[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Apr 16 09:10:34 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
93a85b8d by security tracker role at 2021-04-16T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,35 @@
+CVE-2021-3501
+	RESERVED
+CVE-2021-31416
+	RESERVED
+CVE-2021-31415
+	RESERVED
+CVE-2021-31414 (The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studi ...)
+	TODO: check
+CVE-2021-31413
+	RESERVED
+CVE-2021-31412
+	RESERVED
+CVE-2021-31411
+	RESERVED
+CVE-2021-31410
+	RESERVED
+CVE-2021-31409
+	RESERVED
+CVE-2021-31408
+	RESERVED
+CVE-2021-31407
+	RESERVED
+CVE-2021-31406
+	RESERVED
+CVE-2021-31405
+	RESERVED
+CVE-2021-31404
+	RESERVED
+CVE-2021-31403
+	RESERVED
 CVE-2021-3502 [reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames]
+	RESERVED
 	- avahi <unfixed> (bug #986018)
 	[buster] - avahi <not-affected> (Vulnerable code introduced later)
 	[stretch] - avahi <not-affected> (Vulnerable code introduced later)
@@ -2443,8 +2474,8 @@ CVE-2021-30247
 	RESERVED
 CVE-2021-30246 (In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA ...)
 	NOT-FOR-US: Node jsrasign
-CVE-2021-30245
-	RESERVED
+CVE-2021-30245 (The project received a report that all versions of Apache OpenOffice t ...)
+	TODO: check
 CVE-2020-36316 (In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5  ...)
 	NOT-FOR-US: RELIC
 CVE-2020-36315 (In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occu ...)
@@ -4241,14 +4272,14 @@ CVE-2021-29452
 	RESERVED
 CVE-2021-29451
 	RESERVED
-CVE-2021-29450
-	RESERVED
+CVE-2021-29450 (Wordpress is an open source CMS. One of the blocks in the WordPress ed ...)
+	TODO: check
 CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
 	NOT-FOR-US: Pi-hole
 CVE-2021-29448 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
 	NOT-FOR-US: Pi-hole
-CVE-2021-29447
-	RESERVED
+CVE-2021-29447 (Wordpress is an open source CMS. A user with the ability to upload fil ...)
+	TODO: check
 CVE-2021-29446
 	RESERVED
 CVE-2021-29445
@@ -4277,12 +4308,12 @@ CVE-2021-29434
 	RESERVED
 CVE-2021-29433 (### Impact Missing input validation of some parameters on the endpoint ...)
 	TODO: check
-CVE-2021-29432
-	RESERVED
-CVE-2021-29431
-	RESERVED
-CVE-2021-29430
-	RESERVED
+CVE-2021-29432 (Sydent is a reference matrix identity server. A malicious user could a ...)
+	TODO: check
+CVE-2021-29431 (Sydent is a reference Matrix identity server. Sydent can be induced to ...)
+	TODO: check
+CVE-2021-29430 (Sydent is a reference Matrix identity server. Sydent does not limit th ...)
+	TODO: check
 CVE-2021-29429 (In Gradle before version 7.0, files created with open permissions in t ...)
 	- gradle <unfixed>
 	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8
@@ -8340,10 +8371,10 @@ CVE-2021-27694
 	RESERVED
 CVE-2021-27693
 	RESERVED
-CVE-2021-27692
-	RESERVED
-CVE-2021-27691
-	RESERVED
+CVE-2021-27692 (Command Injection in Tenda G1 and G3 routers with firmware versions v1 ...)
+	TODO: check
+CVE-2021-27691 (Command Injection in Tenda G0 routers with firmware versions v15.11.0. ...)
+	TODO: check
 CVE-2021-27690
 	RESERVED
 CVE-2021-27689
@@ -12183,10 +12214,10 @@ CVE-2021-26076 (The jira.editor.user.mode cookie set by the Jira Editor Plugin i
 	NOT-FOR-US: Atlassian
 CVE-2021-26075 (The Jira importers plugin AttachTemporaryFile rest resource in Jira Se ...)
 	NOT-FOR-US: Atlassian
-CVE-2021-26074
-	RESERVED
-CVE-2021-26073
-	RESERVED
+CVE-2021-26074 (Broken Authentication in Atlassian Connect Spring Boot (ACSB) from ver ...)
+	TODO: check
+CVE-2021-26073 (Broken Authentication in Atlassian Connect Express (ACE) from version  ...)
+	TODO: check
 CVE-2021-26072 (The WidgetConnector plugin in Confluence Server and Confluence Data Ce ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-26071 (The SetFeatureEnabled.jspa resource in Jira Server and Data Center bef ...)
@@ -23833,8 +23864,8 @@ CVE-2021-21407
 	RESERVED
 CVE-2021-21406
 	RESERVED
-CVE-2021-21405
-	RESERVED
+CVE-2021-21405 (Lotus is an Implementation of the Filecoin protocol written in Go. BLS ...)
+	TODO: check
 CVE-2021-21404 (Syncthing is a continuous file synchronization program. In Syncthing b ...)
 	- syncthing <unfixed> (bug #986593)
 	[buster] - syncthing <no-dsa> (Minor issue)
@@ -158781,8 +158812,8 @@ CVE-2018-19944 (A cleartext transmission of sensitive information vulnerability
 	NOT-FOR-US: QNAP
 CVE-2018-19943 (If exploited, this cross-site scripting vulnerability could allow remo ...)
 	NOT-FOR-US: QNAP
-CVE-2018-19942
-	RESERVED
+CVE-2018-19942 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+	TODO: check
 CVE-2018-19941 (A vulnerability has been reported to affect QNAP NAS. If exploited, th ...)
 	NOT-FOR-US: QNAP
 CVE-2018-19940



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a85b8d9fa40608cbaf4af3589c0a469dfc852b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a85b8d9fa40608cbaf4af3589c0a469dfc852b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210416/a4c0a8ed/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list