[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 2 20:10:30 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b58f1e37 by security tracker role at 2021-02-02T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2021-3395
+ RESERVED
+CVE-2021-3394
+ RESERVED
+CVE-2021-3393
+ RESERVED
+CVE-2021-3392
+ RESERVED
+CVE-2021-26597
+ RESERVED
+CVE-2021-26596
+ RESERVED
+CVE-2021-26595
+ RESERVED
+CVE-2021-26594
+ RESERVED
+CVE-2021-26593
+ RESERVED
+CVE-2021-26592
+ RESERVED
+CVE-2021-26591
+ RESERVED
+CVE-2021-26590
+ RESERVED
+CVE-2021-26589
+ RESERVED
+CVE-2021-26588
+ RESERVED
+CVE-2021-26587
+ RESERVED
+CVE-2021-26586
+ RESERVED
+CVE-2021-26585
+ RESERVED
+CVE-2021-26584
+ RESERVED
+CVE-2021-26583
+ RESERVED
+CVE-2021-26582
+ RESERVED
+CVE-2021-26581
+ RESERVED
+CVE-2021-26580
+ RESERVED
+CVE-2021-26579
+ RESERVED
+CVE-2021-26578
+ RESERVED
+CVE-2021-26577
+ RESERVED
+CVE-2021-26576
+ RESERVED
+CVE-2021-26575
+ RESERVED
+CVE-2021-26574
+ RESERVED
+CVE-2021-26573
+ RESERVED
+CVE-2021-26572
+ RESERVED
+CVE-2021-26571
+ RESERVED
+CVE-2021-26570
+ RESERVED
+CVE-2021-26569
+ RESERVED
+CVE-2021-26568
+ RESERVED
+CVE-2021-26567
+ RESERVED
+CVE-2021-26566
+ RESERVED
+CVE-2021-26565
+ RESERVED
+CVE-2021-26564
+ RESERVED
+CVE-2021-26563
+ RESERVED
+CVE-2021-26562
+ RESERVED
+CVE-2021-26561
+ RESERVED
+CVE-2021-26560
+ RESERVED
+CVE-2021-26559
+ RESERVED
+CVE-2021-26558
+ RESERVED
+CVE-2019-25018 (In the rcp client in MIT krb5-appl through 1.0.3, malicious servers co ...)
+ TODO: check
+CVE-2019-25017 (An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to ...)
+ TODO: check
CVE-2021-3391
RESERVED
CVE-2021-3390
@@ -1566,8 +1658,8 @@ CVE-2021-25914
RESERVED
CVE-2021-25913
RESERVED
-CVE-2021-25912
- RESERVED
+CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0. ...)
+ TODO: check
CVE-2018-25003
RESERVED
CVE-2021-25911
@@ -3134,8 +3226,8 @@ CVE-2021-25311 (condor_credd in HTCondor before 8.9.11 allows Directory Traversa
- condor <undetermined>
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html
TODO: check details, according to advisory, only affects versions starting at 8.9.7 but details are not clear
-CVE-2021-25310
- RESERVED
+CVE-2021-25310 (** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Be ...)
+ TODO: check
CVE-2021-25309
RESERVED
CVE-2021-25308
@@ -5954,7 +6046,7 @@ CVE-2021-23965
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965
CVE-2021-23964
RESERVED
- {DSA-4842-1 DSA-4840-1 DLA-2539-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -5975,7 +6067,7 @@ CVE-2021-23961
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961
CVE-2021-23960
RESERVED
- {DSA-4842-1 DSA-4840-1 DLA-2539-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -6004,7 +6096,7 @@ CVE-2021-23955
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955
CVE-2021-23954
RESERVED
- {DSA-4842-1 DSA-4840-1 DLA-2539-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -6013,7 +6105,7 @@ CVE-2021-23954
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23954
CVE-2021-23953
RESERVED
- {DSA-4842-1 DSA-4840-1 DLA-2539-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -7457,8 +7549,8 @@ CVE-2021-23273
RESERVED
CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...)
NOT-FOR-US: TIBCO
-CVE-2021-23271
- RESERVED
+CVE-2021-23271 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX ...)
+ TODO: check
CVE-2021-3113 (Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers ...)
NOT-FOR-US: Netsia SEBA+
CVE-2021-23270
@@ -12809,22 +12901,22 @@ CVE-2021-21293
RESERVED
CVE-2021-21292
RESERVED
-CVE-2021-21291
- RESERVED
+CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...)
+ TODO: check
CVE-2021-21290
RESERVED
-CVE-2021-21289
- RESERVED
+CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated web inte ...)
+ TODO: check
CVE-2021-21288
RESERVED
CVE-2021-21287 (MinIO is a High Performance Object Storage released under Apache Licen ...)
- minio <itp> (bug #859207)
CVE-2021-21286 (AVideo Platform is an open-source Audio and Video platform. It is simi ...)
NOT-FOR-US: AVideo Platform
-CVE-2021-21285
- RESERVED
-CVE-2021-21284
- RESERVED
+CVE-2021-21285 (In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...)
+ TODO: check
+CVE-2021-21284 (In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...)
+ TODO: check
CVE-2021-21283 (Flarum is an open source discussion platform for websites. The "Flarum ...)
NOT-FOR-US: Flarum
CVE-2021-21282
@@ -15262,8 +15354,7 @@ CVE-2021-20201
RESERVED
CVE-2021-20200
RESERVED
-CVE-2021-20199
- RESERVED
+CVE-2021-20199 (Rootless containers run with Podman, receive all traffic with a source ...)
- libpod <unfixed>
NOTE: https://github.com/containers/podman/issues/5138
NOTE: https://github.com/containers/podman/pull/9052
@@ -22361,16 +22452,16 @@ CVE-2020-28500
RESERVED
CVE-2020-28499
RESERVED
-CVE-2020-28498
- RESERVED
+CVE-2020-28498 (All versions of package elliptic are vulnerable to Cryptographic Issue ...)
+ TODO: check
CVE-2020-28497
RESERVED
CVE-2020-28496
RESERVED
-CVE-2020-28495
- RESERVED
-CVE-2020-28494
- RESERVED
+CVE-2020-28495 (This affects the package total.js before 3.4.7. The set function can b ...)
+ TODO: check
+CVE-2020-28494 (This affects the package total.js before 3.4.7. The issue occurs in th ...)
+ TODO: check
CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDO ...)
TODO: check
CVE-2020-28492
@@ -22381,8 +22472,8 @@ CVE-2020-28490
RESERVED
CVE-2020-28489
RESERVED
-CVE-2020-28488 (This affects all versions of package jquery-ui; all versions of packag ...)
- TODO: check
+CVE-2020-28488
+ REJECTED
CVE-2020-28487 (This affects the package vis-timeline before 7.4.4. An attacker with t ...)
TODO: check
CVE-2020-28486
@@ -28030,7 +28121,7 @@ CVE-2020-26977 (By attempting to connect a website using an unresponsive port, a
- firefox <not-affected> (Android specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26977
CVE-2020-26976 (When a HTTPS pages was embedded in a HTTP page, and there was a servic ...)
- {DSA-4842-1 DSA-4840-1 DLA-2539-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
- firefox 84.0-1
- firefox-esr 78.7.0esr-1
- thunderbird 1:78.7.0-1
@@ -31096,32 +31187,39 @@ CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 21
CVE-2020-25688 (A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two ...)
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM)
CVE-2020-25687 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
CVE-2020-25686 (A flaw was found in dnsmasq before version 2.83. When receiving a quer ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=15b60ddf935a531269bb8c68198de012a4967156
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=6a6e06fbb0d4690507ceaf2bb6f0d8910f3d4914
CVE-2020-25685 (A flaw was found in dnsmasq before version 2.83. When getting a reply ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2d765867c597db18be9d876c9c17e2c0fe1953cd
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2024f9729713fd657d65e64c2e4e471baa0a3e5b
CVE-2020-25684 (A flaw was found in dnsmasq before version 2.83. When getting a reply ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=257ac0c5f7732cbc6aa96fdd3b06602234593aca
CVE-2020-25683 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
CVE-2020-25682 (A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerabili ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
CVE-2020-25681 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
@@ -31667,8 +31765,8 @@ CVE-2020-25508
RESERVED
CVE-2020-25507 (An incorrect permission assignment during the installation script of T ...)
NOT-FOR-US: No Magic TeamworkCloud
-CVE-2020-25506
- RESERVED
+CVE-2020-25506 (D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injectio ...)
+ TODO: check
CVE-2020-25505
RESERVED
CVE-2020-25504
@@ -45868,8 +45966,8 @@ CVE-2020-18570
RESERVED
CVE-2020-18569
RESERVED
-CVE-2020-18568
- RESERVED
+CVE-2020-18568 (The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a ...)
+ TODO: check
CVE-2020-18567
RESERVED
CVE-2020-18566
@@ -51190,7 +51288,7 @@ CVE-2020-16045 (Use after Free in Payments in Google Chrome on Android prior to
TODO: check
CVE-2020-16044
RESERVED
- {DSA-4842-1 DSA-4827-1 DLA-2521-1}
+ {DSA-4842-1 DSA-4827-1 DLA-2541-1 DLA-2521-1}
- firefox 84.0.2-1
- firefox-esr 78.6.1esr-1
- thunderbird 1:78.6.1-1
@@ -52279,7 +52377,7 @@ CVE-2020-15686
RESERVED
CVE-2020-15685
RESERVED
- {DSA-4842-1}
+ {DSA-4842-1 DLA-2541-1}
- thunderbird 1:78.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685
CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefox 81. ...)
@@ -53827,8 +53925,8 @@ CVE-2020-15099 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20
NOT-FOR-US: TYPO3
CVE-2020-15098 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...)
NOT-FOR-US: TYPO3
-CVE-2020-15097
- RESERVED
+CVE-2020-15097 (loklak is an open-source server application which is able to collect m ...)
+ TODO: check
CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...)
- electron <itp> (bug #842420)
CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...)
@@ -73615,8 +73713,8 @@ CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bit
NOT-FOR-US: Bitdefender Antivirus Free
CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser compone ...)
NOT-FOR-US: Safepay
-CVE-2020-8101
- RESERVED
+CVE-2020-8101 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as ...)
NOT-FOR-US: Bitdefender
CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...)
@@ -74522,8 +74620,8 @@ CVE-2020-7777 (This affects all versions of package jsen. If an attacker can con
NOT-FOR-US: Node jsen
CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The libr ...)
NOT-FOR-US: phpoffice/phpspreadsheet
-CVE-2020-7775
- RESERVED
+CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerability ...)
+ TODO: check
CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...)
- node-y18n 4.0.0-3 (bug #976390)
[buster] - node-y18n <no-dsa> (Minor issue)
@@ -82012,8 +82110,8 @@ CVE-2020-4936
RESERVED
CVE-2020-4935
RESERVED
-CVE-2020-4934
- RESERVED
+CVE-2020-4934 (IBM Content Navigator 3.0.CD could allow a remote attacker to traverse ...)
+ TODO: check
CVE-2020-4933
RESERVED
CVE-2020-4932
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b58f1e37edb4f56dafa83a5a4460aba697cbb4c2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b58f1e37edb4f56dafa83a5a4460aba697cbb4c2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210202/a8ae2f55/attachment.html>
More information about the debian-security-tracker-commits
mailing list