[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 12 20:10:29 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23c9d604 by security tracker role at 2021-02-12T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-3411
+ RESERVED
+CVE-2021-3410
+ RESERVED
+CVE-2021-27205 (Telegram before 7.4 (212543) Stable on macOS stores the local copy of ...)
+ TODO: check
+CVE-2021-27204 (Telegram before 7.4 (212543) Stable on macOS stores the local passcode ...)
+ TODO: check
+CVE-2021-27203
+ RESERVED
+CVE-2021-27202
+ RESERVED
CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in session file]
- spip 3.2.9-1
TODO: needs possibly CVE requests for individual issues
@@ -9,8 +21,8 @@ CVE-2021-27199
RESERVED
CVE-2021-27198
RESERVED
-CVE-2021-27197
- RESERVED
+CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...)
+ TODO: check
CVE-2021-27196
RESERVED
CVE-2021-27195
@@ -29,10 +41,10 @@ CVE-2021-27190 (PEEL Shopping cart 9.3.0 allows utilisateurs/change_params.php A
NOT-FOR-US: PEEL Shopping cart
CVE-2021-27189
RESERVED
-CVE-2021-27188
- RESERVED
-CVE-2021-27187
- RESERVED
+CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 al ...)
+ TODO: check
+CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 st ...)
+ TODO: check
CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...)
NOT-FOR-US: Fluent Bit
CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...)
@@ -493,7 +505,8 @@ CVE-2021-26961
RESERVED
CVE-2021-26960
RESERVED
-CVE-2021-26959 (An issue was discovered in the hyper crate before 0.13.10 and 0.14.x b ...)
+CVE-2021-26959
+ REJECTED
TODO: check, seems to be a duplicate of CVE-2021-21299, contacted MITRE
CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
- rust-xcb <unfixed>
@@ -2022,7 +2035,7 @@ CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through
- linux 5.10.13-1
NOTE: https://git.kernel.org/linus/b98e762e3d71e893b221f871825dc64694cfb258 (5.11-rc6)
CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI futexe ...)
- {DSA-4843-1}
+ {DSA-4843-1 DLA-2557-1}
- linux 5.10.12-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1
CVE-2021-3343
@@ -9442,32 +9455,32 @@ CVE-2021-22987
RESERVED
CVE-2021-22986
RESERVED
-CVE-2021-22985
- RESERVED
+CVE-2021-22985 (On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions ...)
+ TODO: check
CVE-2021-22984
RESERVED
-CVE-2021-22983
- RESERVED
-CVE-2021-22982
- RESERVED
-CVE-2021-22981
- RESERVED
-CVE-2021-22980
- RESERVED
-CVE-2021-22979
- RESERVED
+CVE-2021-22983 (On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, an ...)
+ TODO: check
+CVE-2021-22982 (On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions ...)
+ TODO: check
+CVE-2021-22981 (On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol ...)
+ TODO: check
+CVE-2021-22980 (In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, a ...)
+ TODO: check
+CVE-2021-22979 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...)
+ TODO: check
CVE-2021-22978
RESERVED
CVE-2021-22977
RESERVED
-CVE-2021-22976
- RESERVED
-CVE-2021-22975
- RESERVED
-CVE-2021-22974
- RESERVED
-CVE-2021-22973
- RESERVED
+CVE-2021-22976 (On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x ...)
+ TODO: check
+CVE-2021-22975 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and ...)
+ TODO: check
+CVE-2021-22974 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...)
+ TODO: check
+CVE-2021-22973 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...)
+ TODO: check
CVE-2021-22972
RESERVED
CVE-2021-22971
@@ -12633,7 +12646,7 @@ CVE-2021-21497
CVE-2021-21496
RESERVED
CVE-2020-36158 (mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifie ...)
- {DSA-4843-1}
+ {DSA-4843-1 DLA-2557-1}
- linux 5.10.5-1
NOTE: https://git.kernel.org/linus/5c455c5ab332773464d02ba17015acdca198f03d (5.11-rc1)
CVE-2020-36157 (An issue was discovered in the Ultimate Member plugin before 2.1.12 fo ...)
@@ -16340,20 +16353,20 @@ CVE-2021-20414
RESERVED
CVE-2021-20413
RESERVED
-CVE-2021-20412
- RESERVED
-CVE-2021-20411
- RESERVED
-CVE-2021-20410
- RESERVED
-CVE-2021-20409
- RESERVED
-CVE-2021-20408
- RESERVED
-CVE-2021-20407
- RESERVED
-CVE-2021-20406
- RESERVED
+CVE-2021-20412 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-co ...)
+ TODO: check
+CVE-2021-20411 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
+ TODO: check
+CVE-2021-20410 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user crede ...)
+ TODO: check
+CVE-2021-20409 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...)
+ TODO: check
+CVE-2021-20408 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose h ...)
+ TODO: check
+CVE-2021-20407 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensit ...)
+ TODO: check
+CVE-2021-20406 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than ...)
+ TODO: check
CVE-2021-20405 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
NOT-FOR-US: IBM
CVE-2021-20404 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
@@ -16946,7 +16959,7 @@ CVE-2021-20178 [user data leak in snmp_facts module]
NOTE: https://github.com/ansible-collections/community.general/pull/1621
CVE-2021-20177
RESERVED
- {DSA-4843-1}
+ {DSA-4843-1 DLA-2557-1}
- linux 5.5.13-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823
@@ -19420,12 +19433,12 @@ CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where r
CVE-2020-29662 (In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s ...)
NOT-FOR-US: Harbor
CVE-2020-29661 (A locking issue was discovered in the tty subsystem of the Linux kerne ...)
- {DSA-4843-1}
+ {DSA-4843-1 DLA-2557-1}
- linux 5.9.15-1
NOTE: https://git.kernel.org/linus/54ffccbf053b5b6ca4f6e45094b942fab92a25fc
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125
CVE-2020-29660 (A locking inconsistency issue was discovered in the tty subsystem of t ...)
- {DSA-4843-1}
+ {DSA-4843-1 DLA-2557-1}
- linux 5.9.15-1
NOTE: https://git.kernel.org/linus/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125
@@ -20177,11 +20190,11 @@ CVE-2020-29570 (An issue was discovered in Xen through 4.14.x. Recording of the
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-358.html
CVE-2020-29569 (An issue was discovered in the Linux kernel through 5.10.1, as used wi ...)
- {DSA-4843-1}
+ {DSA-4843-1 DLA-2557-1}
- linux 5.9.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-350.html
CVE-2020-29568 (An issue was discovered in Xen through 4.14.x. Some OSes (such as Linu ...)
- {DSA-4843-1}
+ {DSA-4843-1 DLA-2557-1}
- linux 5.9.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-349.html
CVE-2020-29567 (An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs t ...)
@@ -21876,6 +21889,7 @@ CVE-2020-28937 (OpenClinic version 0.8.2 is affected by a missing authentication
CVE-2020-28936
RESERVED
CVE-2020-28935 (NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs ...)
+ {DLA-2556-1}
- nsd 4.3.4-1
[buster] - nsd <no-dsa> (Minor issue)
[stretch] - nsd <no-dsa> (Minor issue)
@@ -24257,7 +24271,7 @@ CVE-2020-28376
CVE-2020-28375
RESERVED
CVE-2020-28374 (In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10. ...)
- {DSA-4843-1}
+ {DSA-4843-1 DLA-2557-1}
- linux 5.10.9-1
NOTE: https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12
@@ -27216,7 +27230,7 @@ CVE-2020-27831
NOT-FOR-US: Quay
CVE-2020-27830 [Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2]
RESERVED
- {DSA-4843-1}
+ {DSA-4843-1 DLA-2557-1}
- linux 5.9.15-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/1
@@ -27246,7 +27260,7 @@ CVE-2020-27826
RESERVED
NOT-FOR-US: Keycloak
CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux ...)
- {DSA-4843-1}
+ {DSA-4843-1 DLA-2557-1}
- linux 5.9.6-1
NOTE: https://git.kernel.org/linus/bbeb97464eefc65f506084fd9f18f21653e01137
CVE-2020-27824 [global-buffer-overflow read in lib-openjp2]
@@ -27289,7 +27303,7 @@ CVE-2020-27816 (The elasticsearch-operator does not validate the namespace where
NOT-FOR-US: OpenShift Elasticsearch operator
CVE-2020-27815
RESERVED
- {DSA-4843-1}
+ {DSA-4843-1 DLA-2557-1}
- linux 5.10.4-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/30/5
CVE-2020-27814 (A heap-buffer overflow was found in the way openjpeg2 handled certain ...)
@@ -34263,6 +34277,7 @@ CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in
CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2021-3409 [sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085]
+ RESERVED
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue ...)
@@ -62183,14 +62198,14 @@ CVE-2020-12665
CVE-2020-12664
RESERVED
CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...)
- {DSA-4694-1}
+ {DSA-4694-1 DLA-2556-1}
- unbound 1.10.1-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
[jessie] - unbound <end-of-life> (No longer supported)
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...)
- {DSA-4694-1}
+ {DSA-4694-1 DLA-2556-1}
- unbound 1.10.1-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
[jessie] - unbound <end-of-life> (No longer supported)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23c9d6040d4c39cea07b7976d61b2c2f6d22efde
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23c9d6040d4c39cea07b7976d61b2c2f6d22efde
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210212/376d8e5a/attachment.html>
More information about the debian-security-tracker-commits
mailing list