[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 21 21:10:32 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f4883f5d by security tracker role at 2021-04-21T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-31524
+ RESERVED
+CVE-2021-31522
+ RESERVED
CVE-2021-3510
RESERVED
CVE-2021-3509
@@ -28,7 +32,7 @@ CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/no
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2
NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/
-CVE-2021-31523 [xscreensaver allows starting external programs with cap_net_raw]
+CVE-2021-31523 (The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_ ...)
- xscreensaver <unfixed> (bug #987149)
[buster] - xscreensaver <no-dsa> (Minor issue)
[stretch] - xscreensaver <no-dsa> (Minor issue)
@@ -429,12 +433,12 @@ CVE-2021-31331
RESERVED
CVE-2021-31330
RESERVED
-CVE-2021-31329
- RESERVED
+CVE-2021-31329 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "P ...)
+ TODO: check
CVE-2021-31328
RESERVED
-CVE-2021-31327
- RESERVED
+CVE-2021-31327 (Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Fi ...)
+ TODO: check
CVE-2021-31326
RESERVED
CVE-2021-31325
@@ -3051,8 +3055,8 @@ CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica throu
NOT-FOR-US: Friendica
CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...)
NOT-FOR-US: LiquidFiles
-CVE-2021-30139
- RESERVED
+CVE-2021-30139 (In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a b ...)
+ TODO: check
CVE-2021-30138
REJECTED
CVE-2021-30137
@@ -3276,7 +3280,7 @@ CVE-2021-30033
CVE-2021-30032
RESERVED
CVE-2021-30031
- RESERVED
+ REJECTED
CVE-2021-30030 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name fie ...)
NOT-FOR-US: Remote Clinic
CVE-2021-30029
@@ -3450,7 +3454,7 @@ CVE-2021-29951
RESERVED
CVE-2021-29950
RESERVED
- {DSA-4876-1}
+ {DSA-4876-1 DLA-2609-1}
- thunderbird 1:78.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950
CVE-2021-29949
@@ -4578,8 +4582,8 @@ CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, wri
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
NOTE: https://github.com/Exiv2/exiv2/issues/1529
NOTE: https://github.com/Exiv2/exiv2/pull/1534
-CVE-2021-29456
- RESERVED
+CVE-2021-29456 (Authelia is an open-source authentication and authorization server pro ...)
+ TODO: check
CVE-2021-29455 (Grassroot Platform is an application to make it faster, cheaper and ea ...)
NOT-FOR-US: Grassroot Platform
CVE-2021-29454
@@ -7473,8 +7477,8 @@ CVE-2021-28169
RESERVED
CVE-2021-28168
RESERVED
-CVE-2021-28167
- RESERVED
+CVE-2021-28167 (In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect ...)
+ TODO: check
CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...)
- mosquitto 2.0.10-1 (bug #986701)
[buster] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
@@ -22503,23 +22507,17 @@ CVE-2021-21649
RESERVED
CVE-2021-21648
RESERVED
-CVE-2021-21647
- RESERVED
+CVE-2021-21647 (Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a perm ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21646
- RESERVED
+CVE-2021-21646 (Jenkins Templating Engine Plugin 2.1 and earlier does not protect its ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21645
- RESERVED
+CVE-2021-21645 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21644
- RESERVED
+CVE-2021-21644 (A cross-site request forgery (CSRF) vulnerability in Jenkins Config Fi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21643
- RESERVED
+CVE-2021-21643 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not correct ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21642
- RESERVED
+CVE-2021-21642 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not configu ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21641 (A cross-site request forgery (CSRF) vulnerability in Jenkins promoted ...)
NOT-FOR-US: Jenkins plugin
@@ -23194,14 +23192,14 @@ CVE-2020-35984
RESERVED
CVE-2020-35983
RESERVED
-CVE-2020-35982
- RESERVED
-CVE-2020-35981
- RESERVED
-CVE-2020-35980
- RESERVED
-CVE-2020-35979
- RESERVED
+CVE-2020-35982 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an i ...)
+ TODO: check
+CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an i ...)
+ TODO: check
+CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...)
+ TODO: check
+CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...)
+ TODO: check
CVE-2020-35978
RESERVED
CVE-2020-35977
@@ -26615,8 +26613,8 @@ CVE-2021-20503 (IBM Jazz Foundation Products are vulnerable to cross-site script
NOT-FOR-US: IBM
CVE-2021-20502 (IBM Jazz Foundation Products are vulnerable to an XML External Entity ...)
NOT-FOR-US: IBM
-CVE-2021-20501
- RESERVED
+CVE-2021-20501 (IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send em ...)
+ TODO: check
CVE-2021-20500
RESERVED
CVE-2021-20499
@@ -26709,8 +26707,8 @@ CVE-2021-20456
RESERVED
CVE-2021-20455
RESERVED
-CVE-2021-20454
- RESERVED
+CVE-2021-20454 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ TODO: check
CVE-2021-20453 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a ...)
NOT-FOR-US: IBM
CVE-2021-20452
@@ -32599,8 +32597,8 @@ CVE-2020-28984 (prive/formulaires/configurer_preferences.php in SPIP before 3.2.
NOTE: https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8
CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used i ...)
NOTE: disputed libsvm non issue
-CVE-2020-28973
- RESERVED
+CVE-2020-28973 (The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to p ...)
+ TODO: check
CVE-2020-28972 (In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsp ...)
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
@@ -47889,16 +47887,16 @@ CVE-2020-23934 (An issue was discovered in RiteCMS 2.2.1. An authenticated user
NOT-FOR-US: RiteCMS
CVE-2020-23933
REJECTED
-CVE-2020-23932
- RESERVED
-CVE-2020-23931
- RESERVED
-CVE-2020-23930
- RESERVED
+CVE-2020-23932 (An issue was discovered in gpac before 1.0.1. A NULL pointer dereferen ...)
+ TODO: check
+CVE-2020-23931 (An issue was discovered in gpac before 1.0.1. The abst_box_read functi ...)
+ TODO: check
+CVE-2020-23930 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...)
+ TODO: check
CVE-2020-23929
RESERVED
-CVE-2020-23928
- RESERVED
+CVE-2020-23928 (An issue was discovered in gpac before 1.0.1. The abst_box_read functi ...)
+ TODO: check
CVE-2020-23927
RESERVED
CVE-2020-23926
@@ -47909,10 +47907,10 @@ CVE-2020-23924
RESERVED
CVE-2020-23923
RESERVED
-CVE-2020-23922
- RESERVED
-CVE-2020-23921
- RESERVED
+CVE-2020-23922 (An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif ...)
+ TODO: check
+CVE-2020-23921 (An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_c ...)
+ TODO: check
CVE-2020-23920
RESERVED
CVE-2020-23919
@@ -47923,14 +47921,14 @@ CVE-2020-23917
RESERVED
CVE-2020-23916
RESERVED
-CVE-2020-23915
- RESERVED
-CVE-2020-23914
- RESERVED
+CVE-2020-23915 (An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ...)
+ TODO: check
+CVE-2020-23914 (An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer ...)
+ TODO: check
CVE-2020-23913
RESERVED
-CVE-2020-23912
- RESERVED
+CVE-2020-23912 (An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer d ...)
+ TODO: check
CVE-2020-23911
RESERVED
CVE-2020-23910
@@ -47939,8 +47937,8 @@ CVE-2020-23909
RESERVED
CVE-2020-23908
RESERVED
-CVE-2020-23907
- RESERVED
+CVE-2020-23907 (An issue was discovered in retdec v3.3. In function canSplitFunctionOn ...)
+ TODO: check
CVE-2020-23906
RESERVED
CVE-2020-23905
@@ -64717,7 +64715,7 @@ CVE-2020-15805
CVE-2020-15804
RESERVED
CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...)
- {DLA-2311-1}
+ {DLA-2631-1 DLA-2311-1}
- zabbix 1:5.0.2+dfsg-1 (bug #966146)
[buster] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-18057
@@ -119502,6 +119500,7 @@ CVE-2019-15133 (In GIFLIB before 2019-02-16, a malformed GIF file triggers a div
NOTE: https://sourceforge.net/p/giflib/code/ci/799eb6a3af8a3dd81e2429bf11a72a57e541f908/
NOTE: https://sourceforge.net/p/giflib/bugs/119/
CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login request ...)
+ {DLA-2631-1}
- zabbix 1:5.0.7+dfsg-1 (bug #935027)
[buster] - zabbix <no-dsa> (Minor issue)
[jessie] - zabbix <postponed> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4883f5d3ac5209bd51f3e922ce7d01430cb8104
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4883f5d3ac5209bd51f3e922ce7d01430cb8104
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210421/ee8332d7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list