] - fetchmail <no-dsa> (Minor issue; safe recommendations
exists, implicit TLS, "ssl" mode exist)
NOTE: https://www.fetchmail.info/fetchmail-SA-2021-02.txt
-CVE-2021-39271
- RESERVED
+CVE-2021-39271 (OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote
code ex ...)
+ TODO: check
CVE-2021-39270 (In Ping Identity RSA SecurID Integration Kit before 3.2, user
imperson ...)
NOT-FOR-US: Ping Identity RSA SecurID Integration Kit
CVE-2021-39269
@@ -2326,20 +2621,20 @@ CVE-2021-39119
RESERVED
CVE-2021-39118
RESERVED
-CVE-2021-39117
- RESERVED
+CVE-2021-39117 (The AssociateFieldToScreens page in Atlassian Jira Server and
Data Cen ...)
+ TODO: check
CVE-2021-39116
RESERVED
CVE-2021-39115
RESERVED
CVE-2021-39114
RESERVED
-CVE-2021-39113
- RESERVED
+CVE-2021-39113 (Affected versions of Atlassian Jira Server and Data Center
allow anony ...)
+ TODO: check
CVE-2021-39112 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
NOT-FOR-US: Atlassian
-CVE-2021-39111
- RESERVED
+CVE-2021-39111 (The Editor plugin in Atlassian Jira Server and Data Center
before vers ...)
+ TODO: check
CVE-2021-39110
RESERVED
CVE-2021-39109
@@ -3877,8 +4172,7 @@ CVE-2021-38387 (In Contiki 3.0, a Telnet server that
silently quits (before disc
NOT-FOR-US: Contiki
CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows
remote ...)
NOT-FOR-US: Contiki
-CVE-2021-38385
- RESERVED
+CVE-2021-38385 (Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the
relationship ...)
{DSA-4961-1}
- tor 0.4.5.10-1
[stretch] - tor <end-of-life> (See DSA 4644)
@@ -5403,8 +5697,8 @@ CVE-2021-37751
CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5)
before ...)
- krb5 1.18.3-7 (bug #992607)
NOTE:
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
-CVE-2021-37749
- RESERVED
+CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2
(aka 16 ...)
+ TODO: check
CVE-2021-37748
RESERVED
CVE-2021-37747
@@ -8510,8 +8804,8 @@ CVE-2021-36361
RESERVED
CVE-2021-36360
RESERVED
-CVE-2021-36359
- RESERVED
+CVE-2021-36359 (OrbiTeam BSCW Classic before 7.4.3 allows exportpdf
authenticated remo ...)
+ TODO: check
CVE-2021-36358
RESERVED
CVE-2021-36357
@@ -20721,7 +21015,7 @@ CVE-2021-31294
CVE-2021-31293
RESERVED
CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3
allows att ...)
- {DSA-4958-1}
+ {DSA-4958-1 DLA-2750-1}
- exiv2 <unfixed> (bug #991706)
[bullseye] - exiv2 0.27.3-3+deb11u1
NOTE: https://github.com/Exiv2/exiv2/issues/1530
@@ -24278,7 +24572,7 @@ CVE-2021-30002 (An issue was discovered in the Linux
kernel before 5.11.3 when a
[buster] - linux 4.19.181-1
NOTE:
https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including
0.27.4-RC1. ...)
- {DSA-4958-1}
+ {DSA-4958-1 DLA-2750-1}
- exiv2 <unfixed> (bug #986888)
[bullseye] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/1522
@@ -25408,7 +25702,7 @@ CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is
an open-source collaborat
CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source
collaborative ma ...)
NOT-FOR-US: HedgeDoc
CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read,
write, dele ...)
- {DSA-4958-1}
+ {DSA-4958-1 DLA-2750-1}
- exiv2 <unfixed> (bug #987736)
[bullseye] - exiv2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
@@ -25490,7 +25784,7 @@ CVE-2021-29458 (Exiv2 is a command-line utility and C++
library for reading, wri
NOTE:
https://github.com/Exiv2/exiv2/commit/fadb68718eb1bff3bd3222bd26ff3328f5306730
NOTE:
https://github.com/Exiv2/exiv2/commit/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d
CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- {DSA-4958-1}
+ {DSA-4958-1 DLA-2750-1}
- exiv2 <unfixed> (bug #991705)
[bullseye] - exiv2 0.27.3-3+deb11u1
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
@@ -33740,8 +34034,8 @@ CVE-2021-26086 (Affected versions of Atlassian Jira
Server and Data Center allow
NOT-FOR-US: Atlassian
CVE-2021-26085 (Affected versions of Atlassian Confluence Server allow remote
attacker ...)
NOT-FOR-US: Atlassian Confluence
-CVE-2021-26084
- RESERVED
+CVE-2021-26084 (In affected versions of Confluence Server and Data Center, an
OGNL inj ...)
+ TODO: check
CVE-2021-26083 (Export HTML Report in Atlassian Jira Server and Jira Data
Center befor ...)
NOT-FOR-US: Atlassian
CVE-2021-26082 (The XML Export in Atlassian Jira Server and Jira Data Center
before ve ...)
@@ -109290,7 +109584,7 @@ CVE-2019-20422 (In the Linux kernel before 5.3.4,
fib6_rule_lookup in net/ipv6/i
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7b09c2d052db4b4ad0b27b97918b46a7746966fa
CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2,
an input ...)
- {DSA-4958-1}
+ {DSA-4958-1 DLA-2750-1}
- exiv2 0.27.2-8 (low; bug #950183)
[jessie] - exiv2 <ignored> (Minor issue)
NOTE:
https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/664bc9aa795a4ad9308561354b818ccc3aa0eeb5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/664bc9aa795a4ad9308561354b818ccc3aa0eeb5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
