Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8cd181a9 by security tracker role at 2021-09-02T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2021-40437
+ RESERVED
+CVE-2021-40436
+ RESERVED
+CVE-2021-40435
+ RESERVED
+CVE-2021-40434
+ RESERVED
+CVE-2021-40433
+ RESERVED
+CVE-2021-40432
+ RESERVED
+CVE-2021-40431
+ RESERVED
+CVE-2021-40430
+ RESERVED
+CVE-2021-40429
+ RESERVED
+CVE-2021-40428
+ RESERVED
+CVE-2021-40427
+ RESERVED
+CVE-2021-40426
+ RESERVED
+CVE-2021-40425
+ RESERVED
+CVE-2021-40424
+ RESERVED
+CVE-2021-40423
+ RESERVED
+CVE-2021-40422
+ RESERVED
+CVE-2021-40421
+ RESERVED
+CVE-2021-40420
+ RESERVED
+CVE-2021-40419
+ RESERVED
+CVE-2021-40418
+ RESERVED
+CVE-2021-40417
+ RESERVED
+CVE-2021-40416
+ RESERVED
+CVE-2021-40415
+ RESERVED
+CVE-2021-40414
+ RESERVED
+CVE-2021-40413
+ RESERVED
+CVE-2021-40412
+ RESERVED
+CVE-2021-40411
+ RESERVED
+CVE-2021-40410
+ RESERVED
+CVE-2021-40409
+ RESERVED
+CVE-2021-40408
+ RESERVED
+CVE-2021-40407
+ RESERVED
+CVE-2021-40406
+ RESERVED
+CVE-2021-40405
+ RESERVED
+CVE-2021-40404
+ RESERVED
+CVE-2021-40403
+ RESERVED
+CVE-2021-40402
+ RESERVED
+CVE-2021-40401
+ RESERVED
+CVE-2021-40400
+ RESERVED
+CVE-2021-40399
+ RESERVED
+CVE-2021-40398
+ RESERVED
+CVE-2021-40397
+ RESERVED
+CVE-2021-40396
+ RESERVED
+CVE-2021-40395
+ RESERVED
+CVE-2021-40394
+ RESERVED
+CVE-2021-40393
+ RESERVED
+CVE-2021-40392
+ RESERVED
+CVE-2021-40391
+ RESERVED
+CVE-2021-40390
+ RESERVED
+CVE-2021-40389
+ RESERVED
+CVE-2021-40388
+ RESERVED
+CVE-2021-40387 (An issue was discovered in the server software in Kaseya
Unitrends Bac ...)
+ TODO: check
+CVE-2021-40386
+ RESERVED
+CVE-2021-40385 (An issue was discovered in the server software in Kaseya
Unitrends Bac ...)
+ TODO: check
+CVE-2021-40384
+ RESERVED
+CVE-2021-40383
+ RESERVED
CVE-2021-40382 (An issue was discovered on Compro IP70 2.08_7130218, IP570
2.08_713052 ...)
NOT-FOR-US: Compro devices
CVE-2021-40381 (An issue was discovered on Compro IP70 2.08_7130218, IP570
2.08_713052 ...)
@@ -2576,6 +2686,7 @@ CVE-2021-39232
CVE-2021-39231
RESERVED
CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached
SCSI) d ...)
+ {DLA-2753-1}
- qemu 1:6.1+dfsg-2 (bug #992727)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
@@ -2668,18 +2779,18 @@ CVE-2021-39188
RESERVED
CVE-2021-39187
RESERVED
-CVE-2021-39186
- RESERVED
-CVE-2021-39185
- RESERVED
+CVE-2021-39186 (GlobalNewFiles is a package in Miraheze, a wiki hosting
service. Prior ...)
+ TODO: check
+CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP
services. In h ...)
+ TODO: check
CVE-2021-39184
RESERVED
CVE-2021-39183
RESERVED
CVE-2021-39182
RESERVED
-CVE-2021-39181
- RESERVED
+CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS).
Prior to ver ...)
+ TODO: check
CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A
path trave ...)
NOT-FOR-US: OpenOLAT
CVE-2021-39179
@@ -2837,16 +2948,16 @@ CVE-2021-39121
RESERVED
CVE-2021-39120
RESERVED
-CVE-2021-39119
- RESERVED
+CVE-2021-39119 (Affected versions of Atlassian Jira Server and Data Center
allow users ...)
+ TODO: check
CVE-2021-39118
RESERVED
CVE-2021-39117 (The AssociateFieldToScreens page in Atlassian Jira Server and
Data Cen ...)
NOT-FOR-US: Atlassian
CVE-2021-39116
RESERVED
-CVE-2021-39115
- RESERVED
+CVE-2021-39115 (Affected versions of Atlassian Jira Service Management Server
and Data ...)
+ TODO: check
CVE-2021-39114
RESERVED
CVE-2021-39113 (Affected versions of Atlassian Jira Server and Data Center
allow anony ...)
@@ -5188,6 +5299,7 @@ CVE-2021-38090
CVE-2021-38089
RESERVED
CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU
in ver ...)
+ {DLA-2753-1}
- qemu 1:6.0+dfsg-3 (bug #991911)
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/491
NOTE: Introduced by:
https://gitlab.com/qemu-project/qemu/-/commit/b2d1fe67d09d2b6c7da647fbcea6ca0148c206d3
(v1.4.0-rc0)
@@ -12696,8 +12808,8 @@ CVE-2021-34767
RESERVED
CVE-2021-34766
RESERVED
-CVE-2021-34765
- RESERVED
+CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could
allow an ...)
+ TODO: check
CVE-2021-34764
RESERVED
CVE-2021-34763
@@ -12708,8 +12820,8 @@ CVE-2021-34761
RESERVED
CVE-2021-34760
RESERVED
-CVE-2021-34759
- RESERVED
+CVE-2021-34759 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
CVE-2021-34758
RESERVED
CVE-2021-34757
@@ -12734,8 +12846,8 @@ CVE-2021-34748
RESERVED
CVE-2021-34747
RESERVED
-CVE-2021-34746
- RESERVED
+CVE-2021-34746 (A vulnerability in the TACACS+ authentication, authorization
and accou ...)
+ TODO: check
CVE-2021-34745 (A vulnerability in the AppDynamics .NET Agent for Windows
could allow ...)
NOT-FOR-US: .NET Agent for Windows
CVE-2021-34744
@@ -12760,10 +12872,10 @@ CVE-2021-34735
RESERVED
CVE-2021-34734 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
implementa ...)
NOT-FOR-US: Cisco
-CVE-2021-34733
- RESERVED
-CVE-2021-34732
- RESERVED
+CVE-2021-34733 (A vulnerability in the CLI of Cisco Prime Infrastructure and
Cisco Evo ...)
+ TODO: check
+CVE-2021-34732 (A vulnerability in the web-based management interface of Cisco
Prime C ...)
+ TODO: check
CVE-2021-34731
RESERVED
CVE-2021-34730 (A vulnerability in the Universal Plug-and-Play (UPnP) service
of Cisco ...)
@@ -13168,6 +13280,7 @@ CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway
<= 3.0.8 a vulnerabilit
CVE-2021-3596
RESERVED
CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP
network ...)
+ {DLA-2753-1}
- libslirp 4.6.1-1 (bug #989996)
[bullseye] - libslirp <no-dsa> (Minor issue)
- qemu 1:4.1-2
@@ -13177,6 +13290,7 @@ CVE-2021-3595 (An invalid pointer initialization issue
was found in the SLiRP ne
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30
(v4.6.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP
network ...)
+ {DLA-2753-1}
- libslirp 4.6.1-1 (bug #989995)
[bullseye] - libslirp <no-dsa> (Minor issue)
- qemu 1:4.1-2
@@ -13194,6 +13308,7 @@ CVE-2021-3593 (An invalid pointer initialization issue
was found in the SLiRP ne
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b
(v4.6.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP
network ...)
+ {DLA-2753-1}
- libslirp 4.6.1-1 (bug #989993)
[bullseye] - libslirp <no-dsa> (Minor issue)
- qemu 1:4.1-2
@@ -19529,6 +19644,7 @@ CVE-2021-31922 (An HTTP Request Smuggling vulnerability
in Pulse Secure Virtual
CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0,
where in ...)
NOT-FOR-US: noobaa
CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of
QEMU. Sma ...)
+ {DLA-2753-1}
- qemu 1:5.2+dfsg-11 (bug #988157)
[buster] - qemu <no-dsa> (Minor issue)
NOTE: Initial patchset:
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html
@@ -20052,12 +20168,12 @@ CVE-2021-31799 (In RDoc 3.11 through 6.x before
6.3.1, as distributed with Ruby
NOTE:
https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
NOTE:
https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e
(master)
NOTE:
https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522
(2.7)
-CVE-2021-31798
- RESERVED
-CVE-2021-31797
- RESERVED
-CVE-2021-31796
- RESERVED
+CVE-2021-31798 (The effective key space used to encrypt the cache in CyberArk
Credenti ...)
+ TODO: check
+CVE-2021-31797 (The user identification mechanism used by CyberArk Credential
Provider ...)
+ TODO: check
+CVE-2021-31796 (An inadequate encryption vulnerability discovered in CyberArk
Credenti ...)
+ TODO: check
CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through
2021-04-24 for th ...)
NOT-FOR-US: PowerVR GPU kernel driver (OOT)
CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the
HTTP Use ...)
@@ -77995,26 +78111,26 @@ CVE-2020-20351
RESERVED
CVE-2020-20350
RESERVED
-CVE-2020-20349
- RESERVED
-CVE-2020-20348
- RESERVED
-CVE-2020-20347
- RESERVED
+CVE-2020-20349 (WTCMS 1.0 contains a stored cross-site scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2020-20348 (WTCMS 1.0 contains a stored cross-site scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2020-20347 (WTCMS 1.0 contains a stored cross-site scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2020-20346
RESERVED
-CVE-2020-20345
- RESERVED
-CVE-2020-20344
- RESERVED
-CVE-2020-20343
- RESERVED
+CVE-2020-20345 (WTCMS 1.0 contains a reflective cross-site scripting (XSS)
vulnerabili ...)
+ TODO: check
+CVE-2020-20344 (WTCMS 1.0 contains a reflective cross-site scripting (XSS)
vulnerabili ...)
+ TODO: check
+CVE-2020-20343 (WTCMS 1.0 contains a cross-site request forgery (CSRF)
vulnerability i ...)
+ TODO: check
CVE-2020-20342
RESERVED
-CVE-2020-20341
- RESERVED
-CVE-2020-20340
- RESERVED
+CVE-2020-20341 (YzmCMS v5.5 contains a server-side request forgery (SSRF) in
the grab_ ...)
+ TODO: check
+CVE-2020-20340 (A SQL injection vulnerability in the
4.edu.php\conn\function.php compo ...)
+ TODO: check
CVE-2020-20339
RESERVED
CVE-2020-20338
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cd181a9f36752711312ad3349ed9d2f312ec05f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cd181a9f36752711312ad3349ed9d2f312ec05f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
