[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 10 08:10:29 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e39fc61e by security tracker role at 2021-02-10T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,341 @@
+CVE-2021-3407
+ RESERVED
+CVE-2021-3406
+ RESERVED
+CVE-2021-3405
+ RESERVED
+CVE-2021-27104
+ RESERVED
+CVE-2021-27103
+ RESERVED
+CVE-2021-27102
+ RESERVED
+CVE-2021-27101
+ RESERVED
+CVE-2021-27100
+ RESERVED
+CVE-2021-27099
+ RESERVED
+CVE-2021-27098
+ RESERVED
+CVE-2021-27097
+ RESERVED
+CVE-2021-27096
+ RESERVED
+CVE-2021-27095
+ RESERVED
+CVE-2021-27094
+ RESERVED
+CVE-2021-27093
+ RESERVED
+CVE-2021-27092
+ RESERVED
+CVE-2021-27091
+ RESERVED
+CVE-2021-27090
+ RESERVED
+CVE-2021-27089
+ RESERVED
+CVE-2021-27088
+ RESERVED
+CVE-2021-27087
+ RESERVED
+CVE-2021-27086
+ RESERVED
+CVE-2021-27085
+ RESERVED
+CVE-2021-27084
+ RESERVED
+CVE-2021-27083
+ RESERVED
+CVE-2021-27082
+ RESERVED
+CVE-2021-27081
+ RESERVED
+CVE-2021-27080
+ RESERVED
+CVE-2021-27079
+ RESERVED
+CVE-2021-27078
+ RESERVED
+CVE-2021-27077
+ RESERVED
+CVE-2021-27076
+ RESERVED
+CVE-2021-27075
+ RESERVED
+CVE-2021-27074
+ RESERVED
+CVE-2021-27073
+ RESERVED
+CVE-2021-27072
+ RESERVED
+CVE-2021-27071
+ RESERVED
+CVE-2021-27070
+ RESERVED
+CVE-2021-27069
+ RESERVED
+CVE-2021-27068
+ RESERVED
+CVE-2021-27067
+ RESERVED
+CVE-2021-27066
+ RESERVED
+CVE-2021-27065
+ RESERVED
+CVE-2021-27064
+ RESERVED
+CVE-2021-27063
+ RESERVED
+CVE-2021-27062
+ RESERVED
+CVE-2021-27061
+ RESERVED
+CVE-2021-27060
+ RESERVED
+CVE-2021-27059
+ RESERVED
+CVE-2021-27058
+ RESERVED
+CVE-2021-27057
+ RESERVED
+CVE-2021-27056
+ RESERVED
+CVE-2021-27055
+ RESERVED
+CVE-2021-27054
+ RESERVED
+CVE-2021-27053
+ RESERVED
+CVE-2021-27052
+ RESERVED
+CVE-2021-27051
+ RESERVED
+CVE-2021-27050
+ RESERVED
+CVE-2021-27049
+ RESERVED
+CVE-2021-27048
+ RESERVED
+CVE-2021-27047
+ RESERVED
+CVE-2021-27046
+ RESERVED
+CVE-2021-27045
+ RESERVED
+CVE-2021-27044
+ RESERVED
+CVE-2021-27043
+ RESERVED
+CVE-2021-27042
+ RESERVED
+CVE-2021-27041
+ RESERVED
+CVE-2021-27040
+ RESERVED
+CVE-2021-27039
+ RESERVED
+CVE-2021-27038
+ RESERVED
+CVE-2021-27037
+ RESERVED
+CVE-2021-27036
+ RESERVED
+CVE-2021-27035
+ RESERVED
+CVE-2021-27034
+ RESERVED
+CVE-2021-27033
+ RESERVED
+CVE-2021-27032
+ RESERVED
+CVE-2021-27031
+ RESERVED
+CVE-2021-27030
+ RESERVED
+CVE-2021-27029
+ RESERVED
+CVE-2021-27028
+ RESERVED
+CVE-2021-27027
+ RESERVED
+CVE-2021-27026
+ RESERVED
+CVE-2021-27025
+ RESERVED
+CVE-2021-27024
+ RESERVED
+CVE-2021-27023
+ RESERVED
+CVE-2021-27022
+ RESERVED
+CVE-2021-27021
+ RESERVED
+CVE-2021-27020
+ RESERVED
+CVE-2021-27019
+ RESERVED
+CVE-2021-27018
+ RESERVED
+CVE-2021-27017
+ RESERVED
+CVE-2021-27016
+ RESERVED
+CVE-2021-27015
+ RESERVED
+CVE-2021-27014
+ RESERVED
+CVE-2021-27013
+ RESERVED
+CVE-2021-27012
+ RESERVED
+CVE-2021-27011
+ RESERVED
+CVE-2021-27010
+ RESERVED
+CVE-2021-27009
+ RESERVED
+CVE-2021-27008
+ RESERVED
+CVE-2021-27007
+ RESERVED
+CVE-2021-27006
+ RESERVED
+CVE-2021-27005
+ RESERVED
+CVE-2021-27004
+ RESERVED
+CVE-2021-27003
+ RESERVED
+CVE-2021-27002
+ RESERVED
+CVE-2021-27001
+ RESERVED
+CVE-2021-27000
+ RESERVED
+CVE-2021-26999
+ RESERVED
+CVE-2021-26998
+ RESERVED
+CVE-2021-26997
+ RESERVED
+CVE-2021-26996
+ RESERVED
+CVE-2021-26995
+ RESERVED
+CVE-2021-26994
+ RESERVED
+CVE-2021-26993
+ RESERVED
+CVE-2021-26992
+ RESERVED
+CVE-2021-26991
+ RESERVED
+CVE-2021-26990
+ RESERVED
+CVE-2021-26989
+ RESERVED
+CVE-2021-26988
+ RESERVED
+CVE-2021-26987
+ RESERVED
+CVE-2021-26986
+ RESERVED
+CVE-2021-26985
+ RESERVED
+CVE-2021-26984
+ RESERVED
+CVE-2021-26983
+ RESERVED
+CVE-2021-26982
+ RESERVED
+CVE-2021-26981
+ RESERVED
+CVE-2021-26980
+ RESERVED
+CVE-2021-26979
+ RESERVED
+CVE-2021-26978
+ RESERVED
+CVE-2021-26977
+ RESERVED
+CVE-2021-26976
+ RESERVED
+CVE-2021-26975
+ RESERVED
+CVE-2021-26974
+ RESERVED
+CVE-2021-26973
+ RESERVED
+CVE-2021-26972
+ RESERVED
+CVE-2021-26971
+ RESERVED
+CVE-2021-26970
+ RESERVED
+CVE-2021-26969
+ RESERVED
+CVE-2021-26968
+ RESERVED
+CVE-2021-26967
+ RESERVED
+CVE-2021-26966
+ RESERVED
+CVE-2021-26965
+ RESERVED
+CVE-2021-26964
+ RESERVED
+CVE-2021-26963
+ RESERVED
+CVE-2021-26962
+ RESERVED
+CVE-2021-26961
+ RESERVED
+CVE-2021-26960
+ RESERVED
+CVE-2021-26959 (An issue was discovered in the hyper crate before 0.13.10 and 0.14.x b ...)
+ TODO: check
+CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ TODO: check
+CVE-2021-26957 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ TODO: check
+CVE-2021-26956 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ TODO: check
+CVE-2021-26955 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ TODO: check
+CVE-2021-26954 (An issue was discovered in the qwutils crate before 0.3.1 for Rust. Wh ...)
+ TODO: check
+CVE-2021-26953 (An issue was discovered in the postscript crate before 0.14.0 for Rust ...)
+ TODO: check
+CVE-2021-26952 (An issue was discovered in the ms3d crate before 0.1.3 for Rust. It mi ...)
+ TODO: check
+CVE-2021-26951 (An issue was discovered in the calamine crate before 0.17.0 for Rust. ...)
+ TODO: check
+CVE-2021-26944
+ RESERVED
+CVE-2021-26943
+ RESERVED
+CVE-2021-26942
+ RESERVED
+CVE-2021-26941
+ RESERVED
+CVE-2021-26940
+ RESERVED
+CVE-2021-26939
+ RESERVED
+CVE-2021-26938
+ RESERVED
+CVE-2021-26937 (encoding.c in GNU Screen through 4.8.0 allows remote attackers to caus ...)
+ TODO: check
+CVE-2021-23219
+ RESERVED
+CVE-2021-23217
+ RESERVED
+CVE-2021-23201
+ RESERVED
+CVE-2020-36244 (The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.6 has ...)
+ TODO: check
CVE-2021-3404
RESERVED
CVE-2021-3403
@@ -68,7 +406,7 @@ CVE-2021-26906
RESERVED
CVE-2021-3402
RESERVED
-CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of requests f ...)
+CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...)
NOT-FOR-US: 1Password SCIM Bridge
CVE-2021-26904
RESERVED
@@ -175,6 +513,7 @@ CVE-2021-26854
CVE-2021-26853
RESERVED
CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended access re ...)
+ {DSA-4849-1}
- firejail 0.9.64.4-1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/08/5
NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
@@ -583,12 +922,12 @@ CVE-2021-3397
CVE-2021-3396
RESERVED
CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...)
- {DSA-4847-1}
+ {DSA-4847-1 DLA-2552-1}
- connman 1.36-2.1
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
CVE-2021-26675 (A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could ...)
- {DSA-4847-1}
+ {DSA-4847-1 DLA-2552-1}
- connman 1.36-2.1
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
CVE-2021-26674
@@ -864,8 +1203,8 @@ CVE-2021-26553
RESERVED
CVE-2021-26552
RESERVED
-CVE-2021-26551
- RESERVED
+CVE-2021-26551 (An issue was discovered in SmartFoxServer 2.17.0. An attacker can exec ...)
+ TODO: check
CVE-2021-26550 (An issue was discovered in SmartFoxServer 2.17.0. Cleartext password d ...)
TODO: check
CVE-2021-26549 (An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to ...)
@@ -12035,8 +12374,8 @@ CVE-2021-21504
RESERVED
CVE-2021-21503
RESERVED
-CVE-2021-21502
- RESERVED
+CVE-2021-21502 (Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of S ...)
+ TODO: check
CVE-2021-21501
RESERVED
CVE-2021-21500
@@ -12782,22 +13121,22 @@ CVE-2021-21481
RESERVED
CVE-2021-21480
RESERVED
-CVE-2021-21479
- RESERVED
-CVE-2021-21478
- RESERVED
-CVE-2021-21477
- RESERVED
-CVE-2021-21476
- RESERVED
-CVE-2021-21475
- RESERVED
-CVE-2021-21474
- RESERVED
+CVE-2021-21479 (In SCIMono before 0.0.19, it is possible for an attacker to inject and ...)
+ TODO: check
+CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious ...)
+ TODO: check
+CVE-2021-21477 (SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certa ...)
+ TODO: check
+CVE-2021-21476 (SAP UI5, versions - 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84. ...)
+ TODO: check
+CVE-2021-21475 (Under specific circumstances SAP Master Data Management, versions - 71 ...)
+ TODO: check
+CVE-2021-21474 (SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 d ...)
+ TODO: check
CVE-2021-21473
RESERVED
-CVE-2021-21472
- RESERVED
+CVE-2021-21472 (SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Manag ...)
+ TODO: check
CVE-2021-21471 (In CLA-Assistant, versions before 2.8.5, due to improper access contro ...)
NOT-FOR-US: CLA-Assistant
CVE-2021-21470 (SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in ...)
@@ -12852,8 +13191,8 @@ CVE-2021-21446 (SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 75
NOT-FOR-US: SAP
CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an ...)
NOT-FOR-US: SAP
-CVE-2021-21444
- RESERVED
+CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, allows mul ...)
+ TODO: check
CVE-2020-35856
RESERVED
CVE-2020-35855
@@ -17683,8 +18022,8 @@ CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-book
NOT-FOR-US: Ignite Realtime Openfire
CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct ...)
NOT-FOR-US: Typesetter CMS
-CVE-2020-35125
- RESERVED
+CVE-2020-35125 (A cross-site scripting (XSS) vulnerability in the forms component of M ...)
+ TODO: check
CVE-2020-35124 (A cross-site scripting (XSS) vulnerability in the assets component of ...)
NOT-FOR-US: Mautic
CVE-2020-35123 (In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 ...)
@@ -21421,10 +21760,10 @@ CVE-2020-28873
RESERVED
CVE-2020-28872
RESERVED
-CVE-2020-28871
- RESERVED
-CVE-2020-28870
- RESERVED
+CVE-2020-28871 (Remote code execution in Monitorr v1.7.6m in upload.php allows an unau ...)
+ TODO: check
+CVE-2020-28870 (In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code o ...)
+ TODO: check
CVE-2020-28869
RESERVED
CVE-2020-28868
@@ -30904,18 +31243,18 @@ CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 cont
NOT-FOR-US: EMC
CVE-2020-26197
RESERVED
-CVE-2020-26196
- RESERVED
-CVE-2020-26195
- RESERVED
-CVE-2020-26194
- RESERVED
-CVE-2020-26193
- RESERVED
-CVE-2020-26192
- RESERVED
-CVE-2020-26191
- RESERVED
+CVE-2020-26196 (Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restor ...)
+ TODO: check
+CVE-2020-26195 (Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issu ...)
+ TODO: check
+CVE-2020-26194 (Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrec ...)
+ TODO: check
+CVE-2020-26193 (Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper i ...)
+ TODO: check
+CVE-2020-26192 (Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege e ...)
+ TODO: check
+CVE-2020-26191 (Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege e ...)
+ TODO: check
CVE-2020-26190
RESERVED
CVE-2020-26189
@@ -38344,8 +38683,8 @@ CVE-2020-22841 (Stored XSS in b2evolution CMS version 6.11.6 and prior allows an
TODO: check
CVE-2020-22840 (Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 ...)
TODO: check
-CVE-2020-22839
- RESERVED
+CVE-2020-22839 (Reflected cross-site scripting vulnerability (XSS) in the evoadm.php f ...)
+ TODO: check
CVE-2020-22838
RESERVED
CVE-2020-22837
@@ -57067,8 +57406,7 @@ CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found
NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d
NOTE: Original patchset introduces regression: https://bugs.debian.org/966691 and https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116
NOTE: Follow-up for regression: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b
-CVE-2020-14343 [.load() and FullLoader still vulnerable to fairly trivial RCE]
- RESERVED
+CVE-2020-14343 (A vulnerability was discovered in the PyYAML library in versions befor ...)
- pyyaml <unfixed> (bug #966233)
[buster] - pyyaml <not-affected> (Vulnerable code not present)
[stretch] - pyyaml <not-affected> (Vulnerable code not present)
@@ -73410,7 +73748,7 @@ CVE-2020-8610
CVE-2020-8609
RESERVED
CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...)
- {DSA-4733-1 DLA-2288-1 DLA-2144-1 DLA-2142-1}
+ {DSA-4733-1 DLA-2551-1 DLA-2288-1 DLA-2144-1 DLA-2142-1}
- libslirp 4.2.0-1
- qemu 1:4.1-2
- qemu-kvm <removed>
@@ -77364,7 +77702,7 @@ CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/stor
NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3
NOTE: SuSE provided patch: https://www.openwall.com/lists/oss-security/2020/01/20/3/1
CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...)
- {DSA-4616-1 DLA-2090-1 DLA-2076-1}
+ {DSA-4616-1 DLA-2551-1 DLA-2090-1 DLA-2076-1}
- libslirp 4.1.0-2 (bug #949084)
- qemu 1:4.1-2
- qemu-kvm <removed>
@@ -138120,10 +138458,12 @@ CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investin
CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech ...)
NOT-FOR-US: Investintech
CVE-2019-5087 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
+ {DLA-2553-1}
- xcftools <unfixed> (bug #945317)
NOTE: https://github.com/j-jorge/xcftools/issues/13
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879
CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
+ {DLA-2553-1}
- xcftools <unfixed> (bug #945317)
NOTE: https://github.com/j-jorge/xcftools/issues/12
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39fc61ed04d8dd36169be31ae6f74bd54d4d8e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39fc61ed04d8dd36169be31ae6f74bd54d4d8e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210210/f72b3144/attachment.html>
More information about the debian-security-tracker-commits
mailing list