Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1dba81c9 by security tracker role at 2021-10-06T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-42012
+ RESERVED
+CVE-2021-42011
+ RESERVED
+CVE-2021-3863
+ RESERVED
CVE-2021-42010
RESERVED
CVE-2021-42009
@@ -1963,16 +1969,16 @@ CVE-2021-41126
RESERVED
CVE-2021-41125
RESERVED
-CVE-2021-41124
- RESERVED
+CVE-2021-41124 (Scrapy-splash is a library which provides Scrapy and
JavaScript integr ...)
+ TODO: check
CVE-2021-41123 (Survey Solutions is a survey management and data collection
system. In ...)
NOT-FOR-US: Survey Solutions
-CVE-2021-41122
- RESERVED
+CVE-2021-41122 (Vyper is a Pythonic Smart Contract Language for the EVM. In
affected v ...)
+ TODO: check
CVE-2021-41121
RESERVED
-CVE-2021-41120
- RESERVED
+CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius
development pla ...)
+ TODO: check
CVE-2021-41119
RESERVED
CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for
MediaWiki, list ...)
@@ -14266,8 +14272,8 @@ CVE-2021-35936 (If remote logging is not used, the
worker (in the case of Celery
- airflow <itp> (bug #819700)
CVE-2021-3626 (The Windows version of Multipass before 1.7.0 allowed any local
proces ...)
NOT-FOR-US: Multipass
-CVE-2021-3625
- RESERVED
+CVE-2021-3625 (Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >=
v2.5.0 ...)
+ TODO: check
CVE-2021-35935
RESERVED
CVE-2021-35934
@@ -18950,10 +18956,10 @@ CVE-2021-33851
RESERVED
CVE-2021-33850
RESERVED
-CVE-2021-33849
- RESERVED
-CVE-2021-3581
- RESERVED
+CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code
(JavaScri ...)
+ TODO: check
+CVE-2021-3581 (Buffer Access with Incorrect Length Value in zephyr. Zephyr
versions & ...)
+ TODO: check
CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions
handled ...)
{DSA-4933-1 DLA-2760-1}
- nettle 3.7.3-1 (bug #989631)
@@ -23710,12 +23716,12 @@ CVE-2021-31990
RESERVED
CVE-2021-31989 (A user with permission to log on to the machine hosting the
AXIS Devic ...)
NOT-FOR-US: AXIS
-CVE-2021-31988
- RESERVED
-CVE-2021-31987
- RESERVED
-CVE-2021-31986
- RESERVED
+CVE-2021-31988 (A user controlled parameter related to SMTP test functionality
is not ...)
+ TODO: check
+CVE-2021-31987 (A user controlled parameter related to SMTP test functionality
is not ...)
+ TODO: check
+CVE-2021-31986 (User controlled parameters related to SMTP notifications are
not corre ...)
+ TODO: check
CVE-2021-31985 (Microsoft Defender Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-31984 (Power BI Remote Code Execution Vulnerability ...)
@@ -25016,8 +25022,8 @@ CVE-2021-31524
RESERVED
CVE-2021-31522
RESERVED
-CVE-2021-3510
- RESERVED
+CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr
version ...)
+ TODO: check
CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard
component ...)
- ceph 14.2.21-1 (bug #988888)
[buster] - ceph <not-affected> (Vulnerable code introduced later)
@@ -33360,8 +33366,8 @@ CVE-2021-3438 (A potential buffer overflow in the
software drivers for certain H
NOT-FOR-US: HP LaserJet products and Samsung product printers
CVE-2021-3437
RESERVED
-CVE-2021-3436
- RESERVED
+CVE-2021-3436 (BT: Possible to overwrite an existing bond during keys
distribution ph ...)
+ TODO: check
CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in
PEI. Re ...)
- edk2 <unfixed>
[bullseye] - edk2 <no-dsa> (Minor issue)
@@ -38158,8 +38164,8 @@ CVE-2021-3321
RESERVED
CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions
>= v2 ...)
NOT-FOR-US: Zephyr, different from src:zephyr
-CVE-2021-3319
- RESERVED
+CVE-2021-3319 (DOS: Incorrect 802154 Frame Validation for Omitted Source /
Dest Addre ...)
+ TODO: check
CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the
editori ...)
NOT-FOR-US: DzzOffice
CVE-2021-26274 (The Agent in NinjaRMM 5.0.909 has Insecure Permissions. ...)
@@ -80196,14 +80202,14 @@ CVE-2020-21508
RESERVED
CVE-2020-21507
RESERVED
-CVE-2020-21506
- RESERVED
-CVE-2020-21505
- RESERVED
-CVE-2020-21504
- RESERVED
-CVE-2020-21503
- RESERVED
+CVE-2020-21506 (waimai Super Cms 20150505 contains a cross-site scripting
(XSS) vulner ...)
+ TODO: check
+CVE-2020-21505 (waimai Super Cms 20150505 contains a cross-site scripting
(XSS) vulner ...)
+ TODO: check
+CVE-2020-21504 (waimai Super Cms 20150505 contains a cross-site scripting
(XSS) vulner ...)
+ TODO: check
+CVE-2020-21503 (waimai Super Cms 20150505 has a logic flaw allowing attackers
to modif ...)
+ TODO: check
CVE-2020-21502
RESERVED
CVE-2020-21501
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dba81c98b533aa66522a4911a2206d7fb2e2bf0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dba81c98b533aa66522a4911a2206d7fb2e2bf0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
