Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4abf0cb0 by security tracker role at 2021-10-01T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-3845
+ RESERVED
CVE-2021-41832
RESERVED
CVE-2021-41831
@@ -1093,8 +1095,8 @@ CVE-2021-41326 (In MISP before 2.4.148,
app/Lib/Export/OpendataExport.php mishan
NOT-FOR-US: MISP
CVE-2021-41325 (Broken access control for user creation in Pydio Cells 2.2.9
allows re ...)
NOT-FOR-US: Pydio Cells
-CVE-2021-41324
- RESERVED
+CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in
Pydio Ce ...)
+ TODO: check
CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells
2.2.9 allow ...)
NOT-FOR-US: Pydio Cells
CVE-2021-41322
@@ -1579,8 +1581,8 @@ CVE-2021-41103
RESERVED
CVE-2021-41102
RESERVED
-CVE-2021-41101
- RESERVED
+CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure
collaboratio ...)
+ TODO: check
CVE-2021-41100
RESERVED
CVE-2021-41099
@@ -3763,8 +3765,8 @@ CVE-2021-40156 (A maliciously crafted DWG file in
Autodesk Navisworks 2019, 2020
NOT-FOR-US: Autodesk
CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019,
2020, 2021 ...)
NOT-FOR-US: Autodesk
-CVE-2021-3747
- RESERVED
+CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2,
acciden ...)
+ TODO: check
CVE-2021-40154
RESERVED
CVE-2021-40152
@@ -6811,7 +6813,7 @@ CVE-2021-38860
CVE-2021-38859
RESERVED
CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an
ASN1_STR ...)
- {DSA-4963-1 DLA-2766-1}
+ {DSA-4963-1 DLA-2774-1 DLA-2766-1}
- openssl 1.1.1l-1
- openssl1.0 <removed>
NOTE: https://www.openssl.org/news/secadv/20210824.txt
@@ -7137,11 +7139,9 @@ CVE-2021-38709 (In ocProducts Composr CMS before
10.0.38, an attacker can inject
NOT-FOR-US: ocProducts Composr CMS
CVE-2021-38708 (In ocProducts Composr CMS before 10.0.38, an attacker can
inject JavaS ...)
NOT-FOR-US: ocProducts Composr CMS
-CVE-2021-3710
- RESERVED
+CVE-2021-3710 (An information disclosure via path traversal was discovered in
apport/ ...)
NOT-FOR-US: Apport
-CVE-2021-3709
- RESERVED
+CVE-2021-3709 (Function check_attachment_for_errors() in file
data/general-hooks/ubun ...)
NOT-FOR-US: Apport
CVE-2021-38711 (In gitit before 0.15.0.0, the Export feature can be exploited
to leak ...)
- gitit <unfixed> (bug #992297)
@@ -7220,8 +7220,8 @@ CVE-2021-38677
RESERVED
CVE-2021-38676
RESERVED
-CVE-2021-38675
- RESERVED
+CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
CVE-2021-38674
RESERVED
CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly'
Flag ...)
@@ -13763,8 +13763,8 @@ CVE-2021-35937 [TOCTOU race in checks for unsafe
symlinks]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125
CVE-2021-35936 (If remote logging is not used, the worker (in the case of
CeleryExecut ...)
- airflow <itp> (bug #819700)
-CVE-2021-3626
- RESERVED
+CVE-2021-3626 (The Windows version of Multipass before 1.7.0 allowed any local
proces ...)
+ TODO: check
CVE-2021-3625
RESERVED
CVE-2021-35935
@@ -17311,16 +17311,16 @@ CVE-2021-34358
RESERVED
CVE-2021-34357
RESERVED
-CVE-2021-34356
- RESERVED
-CVE-2021-34355
- RESERVED
-CVE-2021-34354
- RESERVED
+CVE-2021-34356 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2021-34355 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2021-34354 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
CVE-2021-34353
RESERVED
-CVE-2021-34352
- RESERVED
+CVE-2021-34352 (A command injection vulnerability has been reported to affect
QNAP dev ...)
+ TODO: check
CVE-2021-34351 (A command injection vulnerability has been reported to affect
QNAP dev ...)
NOT-FOR-US: QNAP
CVE-2021-34350
@@ -19010,8 +19010,8 @@ CVE-2021-33628
RESERVED
CVE-2021-33627
RESERVED
-CVE-2021-33626
- RESERVED
+CVE-2021-33626 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did
not cor ...)
+ TODO: check
CVE-2021-33625
RESERVED
CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a
branch ...)
@@ -19105,8 +19105,8 @@ CVE-2021-33585
RESERVED
CVE-2021-33584
RESERVED
-CVE-2021-33583
- RESERVED
+CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with
an sa pas ...)
+ TODO: check
CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a
denial of s ...)
- cyrus-imapd 3.4.2-1 (bug #993433)
[bullseye] - cyrus-imapd <no-dsa> (Minor issue; pending fix via point
release)
@@ -45383,10 +45383,12 @@ CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5
and below allows an attacke
CVE-2021-22948 (Vulnerability in the generation of session IDs in
revive-adserver < ...)
NOT-FOR-US: revive-adserver
CVE-2021-22947 (When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or
POP3 se ...)
+ {DLA-2773-1}
- curl <unfixed>
NOTE: https://curl.se/docs/CVE-2021-22947.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68
(curl-7_79_0)
CVE-2021-22946 (A user can tell curl >= 7.20.0 and <= 7.78.0 to require
a succes ...)
+ {DLA-2773-1}
- curl <unfixed>
NOTE: https://curl.se/docs/CVE-2021-22946.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca
(curl-7_79_0)
@@ -66248,7 +66250,7 @@ CVE-2020-27341
RESERVED
CVE-2020-27340 (The online help portal of Mitel MiCollab before 9.2 could
allow an att ...)
NOT-FOR-US: Mitel
-CVE-2020-27339 (Insyde found that a number of SMM drivers in InsydeH2O did not
correct ...)
+CVE-2020-27339 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did
not cor ...)
NOT-FOR-US: Insyde
CVE-2020-27338 (An issue was discovered in Treck IPv6 before 6.0.1.68.
Improper Input ...)
NOT-FOR-US: Treck
@@ -81127,14 +81129,14 @@ CVE-2020-20801
RESERVED
CVE-2020-20800 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL
Injection ...)
NOT-FOR-US: MetInfo
-CVE-2020-20799
- RESERVED
+CVE-2020-20799 (JeeCMS 1.0.1 contains a stored cross-site scripting (XSS)
vulnerabilit ...)
+ TODO: check
CVE-2020-20798
RESERVED
-CVE-2020-20797
- RESERVED
-CVE-2020-20796
- RESERVED
+CVE-2020-20797 (FlameCMS 3.3.5 contains a time-based blind SQL injection
vulnerability ...)
+ TODO: check
+CVE-2020-20796 (FlameCMS 3.3.5 contains a SQL injection vulnerability in
/master/artic ...)
+ TODO: check
CVE-2020-20795
RESERVED
CVE-2020-20794
@@ -81233,8 +81235,8 @@ CVE-2020-20748
RESERVED
CVE-2020-20747
RESERVED
-CVE-2020-20746
- RESERVED
+CVE-2020-20746 (A stack-based buffer overflow in the httpd server on Tenda AC9
V15.03. ...)
+ TODO: check
CVE-2020-20745
RESERVED
CVE-2020-20744
@@ -213534,7 +213536,7 @@ CVE-2018-11440 (Liblouis 3.5.0 has a stack-based
Buffer Overflow in the function
NOTE: https://github.com/liblouis/liblouis/issues/575
NOTE:
https://github.com/liblouis/liblouis/commit/4417bad83df4481ed58419b28c5c91b9649e2a86
CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp
in TagLi ...)
- {DLA-1430-1}
+ {DLA-2772-1 DLA-1430-1}
- taglib 1.11.1+dfsg.1-0.3 (bug #903847)
NOTE: PoC: http://seclists.org/fulldisclosure/2018/May/49
NOTE: Upstream issue: https://github.com/taglib/taglib/issues/868
@@ -260257,6 +260259,7 @@ CVE-2017-12680 (Cross-Site Scripting (XSS) exists in
NexusPHP 1.5 via the type p
CVE-2017-12679 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the
delcheater ...)
NOT-FOR-US: NexusPHP
CVE-2017-12678 (In TagLib 1.11.1, the rebuildAggregateFrames function in
id3v2framefac ...)
+ {DLA-2772-1}
- taglib 1.11.1+dfsg.1-0.2 (bug #871511)
[jessie] - taglib <not-affected> (Vulnerable code not present)
[wheezy] - taglib <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4abf0cb0fbddc45d7b36a2fdee9e6a2578ce12ec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4abf0cb0fbddc45d7b36a2fdee9e6a2578ce12ec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
