[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Apr 9 09:10:25 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ac23cc5 by security tracker role at 2021-04-09T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,19 @@
+CVE-2021-30479
+	RESERVED
+CVE-2021-30478
+	RESERVED
+CVE-2021-30477
+	RESERVED
+CVE-2021-30476
+	RESERVED
 CVE-2021-3487
+	RESERVED
 	- binutils <unfixed> (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
 	NOTE: binutils not covered by security support
 CVE-2021-3486
+	RESERVED
 	- glpi <removed>
 	NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS
 CVE-2021-30475
@@ -48,8 +58,8 @@ CVE-2021-30460
 	RESERVED
 CVE-2021-30459
 	RESERVED
-CVE-2021-30458
-	RESERVED
+CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x  ...)
+	TODO: check
 CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...)
 	NOT-FOR-US: Rust crate id-map
 CVE-2021-30456 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...)
@@ -711,8 +721,8 @@ CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup dat
 	TODO: check fixing commit, fixed in 4.0.6
 CVE-2021-30160
 	RESERVED
-CVE-2021-30159
-	RESERVED
+CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+	TODO: check
 CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
 	- mediawiki <unfixed>
 	NOTE: https://phabricator.wikimedia.org/T277009
@@ -721,18 +731,18 @@ CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x t
 	- mediawiki <unfixed>
 	NOTE: https://phabricator.wikimedia.org/T278058
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674085
-CVE-2021-30156
-	RESERVED
-CVE-2021-30155
-	RESERVED
+CVE-2021-30156 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+	TODO: check
+CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+	TODO: check
 CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
 	- mediawiki <unfixed>
 	NOTE: https://phabricator.wikimedia.org/T278014
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/
 CVE-2021-30153
 	RESERVED
-CVE-2021-30152
-	RESERVED
+CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through ...)
+	TODO: check
 CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...)
 	- ruby-sidekiq <unfixed>
 	NOTE: https://github.com/mperham/sidekiq/issues/4852
@@ -1160,8 +1170,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a
 	- linux 5.10.24-1
 	[buster] - linux 4.19.181-1
 	NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
-CVE-2021-3482 [heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp]
-	RESERVED
+CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. ...)
 	- exiv2 <unfixed>
 	[buster] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/1522
@@ -1775,8 +1784,8 @@ CVE-2020-36289
 	RESERVED
 CVE-2020-36288
 	RESERVED
-CVE-2020-36287
-	RESERVED
+CVE-2020-36287 (The dashboard gadgets preference resource of the Atlassian gadgets plu ...)
+	TODO: check
 CVE-2020-36286 (The membersOf JQL search function in Jira Server and Data Center befor ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-29663 (CourseMS (aka Course Registration Management System) 2.1 is affected b ...)
@@ -2907,8 +2916,7 @@ CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Web
 	NOT-FOR-US: ForgeRock OpenAM
 CVE-2021-29155
 	RESERVED
-CVE-2021-29154
-	RESERVED
+CVE-2021-29154 (BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect c ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/08/1
 CVE-2021-3467 (A NULL pointer dereference flaw was found in the way Jasper versions b ...)
@@ -4040,8 +4048,7 @@ CVE-2021-28963 (Shibboleth Service Provider before 3.2.1 allows content injectio
 	NOTE: https://shibboleth.net/community/advisories/secadv_20210317.txt
 	NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-922
 	NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379
-CVE-2021-3448 [fixed outgoing port used when --server is used with an interface name]
-	RESERVED
+CVE-2021-3448 (A flaw was found in dnsmasq in versions before 2.85. When configured t ...)
 	- dnsmasq 2.85-1
 	[buster] - dnsmasq <postponed> (Revisit once upstream has backported to 2.80)
 	[stretch] - dnsmasq <postponed> (Probably easier to base the patch on a backported version)
@@ -6933,8 +6940,7 @@ CVE-2019-25021 (An issue was discovered in Scytl sVote 2.1. Due to the implement
 	NOT-FOR-US: Scytl sVote
 CVE-2019-25020 (An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest AP ...)
 	NOT-FOR-US: Scytl sVote
-CVE-2021-3413
-	RESERVED
+CVE-2021-3413 (A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm  ...)
 	NOT-FOR-US: Red Hat Satellite
 CVE-2021-3412
 	RESERVED
@@ -14593,8 +14599,8 @@ CVE-2021-21261 (Flatpak is a system for building, distributing, and running sand
 	NOTE: https://github.com/flatpak/flatpak/commit/39a5621e6941b9d27bf89b63e8fb6cad6e279e53
 	NOTE: https://github.com/flatpak/flatpak/commit/d19f6c330aa42e17df6dc36d12b6f4dfa507dbb3
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/21/4
-CVE-2021-3146
-	RESERVED
+CVE-2021-3146 (The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allow ...)
+	TODO: check
 CVE-2021-3145
 	RESERVED
 CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...)
@@ -18213,17 +18219,13 @@ CVE-2021-22515
 	RESERVED
 CVE-2021-22514
 	RESERVED
-CVE-2021-22513
-	RESERVED
+CVE-2021-22513 (Missing Authorization vulnerability in Micro Focus Application Automat ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2021-22512
-	RESERVED
+CVE-2021-22512 (Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Applica ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2021-22511
-	RESERVED
+CVE-2021-22511 (Improper Certificate Validation vulnerability in Micro Focus Applicati ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2021-22510
-	RESERVED
+CVE-2021-22510 (Reflected XSS vulnerability in Micro Focus Application Automation Tool ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2021-22509
 	RESERVED
@@ -25283,7 +25285,7 @@ CVE-2021-20079
 	RESERVED
 CVE-2021-20078 (Manage Engine OpManager builds below 125346 are vulnerable to a remote ...)
 	NOT-FOR-US: Manage Engine OpManager
-CVE-2021-20077 (Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently  ...)
+CVE-2021-20077 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...)
 	NOT-FOR-US: Nessus Agent
 CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were fou ...)
 	NOT-FOR-US: Tenable
@@ -66704,14 +66706,14 @@ CVE-2020-14108
 	RESERVED
 CVE-2020-14107
 	RESERVED
-CVE-2020-14106
-	RESERVED
+CVE-2020-14106 (The application in the mobile phone can unauthorized access to the lis ...)
+	TODO: check
 CVE-2020-14105
 	RESERVED
 CVE-2020-14104 (A RACE CONDITION on XQBACKUP causes a decompression path error on Xiao ...)
 	TODO: check
-CVE-2020-14103
-	RESERVED
+CVE-2020-14103 (The application in the mobile phone can read the SNO information of th ...)
+	TODO: check
 CVE-2020-14102 (There is command injection when ddns processes the hostname, which cau ...)
 	NOT-FOR-US: Xiaomi
 CVE-2020-14101 (The data collection SDK of the router web management interface caused  ...)
@@ -87529,8 +87531,8 @@ CVE-2020-6592
 	RESERVED
 CVE-2020-6591
 	RESERVED
-CVE-2020-6590
-	RESERVED
+CVE-2020-6590 (Forcepoint Web Security Content Gateway versions prior to 8.5.4 improp ...)
+	TODO: check
 CVE-2020-6589
 	RESERVED
 CVE-2020-6588



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ac23cc518882a96f7ab1fd49fc465ac47d4b4b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ac23cc518882a96f7ab1fd49fc465ac47d4b4b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210409/1d829e01/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list