Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0064530f by security tracker role at 2021-08-31T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-40331
+ RESERVED
+CVE-2021-3756
+ RESERVED
+CVE-2021-3755
+ RESERVED
+CVE-2021-3754
+ RESERVED
+CVE-2021-3753
+ RESERVED
+CVE-2021-3752
+ RESERVED
CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a
repository ...)
- git 1:2.30.1-1
NOTE:
https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473
@@ -25,8 +37,8 @@ CVE-2021-40320
RESERVED
CVE-2021-3750
RESERVED
-CVE-2021-3749
- RESERVED
+CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression
Complexity ...)
+ TODO: check
CVE-2021-3748 [virtio-net: heap use-after-free in virtio_net_receive_rcu]
RESERVED
- qemu <unfixed> (bug #993401)
@@ -376,6 +388,7 @@ CVE-2021-3745
CVE-2021-3744
RESERVED
CVE-2021-40153 (squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores
the file ...)
+ {DLA-2752-1}
[experimental] - squashfs-tools 1:4.5-1
- squashfs-tools 1:4.5-2
NOTE:
https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
@@ -553,8 +566,7 @@ CVE-2021-40087 (An issue was discovered in PrimeKey EJBCA
before 7.6.0. When aud
NOT-FOR-US: PrimeKey
CVE-2021-40086 (An issue was discovered in PrimeKey EJBCA before 7.6.0. As
part of the ...)
NOT-FOR-US: PrimeKey
-CVE-2021-40085 [Arbitrary dnsmasq reconfiguration via extra_dhcp_opts]
- RESERVED
+CVE-2021-40085 (An issue was discovered in OpenStack Neutron before 16.4.1,
17.x befor ...)
- neutron <unfixed> (bug #993398)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/31/2
NOTE: https://launchpad.net/bugs/1939733
@@ -2147,8 +2159,8 @@ CVE-2021-39318
RESERVED
CVE-2021-39317
RESERVED
-CVE-2021-39316
- RESERVED
+CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows
arbitrary files, ...)
+ TODO: check
CVE-2021-39315
RESERVED
CVE-2021-39314
@@ -2529,16 +2541,16 @@ CVE-2021-39182
RESERVED
CVE-2021-39181
RESERVED
-CVE-2021-39180
- RESERVED
+CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A
path trave ...)
+ TODO: check
CVE-2021-39179
RESERVED
CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between
10.0.0 and 1 ...)
NOT-FOR-US: next.js
CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and
Minecraft: J ...)
NOT-FOR-US: geyser
-CVE-2021-39176
- RESERVED
+CVE-2021-39176 (detect-character-encoding is a package for detecting character
encodin ...)
+ TODO: check
CVE-2021-39175 (HedgeDoc is a platform to write and share markdown. In
versions prior ...)
NOT-FOR-US: hedgedoc
CVE-2021-39174 (Cachet is an open source status page system. Prior to version
2.5.1, a ...)
@@ -2561,10 +2573,10 @@ CVE-2021-39166
RESERVED
CVE-2021-39165 (Cachet is an open source status page. With Cachet prior to and
includi ...)
- cachet <itp> (bug #851177)
-CVE-2021-39164
- RESERVED
-CVE-2021-39163
- RESERVED
+CVE-2021-39164 (Matrix is an ecosystem for open federated Instant Messaging
and Voice ...)
+ TODO: check
+CVE-2021-39163 (Matrix is an ecosystem for open federated Instant Messaging
and Voice ...)
+ TODO: check
CVE-2021-39162
RESERVED
CVE-2021-39161 (Discourse is an open source platform for community discussion.
In affe ...)
@@ -2647,12 +2659,11 @@ CVE-2021-39137 (go-ethereum is the official Go
implementation of the Ethereum pr
NOT-FOR-US: go-ethereum
CVE-2021-39136 (baserCMS is an open source content management system with a
focus on J ...)
NOT-FOR-US: baserCMS
-CVE-2021-39135
- RESERVED
+CVE-2021-39135 (`@npmcli/arborist`, the library that calculates dependency
trees and m ...)
- npm <unfixed> (bug #993405)
NOTE:
https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
-CVE-2021-39134
- RESERVED
+CVE-2021-39134 (`@npmcli/arborist`, the library that calculates dependency
trees and m ...)
+ TODO: check
CVE-2021-39133 (Rundeck is an open source automation service with a web
console, comma ...)
NOT-FOR-US: Rundeck
CVE-2021-39132 (### Impact An authorized user can upload a zip-format plugin
with a cr ...)
@@ -5670,8 +5681,8 @@ CVE-2021-37796
RESERVED
CVE-2021-37795
RESERVED
-CVE-2021-37794
- RESERVED
+CVE-2021-37794 (A stored cross-site scripting (XSS) vulnerability exists in
FileBrowse ...)
+ TODO: check
CVE-2021-37793
RESERVED
CVE-2021-37792
@@ -5854,10 +5865,10 @@ CVE-2021-3670
CVE-2021-37714 (jsoup is a Java library for working with HTML. Those using
jsoup versi ...)
- jsoup <unfixed> (bug #992590)
NOTE:
https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c
-CVE-2021-37713
- RESERVED
-CVE-2021-37712
- RESERVED
+CVE-2021-37713 (The npm package "tar" (aka node-tar) before versions 4.4.18,
5.0.10, a ...)
+ TODO: check
+CVE-2021-37712 (The npm package "tar" (aka node-tar) before versions 4.4.18,
5.0.10, a ...)
+ TODO: check
CVE-2021-37711 (Versions prior to 6.4.3.1 contain an authenticated server-side
request ...)
NOT-FOR-US: Shopware
CVE-2021-37710 (Shopware is an open source eCommerce platform. Versions prior
to 6.4.3 ...)
@@ -5878,8 +5889,7 @@ CVE-2021-37703 (Discourse is an open-source platform for
community discussion. I
NOT-FOR-US: Discourse
CVE-2021-37702 (Pimcore is an open source data & experience management
platform. P ...)
NOT-FOR-US: Pimcore
-CVE-2021-37701 [Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning using symbolic links]
- RESERVED
+CVE-2021-37701 (The npm package "tar" (aka node-tar) before versions 4.4.16,
5.0.8, an ...)
- node-tar 6.1.7+~cs11.3.10-1
NOTE:
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown
objects. ...)
@@ -9143,14 +9153,14 @@ CVE-2021-3638 [ati-vga: inconsistent check in
ati_2d_blt() may lead to out-of-bo
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1979858
CVE-2021-36235
RESERVED
-CVE-2021-36234
- RESERVED
-CVE-2021-36233
- RESERVED
-CVE-2021-36232
- RESERVED
-CVE-2021-36231
- RESERVED
+CVE-2021-36234 (Use of a hard-coded cryptographic key in MIK.starlight
7.9.5.24363 all ...)
+ TODO: check
+CVE-2021-36233 (The function AdminGetFirstFileContentByFilePath in
MIK.starlight 7.9.5 ...)
+ TODO: check
+CVE-2021-36232 (Improper Authorization in multiple functions in MIK.starlight
7.9.5.24 ...)
+ TODO: check
+CVE-2021-36231 (Deserialization of untrusted data in multiple functions in
MIK.starlig ...)
+ TODO: check
CVE-2021-36230 (HashiCorp Terraform Enterprise releases up to v202106-1 did
not proper ...)
NOT-FOR-US: Terraform Enterprise
CVE-2021-36229
@@ -9334,8 +9344,8 @@ CVE-2021-3636 (It was found in OpenShift, before version
4.8, that the generated
CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation
in versi ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1976946
-CVE-2021-3634 [Possible heap-buffer overflow when rekeying]
- RESERVED
+CVE-2021-3634 (A flaw has been found in libssh in versions prior to 0.9.6. The
SSH pr ...)
+ {DSA-4965-1}
- libssh 0.9.6-1 (bug #993046)
[buster] - libssh <not-affected> (Vulnerable code not present)
[stretch] - libssh <not-affected> (Vulnerable code not present)
@@ -11491,10 +11501,10 @@ CVE-2021-35242
RESERVED
CVE-2021-35241
RESERVED
-CVE-2021-35240
- RESERVED
-CVE-2021-35239
- RESERVED
+CVE-2021-35240 (A security researcher stored XSS via a Help Server setting.
This affec ...)
+ TODO: check
+CVE-2021-35239 (A security researcher found a user with Orion map manage
rights could ...)
+ TODO: check
CVE-2021-35238
RESERVED
CVE-2021-35237
@@ -11525,16 +11535,16 @@ CVE-2021-35225
RESERVED
CVE-2021-35224
RESERVED
-CVE-2021-35223
- RESERVED
-CVE-2021-35222
- RESERVED
-CVE-2021-35221
- RESERVED
-CVE-2021-35220
- RESERVED
-CVE-2021-35219
- RESERVED
+CVE-2021-35223 (The Serv-U File Server allows for events such as user login
failures t ...)
+ TODO: check
+CVE-2021-35222 (This vulnerability allows attackers to impersonate users and
perform a ...)
+ TODO: check
+CVE-2021-35221 (Improper Access Control Tampering Vulnerability using
ImportAlert func ...)
+ TODO: check
+CVE-2021-35220 (Command Injection vulnerability in EmailWebPage API which can
lead to ...)
+ TODO: check
+CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure
Vulnerabilit ...)
+ TODO: check
CVE-2021-35218
RESERVED
CVE-2021-35217
@@ -11545,10 +11555,10 @@ CVE-2021-35215
RESERVED
CVE-2021-35214
RESERVED
-CVE-2021-35213
- RESERVED
-CVE-2021-35212
- RESERVED
+CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability
was disc ...)
+ TODO: check
+CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was
discovered in ...)
+ TODO: check
CVE-2021-35211 (Microsoft discovered a remote code execution (RCE)
vulnerability in th ...)
NOT-FOR-US: SolarWinds
CVE-2020-36394 (pam_setquota.c in the pam_setquota module before 2020-05-29
for Linux- ...)
@@ -12956,14 +12966,14 @@ CVE-2021-34583
RESERVED
CVE-2021-34582
RESERVED
-CVE-2021-34581
- RESERVED
+CVE-2021-34581 (Missing Release of Resource after Effective Lifetime
vulnerability in ...)
+ TODO: check
CVE-2021-34580
RESERVED
CVE-2021-34579
RESERVED
-CVE-2021-34578
- RESERVED
+CVE-2021-34578 (This vulnerability allows an attacker who has access to the
WBM to rea ...)
+ TODO: check
CVE-2021-34577
RESERVED
CVE-2021-34576
@@ -12988,20 +12998,20 @@ CVE-2021-34567
RESERVED
CVE-2021-34566
RESERVED
-CVE-2021-34565
- RESERVED
-CVE-2021-34564
- RESERVED
-CVE-2021-34563
- RESERVED
-CVE-2021-34562
- RESERVED
-CVE-2021-34561
- RESERVED
-CVE-2021-34560
- RESERVED
-CVE-2021-34559
- RESERVED
+CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH
and telne ...)
+ TODO: check
+CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or
browser ...)
+ TODO: check
+CVE-2021-34563 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the
HttpOnly att ...)
+ TODO: check
+CVE-2021-34562 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to
inject a ...)
+ TODO: check
+CVE-2021-34561 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious
issue exists ...)
+ TODO: check
+CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form
contains a pa ...)
+ TODO: check
+CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a
vulnerability may ...)
+ TODO: check
CVE-2021-3596
RESERVED
CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP
network ...)
@@ -15389,8 +15399,8 @@ CVE-2021-33557 (An XSS issue was discovered in
manage_custom_field_edit_page.php
- mantis <removed>
CVE-2021-33556
RESERVED
-CVE-2021-33555
- RESERVED
+CVE-2021-33555 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename
paramet ...)
+ TODO: check
CVE-2021-33554
RESERVED
CVE-2021-33553
@@ -24770,8 +24780,8 @@ CVE-2021-29909
RESERVED
CVE-2021-29908
RESERVED
-CVE-2021-29907
- RESERVED
+CVE-2021-29907 (IBM OpenPages with Watson 8.1 and 8.2 could allow an
authenticated use ...)
+ TODO: check
CVE-2021-29906
RESERVED
CVE-2021-29905
@@ -30234,8 +30244,8 @@ CVE-2021-27670 (Appspace 6.2.4 allows SSRF via the
api/v1/core/proxy/jsonpreques
NOT-FOR-US: Appspace
CVE-2021-27669
RESERVED
-CVE-2021-27668
- RESERVED
+CVE-2021-27668 (HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the
read of lic ...)
+ TODO: check
CVE-2021-27667
RESERVED
CVE-2021-27666
@@ -41345,10 +41355,10 @@ CVE-2021-22946
RESERVED
CVE-2021-22945
RESERVED
-CVE-2021-22944
- RESERVED
-CVE-2021-22943
- RESERVED
+CVE-2021-22944 (A vulnerability found in UniFi Protect application V1.18.1 and
earlier ...)
+ TODO: check
+CVE-2021-22943 (A vulnerability found in UniFi Protect application V1.18.1 and
earlier ...)
+ TODO: check
CVE-2021-22942 [ossible Open Redirect in Host Authorization Middleware]
RESERVED
- rails <unfixed> (bug #992586)
@@ -41395,8 +41405,8 @@ CVE-2021-22930 [Use after free on close http2 on stream
canceling]
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22930
NOTE: Possible incomplete fix (at least for v12):
https://github.com/nodejs/node/issues/38964#issuecomment-889936936
NOTE: CVE for the incomplete fix tracked as CVE-2021-22940
-CVE-2021-22929
- RESERVED
+CVE-2021-22929 (An information disclosure exists in Brave Browser Desktop
prior to ver ...)
+ TODO: check
CVE-2021-22928 (A vulnerability has been identified in Citrix Virtual Apps and
Desktop ...)
NOT-FOR-US: Citrix
CVE-2021-22927 (A session fixation vulnerability exists in Citrix ADC and
Citrix Gatew ...)
@@ -42125,8 +42135,8 @@ CVE-2021-3020
RESERVED
CVE-2021-22685
RESERVED
-CVE-2021-22684
- RESERVED
+CVE-2021-22684 (Tizen RT RTOS version 3.0.GBB is vulnerable to integer
wrap-around in ...)
+ TODO: check
CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an
out-of-b ...)
NOT-FOR-US: Fatek FvDesigner
CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by
default to be ...)
@@ -44119,8 +44129,8 @@ CVE-2021-21813 (Within the function HandleFileArg the
argument filepattern is un
NOT-FOR-US: Xmill (AT&T Labs)
CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the
command-line ...)
NOT-FOR-US: Xmill (AT&T Labs)
-CVE-2021-21811
- RESERVED
+CVE-2021-21811 (A memory corruption vulnerability exists in the XML-parsing
CreateLabe ...)
+ TODO: check
CVE-2021-21810 (A memory corruption vulnerability exists in the XML-parsing
ParseAttri ...)
NOT-FOR-US: AT&T Labs Xmill
CVE-2021-21809 (A command execution vulnerability exists in the default legacy
spellch ...)
@@ -44428,20 +44438,15 @@ CVE-2021-21683
RESERVED
CVE-2021-21682
RESERVED
-CVE-2021-21681
- RESERVED
+CVE-2021-21681 (Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords
unencry ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21680
- RESERVED
+CVE-2021-21680 (Jenkins Nested View Plugin 1.20 and earlier does not configure
its XML ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21679
- RESERVED
+CVE-2021-21679 (Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows
attackers ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21678
- RESERVED
+CVE-2021-21678 (Jenkins SAML Plugin 2.0.7 and earlier allows attackers to
craft URLs t ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21677
- RESERVED
+CVE-2021-21677 (Jenkins Code Coverage API Plugin 1.4.0 and earlier does not
apply Jenk ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21676 (Jenkins requests-plugin Plugin 2.2.7 and earlier does not
perform a pe ...)
NOT-FOR-US: Jenkins plugin
@@ -80405,14 +80410,14 @@ CVE-2020-19051
RESERVED
CVE-2020-19050
RESERVED
-CVE-2020-19049
- RESERVED
-CVE-2020-19048
- RESERVED
-CVE-2020-19047
- RESERVED
-CVE-2020-19046
- RESERVED
+CVE-2020-19049 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote
attackers to ...)
+ TODO: check
+CVE-2020-19048 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote
attackers to ...)
+ TODO: check
+CVE-2020-19047 (Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows
remote atatck ...)
+ TODO: check
+CVE-2020-19046 (Cross Site Scripting (XSS) in S-CMS v1.0 allows remote
attackers to ex ...)
+ TODO: check
CVE-2020-19045
RESERVED
CVE-2020-19044
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0064530fb46ef7975ed9de8b1d07b400b919a8c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0064530fb46ef7975ed9de8b1d07b400b919a8c3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
