[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 11 20:10:41 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f54fbe24 by security tracker role at 2021-02-11T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-27195
+ RESERVED
+CVE-2021-27194
+ RESERVED
+CVE-2021-27193
+ RESERVED
+CVE-2021-27192
+ RESERVED
+CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable to den ...)
+ TODO: check
CVE-2021-3408
RESERVED
CVE-2021-27190
@@ -500,7 +510,7 @@ CVE-2021-26941
RESERVED
CVE-2021-26940
RESERVED
-CVE-2021-26939 (An information disclosure issue exists in henriquedornas 5.2.17 becaus ...)
+CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriquedorna ...)
NOT-FOR-US: henriquedornas
CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online live cha ...)
NOT-FOR-US: henriquedornas
@@ -750,8 +760,7 @@ CVE-2020-36242 (In the cryptography package before 3.3.2 for Python, certain seq
- python-cryptography 3.3.2-1
[buster] - python-cryptography <no-dsa> (Minor issue)
NOTE: https://github.com/pyca/cryptography/issues/5615
-CVE-2021-21299 [hyper: Multiple Transfer-Encoding headers misinterprets request payload]
- RESERVED
+CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In hyper fr ...)
- rust-hyper <unfixed>
NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html
@@ -3674,12 +3683,12 @@ CVE-2021-25692
RESERVED
CVE-2021-25691
RESERVED
-CVE-2021-25690
- RESERVED
-CVE-2021-25689
- RESERVED
-CVE-2021-25688
- RESERVED
+CVE-2021-25690 (A null pointer dereference in Teradici PCoIP Soft Client versions prio ...)
+ TODO: check
+CVE-2021-25689 (An out of bounds write in Teradici PCoIP soft client versions prior to ...)
+ TODO: check
+CVE-2021-25688 (Under certain conditions, Teradici PCoIP Agents for Windows prior to v ...)
+ TODO: check
CVE-2021-25687
RESERVED
CVE-2021-25686
@@ -8736,10 +8745,10 @@ CVE-2021-23337
RESERVED
CVE-2021-23336
RESERVED
-CVE-2021-23335
- RESERVED
-CVE-2021-23334
- RESERVED
+CVE-2021-23335 (All versions of package is-user-valid are vulnerable to LDAP Injection ...)
+ TODO: check
+CVE-2021-23334 (All versions of package static-eval are vulnerable to Arbitrary Code E ...)
+ TODO: check
CVE-2021-23333
RESERVED
CVE-2021-23332
@@ -9620,10 +9629,10 @@ CVE-2021-22883
RESERVED
CVE-2021-22882
RESERVED
-CVE-2021-22881
- RESERVED
-CVE-2021-22880
- RESERVED
+CVE-2021-22881 (The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ...)
+ TODO: check
+CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ...)
+ TODO: check
CVE-2021-22879
RESERVED
CVE-2021-22878
@@ -10220,20 +10229,20 @@ CVE-2021-22660
RESERVED
CVE-2021-22659
RESERVED
-CVE-2021-22658
- RESERVED
+CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
+ TODO: check
CVE-2021-22657
RESERVED
-CVE-2021-22656
- RESERVED
+CVE-2021-22656 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to direc ...)
+ TODO: check
CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...)
NOT-FOR-US: Fuji Electric
-CVE-2021-22654
- RESERVED
+CVE-2021-22654 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
+ TODO: check
CVE-2021-22653 (Multiple out-of-bounds write issues have been identified in the way th ...)
NOT-FOR-US: Fuji Electric
-CVE-2021-22652
- RESERVED
+CVE-2021-22652 (Access to the Advantech iView versions prior to v5.7.03.6112 configura ...)
+ TODO: check
CVE-2021-22651
RESERVED
CVE-2021-22650
@@ -14216,8 +14225,8 @@ CVE-2021-21309
RESERVED
CVE-2021-21308
RESERVED
-CVE-2021-21307
- RESERVED
+CVE-2021-21307 (Lucee Server is a dynamic, Java based (JSR-223), tag and scripting lan ...)
+ TODO: check
CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm package "ma ...)
- node-marked <unfixed>
NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
@@ -14233,8 +14242,8 @@ CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernete
- helm-kubernetes <itp> (bug #910799)
CVE-2021-21302
RESERVED
-CVE-2021-21301
- RESERVED
+CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...)
+ TODO: check
CVE-2021-21300
RESERVED
CVE-2021-21298
@@ -14254,6 +14263,7 @@ CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar before
CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...)
NOT-FOR-US: OAuth2 Proxy
CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network application ...)
+ {DLA-2555-1}
- netty <unfixed>
NOTE: https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
NOTE: https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec
@@ -16309,14 +16319,14 @@ CVE-2021-20407
RESERVED
CVE-2021-20406
RESERVED
-CVE-2021-20405
- RESERVED
-CVE-2021-20404
- RESERVED
-CVE-2021-20403
- RESERVED
-CVE-2021-20402
- RESERVED
+CVE-2021-20405 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
+ TODO: check
+CVE-2021-20404 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
+ TODO: check
+CVE-2021-20403 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to ...)
+ TODO: check
+CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...)
+ TODO: check
CVE-2021-20401
RESERVED
CVE-2021-20400
@@ -16449,8 +16459,8 @@ CVE-2021-20337
RESERVED
CVE-2021-20336
RESERVED
-CVE-2021-20335
- RESERVED
+CVE-2021-20335 (For MongoDB Ops Manager 4.2.X with multiple OM application servers, th ...)
+ TODO: check
CVE-2021-20334
RESERVED
CVE-2021-20333
@@ -16859,8 +16869,7 @@ CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML
NOTE: https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a
CVE-2021-20189
REJECTED
-CVE-2021-20188
- RESERVED
+CVE-2021-20188 (A flaw was found in podman before 1.7.0. File permissions for non-root ...)
- libpod <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915734
NOTE: https://github.com/containers/podman/commit/2c7b579fe7328dc6db48bdaf60d0ddd9136b1e24
@@ -17301,8 +17310,7 @@ CVE-2020-35499
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910048
NOTE: https://git.kernel.org/linus/f6b8c6b5543983e9de29dc14716bfa4eb3f157c4
-CVE-2020-35498 [Packet parsing vulnerability]
- RESERVED
+CVE-2020-35498 (A vulnerability was found in openvswitch. A limitation in the implemen ...)
- openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-5 (bug #982493)
NOTE: master: https://github.com/openvswitch/ovs/commit/79349cbab0b2a755140eedb91833ad2760520a83
NOTE: 2.15: https://github.com/openvswitch/ovs/commit/0625dc79aec73b966f206e55655a2816696246d0
@@ -33296,8 +33304,8 @@ CVE-2020-25495 (A reflected Cross-site scripting (XSS) vulnerability in Xinuo (f
NOT-FOR-US: Xinuo SCO Openserver
CVE-2020-25494 (Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute ...)
NOT-FOR-US: Xinuo SCO Openserver
-CVE-2020-25493
- RESERVED
+CVE-2020-25493 (Oclean Mobile Application 2.1.2 communicates with an external website ...)
+ TODO: check
CVE-2020-25492
RESERVED
CVE-2020-25491
@@ -60795,10 +60803,10 @@ CVE-2020-13188
REJECTED
CVE-2020-13187
REJECTED
-CVE-2020-13186
- RESERVED
-CVE-2020-13185
- RESERVED
+CVE-2020-13186 (An Anti CSRF mechanism was discovered missing in the Teradici Cloud Ac ...)
+ TODO: check
+CVE-2020-13185 (Certain web application pages in the authenticated section of the Tera ...)
+ TODO: check
CVE-2020-13184
RESERVED
CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management Console pr ...)
@@ -68770,8 +68778,8 @@ CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions
NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2)
CVE-2020-10735
RESERVED
-CVE-2020-10734
- RESERVED
+CVE-2020-10734 (A vulnerability was found in keycloak in the way that the OIDC logout ...)
+ TODO: check
CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ...)
- postgresql-12 <not-affected> (Windows-specific)
- postgresql-11 <not-affected> (Windows-specific)
@@ -75492,16 +75500,16 @@ CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Devic
NOT-FOR-US: Ruckus
CVE-2020-8032
RESERVED
-CVE-2020-8031
- RESERVED
-CVE-2020-8030
- RESERVED
-CVE-2020-8029
- RESERVED
+CVE-2020-8031 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
+ TODO: check
+CVE-2020-8030 (A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform ...)
+ TODO: check
+CVE-2020-8029 (A Incorrect Permission Assignment for Critical Resource vulnerability ...)
+ TODO: check
CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...)
NOT-FOR-US: Salt configuration in SUSE Server Manager
-CVE-2020-8027
- RESERVED
+CVE-2020-8027 (A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Ent ...)
+ TODO: check
CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
- inn2 <not-affected> (inews has correct ownership in Debian)
CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the permis ...)
@@ -84048,8 +84056,8 @@ CVE-2020-4770
RESERVED
CVE-2020-4769
RESERVED
-CVE-2020-4768
- RESERVED
+CVE-2020-4768 (IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0 ...)
+ TODO: check
CVE-2020-4767 (IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6 ...)
NOT-FOR-US: IBM
CVE-2020-4766 (IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cau ...)
@@ -92968,8 +92976,8 @@ CVE-2020-1719
- wildfly <itp> (bug #752018)
CVE-2020-1718 (A flaw was found in the reset credential flow in all Keycloak versions ...)
NOT-FOR-US: Keycloak
-CVE-2020-1717
- RESERVED
+CVE-2020-1717 (A flaw was found in Keycloak 7.0.1. A logged in user can do an account ...)
+ TODO: check
CVE-2020-1716
RESERVED
NOT-FOR-US: ceph-ansible
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f54fbe2437fbb87dd6416093850fa345a6777b71
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f54fbe2437fbb87dd6416093850fa345a6777b71
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210211/74786b7c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list