Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a2a97329 by security tracker role at 2021-09-22T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2021-41560
+ RESERVED
+CVE-2021-41559
+ RESERVED
+CVE-2021-41558
+ RESERVED
+CVE-2021-41557
+ RESERVED
+CVE-2021-41556
+ RESERVED
+CVE-2021-41555
+ RESERVED
+CVE-2021-41554
+ RESERVED
+CVE-2021-41553
+ RESERVED
+CVE-2021-41552
+ RESERVED
+CVE-2021-41551
+ RESERVED
+CVE-2021-41550
+ RESERVED
+CVE-2021-41549
+ RESERVED
+CVE-2021-41548
+ RESERVED
CVE-2021-41547
RESERVED
CVE-2021-41546
@@ -339,8 +365,8 @@ CVE-2021-41384
RESERVED
CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to
execute ...)
NOT-FOR-US: Netgear
-CVE-2021-41382
- RESERVED
+CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server
managem ...)
+ TODO: check
CVE-2021-41381
RESERVED
CVE-2021-3816
@@ -969,10 +995,10 @@ CVE-2021-41089
RESERVED
CVE-2021-41088
RESERVED
-CVE-2021-41087
- RESERVED
-CVE-2021-41086
- RESERVED
+CVE-2021-41087 (in-toto-golang is a go implementation of the in-toto framework
to prot ...)
+ TODO: check
+CVE-2021-41086 (jsuites is an open source collection of common required
javascript web ...)
+ TODO: check
CVE-2021-41085
RESERVED
CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected
version ...)
@@ -4825,7 +4851,7 @@ CVE-2021-39367 (Canon Oce Print Exec Workgroup 1.3.2
allows Host header injectio
CVE-2021-39366
RESERVED
CVE-2021-39365 (In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS
certifi ...)
- {DSA-4964-1}
+ {DSA-4964-1 DLA-2762-1}
- grilo 0.3.13-1.1 (bug #992971)
NOTE:
https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146
@@ -7916,8 +7942,8 @@ CVE-2021-3683
RESERVED
CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka
e2openplugin-OpenWebif) t ...)
NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
-CVE-2021-38112
- RESERVED
+CVE-2021-38112 (In the Amazon AWS WorkSpaces client before 3.1.9 on Windows,
argument ...)
+ TODO: check
CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a
buffer overf ...)
NOT-FOR-US: DEF CON 27 badge
CVE-2021-38110
@@ -22897,8 +22923,8 @@ CVE-2021-31821
RESERVED
CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server
Web Req ...)
NOT-FOR-US: Octopus Server
-CVE-2021-31819
- RESERVED
+CVE-2021-31819 (In Halibut versions prior to 4.4.7 there is a deserialisation
vulnerab ...)
+ TODO: check
CVE-2021-31818 (Affected versions of Octopus Server are prone to an
authenticated SQL ...)
NOT-FOR-US: Octopus Server
CVE-2021-31817 (When configuring Octopus Server if it is configured with an
external S ...)
@@ -53345,9 +53371,9 @@ CVE-2020-35543
CVE-2020-35542 (Unisys Data Exchange Management Studio through 5.0.34 doesn't
sanitize ...)
NOT-FOR-US: Unisys
CVE-2020-35541
- RESERVED
+ REJECTED
CVE-2020-35540
- RESERVED
+ REJECTED
CVE-2020-35539
RESERVED
CVE-2020-35538
@@ -75020,22 +75046,22 @@ CVE-2020-23275
RESERVED
CVE-2020-23274
RESERVED
-CVE-2020-23273
- RESERVED
+CVE-2020-23273 (Heap-buffer overflow in the randomize_iparp function in
edit_packet.c. ...)
+ TODO: check
CVE-2020-23272
RESERVED
CVE-2020-23271
RESERVED
CVE-2020-23270
RESERVED
-CVE-2020-23269
- RESERVED
+CVE-2020-23269 (An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize
function ...)
+ TODO: check
CVE-2020-23268
RESERVED
-CVE-2020-23267
- RESERVED
-CVE-2020-23266
- RESERVED
+CVE-2020-23267 (An issue was discovered in gpac 0.8.0. The
gf_hinter_track_process fun ...)
+ TODO: check
+CVE-2020-23266 (An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String
function ...)
+ TODO: check
CVE-2020-23265
RESERVED
CVE-2020-23264 (Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2
allow remot ...)
@@ -85693,11 +85719,11 @@ CVE-2020-18173 (A DLL injection vulnerability in
1password.dll of 1Password 7.3.
NOT-FOR-US: 1Password
CVE-2020-18172 (A code injection vulnerability in the SeDebugPrivilege
component of Tr ...)
NOT-FOR-US: Trezor Bridge
-CVE-2020-18171 (TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding
(OLE) w ...)
+CVE-2020-18171 (** DISPUTED ** TechSmith Snagit 19.1.0.2653 uses Object
Linking and Em ...)
NOT-FOR-US: TechSmith Snagit
CVE-2020-18170 (An issue in the SeChangeNotifyPrivilege component of Abloy Key
Manager ...)
NOT-FOR-US: Abloy Key Manager
-CVE-2020-18169 (A vulnerability in the Windows installer XML (WiX) toolset of
TechSmit ...)
+CVE-2020-18169 (** DISPUTED ** A vulnerability in the Windows installer XML
(WiX) tool ...)
NOT-FOR-US: TechSmith Snagit
CVE-2020-18168
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2a97329eb277944c7a59541a2f77ba35ca82e34
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2a97329eb277944c7a59541a2f77ba35ca82e34
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
