Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
534ccfae by security tracker role at 2021-07-22T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before
7.10.4-rev18 allows ...)
+ TODO: check
+CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before
7.10.4-rev18 allows ...)
+ TODO: check
+CVE-2021-3660
+ RESERVED
CVE-2021-37401
RESERVED
CVE-2021-37400
@@ -2512,8 +2518,7 @@ CVE-2021-36224
RESERVED
CVE-2021-36223
RESERVED
-CVE-2021-36222 [sending a request containing a PA-ENCRYPTED-CHALLENGE padata
element without using FAST could result in null dereference in the KDC which
leads to DoS]
- RESERVED
+CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution
Center (KDC) ...)
- krb5 1.18.3-6 (bug #991365)
NOTE:
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
CVE-2021-36221
@@ -3235,8 +3240,7 @@ CVE-2021-35944
RESERVED
CVE-2021-35943
RESERVED
-CVE-2021-35942 [Wild read in wordexp (parse_param)]
- RESERVED
+CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through
2.33 may ...)
- glibc 2.31-13 (bug #990542)
[buster] - glibc <no-dsa> (Minor issue)
[stretch] - glibc <no-dsa> (Minor issue)
@@ -4129,12 +4133,12 @@ CVE-2021-35524
RESERVED
CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has
unsafe conf ...)
NOT-FOR-US: Securepoint
-CVE-2021-35522
- RESERVED
-CVE-2021-35521
- RESERVED
-CVE-2021-35520
- RESERVED
+CVE-2021-35522 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho
Wave Com ...)
+ TODO: check
+CVE-2021-35521 (A path traversal in Thrift command handlers in IDEMIA Morpho
Wave Comp ...)
+ TODO: check
+CVE-2021-35520 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho
Wave Com ...)
+ TODO: check
CVE-2021-35519
RESERVED
CVE-2021-35518
@@ -4298,8 +4302,8 @@ CVE-2021-35466
RESERVED
CVE-2021-35465
RESERVED
-CVE-2021-35464
- RESERVED
+CVE-2021-35464 (ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a
Java deseri ...)
+ TODO: check
CVE-2021-35463
RESERVED
CVE-2021-35462
@@ -5125,8 +5129,7 @@ CVE-2021-35065
RESERVED
CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege
escalation thro ...)
NOT-FOR-US: KramerAV VIAWare
-CVE-2021-35063
- RESERVED
+CVE-2021-35063 (Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical
evasion." ...)
[experimental] - suricata 1:6.0.3-1~exp1
- suricata 1:6.0.1-3 (bug #990835)
[buster] - suricata <no-dsa> (Minor issue)
@@ -5927,8 +5930,8 @@ CVE-2021-34702
RESERVED
CVE-2021-34701
RESERVED
-CVE-2021-34700
- RESERVED
+CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage
Software ...)
+ TODO: check
CVE-2021-34699
RESERVED
CVE-2021-34698
@@ -6326,6 +6329,7 @@ CVE-2021-34554
CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a
remote au ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library)
through 1.1. ...)
+ {DLA-2716-1}
- pillow 8.1.2+dfsg-0.3 (bug #991293)
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
NOTE: https://github.com/python-pillow/Pillow/pull/5567
@@ -6590,8 +6594,8 @@ CVE-2021-34433
RESERVED
CVE-2021-34432
RESERVED
-CVE-2021-34431
- RESERVED
+CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an
authenticated client ...)
+ TODO: check
CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function
in the C ...)
NOT-FOR-US: Eclipse TinyDTLS
CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 &
11.0.1-1 ...)
@@ -8800,8 +8804,8 @@ CVE-2021-33483
RESERVED
CVE-2021-33482
RESERVED
-CVE-2021-33478
- RESERVED
+CVE-2021-33478 (The TrustZone implementation in certain Broadcom MediaxChange
firmware ...)
+ TODO: check
CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A
flawed bound ...)
- fig2dev 1:3.2.8-3
[buster] - fig2dev 1:3.2.7a-5+deb10u4
@@ -9843,8 +9847,8 @@ CVE-2021-33034 (In the Linux kernel before 5.12.4,
net/bluetooth/hci_event.c has
- linux 5.10.38-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3
-CVE-2021-33032
- RESERVED
+CVE-2021-33032 (eQ-3 HomeMatic CCU2 2.57.5 and CCU3 3.57.5 devices allow
remote code e ...)
+ TODO: check
CVE-2021-33031 (In LabCup before <v2_next_18022, it is possible to use the
save API ...)
NOT-FOR-US: LabCup
CVE-2021-33030
@@ -10437,6 +10441,7 @@ CVE-2021-32763 (OpenProject is open-source, web-based
project management softwar
CVE-2021-32762
RESERVED
CVE-2021-32761 (Redis is an in-memory database that persists on disk. A
vulnerability ...)
+ {DLA-2717-1}
- redis 5:6.0.15-1 (bug #991375)
[buster] - redis <no-dsa> (Minor issue)
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj
@@ -10537,7 +10542,7 @@ CVE-2021-32724
RESERVED
CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before
1.24.0 a ...)
NOT-FOR-US: Prism
-CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. All existing versions
of Glob ...)
+CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to
48be7adb705 ...)
NOT-FOR-US: GlobalNewFiles MediaWiki extension
CVE-2021-32721 (PowerMux is a drop-in replacement for Go's http.ServeMux. In
PowerMux ...)
NOT-FOR-US: PowerMux
@@ -11211,8 +11216,8 @@ CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01
makes use of a hardcoded p
NOT-FOR-US: SITEL CAP/PRX firmware
CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with
access t ...)
NOT-FOR-US: SITEL CAP/PRX firmware
-CVE-2021-3540
- RESERVED
+CVE-2021-3540 (By abusing the 'install rpm info detail' command, an attacker
can esca ...)
+ TODO: check
CVE-2021-32452
RESERVED
CVE-2021-32451
@@ -13432,12 +13437,12 @@ CVE-2021-31583 (Sipwise C5 NGCP CSC through
CE_mr9.3.1 has multiple authenticate
NOT-FOR-US: Sipwise
CVE-2021-31582
RESERVED
-CVE-2021-31581
- RESERVED
-CVE-2021-31580
- RESERVED
-CVE-2021-31579
- RESERVED
+CVE-2021-31581 (The restricted shell provided by Akkadian Provisioning Manager
Engine ...)
+ TODO: check
+CVE-2021-31580 (The restricted shell provided by Akkadian Provisioning Manager
Engine ...)
+ TODO: check
+CVE-2021-31579 (Akkadian Provisioning Manager Engine (PME) ships with a
hard-coded cre ...)
+ TODO: check
CVE-2021-31578
RESERVED
CVE-2021-31577
@@ -16162,8 +16167,8 @@ CVE-2015-20001 (In the standard library in Rust before
1.2.0, BinaryHeap is not
NOTE: https://github.com/rust-lang/rust/pull/25856
CVE-2021-30487 (In the topic moving API in Zulip Server 3.x before 3.4,
organization a ...)
- zulip-server <itp> (bug #800052)
-CVE-2021-30486
- RESERVED
+CVE-2021-30486 (SysAid 20.3.64 b14 is affected by Blind and Stacker SQL
injection via ...)
+ TODO: check
CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The
function ezx ...)
{DLA-2705-1}
- mapcache <unfixed> (bug #989363)
@@ -17164,8 +17169,8 @@ CVE-2021-30112 (Web-School ERP V 5.0 contains a
cross-site request forgery (CSRF
NOT-FOR-US: Web-School ERP
CVE-2021-30111 (A stored XSS vulnerability exists in Web-School ERP V 5.0 via
(Add Eve ...)
NOT-FOR-US: Web-School ERP
-CVE-2021-30110
- RESERVED
+CVE-2021-30110 (dttray.exe in Greyware Automation Products Inc Domain Time II
before 5 ...)
+ TODO: check
CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS).
Under c ...)
NOT-FOR-US: Froala Editor
CVE-2021-30108 (Feehi CMS 2.1.1 is affected by a Server-side request forgery
(SSRF) vu ...)
@@ -17286,8 +17291,8 @@ CVE-2021-30051
RESERVED
CVE-2021-30050
RESERVED
-CVE-2021-30049
- RESERVED
+CVE-2021-30049 (SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS)
via a /Ke ...)
+ TODO: check
CVE-2021-30048 (Directory Traversal in the fileDownload function in
com/java2nb/common ...)
NOT-FOR-US: Novel-plus
CVE-2021-30047
@@ -18242,8 +18247,7 @@ CVE-2021-29659 (ownCloud 10.7 has an incorrect access
control vulnerability, lea
- owncloud <removed>
CVE-2021-29658 (The unofficial vscode-rufo extension before 0.0.4 for Visual
Studio Co ...)
NOT-FOR-US: vscode-rufo extension for Visual Studio Code
-CVE-2021-29657 [KVM: SVM: load control fields from VMCB12 before checking them]
- RESERVED
+CVE-2021-29657 (arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12
has a use ...)
- linux 5.10.28-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -19561,10 +19565,10 @@ CVE-2021-29151 (A remote authentication bypass
vulnerability was discovered in A
NOT-FOR-US: Aruba
CVE-2021-29150 (A remote insecure deserialization vulnerability was discovered
in Arub ...)
NOT-FOR-US: Aruba
-CVE-2021-29149
- RESERVED
-CVE-2021-29148
- RESERVED
+CVE-2021-29149 (A local bypass security restrictions vulnerability was
discovered in A ...)
+ TODO: check
+CVE-2021-29148 (A local cross-site scripting (XSS) vulnerability was
discovered in Aru ...)
+ TODO: check
CVE-2021-29147 (A remote arbitrary command execution vulnerability was
discovered in A ...)
NOT-FOR-US: Aruba
CVE-2021-29146 (A remote cross-site scripting (XSS) vulnerability was
discovered in Ar ...)
@@ -19573,8 +19577,8 @@ CVE-2021-29145 (A remote server side request forgery
(SSRF) remote code executio
NOT-FOR-US: Aruba
CVE-2021-29144 (A remote disclosure of sensitive information vulnerability was
discove ...)
NOT-FOR-US: Aruba
-CVE-2021-29143
- RESERVED
+CVE-2021-29143 (A remote execution of arbitrary commands vulnerability was
discovered ...)
+ TODO: check
CVE-2021-29142 (A remote cross-site scripting (XSS) vulnerability was
discovered in Ar ...)
NOT-FOR-US: Aruba
CVE-2021-29141 (A remote disclosure of sensitive information vulnerability was
discove ...)
@@ -20666,12 +20670,14 @@ CVE-2021-28678 (An issue was discovered in Pillow
before 8.2.0. For BLP data, Bl
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
NOTE:
https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1
CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data,
the read ...)
+ {DLA-2716-1}
[experimental] - pillow 8.2.0-1
- pillow 8.1.2+dfsg-0.2 (bug #989062)
[buster] - pillow <no-dsa> (Minor issue)
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
NOTE:
https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data,
FliDecod ...)
+ {DLA-2716-1}
[experimental] - pillow 8.2.0-1
- pillow 8.1.2+dfsg-0.2 (bug #989062)
[buster] - pillow <ignored> (Minor issue)
@@ -21995,8 +22001,7 @@ CVE-2021-3427
RESERVED
CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows
unauthenticated ...)
NOT-FOR-US: LUCY Security Awareness Software
-CVE-2021-28131
- RESERVED
+CVE-2021-28131 (Impala sessions use a 16 byte secret to verify that the
session is not ...)
NOT-FOR-US: Apache Impala
CVE-2021-28130
RESERVED
@@ -23899,8 +23904,8 @@ CVE-2021-27334
RESERVED
CVE-2021-27333
RESERVED
-CVE-2021-27332
- RESERVED
+CVE-2021-27332 (Cross-site scripting (XSS) vulnerability in SourceCodester
CASAP Autom ...)
+ TODO: check
CVE-2021-27331
RESERVED
CVE-2021-27330 (Triconsole Datepicker Calendar <3.77 is affected by
cross-site scri ...)
@@ -25234,14 +25239,14 @@ CVE-2021-26767
RESERVED
CVE-2021-26766
RESERVED
-CVE-2021-26765
- RESERVED
-CVE-2021-26764
- RESERVED
+CVE-2021-26765 (SQL injection vulnerability in PHPGurukul Student Record
System 4.0 al ...)
+ TODO: check
+CVE-2021-26764 (SQL injection vulnerability in PHPGurukul Student Record
System v 4.0 ...)
+ TODO: check
CVE-2021-26763
RESERVED
-CVE-2021-26762
- RESERVED
+CVE-2021-26762 (SQL injection vulnerability in PHPGurukul Student Record
System 4.0 al ...)
+ TODO: check
CVE-2021-26761
RESERVED
CVE-2021-26760
@@ -25383,10 +25388,10 @@ CVE-2021-26701 (.NET Core Remote Code Execution
Vulnerability This CVE ID is uni
NOT-FOR-US: Microsoft
CVE-2021-26700 (Visual Studio Code npm-script Extension Remote Code Execution
Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2021-26699
- RESERVED
-CVE-2021-26698
- RESERVED
+CVE-2021-26699 (OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4
allows S ...)
+ TODO: check
+CVE-2021-26698 (OX App Suite before 7.10.3-rev32 and 7.10.4 before
7.10.4-rev18 allows ...)
+ TODO: check
CVE-2021-26708 (A local privilege escalation was discovered in the Linux
kernel before ...)
- linux 5.10.13-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -26624,26 +26629,26 @@ CVE-2021-26234 (FastStone Image Viewer <= 7.5 is
affected by a user mode writ
NOT-FOR-US: FastStone Image Viewer
CVE-2021-26233 (FastStone Image Viewer <= 7.5 is affected by a user mode
write acce ...)
NOT-FOR-US: FastStone Image Viewer
-CVE-2021-26232
- RESERVED
-CVE-2021-26231
- RESERVED
-CVE-2021-26230
- RESERVED
-CVE-2021-26229
- RESERVED
-CVE-2021-26228
- RESERVED
-CVE-2021-26227
- RESERVED
-CVE-2021-26226
- RESERVED
+CVE-2021-26232 (SQL injection vulnerability in SourceCodester Simple College
Website v ...)
+ TODO: check
+CVE-2021-26231 (SQL injection vulnerability in SourceCodester Fantastic Blog
CMS v 1.0 ...)
+ TODO: check
+CVE-2021-26230 (Cross-site scripting (XSS) vulnerability in SourceCodester
CASAP Autom ...)
+ TODO: check
+CVE-2021-26229 (SQL injection vulnerability in SourceCodester CASAP Automated
Enrollme ...)
+ TODO: check
+CVE-2021-26228 (SQL injection vulnerability in SourceCodester CASAP Automated
Enrollme ...)
+ TODO: check
+CVE-2021-26227 (Cross-site scripting (XSS) vulnerability in SourceCodester
CASAP Autom ...)
+ TODO: check
+CVE-2021-26226 (SQL injection vulnerability in SourceCodester CASAP Automated
Enrollme ...)
+ TODO: check
CVE-2021-26225
RESERVED
-CVE-2021-26224
- RESERVED
-CVE-2021-26223
- RESERVED
+CVE-2021-26224 (Cross-site scripting (XSS) vulnerability in SourceCodester
Fantastic-B ...)
+ TODO: check
+CVE-2021-26223 (SQL injection vulnerability in SourceCodester CASAP Automated
Enrollme ...)
+ TODO: check
CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is
vulnerable to OOB ...)
- mapcache <unfixed> (bug #989363)
[bullseye] - mapcache <no-dsa> (Minor issue)
@@ -27693,8 +27698,8 @@ CVE-2021-3200 (Buffer overflow vulnerability in libsolv
2020-12-13 via the Solve
NOTE: Crash in CLI tool, no security impact
CVE-2021-3199 (Directory traversal with remote code execution can occur in
/upload in ...)
NOT-FOR-US: ONLYOFFICE Document Server
-CVE-2021-3198
- RESERVED
+CVE-2021-3198 (By abusing the 'install rpm url' command, an attacker can
escape the r ...)
+ TODO: check
CVE-2021-25899 (An issue was discovered in svc-login.php in Void Aural Rec
Monitor 9.0 ...)
NOT-FOR-US: Void Aural Rec Monitor
CVE-2021-25898 (An issue was discovered in svc-login.php in Void Aural Rec
Monitor 9.0 ...)
@@ -29084,6 +29089,7 @@ CVE-2021-25291 (An issue was discovered in Pillow
before 8.1.1. In TiffDecode.c,
NOTE:
https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
NOTE: Introduced in:
https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f
(6.0.0)
CVE-2021-25290 (An issue was discovered in Pillow before 8.1.1. In
TiffDecode.c, there ...)
+ {DLA-2716-1}
- pillow 8.1.1-1
[buster] - pillow <no-dsa> (Minor issue)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
@@ -29309,14 +29315,14 @@ CVE-2021-25214 (In BIND 9.8.5 -> 9.8.8, 9.9.3
-> 9.11.29, 9.12.0 -> 9.1
NOTE:
https://gitlab.isc.org/isc-projects/bind9/commit/01a916abac22f87a248a7525d3e7408acac0804b
(v9_16_15)
CVE-2021-25213
RESERVED
-CVE-2021-25212
- RESERVED
+CVE-2021-25212 (SQL injection vulnerability in SourceCodester Alumni
Management System ...)
+ TODO: check
CVE-2021-25211
RESERVED
-CVE-2021-25210
- RESERVED
-CVE-2021-25209
- RESERVED
+CVE-2021-25210 (Arbitrary file upload vulnerability in SourceCodester Alumni
Managemen ...)
+ TODO: check
+CVE-2021-25209 (SQL injection vulnerability in SourceCodester Theme Park
Ticketing Sys ...)
+ TODO: check
CVE-2021-25208
RESERVED
CVE-2021-25207
@@ -29329,8 +29335,8 @@ CVE-2021-25204
RESERVED
CVE-2021-25203
RESERVED
-CVE-2021-25202
- RESERVED
+CVE-2021-25202 (SQL injection vulnerability in SourceCodester Sales and
Inventory Syst ...)
+ TODO: check
CVE-2021-25201
RESERVED
CVE-2021-25200
@@ -29339,8 +29345,8 @@ CVE-2021-25199
RESERVED
CVE-2021-25198
RESERVED
-CVE-2021-25197
- RESERVED
+CVE-2021-25197 (Cross-site scripting (XSS) vulnerability in SourceCodester
Content Man ...)
+ TODO: check
CVE-2021-3158
RESERVED
CVE-2021-3157
@@ -32201,7 +32207,7 @@ CVE-2021-23899 (OWASP json-sanitizer before 1.2.2 may
emit closing SCRIPT tags a
CVE-2021-23898
RESERVED
CVE-2021-23897
- RESERVED
+ REJECTED
CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14
and 1.x be ...)
- rust-smallvec 1.4.2-2 (bug #984665)
[buster] - rust-smallvec <no-dsa> (Minor issue)
@@ -35312,10 +35318,10 @@ CVE-2021-22525
RESERVED
CVE-2021-22524
RESERVED
-CVE-2021-22523
- RESERVED
-CVE-2021-22522
- RESERVED
+CVE-2021-22523 (XML External Entity vulnerability in Micro Focus Verastream
Host Integ ...)
+ TODO: check
+CVE-2021-22522 (Reflected Cross-Site Scripting vulnerability in Micro Focus
Verastream ...)
+ TODO: check
CVE-2021-22521
RESERVED
CVE-2021-22520
@@ -36427,8 +36433,8 @@ CVE-2021-22003
RESERVED
CVE-2021-22002
RESERVED
-CVE-2021-22001
- RESERVED
+CVE-2021-22001 (In UAA versions prior to 75.3.0, sensitive information like
relaying s ...)
+ TODO: check
CVE-2021-22000 (VMware Thinapp version 5.x prior to 5.2.10 contain a DLL
hijacking vul ...)
NOT-FOR-US: VMware
CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware
Remote Conso ...)
@@ -37780,8 +37786,8 @@ CVE-2020-36035
RESERVED
CVE-2020-36034
RESERVED
-CVE-2020-36033
- RESERVED
+CVE-2020-36033 (SQL injection vulnerability in SourceCodester Water Billing
System 1.0 ...)
+ TODO: check
CVE-2020-36032
RESERVED
CVE-2020-36031
@@ -38842,6 +38848,7 @@ CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has
a heap-based buffer overf
NOTE:
https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
NOTE: Introduced in:
https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f
(6.0.0)
CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when
decoding ...)
+ {DLA-2716-1}
- pillow 8.1.0-1
[buster] - pillow <no-dsa> (Minor issue)
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
@@ -41179,8 +41186,8 @@ CVE-2021-20598
RESERVED
CVE-2021-20597
RESERVED
-CVE-2021-20596
- RESERVED
+CVE-2021-20596 (NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware
version ...)
+ TODO: check
CVE-2021-20595 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20594
@@ -48163,16 +48170,16 @@ CVE-2021-1620
RESERVED
CVE-2021-1619
RESERVED
-CVE-2021-1618
- RESERVED
-CVE-2021-1617
- RESERVED
+CVE-2021-1618 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+ TODO: check
+CVE-2021-1617 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+ TODO: check
CVE-2021-1616
RESERVED
CVE-2021-1615
RESERVED
-CVE-2021-1614
- RESERVED
+CVE-2021-1614 (A vulnerability in the Multiprotocol Label Switching (MPLS)
packet han ...)
+ TODO: check
CVE-2021-1613
RESERVED
CVE-2021-1612
@@ -48197,12 +48204,12 @@ CVE-2021-1603 (Multiple vulnerabilities in the
web-based management interface of
NOT-FOR-US: Cisco
CVE-2021-1602
RESERVED
-CVE-2021-1601
- RESERVED
-CVE-2021-1600
- RESERVED
-CVE-2021-1599
- RESERVED
+CVE-2021-1601 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance
could a ...)
+ TODO: check
+CVE-2021-1600 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance
could a ...)
+ TODO: check
+CVE-2021-1599 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
CVE-2021-1598 (Multiple vulnerabilities in the Link Layer Discovery Protocol
(LLDP) i ...)
NOT-FOR-US: Cisco
CVE-2021-1597 (Multiple vulnerabilities in the Link Layer Discovery Protocol
(LLDP) i ...)
@@ -48363,8 +48370,8 @@ CVE-2021-1520 (A vulnerability in the internal message
processing of Cisco RV340
NOT-FOR-US: Cisco
CVE-2021-1519 (A vulnerability in the interprocess communication (IPC) channel
of Cis ...)
NOT-FOR-US: Cisco
-CVE-2021-1518
- RESERVED
+CVE-2021-1518 (A vulnerability in the REST API of Cisco Firepower Device
Manager (FDM ...)
+ TODO: check
CVE-2021-1517 (A vulnerability in the multimedia viewer feature of Cisco Webex
Meetin ...)
NOT-FOR-US: Cisco
CVE-2021-1516 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
@@ -99398,8 +99405,8 @@ CVE-2019-20469
RESERVED
CVE-2019-20468 (An issue was discovered in SeTracker2 for TK-Star Q90 Junior
GPS horlo ...)
NOT-FOR-US: TK-Star Q90 Junior GPS horloge
-CVE-2019-20467
- RESERVED
+CVE-2019-20467 (An issue was discovered on Sannce Smart HD Wifi Security
Camera EAN 2 ...)
+ TODO: check
CVE-2019-20466 (An issue was discovered on Sannce Smart HD Wifi Security
Camera EAN 2 ...)
NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317
devices
CVE-2019-20465 (An issue was discovered on Sannce Smart HD Wifi Security
Camera EAN 2 ...)
@@ -103510,14 +103517,14 @@ CVE-2020-7392
RESERVED
CVE-2020-7391
RESERVED
-CVE-2020-7390
- RESERVED
-CVE-2020-7389
- RESERVED
-CVE-2020-7388
- RESERVED
-CVE-2020-7387
- RESERVED
+CVE-2020-7390 (Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of
User Pr ...)
+ TODO: check
+CVE-2020-7389 (Sage X3 System CHAINE Variable Script Command Injection. An
authentica ...)
+ TODO: check
+CVE-2020-7388 (Sage X3 Unauthenticated Remote Command Execution (RCE) as
SYSTEM in Ad ...)
+ TODO: check
+CVE-2020-7387 (Sage X3 Installation Pathname Disclosure. A specially crafted
packet c ...)
+ TODO: check
CVE-2020-7386
RESERVED
CVE-2020-7385 (By launching the drb_remote_codeexec exploit, a Metasploit
Framework u ...)
@@ -108644,8 +108651,8 @@ CVE-2020-5372 (Dell EMC PowerStore versions prior to
1.0.1.0.5.002 contain a vul
NOT-FOR-US: EMC
CVE-2020-5371 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC
PowerSca ...)
NOT-FOR-US: EMC
-CVE-2020-5370
- RESERVED
+CVE-2020-5370 (Dell EMC OpenManage Enterprise (OME) versions prior to 3.4
contain an ...)
+ TODO: check
CVE-2020-5369 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC
PowerSca ...)
NOT-FOR-US: EMC
CVE-2020-5368 (Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an
improper authe ...)
@@ -108752,8 +108759,8 @@ CVE-2020-5318 (Dell EMC Isilon OneFS versions 8.1.2,
8.1.0.4, 8.1.0.3, and 8.0.0
NOT-FOR-US: EMC
CVE-2020-5317 (Dell EMC ECS versions prior to 3.4.0.1 contain an XSS
vulnerability. A ...)
NOT-FOR-US: EMC
-CVE-2020-5316
- RESERVED
+CVE-2020-5316 (Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2,
2.1, 2 ...)
+ TODO: check
CVE-2020-5315 (Dell EMC Repository Manager (DRM) version 3.2 contains a
plain-text pa ...)
NOT-FOR-US: EMC
CVE-2019-20333
@@ -200888,27 +200895,27 @@ CVE-2018-11671 (An issue was discovered in GreenCMS
v2.3.0603. There is a CSRF v
CVE-2018-11670 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF
vulnera ...)
NOT-FOR-US: GreenCMS
CVE-2018-11669
- RESERVED
+ REJECTED
CVE-2018-11668
- RESERVED
+ REJECTED
CVE-2018-11667
RESERVED
CVE-2018-11666
- RESERVED
+ REJECTED
CVE-2018-11665
- RESERVED
+ REJECTED
CVE-2018-11664
- RESERVED
+ REJECTED
CVE-2018-11663
- RESERVED
+ REJECTED
CVE-2018-11662
- RESERVED
+ REJECTED
CVE-2018-11661
- RESERVED
+ REJECTED
CVE-2018-11660
RESERVED
CVE-2018-11659
- RESERVED
+ REJECTED
CVE-2018-11658
RESERVED
CVE-2018-11657 (ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in
DecodeGifImg ...)
@@ -335180,12 +335187,12 @@ CVE-2015-2157 (The (1) ssh2_load_userkey and (2)
ssh2_save_userkey functions in
{DSA-3190-1 DLA-173-1}
- putty 0.63-10 (bug #779488)
NOTE:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
-CVE-2015-2100
- RESERVED
-CVE-2015-2099
- RESERVED
-CVE-2015-2098
- RESERVED
+CVE-2015-2100 (Multiple stack-based buffer overflows in WebGate eDVR Manager
and Cont ...)
+ TODO: check
+CVE-2015-2099 (Multiple buffer overflows in WebGate Control Center allow
remote attac ...)
+ TODO: check
+CVE-2015-2098 (Multiple stack-based buffer overflows in WebGate eDVR Manager
allow re ...)
+ TODO: check
CVE-2015-2097 (Multiple buffer overflows in WebGate Embedded Standard Protocol
(WESP) ...)
NOT-FOR-US: WESP SDK
CVE-2015-2096 (Use-after-free vulnerability in the Connect function in the
WESPMonito ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/534ccfaea6a0959f428c643cc1943b882e5abc4b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/534ccfaea6a0959f428c643cc1943b882e5abc4b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
