[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 16 20:10:34 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8006e3a2 by security tracker role at 2021-02-16T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,89 @@
-CVE-2021-27238
+CVE-2021-27279
+ RESERVED
+CVE-2021-27278
+ RESERVED
+CVE-2021-27277
+ RESERVED
+CVE-2021-27276
+ RESERVED
+CVE-2021-27275
+ RESERVED
+CVE-2021-27274
+ RESERVED
+CVE-2021-27273
+ RESERVED
+CVE-2021-27272
+ RESERVED
+CVE-2021-27271
+ RESERVED
+CVE-2021-27270
+ RESERVED
+CVE-2021-27269
+ RESERVED
+CVE-2021-27268
+ RESERVED
+CVE-2021-27267
+ RESERVED
+CVE-2021-27266
+ RESERVED
+CVE-2021-27265
+ RESERVED
+CVE-2021-27264
+ RESERVED
+CVE-2021-27263
+ RESERVED
+CVE-2021-27262
+ RESERVED
+CVE-2021-27261
+ RESERVED
+CVE-2021-27260
+ RESERVED
+CVE-2021-27259
+ RESERVED
+CVE-2021-27258
+ RESERVED
+CVE-2021-27257
+ RESERVED
+CVE-2021-27256
+ RESERVED
+CVE-2021-27255
RESERVED
-CVE-2021-27237
+CVE-2021-27254
RESERVED
+CVE-2021-27253
+ RESERVED
+CVE-2021-27252
+ RESERVED
+CVE-2021-27251
+ RESERVED
+CVE-2021-27250
+ RESERVED
+CVE-2021-27249
+ RESERVED
+CVE-2021-27248
+ RESERVED
+CVE-2021-27247
+ RESERVED
+CVE-2021-27246
+ RESERVED
+CVE-2021-27245
+ RESERVED
+CVE-2021-27244
+ RESERVED
+CVE-2021-27243
+ RESERVED
+CVE-2021-27242
+ RESERVED
+CVE-2021-27241
+ RESERVED
+CVE-2021-27240
+ RESERVED
+CVE-2021-27239
+ RESERVED
+CVE-2021-27238
+ RESERVED
+CVE-2021-27237 (The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) ...)
+ TODO: check
CVE-2021-27236 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfil ...)
NOT-FOR-US: Mutare Voice (EVM)
CVE-2021-27235 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...)
@@ -10,8 +92,8 @@ CVE-2021-27234 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8.
NOT-FOR-US: Mutare Voice (EVM)
CVE-2021-27233 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...)
NOT-FOR-US: Mutare Voice (EVM)
-CVE-2021-27232
- RESERVED
+CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.1 ...)
+ TODO: check
CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting environment, s ...)
NOT-FOR-US: Hestia Control Panel
CVE-2021-27230
@@ -3929,8 +4011,8 @@ CVE-2021-25650
RESERVED
CVE-2021-25649
RESERVED
-CVE-2021-25648
- RESERVED
+CVE-2021-25648 (Mobile application "Testes de Codigo" 11.4 and prior allows an attacke ...)
+ TODO: check
CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...)
NOT-FOR-US: Mobile application "Testes de Codigo"
CVE-2021-25646 (Apache Druid includes the ability to execute user-provided JavaScript ...)
@@ -7831,20 +7913,17 @@ CVE-2021-23843
RESERVED
CVE-2021-23842
RESERVED
-CVE-2021-23841 [Null pointer deref in X509_issuer_and_serial_hash()]
- RESERVED
+CVE-2021-23841 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...)
- openssl <unfixed>
- openssl1.0 <removed>
NOTE: https://www.openssl.org/news/secadv/20210216.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf (OpenSSL_1_1_1j)
-CVE-2021-23840 [Integer overflow in CipherUpdate]
- RESERVED
+CVE-2021-23840 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...)
- openssl <unfixed>
- openssl1.0 <removed>
NOTE: https://www.openssl.org/news/secadv/20210216.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 (OpenSSL_1_1_1j)
-CVE-2021-23839 [Incorrect SSLv2 rollback protection]
- RESERVED
+CVE-2021-23839 (OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 ...)
- openssl 1.0.0d-1
- openssl1.0 <not-affected> (SSL2 disabled before openssl1.0 was uploaded)
NOTE: https://www.openssl.org/news/secadv/20210216.txt
@@ -14376,12 +14455,12 @@ CVE-2021-21319
RESERVED
CVE-2021-21318
RESERVED
-CVE-2021-21317
- RESERVED
-CVE-2021-21316
- RESERVED
-CVE-2021-21315
- RESERVED
+CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...)
+ TODO: check
+CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 themes w ...)
+ TODO: check
+CVE-2021-21315 (The System Information Library for Node.JS (npm package "systeminforma ...)
+ TODO: check
CVE-2021-21314
RESERVED
CVE-2021-21313
@@ -15252,34 +15331,34 @@ CVE-2020-35573 (srs2.c in PostSRSd before 1.10 allows remote attackers to cause
- postsrsd 1.10-1
[buster] - postsrsd 1.5-2+deb10u1
NOTE: https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac (1.10)
-CVE-2020-35570
- RESERVED
-CVE-2020-35569
- RESERVED
-CVE-2020-35568
- RESERVED
-CVE-2020-35567
- RESERVED
-CVE-2020-35566
- RESERVED
-CVE-2020-35565
- RESERVED
-CVE-2020-35564
- RESERVED
-CVE-2020-35563
- RESERVED
+CVE-2020-35570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
+CVE-2020-35569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
+CVE-2020-35568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
+CVE-2020-35567 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
+CVE-2020-35566 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
+CVE-2020-35565 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
+CVE-2020-35564 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
+CVE-2020-35563 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
CVE-2020-35562
RESERVED
-CVE-2020-35561
- RESERVED
-CVE-2020-35560
- RESERVED
-CVE-2020-35559
- RESERVED
-CVE-2020-35558
- RESERVED
-CVE-2020-35557
- RESERVED
+CVE-2020-35561 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
+CVE-2020-35560 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
+CVE-2020-35559 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
+CVE-2020-35558 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
+CVE-2020-35557 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ TODO: check
CVE-2020-35556
RESERVED
CVE-2020-35555 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
@@ -15334,10 +15413,10 @@ CVE-2021-20989
RESERVED
CVE-2021-20988
RESERVED
-CVE-2021-20987
- RESERVED
-CVE-2021-20986
- RESERVED
+CVE-2021-20987 (A denial of service and memory corruption vulnerability was found in H ...)
+ TODO: check
+CVE-2021-20986 (A Denial of Service vulnerability was found in Hilscher PROFINET IO De ...)
+ TODO: check
CVE-2021-20985
RESERVED
CVE-2021-20984
@@ -16922,6 +17001,7 @@ CVE-2021-20222
RESERVED
CVE-2021-20221 [GIC: out-of-bound heap buffer access via an interrupt ID field]
RESERVED
+ {DLA-2560-1}
- qemu 1:5.2+dfsg-4
NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a
@@ -17110,6 +17190,7 @@ CVE-2021-20182
NOT-FOR-US: OpenShift
CVE-2021-20181 [9pfs: Fully restart unreclaim loop]
RESERVED
+ {DLA-2560-1}
- qemu 1:5.2+dfsg-4
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305
CVE-2021-20180
@@ -20909,6 +20990,7 @@ CVE-2020-29445
CVE-2020-29444
RESERVED
CVE-2020-29443 (ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of- ...)
+ {DLA-2560-1}
- qemu <unfixed>
[buster] - qemu <postponed> (Fix along in future DSA)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04255.html
@@ -21597,6 +21679,7 @@ CVE-2020-29132
CVE-2020-29131
RESERVED
CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because it tr ...)
+ {DLA-2560-1}
- libslirp 4.4.0-1
- qemu 1:4.1-2
[buster] - qemu <postponed> (Fix along in future DSA)
@@ -21822,18 +21905,18 @@ CVE-2020-29029
RESERVED
CVE-2020-29028
RESERVED
-CVE-2020-29027
- RESERVED
+CVE-2020-29027 (Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager ...)
+ TODO: check
CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...)
NOT-FOR-US: GateManager
-CVE-2020-29025
- RESERVED
-CVE-2020-29024
- RESERVED
-CVE-2020-29023
- RESERVED
-CVE-2020-29022
- RESERVED
+CVE-2020-29025 (A vulnerability in SiteManager-Embedded (SM-E) Web server which may al ...)
+ TODO: check
+CVE-2020-29024 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerabi ...)
+ TODO: check
+CVE-2020-29023 (Improper Encoding or Escaping of Output from CSV Report Generator of S ...)
+ TODO: check
+CVE-2020-29022 (Failure to Sanitize host header value on output in the GateManager Web ...)
+ TODO: check
CVE-2020-29021 (A vulnerability in web UI input field of GateManager allows authentica ...)
NOT-FOR-US: GateManager
CVE-2020-29020
@@ -22125,6 +22208,7 @@ CVE-2020-28918
CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...)
NOT-FOR-US: TYPO3 extension
CVE-2020-28916 (hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX desc ...)
+ {DLA-2560-1}
- qemu 1:5.2+dfsg-1 (bug #976388; bug #974687)
[buster] - qemu <postponed> (Fix along in future DSA)
NOTE: https://www.openwall.com/lists/oss-security/2020/12/01/2
@@ -33844,8 +33928,8 @@ CVE-2020-25342
RESERVED
CVE-2020-25341
RESERVED
-CVE-2020-25340
- RESERVED
+CVE-2020-25340 (An issue was discovered in NFStream 5.2.0. Because some allocated modu ...)
+ TODO: check
CVE-2020-25339
RESERVED
CVE-2020-25338
@@ -34462,6 +34546,7 @@ CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_con
NOTE: fix and relates to the CVE-2020-17380 assignment.
NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 (v5.2.0-rc0)
CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_p ...)
+ {DLA-2560-1}
- qemu 1:5.2+dfsg-1 (bug #970539)
[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html
@@ -35003,8 +35088,8 @@ CVE-2020-24843
RESERVED
CVE-2020-24842 (PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can e ...)
NOT-FOR-US: PNPSCADA
-CVE-2020-24841
- RESERVED
+CVE-2020-24841 (PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in ...)
+ TODO: check
CVE-2020-24840
RESERVED
CVE-2020-24839
@@ -53672,6 +53757,7 @@ CVE-2020-15861 (Net-SNMP through 5.7.3 allows Escalation of Privileges because o
CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic ...)
NOT-FOR-US: Parallels
CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...)
+ {DLA-2560-1}
- qemu 1:5.2+dfsg-1 (bug #965978)
[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
NOTE: Proposed patch: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
@@ -54785,6 +54871,7 @@ CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a
CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...)
NOT-FOR-US: ffjpeg
CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...)
+ {DLA-2560-1}
- qemu <unfixed> (low; bug #970253)
[buster] - qemu <postponed> (Minor issue, fix along in next DSA)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1
@@ -69577,7 +69664,7 @@ CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython im
NOT-FOR-US: psd-tools
CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is ...)
NOT-FOR-US: Telegram for Android
-CVE-2020-10569 (SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, w ...)
+CVE-2020-10569 (** DISPUTED ** SysAid On-Premise 20.1.11, by default, allows the AJP p ...)
NOT-FOR-US: SysAid On-Premise
CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...)
NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8006e3a2d07f265a22cc539b5e1b23cecce372e6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8006e3a2d07f265a22cc539b5e1b23cecce372e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210216/193cb3c7/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list