Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9dfcafcb by security tracker role at 2021-09-06T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows
plaintext re ...)
+ TODO: check
+CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in
Thunder ...)
+ TODO: check
+CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows
plaintext ...)
+ TODO: check
+CVE-2021-40527
+ RESERVED
+CVE-2021-40526
+ RESERVED
+CVE-2021-40525
+ RESERVED
+CVE-2021-3776
+ RESERVED
+CVE-2021-3775
+ RESERVED
+CVE-2021-3774
+ RESERVED
+CVE-2021-3773
+ RESERVED
CVE-2021-3772
RESERVED
CVE-2021-3771
@@ -26,8 +46,8 @@ CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers
to cause a denial o
NOTE:
https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b
CVE-2021-40515
RESERVED
-CVE-2021-3770
- RESERVED
+CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
CVE-2021-3769
RESERVED
CVE-2021-40514
@@ -42,10 +62,10 @@ CVE-2021-40510
RESERVED
CVE-2021-40509 (ViewCommon.java in JForum2 2.7.0 allows XSS via a user
signature. ...)
NOT-FOR-US: JForum2
-CVE-2021-3768
- RESERVED
-CVE-2021-3767
- RESERVED
+CVE-2021-3768 (bookstack is vulnerable to Improper Neutralization of Input
During Web ...)
+ TODO: check
+CVE-2021-3767 (bookstack is vulnerable to Improper Neutralization of Input
During Web ...)
+ TODO: check
CVE-2021-40508
RESERVED
CVE-2021-40507
@@ -54,8 +74,8 @@ CVE-2021-40506
RESERVED
CVE-2021-40505
RESERVED
-CVE-2021-3766
- RESERVED
+CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled
Modification of Ob ...)
+ TODO: check
CVE-2021-3765
RESERVED
CVE-2021-40504
@@ -3033,7 +3053,7 @@ CVE-2021-39188
RESERVED
CVE-2021-39187 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
-CVE-2021-39186 (GlobalNewFiles is a package in Miraheze, a wiki hosting
service. Prior ...)
+CVE-2021-39186 (GlobalNewFiles is a MediaWiki extension maintained by
Miraheze. Prior ...)
NOT-FOR-US: Miraheze
CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP
services. In h ...)
NOT-FOR-US: Https4s
@@ -8579,8 +8599,8 @@ CVE-2020-36420 (** UNSUPPORTED WHEN ASSIGNED ** Polipo
through 1.1.1, when NDEBU
NOTE: https://www.openwall.com/lists/oss-security/2020/11/18/1
CVE-2021-36745
RESERVED
-CVE-2021-36744
- RESERVED
+CVE-2021-36744 (Trend Micro Security (Consumer) 2021 and 2020 are vulnerable
to a dire ...)
+ TODO: check
CVE-2021-36743
RESERVED
CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex
One, Ape ...)
@@ -9998,14 +10018,14 @@ CVE-2021-36098
RESERVED
CVE-2021-36097
RESERVED
-CVE-2021-36096
- RESERVED
-CVE-2021-36095
- RESERVED
-CVE-2021-36094
- RESERVED
-CVE-2021-36093
- RESERVED
+CVE-2021-36096 (Generated Support Bundles contains private S/MIME and PGP keys
if cont ...)
+ TODO: check
+CVE-2021-36095 (Malicious attacker is able to find out valid user logins by
using the ...)
+ TODO: check
+CVE-2021-36094 (It's possible to craft a request for appointment edit screen,
which co ...)
+ TODO: check
+CVE-2021-36093 (It's possible to create an email which can be stuck while
being proces ...)
+ TODO: check
CVE-2021-36092 (It's possible to create an email which contains specially
crafted link ...)
- otrs2 <undetermined>
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-15/
@@ -18388,8 +18408,8 @@ CVE-2021-32570
RESERVED
CVE-2021-32569
RESERVED
-CVE-2021-32568
- RESERVED
+CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...)
+ TODO: check
CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache
Traffic Se ...)
{DSA-4957-1}
- trafficserver 8.1.1+ds-1.1 (bug #990303)
@@ -35725,8 +35745,7 @@ CVE-2021-25739
CVE-2021-25738
RESERVED
NOT-FOR-US: Kubernetes Java client
-CVE-2021-25737
- RESERVED
+CVE-2021-25737 (A security issue was discovered in Kubernetes where a user may
be able ...)
- kubernetes <unfixed> (bug #990793)
[bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only
ships the client)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/4
@@ -35734,8 +35753,7 @@ CVE-2021-25737
CVE-2021-25736
RESERVED
- kubernetes <not-affected> (Windows-specific)
-CVE-2021-25735 [Validating Admission Webhook does not observe some previous
fields]
- RESERVED
+CVE-2021-25735 (A security issue was discovered in kube-apiserver that could
allow nod ...)
- kubernetes <unfixed> (bug #990793)
[bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only
ships the client)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/1
@@ -38257,8 +38275,8 @@ CVE-2021-24613
RESERVED
CVE-2021-24612
RESERVED
-CVE-2021-24611
- RESERVED
+CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not
sanitise of esc ...)
+ TODO: check
CVE-2021-24610
RESERVED
CVE-2021-24609
@@ -38273,16 +38291,16 @@ CVE-2021-24605
RESERVED
CVE-2021-24604
RESERVED
-CVE-2021-24603
- RESERVED
+CVE-2021-24603 (The Site Reviews WordPress plugin before 5.13.1 does not
sanitise some ...)
+ TODO: check
CVE-2021-24602 (The HM Multiple Roles WordPress plugin before 1.3 does not
have any ac ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24601
- RESERVED
+CVE-2021-24601 (The WPFront Notification Bar WordPress plugin before
2.1.0.08087 does ...)
+ TODO: check
CVE-2021-24600
RESERVED
-CVE-2021-24599
- RESERVED
+CVE-2021-24599 (The Email Encoder – Protect Email Addresses WordPress
plugin bef ...)
+ TODO: check
CVE-2021-24598
RESERVED
CVE-2021-24597
@@ -38297,14 +38315,14 @@ CVE-2021-24593 (The Business Hours Indicator
WordPress plugin before 2.3.5 does
NOT-FOR-US: WordPress plugin
CVE-2021-24592 (The Sitewide Notice WP WordPress plugin before 2.3 does not
sanitise s ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24591
- RESERVED
-CVE-2021-24590
- RESERVED
+CVE-2021-24591 (The Highlight WordPress plugin before 0.9.3 does not sanitise
its Cust ...)
+ TODO: check
+CVE-2021-24590 (The Cookie Notice & Consent Banner for GDPR & CCPA
Compliance ...)
+ TODO: check
CVE-2021-24589
RESERVED
-CVE-2021-24588
- RESERVED
+CVE-2021-24588 (The SMS Alert Order Notifications WordPress plugin before
3.4.7 is aff ...)
+ TODO: check
CVE-2021-24587
RESERVED
CVE-2021-24586
@@ -38343,8 +38361,8 @@ CVE-2021-24570
RESERVED
CVE-2021-24569
RESERVED
-CVE-2021-24568
- RESERVED
+CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does
not san ...)
+ TODO: check
CVE-2021-24567
RESERVED
CVE-2021-24566
@@ -38445,16 +38463,16 @@ CVE-2021-24519 (The VikRentCar Car Rental Management
System WordPress plugin bef
NOT-FOR-US: WordPress plugin
CVE-2021-24518 (The WPFront Notification Bar WordPress plugin before
2.0.0.07176 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24517
- RESERVED
+CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms
WordPre ...)
+ TODO: check
CVE-2021-24516
RESERVED
CVE-2021-24515
RESERVED
CVE-2021-24514
RESERVED
-CVE-2021-24513
- RESERVED
+CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress
plugin be ...)
+ TODO: check
CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4
has an a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24511
@@ -38609,8 +38627,8 @@ CVE-2021-24437 (The Favicon by RealFaviconGenerator
WordPress plugin through 1.3
NOT-FOR-US: WordPress plugin
CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was
vulnerable to a r ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24435
- RESERVED
+CVE-2021-24435 (The iframe-font-preview.php file of the titan-framework does
not prope ...)
+ TODO: check
CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or
escape i ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24433
@@ -38689,18 +38707,18 @@ CVE-2021-24397
RESERVED
CVE-2021-24396
RESERVED
-CVE-2021-24395
- RESERVED
-CVE-2021-24394
- RESERVED
-CVE-2021-24393
- RESERVED
-CVE-2021-24392
- RESERVED
-CVE-2021-24391
- RESERVED
-CVE-2021-24390
- RESERVED
+CVE-2021-24395 (The editid GET parameter of the Embed Youtube Video WordPress
plugin t ...)
+ TODO: check
+CVE-2021-24394 (An id GET parameter of the Easy Testimonial Manager WordPress
plugin t ...)
+ TODO: check
+CVE-2021-24393 (A c GET parameter of the Comment Highlighter WordPress plugin
through ...)
+ TODO: check
+CVE-2021-24392 (An id GET parameter of the WordPress Membership SwiftCloud.io
WordPres ...)
+ TODO: check
+CVE-2021-24391 (An editid GET parameter of the Cashtomer WordPress plugin
through 1.0. ...)
+ TODO: check
+CVE-2021-24390 (A proid GET parameter of the
WordPress支付宝Alipay|& ...)
+ TODO: check
CVE-2021-24389 (The WP Foodbakery WordPress plugin before 2.2, used in the
FoodBakery ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24388 (In the VikRentCar Car Rental Management System WordPress
plugin before ...)
@@ -38873,8 +38891,8 @@ CVE-2021-24305 (The Target First WordPress Plugin v2.0,
also previously known as
NOT-FOR-US: WordPress plugin
CVE-2021-24304 (The Newsmag WordPress theme before 5.0 does not sanitise the
td_block_ ...)
NOT-FOR-US: Wordpress theme
-CVE-2021-24303
- RESERVED
+CVE-2021-24303 (The JiangQie Official Website Mini Program WordPress plugin
before 1.1 ...)
+ TODO: check
CVE-2021-24302 (The Hana Flv Player WordPress plugin through 3.1.3 is
vulnerable to an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24301 (The Hotjar Connecticator WordPress plugin through 1.1.1 is
vulnerable ...)
@@ -39508,8 +39526,8 @@ CVE-2021-24008
RESERVED
CVE-2021-24007 (Multiple improper neutralization of special elements of SQL
commands v ...)
NOT-FOR-US: Fortiguard
-CVE-2021-24006
- RESERVED
+CVE-2021-24006 (An improper access control vulnerability in FortiManager
versions 6.4. ...)
+ TODO: check
CVE-2021-24005 (Usage of hard-coded cryptographic keys to encrypt
configuration files ...)
NOT-FOR-US: FortiGuard
CVE-2021-24004
@@ -87859,8 +87877,8 @@ CVE-2020-15941
RESERVED
CVE-2020-15940
RESERVED
-CVE-2020-15939
- RESERVED
+CVE-2020-15939 (An improper access control vulnerability (CWE-284) in
FortiSandbox ver ...)
+ TODO: check
CVE-2020-15938 (When traffic other than HTTP/S (eg: SSH traffic, etc...)
traverses the ...)
NOT-FOR-US: FortiGate FortiGuard
CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate
version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dfcafcbdbcd0fd599046d686d9b5202c52104a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dfcafcbdbcd0fd599046d686d9b5202c52104a0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
