Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1aa9950a by security tracker role at 2021-10-04T08:10:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,213 @@
+CVE-2021-41970
+ RESERVED
+CVE-2021-41969
+ RESERVED
+CVE-2021-41968
+ RESERVED
+CVE-2021-41967
+ RESERVED
+CVE-2021-41966
+ RESERVED
+CVE-2021-41965
+ RESERVED
+CVE-2021-41964
+ RESERVED
+CVE-2021-41963
+ RESERVED
+CVE-2021-41962
+ RESERVED
+CVE-2021-41961
+ RESERVED
+CVE-2021-41960
+ RESERVED
+CVE-2021-41959
+ RESERVED
+CVE-2021-41958
+ RESERVED
+CVE-2021-41957
+ RESERVED
+CVE-2021-41956
+ RESERVED
+CVE-2021-41955
+ RESERVED
+CVE-2021-41954
+ RESERVED
+CVE-2021-41953
+ RESERVED
+CVE-2021-41952
+ RESERVED
+CVE-2021-41951
+ RESERVED
+CVE-2021-41950
+ RESERVED
+CVE-2021-41949
+ RESERVED
+CVE-2021-41948
+ RESERVED
+CVE-2021-41947
+ RESERVED
+CVE-2021-41946
+ RESERVED
+CVE-2021-41945
+ RESERVED
+CVE-2021-41944
+ RESERVED
+CVE-2021-41943
+ RESERVED
+CVE-2021-41942
+ RESERVED
+CVE-2021-41941
+ RESERVED
+CVE-2021-41940
+ RESERVED
+CVE-2021-41939
+ RESERVED
+CVE-2021-41938
+ RESERVED
+CVE-2021-41937
+ RESERVED
+CVE-2021-41936
+ RESERVED
+CVE-2021-41935
+ RESERVED
+CVE-2021-41934
+ RESERVED
+CVE-2021-41933
+ RESERVED
+CVE-2021-41932
+ RESERVED
+CVE-2021-41931
+ RESERVED
+CVE-2021-41930
+ RESERVED
+CVE-2021-41929
+ RESERVED
+CVE-2021-41928
+ RESERVED
+CVE-2021-41927
+ RESERVED
+CVE-2021-41926
+ RESERVED
+CVE-2021-41925
+ RESERVED
+CVE-2021-41924
+ RESERVED
+CVE-2021-41923
+ RESERVED
+CVE-2021-41922
+ RESERVED
+CVE-2021-41921
+ RESERVED
+CVE-2021-41920
+ RESERVED
+CVE-2021-41919
+ RESERVED
+CVE-2021-41918
+ RESERVED
+CVE-2021-41917
+ RESERVED
+CVE-2021-41916
+ RESERVED
+CVE-2021-41915
+ RESERVED
+CVE-2021-41914
+ RESERVED
+CVE-2021-41913
+ RESERVED
+CVE-2021-41912
+ RESERVED
+CVE-2021-41911
+ RESERVED
+CVE-2021-41910
+ RESERVED
+CVE-2021-41909
+ RESERVED
+CVE-2021-41908
+ RESERVED
+CVE-2021-41907
+ RESERVED
+CVE-2021-41906
+ RESERVED
+CVE-2021-41905
+ RESERVED
+CVE-2021-41904
+ RESERVED
+CVE-2021-41903
+ RESERVED
+CVE-2021-41902
+ RESERVED
+CVE-2021-41901
+ RESERVED
+CVE-2021-41900
+ RESERVED
+CVE-2021-41899
+ RESERVED
+CVE-2021-41898
+ RESERVED
+CVE-2021-41897
+ RESERVED
+CVE-2021-41896
+ RESERVED
+CVE-2021-41895
+ RESERVED
+CVE-2021-41894
+ RESERVED
+CVE-2021-41893
+ RESERVED
+CVE-2021-41892
+ RESERVED
+CVE-2021-41891
+ RESERVED
+CVE-2021-41890
+ RESERVED
+CVE-2021-41889
+ RESERVED
+CVE-2021-41888
+ RESERVED
+CVE-2021-41887
+ RESERVED
+CVE-2021-41886
+ RESERVED
+CVE-2021-41885
+ RESERVED
+CVE-2021-41884
+ RESERVED
+CVE-2021-41883
+ RESERVED
+CVE-2021-41882
+ RESERVED
+CVE-2021-41881
+ RESERVED
+CVE-2021-41880
+ RESERVED
+CVE-2021-41879
+ RESERVED
+CVE-2021-41878
+ RESERVED
+CVE-2021-41877
+ RESERVED
+CVE-2021-41876
+ RESERVED
+CVE-2021-41875
+ RESERVED
+CVE-2021-41874
+ RESERVED
+CVE-2021-41873
+ RESERVED
+CVE-2021-41872
+ RESERVED
+CVE-2021-41871
+ RESERVED
+CVE-2021-41870
+ RESERVED
+CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is
vulnerable ...)
+ TODO: check
+CVE-2021-41868
+ RESERVED
+CVE-2021-41867
+ RESERVED
+CVE-2021-41866
+ RESERVED
CVE-2021-3853
RESERVED
CVE-2021-3852
@@ -11,8 +221,8 @@ CVE-2021-41863
RESERVED
CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an
expression th ...)
NOT-FOR-US: AviatorScript
-CVE-2021-41861
- RESERVED
+CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does
not prop ...)
+ TODO: check
CVE-2021-41860
RESERVED
CVE-2021-41859
@@ -1193,8 +1403,8 @@ CVE-2021-41324 (Directory traversal in the Copy, Move,
and Delete features in Py
NOT-FOR-US: Pydio Cells
CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells
2.2.9 allow ...)
NOT-FOR-US: Pydio Cells
-CVE-2021-41322
- RESERVED
+CVE-2021-41322 (Poly VVX 400/410 through 5.3.1 allows low-privileged users to
change t ...)
+ TODO: check
CVE-2021-41321
RESERVED
CVE-2021-41320
@@ -1307,8 +1517,8 @@ CVE-2016-20012 (OpenSSH through 8.7 allows remote
attackers, who have a suspicio
- openssh <unfixed> (unimportant)
NOTE: https://github.com/openssh/openssh-portable/pull/270
NOTE: Negligible impact, not treated as a security issue by upstream
-CVE-2021-41285
- RESERVED
+CVE-2021-41285 (Ballistix MOD Utility through 2.0.2.5 is vulnerable to
privilege escal ...)
+ TODO: check
CVE-2021-41284
RESERVED
CVE-2021-41283
@@ -3506,14 +3716,11 @@ CVE-2021-40327
RESERVED
CVE-2021-40326
RESERVED
-CVE-2021-40325
- RESERVED
+CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for
modification of s ...)
- cobbler <removed>
-CVE-2021-40324
- RESERVED
+CVE-2021-40324 (Cobbler before 3.3.0 allows arbitrary file write operations
via upload ...)
- cobbler <removed>
-CVE-2021-40323
- RESERVED
+CVE-2021-40323 (Cobbler before 3.3.0 allows log poisoning, and resultant
Remote Code E ...)
- cobbler <removed>
CVE-2021-40322
RESERVED
@@ -19543,6 +19750,7 @@ CVE-2021-33482
CVE-2021-33478 (The TrustZone implementation in certain Broadcom MediaxChange
firmware ...)
NOT-FOR-US: Broadcom
CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A
flawed bound ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.8-3
[buster] - fig2dev 1:3.2.7a-5+deb10u4
- transfig <removed>
@@ -22497,6 +22705,7 @@ CVE-2021-32282 (An issue was discovered in gravity
through 0.8.1. A NULL pointer
CVE-2021-32281 (An issue was discovered in gravity through 0.8.1. A
heap-buffer-overfl ...)
NOT-FOR-US: Gravity
CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL
pointer deref ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.7b-5 (bug #960736)
[buster] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
@@ -48583,16 +48792,14 @@ CVE-2021-21708
RESERVED
CVE-2021-21707
RESERVED
-CVE-2021-21706 [ZipArchive::extractTo extracts outside of destination]
- RESERVED
+CVE-2021-21706 (In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and
8.0.x below ...)
- php8.0 <unfixed>
- php7.4 <unfixed>
- php7.3 <removed>
- php7.0 <removed>
NOTE: Fixed in 8.0.11, 7.4.24, 7.3.31
NOTE: PHP Bug: https://bugs.php.net/81420
-CVE-2021-21705 [PHP: SSRF bypass in FILTER_VALIDATE_URL]
- RESERVED
+CVE-2021-21705 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and
8.0.x below ...)
{DSA-4935-1 DLA-2708-1}
- php8.0 8.0.8-1 (bug #990575)
- php7.4 7.4.21-1+deb11u1
@@ -48600,8 +48807,7 @@ CVE-2021-21705 [PHP: SSRF bypass in FILTER_VALIDATE_URL]
- php7.0 <removed>
NOTE: Fixed in 8.0.8, 7.4.21, 7.3.29
NOTE: PHP Bug: https://bugs.php.net/81122
-CVE-2021-21704 [PHP: firebird issues]
- RESERVED
+CVE-2021-21704 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and
8.0.x below ...)
{DSA-4935-1 DLA-2708-1}
- php8.0 8.0.8-1 (bug #990575)
- php7.4 7.4.21-1+deb11u1
@@ -79352,6 +79558,7 @@ CVE-2020-21677 (A heap-based buffer overflow in the
sixel_encoder_output_without
NOTE: https://github.com/saitoha/libsixel/issues/123
NOTE:
https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d
CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component
in genp ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.8-1
[buster] - fig2dev <no-dsa> (Minor issue)
[stretch] - fig2dev <not-affected> (Vulnerable code introduced later)
@@ -79360,6 +79567,7 @@ CVE-2020-21676 (A stack-based buffer overflow in the
genpstrx_text() component i
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/acccc89c20206a5db1f463438ba444e35bcb400e/
(3.2.8)
NOTE: Introduced by
https://sourceforge.net/p/mcj/fig2dev/ci/102f607eea49785d4a9c9c24af85f046c23674de
(3.2.7)
CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in
genptk.c ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.7b-3
[buster] - fig2dev 1:3.2.7a-5+deb10u3
- transfig <removed>
@@ -79707,24 +79915,28 @@ CVE-2020-21537
CVE-2020-21536
RESERVED
CVE-2020-21535 (fig2dev 3.2.7b contains a segmentation fault in the
gencgm_start funct ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.7b-3
[buster] - fig2dev 1:3.2.7a-5+deb10u2
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/62/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/
(3.2.8)
CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the
get_line funct ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.7b-3
[buster] - fig2dev 1:3.2.7a-5+deb10u2
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/58/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/
(3.2.8)
CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the
read_textobject ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.7b-3
[buster] - fig2dev 1:3.2.7a-5+deb10u2
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/59/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/
(3.2.8)
CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the
setfigfont fun ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.8-1
[buster] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
@@ -79732,18 +79944,21 @@ CVE-2020-21532 (fig2dev 3.2.7b contains a global
buffer overflow in the setfigfo
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/
(3.2.8)
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/
(3.2.8)
CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the
conv_pattern_i ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.8-1
[buster] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/63/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/
(3.2.8)
CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the
read_objects funct ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.7b-3
[buster] - fig2dev 1:3.2.7a-5+deb10u2
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/61/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/
(3.2.8)
CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the
bezier_spline f ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.8-1
[buster] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
@@ -126172,6 +126387,7 @@ CVE-2019-19799 (Zoho ManageEngine Applications
Manager before 14600 allows a rem
CVE-2019-19798
RESERVED
CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an
out-of-bounds wr ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.7b-3 (bug #946866)
[buster] - fig2dev 1:3.2.7a-5+deb10u3
- transfig <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aa9950aa1c82ef7d7aa017f9caa7ed83e703925
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aa9950aa1c82ef7d7aa017f9caa7ed83e703925
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
