Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9f936db9 by security tracker role at 2021-09-02T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-40439
+ RESERVED
+CVE-2021-40438
+ RESERVED
CVE-2021-XXXX [inetutils: ftp client didn't validate that PASV/LSPV addresse
match]
- inetutils 2:2.2-1 (bug #993476)
[bullseye] - inetutils <no-dsa> (Minor issue)
@@ -226,10 +230,10 @@ CVE-2021-3759 [ unaccounted ipc objects in Linux kernel
lead to breaking memcg l
RESERVED
- linux <unfixed>
NOTE:
https://lore.kernel.org/linux-mm/[email protected]/
-CVE-2021-3758
- RESERVED
-CVE-2021-3757
- RESERVED
+CVE-2021-3758 (bookstack is vulnerable to Server-Side Request Forgery (SSRF)
...)
+ TODO: check
+CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of
Object Pr ...)
+ TODO: check
CVE-2021-40331
RESERVED
CVE-2021-3756
@@ -2411,8 +2415,8 @@ CVE-2021-39324
RESERVED
CVE-2021-39323
RESERVED
-CVE-2021-39322
- RESERVED
+CVE-2021-39322 (The Easy Social Icons plugin <= 3.0.8 for WordPress echoes
out the ...)
+ TODO: check
CVE-2021-39321
RESERVED
CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes
out the r ...)
@@ -2792,8 +2796,8 @@ CVE-2021-39189
RESERVED
CVE-2021-39188
RESERVED
-CVE-2021-39187
- RESERVED
+CVE-2021-39187 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
CVE-2021-39186 (GlobalNewFiles is a package in Miraheze, a wiki hosting
service. Prior ...)
NOT-FOR-US: Miraheze
CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP
services. In h ...)
@@ -4693,12 +4697,12 @@ CVE-2021-38316
RESERVED
CVE-2021-38315 (The SP Project & Document Manager WordPress plugin is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-38314
- RESERVED
+CVE-2021-38314 (The Gutenberg Template Library & Redux Framework plugin
<= 4.2. ...)
+ TODO: check
CVE-2021-38313
RESERVED
-CVE-2021-38312
- RESERVED
+CVE-2021-38312 (The Gutenberg Template Library & Redux Framework plugin
<= 4.2. ...)
+ TODO: check
CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops
exist in ...)
NOT-FOR-US: Contiki
CVE-2021-38310
@@ -10056,12 +10060,12 @@ CVE-2021-36021
RESERVED
CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and
earlier) ...)
NOT-FOR-US: Magento
-CVE-2021-36019
- RESERVED
-CVE-2021-36018
- RESERVED
-CVE-2021-36017
- RESERVED
+CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected
by an Out ...)
+ TODO: check
+CVE-2021-36018 (Adobe After Effects version 18.2.1 (and earlier) is affected
by an Out ...)
+ TODO: check
+CVE-2021-36017 (Adobe After Effects version 18.2.1 (and earlier) is affected
by a memo ...)
+ TODO: check
CVE-2021-36016 (Adobe Media Encoder version 15.2 (and earlier) is affected by
an Out-o ...)
NOT-FOR-US: Adobe
CVE-2021-36015 (Adobe Media Encoder version 15.2 (and earlier) is affected by
a memory ...)
@@ -10102,14 +10106,14 @@ CVE-2021-35998
RESERVED
CVE-2021-35997 (Adobe Premiere Pro version 15.2 (and earlier) is affected by a
memory ...)
NOT-FOR-US: Adobe
-CVE-2021-35996
- RESERVED
-CVE-2021-35995
- RESERVED
-CVE-2021-35994
- RESERVED
-CVE-2021-35993
- RESERVED
+CVE-2021-35996 (Adobe After Effects version 18.2.1 (and earlier) is affected
by a memo ...)
+ TODO: check
+CVE-2021-35995 (Adobe After Effects version 18.2.1 (and earlier) is affected
by an Imp ...)
+ TODO: check
+CVE-2021-35994 (Adobe After Effects version 18.2.1 (and earlier) is affected
by an out ...)
+ TODO: check
+CVE-2021-35993 (Adobe After Effects version 18.2.1 (and earlier) is affected
by an out ...)
+ TODO: check
CVE-2021-35992 (Adobe Bridge version 11.0.2 (and earlier) is affected by an
Out-of-bou ...)
NOT-FOR-US: Adobe
CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an
uninitiali ...)
@@ -14677,8 +14681,8 @@ CVE-2021-33940
RESERVED
CVE-2021-33939
RESERVED
-CVE-2021-33938
- RESERVED
+CVE-2021-33938 (Buffer overflow vulnerability in function prune_to_recommended
in src/ ...)
+ TODO: check
CVE-2021-33937
RESERVED
CVE-2021-33936
@@ -14693,12 +14697,12 @@ CVE-2021-33932
RESERVED
CVE-2021-33931
RESERVED
-CVE-2021-33930
- RESERVED
-CVE-2021-33929
- RESERVED
-CVE-2021-33928
- RESERVED
+CVE-2021-33930 (Buffer overflow vulnerability in function
pool_installable_whatprovide ...)
+ TODO: check
+CVE-2021-33929 (Buffer overflow vulnerability in function
pool_disabled_solvable in sr ...)
+ TODO: check
+CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in
src/repo ...)
+ TODO: check
CVE-2021-33927
RESERVED
CVE-2021-33926
@@ -28398,38 +28402,38 @@ CVE-2021-28567
RESERVED
CVE-2021-28566
RESERVED
-CVE-2021-28565
- RESERVED
-CVE-2021-28564
- RESERVED
+CVE-2021-28565 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
+ TODO: check
+CVE-2021-28564 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
+ TODO: check
CVE-2021-28563 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
NOT-FOR-US: Magento
CVE-2021-28562 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
NOT-FOR-US: Adobe
-CVE-2021-28561
- RESERVED
-CVE-2021-28560
- RESERVED
-CVE-2021-28559
- RESERVED
-CVE-2021-28558
- RESERVED
-CVE-2021-28557
- RESERVED
+CVE-2021-28561 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
+ TODO: check
+CVE-2021-28560 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
+ TODO: check
+CVE-2021-28559 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
+ TODO: check
+CVE-2021-28558 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
+ TODO: check
+CVE-2021-28557 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
+ TODO: check
CVE-2021-28556 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
NOT-FOR-US: Magento
-CVE-2021-28555
- RESERVED
+CVE-2021-28555 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
+ TODO: check
CVE-2021-28554 (Acrobat Reader DC versions versions 2021.001.20155 (and
earlier), 2020 ...)
NOT-FOR-US: Adobe
-CVE-2021-28553
- RESERVED
+CVE-2021-28553 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
+ TODO: check
CVE-2021-28552 (Acrobat Reader DC versions versions 2021.001.20155 (and
earlier), 2020 ...)
NOT-FOR-US: Adobe
CVE-2021-28551 (Acrobat Reader DC versions versions 2021.001.20155 (and
earlier), 2020 ...)
NOT-FOR-US: Adobe
-CVE-2021-28550
- RESERVED
+CVE-2021-28550 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
+ TODO: check
CVE-2021-28549 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and
earlier) a ...)
NOT-FOR-US: Adobe
CVE-2021-28548 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and
earlier) a ...)
@@ -30758,8 +30762,7 @@ CVE-2021-27580
RESERVED
CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to
report on ...)
NOT-FOR-US: Snow Inventory Agent
-CVE-2021-27578
- RESERVED
+CVE-2021-27578 (Cross Site Scripting vulnerability in markdown interpreter of
Apache Z ...)
NOT-FOR-US: Apache Zeppelin
CVE-2021-27577 (Incorrect handling of url fragment vulnerability of Apache
Traffic Ser ...)
{DSA-4957-1}
@@ -42089,16 +42092,16 @@ CVE-2021-22795
RESERVED
CVE-2021-22794
RESERVED
-CVE-2021-22793
- RESERVED
-CVE-2021-22792
- RESERVED
-CVE-2021-22791
- RESERVED
-CVE-2021-22790
- RESERVED
-CVE-2021-22789
- RESERVED
+CVE-2021-22793 (A CWE-200: Exposure of Sensitive Information to an
Unauthorized Actor ...)
+ TODO: check
+CVE-2021-22792 (A CWE-476: NULL Pointer Dereference vulnerability that could
cause a D ...)
+ TODO: check
+CVE-2021-22791 (A CWE-787: Out-of-bounds Write vulnerability that could cause
a Denial ...)
+ TODO: check
+CVE-2021-22790 (A CWE-125: Out-of-bounds Read vulnerability that could cause a
Denial ...)
+ TODO: check
+CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the
Bounds of a M ...)
+ TODO: check
CVE-2021-22788
RESERVED
CVE-2021-22787
@@ -42125,8 +42128,8 @@ CVE-2021-22777 (A CWE-502: Deserialization of Untrusted
Data vulnerability exist
NOT-FOR-US: Schneider Electric
CVE-2021-22776
RESERVED
-CVE-2021-22775
- RESERVED
+CVE-2021-22775 (A CWE-427: Uncontrolled Search Path Element vulnerability
exists in GP ...)
+ TODO: check
CVE-2021-22774 (A CWE-759: Use of a One-Way Hash without a Salt vulnerability
exists i ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22773 (A CWE-620: Unverified Password Change vulnerability exists in
EVlink C ...)
@@ -42267,8 +42270,8 @@ CVE-2021-22706 (A CWE-79: Improper Neutralization of
Input During Web Page Gener
NOT-FOR-US: Schneider Electric
CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
NOT-FOR-US: Schneider
-CVE-2021-22704
- RESERVED
+CVE-2021-22704 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
+ TODO: check
CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information
vulnerabili ...)
NOT-FOR-US: PowerLogic
CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information
vulnerabili ...)
@@ -42786,8 +42789,8 @@ CVE-2021-22527
RESERVED
CVE-2021-22526
RESERVED
-CVE-2021-22525
- RESERVED
+CVE-2021-22525 (This release addresses a potential information leakage
vulnerability i ...)
+ TODO: check
CVE-2021-22524
RESERVED
CVE-2021-22523 (XML External Entity vulnerability in Micro Focus Verastream
Host Integ ...)
@@ -47830,8 +47833,8 @@ CVE-2021-21088
RESERVED
CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018
(update 1 ...)
NOT-FOR-US: Adobe
-CVE-2021-21086
- RESERVED
+CVE-2021-21086 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
+ TODO: check
CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an
Input Val ...)
NOT-FOR-US: Adobe
CVE-2021-21084 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and
below), ...)
@@ -82851,8 +82854,8 @@ CVE-2020-18050
RESERVED
CVE-2020-18049
RESERVED
-CVE-2020-18048
- RESERVED
+CVE-2020-18048 (An issue in craigms/main.php of CraigMS 1.0 allows attackers
to execut ...)
+ TODO: check
CVE-2020-18047
RESERVED
CVE-2020-18046
@@ -93207,8 +93210,7 @@ CVE-2020-13931 (If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0
- 7.1.3, 7.0.0-M1 - 7.0.
NOT-FOR-US: Apache TomEE
CVE-2020-13930
RESERVED
-CVE-2020-13929
- RESERVED
+CVE-2020-13929 (Authentication bypass vulnerability in Apache Zeppelin allows
an attac ...)
NOT-FOR-US: Apache Zeppelin
CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While
saving se ...)
NOT-FOR-US: Apache Atlas
@@ -159070,8 +159072,7 @@ CVE-2019-10097 (In Apache HTTP Server 2.4.32-2.4.39,
when mod_remoteip was confi
NOTE: https://svn.apache.org/r1864613
CVE-2019-10096
REJECTED
-CVE-2019-10095
- RESERVED
+CVE-2019-10095 (bash command injection vulnerability in Apache Zeppelin allows
an atta ...)
NOT-FOR-US: Apache Zeppelin
CVE-2019-10094 (A carefully crafted package/compressed file that, when
unzipped/uncomp ...)
- tika 1.22-1 (bug #933746)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f936db95adc56c1982747376cb54b753fec842a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f936db95adc56c1982747376cb54b753fec842a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
