[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 17 08:10:32 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f1f8c390 by security tracker role at 2021-02-17T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2021-27360
+ RESERVED
+CVE-2021-27359
+ RESERVED
+CVE-2021-27358
+ RESERVED
+CVE-2021-27357
+ RESERVED
+CVE-2021-27356
+ RESERVED
+CVE-2021-27355
+ RESERVED
+CVE-2021-27354
+ RESERVED
+CVE-2021-27353
+ RESERVED
+CVE-2021-27352
+ RESERVED
+CVE-2021-27351
+ RESERVED
+CVE-2021-27350
+ RESERVED
+CVE-2021-27349
+ RESERVED
+CVE-2021-27348
+ RESERVED
+CVE-2021-27347
+ RESERVED
+CVE-2021-27346
+ RESERVED
+CVE-2021-27345
+ RESERVED
+CVE-2021-27344
+ RESERVED
+CVE-2021-27343
+ RESERVED
+CVE-2021-27342
+ RESERVED
+CVE-2021-27341
+ RESERVED
+CVE-2021-27340
+ RESERVED
+CVE-2021-27339
+ RESERVED
+CVE-2021-27338
+ RESERVED
+CVE-2021-27337
+ RESERVED
+CVE-2021-27336
+ RESERVED
+CVE-2021-27335
+ RESERVED
+CVE-2021-27334
+ RESERVED
+CVE-2021-27333
+ RESERVED
+CVE-2021-27332
+ RESERVED
+CVE-2021-27331
+ RESERVED
+CVE-2021-27330
+ RESERVED
+CVE-2021-27329
+ RESERVED
+CVE-2021-27328
+ RESERVED
+CVE-2021-27327
+ RESERVED
+CVE-2021-27326
+ RESERVED
+CVE-2021-27325
+ RESERVED
+CVE-2021-27324
+ RESERVED
+CVE-2021-27323
+ RESERVED
+CVE-2021-27322
+ RESERVED
+CVE-2021-27321
+ RESERVED
+CVE-2021-27320
+ RESERVED
+CVE-2021-27319
+ RESERVED
+CVE-2021-27318
+ RESERVED
+CVE-2021-27317
+ RESERVED
+CVE-2021-27316
+ RESERVED
+CVE-2021-27315
+ RESERVED
+CVE-2021-27314
+ RESERVED
+CVE-2021-27313
+ RESERVED
+CVE-2021-27312
+ RESERVED
+CVE-2021-27311
+ RESERVED
+CVE-2021-27310
+ RESERVED
+CVE-2021-27309
+ RESERVED
+CVE-2021-27308
+ RESERVED
+CVE-2021-27307
+ RESERVED
+CVE-2021-27306
+ RESERVED
+CVE-2021-27305
+ RESERVED
+CVE-2021-27304
+ RESERVED
+CVE-2021-27303
+ RESERVED
+CVE-2021-27302
+ RESERVED
+CVE-2021-27301
+ RESERVED
+CVE-2021-27300
+ RESERVED
+CVE-2021-27299
+ RESERVED
+CVE-2021-27298
+ RESERVED
+CVE-2021-27297
+ RESERVED
+CVE-2021-27296
+ RESERVED
+CVE-2021-27295
+ RESERVED
+CVE-2021-27294
+ RESERVED
+CVE-2021-27293
+ RESERVED
+CVE-2021-27292
+ RESERVED
+CVE-2021-27291
+ RESERVED
+CVE-2021-27290
+ RESERVED
+CVE-2021-27289
+ RESERVED
+CVE-2021-27288
+ RESERVED
+CVE-2021-27287
+ RESERVED
+CVE-2021-27286
+ RESERVED
+CVE-2021-27285
+ RESERVED
+CVE-2021-27284
+ RESERVED
+CVE-2021-27283
+ RESERVED
+CVE-2021-27282
+ RESERVED
+CVE-2021-27281
+ RESERVED
+CVE-2021-27280
+ RESERVED
CVE-2021-27279
RESERVED
CVE-2021-27278
@@ -161,8 +323,8 @@ CVE-2021-27205 (Telegram before 7.4 (212543) Stable on macOS stores the local co
NOT-FOR-US: Telegram for MacOS
CVE-2021-27204 (Telegram before 7.4 (212543) Stable on macOS stores the local passcode ...)
NOT-FOR-US: Telegram for MacOS
-CVE-2021-27203
- RESERVED
+CVE-2021-27203 (In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for ...)
+ TODO: check
CVE-2021-27202
RESERVED
CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in session file]
@@ -371,14 +533,14 @@ CVE-2021-3405
RESERVED
- libebml <unfixed> (bug #982597)
NOTE: https://github.com/Matroska-Org/libebml/issues/74
-CVE-2021-27104
- RESERVED
-CVE-2021-27103
- RESERVED
-CVE-2021-27102
- RESERVED
-CVE-2021-27101
- RESERVED
+CVE-2021-27104 (Accellion FTA 9_12_370 and earlier is affected by OS command execution ...)
+ TODO: check
+CVE-2021-27103 (Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted P ...)
+ TODO: check
+CVE-2021-27102 (Accellion FTA 9_12_411 and earlier is affected by OS command execution ...)
+ TODO: check
+CVE-2021-27101 (Accellion FTA 9_12_370 and earlier is affected by SQL injection via a ...)
+ TODO: check
CVE-2021-27100
RESERVED
CVE-2021-27099
@@ -739,26 +901,21 @@ CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0,
NOT-FOR-US: ReplaySorcery
CVE-2021-26935
RESERVED
-CVE-2021-26934
- RESERVED
+CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...)
- linux <unfixed> (unimportant)
NOTE: https://xenbits.xen.org/xsa/advisory-363.html
NOTE: Driver never was meant to be supported and the patch in src:xen will only
NOTE: update SUPPORT.md to explicitly document the fact.
-CVE-2021-26933
- RESERVED
+CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-364.html
-CVE-2021-26932
- RESERVED
+CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-361.html
-CVE-2021-26931
- RESERVED
+CVE-2021-26931 (An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-362.html
-CVE-2021-26930
- RESERVED
+CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16, as u ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-365.html
CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition through ...)
@@ -797,7 +954,7 @@ CVE-2021-26920
RESERVED
CVE-2021-26919
RESERVED
-CVE-2021-26918 (The ProBot bot through 2021-02-08 for Discord might allow attackers to ...)
+CVE-2021-26918 (** DISPUTED ** The ProBot bot through 2021-02-08 for Discord might all ...)
NOT-FOR-US: ProBot bot
CVE-2021-26917 (** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write ...)
NOT-FOR-US: PyBitmessage
@@ -14519,6 +14676,7 @@ CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network appli
NOTE: https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
NOTE: https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec
CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated web inte ...)
+ {DLA-2561-1}
- ruby-mechanize 2.7.7-1
NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g
NOTE: https://github.com/sparklemotion/mechanize/commit/aae0b13514a1a0caf93b1cf233733c50e679069a (v2.7.7)
@@ -16095,12 +16253,12 @@ CVE-2021-20657
RESERVED
CVE-2021-20656
RESERVED
-CVE-2021-20655
- RESERVED
+CVE-2021-20655 (FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attack ...)
+ TODO: check
CVE-2021-20654 (Wekan, open source kanban board system, between version 3.12 and 4.11, ...)
NOT-FOR-US: Wekan
-CVE-2021-20653
- RESERVED
+CVE-2021-20653 (Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, ...)
+ TODO: check
CVE-2021-20652 (Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17 ...)
NOT-FOR-US: Name Directory
CVE-2021-20651 (Directory traversal vulnerability in ELECOM File Manager all versions ...)
@@ -17464,26 +17622,26 @@ CVE-2021-20077
RESERVED
CVE-2021-20076
RESERVED
-CVE-2021-20075
- RESERVED
-CVE-2021-20074
- RESERVED
-CVE-2021-20073
- RESERVED
-CVE-2021-20072
- RESERVED
-CVE-2021-20071
- RESERVED
-CVE-2021-20070
- RESERVED
-CVE-2021-20069
- RESERVED
-CVE-2021-20068
- RESERVED
-CVE-2021-20067
- RESERVED
-CVE-2021-20066
- RESERVED
+CVE-2021-20075 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for pr ...)
+ TODO: check
+CVE-2021-20074 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users ...)
+ TODO: check
+CVE-2021-20073 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cr ...)
+ TODO: check
+CVE-2021-20072 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ TODO: check
+CVE-2021-20071 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ TODO: check
+CVE-2021-20070 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ TODO: check
+CVE-2021-20069 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ TODO: check
+CVE-2021-20068 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ TODO: check
+CVE-2021-20067 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ TODO: check
+CVE-2021-20066 (JSDom improperly allows the loading of local resources, which allows f ...)
+ TODO: check
CVE-2020-35547 (A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 ...)
NOT-FOR-US: Mitel
CVE-2020-35546
@@ -21006,8 +21164,8 @@ CVE-2020-29459
RESERVED
CVE-2020-29458 (Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. ...)
NOT-FOR-US: Textpattern CMS
-CVE-2020-29457
- RESERVED
+CVE-2020-29457 (A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4. ...)
+ TODO: check
CVE-2020-29456 (Multiple cross-site scripting (XSS) vulnerabilities in Papermerge befo ...)
NOT-FOR-US: Papermerge
CVE-2020-29455 (A cross-Site Scripting (XSS) vulnerability in this.showInvalid and thi ...)
@@ -22248,8 +22406,8 @@ CVE-2020-28920
RESERVED
CVE-2020-28919
RESERVED
-CVE-2020-28918
- RESERVED
+CVE-2020-28918 (DualShield 5.9.8.0821 allows username enumeration on its login form. A ...)
+ TODO: check
CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...)
NOT-FOR-US: TYPO3 extension
CVE-2020-28916 (hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX desc ...)
@@ -66180,8 +66338,8 @@ CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out
NOTE: https://git.kernel.org/linus/cb222aed03d798fc074be55e59d9a112338ee784
CVE-2020-11636
RESERVED
-CVE-2020-11635
- RESERVED
+CVE-2020-11635 (The Zscaler Client Connector prior to 3.1.0 did not sufficiently valid ...)
+ TODO: check
CVE-2020-11634
RESERVED
CVE-2020-11633
@@ -73632,7 +73790,7 @@ CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library ver
NOT-FOR-US: Google Closure Library
CVE-2020-8909
RESERVED
-CVE-2020-8908 (A temp directory creation vulnerability exist in Guava versions prior ...)
+CVE-2020-8908 (A temp directory creation vulnerability exists in all versions of Guav ...)
NOT-FOR-US: Google Guava
CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
- google-compute-image-packages <unfixed>
@@ -90573,10 +90731,10 @@ CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could al
NOT-FOR-US: QNAP
CVE-2020-2503 (If exploited, this stored cross-site scripting vulnerability could all ...)
NOT-FOR-US: QNAP
-CVE-2020-2502
- RESERVED
-CVE-2020-2501
- RESERVED
+CVE-2020-2502 (This cross-site scripting vulnerability in Photo Station allows remote ...)
+ TODO: check
+CVE-2020-2501 (A stack-based buffer overflow vulnerability has been reported to affec ...)
+ TODO: check
CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows attacker ...)
NOT-FOR-US: QNAP
CVE-2020-2499 (A hard-coded password vulnerability has been reported to affect earlie ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f8c39032f822582de8be644a03e0afaa117438
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1f8c39032f822582de8be644a03e0afaa117438
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210217/16b93900/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list