[Git][security-tracker-team/security-tracker][master] automatic update

Fri Apr 2 09:10:29 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
545ac341 by security tracker role at 2021-04-02T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,128 @@
-CVE-2021-30002 [media: v4l: ioctl: Fix memory leak in video_usercopy]
+CVE-2021-30006
+	RESERVED
+CVE-2021-30005
+	RESERVED
+CVE-2021-30004 (In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ...)
+	TODO: check
+CVE-2021-30003 (An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Ther ...)
+	TODO: check
+CVE-2021-30001
+	RESERVED
+CVE-2021-30000
+	RESERVED
+CVE-2021-29999
+	RESERVED
+CVE-2021-29998
+	RESERVED
+CVE-2021-29997
+	RESERVED
+CVE-2021-29996
+	RESERVED
+CVE-2021-29995
+	RESERVED
+CVE-2021-29994
+	RESERVED
+CVE-2021-29993
+	RESERVED
+CVE-2021-29992
+	RESERVED
+CVE-2021-29991
+	RESERVED
+CVE-2021-29990
+	RESERVED
+CVE-2021-29989
+	RESERVED
+CVE-2021-29988
+	RESERVED
+CVE-2021-29987
+	RESERVED
+CVE-2021-29986
+	RESERVED
+CVE-2021-29985
+	RESERVED
+CVE-2021-29984
+	RESERVED
+CVE-2021-29983
+	RESERVED
+CVE-2021-29982
+	RESERVED
+CVE-2021-29981
+	RESERVED
+CVE-2021-29980
+	RESERVED
+CVE-2021-29979
+	RESERVED
+CVE-2021-29978
+	RESERVED
+CVE-2021-29977
+	RESERVED
+CVE-2021-29976
+	RESERVED
+CVE-2021-29975
+	RESERVED
+CVE-2021-29974
+	RESERVED
+CVE-2021-29973
+	RESERVED
+CVE-2021-29972
+	RESERVED
+CVE-2021-29971
+	RESERVED
+CVE-2021-29970
+	RESERVED
+CVE-2021-29969
+	RESERVED
+CVE-2021-29968
+	RESERVED
+CVE-2021-29967
+	RESERVED
+CVE-2021-29966
+	RESERVED
+CVE-2021-29965
+	RESERVED
+CVE-2021-29964
+	RESERVED
+CVE-2021-29963
+	RESERVED
+CVE-2021-29962
+	RESERVED
+CVE-2021-29961
+	RESERVED
+CVE-2021-29960
+	RESERVED
+CVE-2021-29959
+	RESERVED
+CVE-2021-29958
+	RESERVED
+CVE-2021-29957
+	RESERVED
+CVE-2021-29956
+	RESERVED
+CVE-2021-29955
+	RESERVED
+CVE-2021-29954
+	RESERVED
+CVE-2021-29953
+	RESERVED
+CVE-2021-29952
+	RESERVED
+CVE-2021-29951
+	RESERVED
+CVE-2021-29950
+	RESERVED
+CVE-2021-29949
+	RESERVED
+CVE-2021-29948
+	RESERVED
+CVE-2021-29947
+	RESERVED
+CVE-2021-29946
+	RESERVED
+CVE-2021-29945
+	RESERVED
+CVE-2021-29944
+	RESERVED
+CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a webca ...)
 	- linux 5.10.24-1
 	[buster] - linux 4.19.181-1
 	NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
@@ -1148,8 +1272,8 @@ CVE-2021-3472
 	RESERVED
 CVE-2021-29422
 	RESERVED
-CVE-2021-29421
-	RESERVED
+CVE-2021-29421 (models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Pyth ...)
+	TODO: check
 CVE-2021-29420
 	RESERVED
 CVE-2021-29419
@@ -2114,10 +2238,10 @@ CVE-2021-28974
 	RESERVED
 CVE-2021-28973
 	RESERVED
-CVE-2021-28970
-	RESERVED
-CVE-2021-28969
-	RESERVED
+CVE-2021-28970 (eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices ...)
+	TODO: check
+CVE-2021-28969 (eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticat ...)
+	TODO: check
 CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in ...)
 	NOT-FOR-US: PunBB
 CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio Code al ...)
@@ -4260,8 +4384,8 @@ CVE-2021-28049
 	RESERVED
 CVE-2021-28048
 	RESERVED
-CVE-2021-28047
-	RESERVED
+CVE-2021-28047 (Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Re ...)
+	TODO: check
 CVE-2021-28046
 	RESERVED
 CVE-2021-28045
@@ -13890,16 +14014,16 @@ CVE-2021-23927 (OX App Suite through 7.10.4 allows SSRF via a URL with an @ char
 CVE-2021-23926 (The XML parsers used by XMLBeans up to version 2.6.0 did not set the p ...)
 	- xmlbeans 3.0.2-1
 	NOTE: https://issues.apache.org/jira/browse/XMLBEANS-517
-CVE-2021-23925
-	RESERVED
-CVE-2021-23924
-	RESERVED
-CVE-2021-23923
-	RESERVED
-CVE-2021-23922
-	RESERVED
-CVE-2021-23921
-	RESERVED
+CVE-2021-23925 (An issue was discovered in Devolutions Server before 2020.3. There is  ...)
+	TODO: check
+CVE-2021-23924 (An issue was discovered in Devolutions Server before 2020.3. There is  ...)
+	TODO: check
+CVE-2021-23923 (An issue was discovered in Devolutions Server before 2020.3. There is  ...)
+	TODO: check
+CVE-2021-23922 (An issue was discovered in Devolutions Remote Desktop Manager before 2 ...)
+	TODO: check
+CVE-2021-23921 (An issue was discovered in Devolutions Server before 2020.3. There is  ...)
+	TODO: check
 CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lac ...)
 	NOT-FOR-US: JupyterHub
 CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows  ...)
@@ -20486,18 +20610,18 @@ CVE-2021-21423
 	RESERVED
 CVE-2021-21422
 	RESERVED
-CVE-2021-21421
-	RESERVED
-CVE-2021-21420
-	RESERVED
+CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications that a ...)
+	TODO: check
+CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerability  ...)
+	TODO: check
 CVE-2021-21419
 	RESERVED
 CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...)
 	NOT-FOR-US: PrestaShop
 CVE-2021-21417
 	RESERVED
-CVE-2021-21416
-	RESERVED
+CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...)
+	TODO: check
 CVE-2021-21415
 	RESERVED
 CVE-2021-21414
@@ -23252,7 +23376,7 @@ CVE-2021-20278
 	NOT-FOR-US: Kiali
 CVE-2021-20277 [Out of bounds read in AD DC LDAP server]
 	RESERVED
-	{DLA-2611-1}
+	{DSA-4884-1 DLA-2611-1}
 	- ldb 2:2.2.0-3.1 (bug #985935)
 	- samba <unfixed> (unimportant)
 	NOTE: https://www.samba.org/samba/security/CVE-2021-20277.html
@@ -34102,7 +34226,7 @@ CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib
 	NOTE: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce  (v2.4.0)
 CVE-2020-27840 [Heap corruption via crafted DN strings]
 	RESERVED
-	{DLA-2611-1}
+	{DSA-4884-1 DLA-2611-1}
 	- ldb 2:2.2.0-3.1 (bug #985936)
 	- samba <unfixed> (unimportant)
 	NOTE: https://www.samba.org/samba/security/CVE-2020-27840.html
@@ -75868,7 +75992,7 @@ CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of Userspa
 CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the Red Hat ...)
 	NOT-FOR-US: Red Hat OpenStack platform
 CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found  ...)
-	{DLA-2463-1}
+	{DSA-4884-1 DLA-2463-1}
 	- ldb 2:2.1.4-1
 	[stretch] - ldb <not-affected> (Vulnerable code introduced later)
 	- samba 2:4.12.5+dfsg-1
@@ -98983,7 +99107,7 @@ CVE-2020-1948 (This vulnerability can affect all Dubbo users stay on version 2.7
 CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingS ...)
 	NOT-FOR-US: Apache ShardingSphere
 CVE-2020-1946 (In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf ...)
-	{DSA-4879-1}
+	{DSA-4879-1 DLA-2615-1}
 	- spamassassin 3.4.5~pre1-1 (bug #985962)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/3
 	NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793 (not public)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/545ac34115263df72bc442ce8747136bc8e1569f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/545ac34115263df72bc442ce8747136bc8e1569f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210402/01f48b02/attachment.htm>
