[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 18 08:10:34 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
498db59c by security tracker role at 2021-02-18T08:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 for Rust. ...)
+ TODO: check
+CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Rust. Fo ...)
+ TODO: check
+CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3 for Rust. ...)
+ TODO: check
+CVE-2021-27375 (Traefik 2.4.3 allows the loading of IFRAME elements from other domains ...)
+ TODO: check
+CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before p ...)
+ TODO: check
+CVE-2021-27373
+ RESERVED
+CVE-2021-27372
+ RESERVED
+CVE-2021-27371
+ RESERVED
+CVE-2021-27370
+ RESERVED
+CVE-2021-27369
+ RESERVED
+CVE-2021-27368
+ RESERVED
+CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend/Filem ...)
+ TODO: check
+CVE-2021-27366
+ RESERVED
+CVE-2021-27365
+ RESERVED
+CVE-2021-27364
+ RESERVED
+CVE-2021-27363
+ RESERVED
+CVE-2020-36245 (GramAddict through 1.2.3 allows remote attackers to execute arbitrary ...)
+ TODO: check
CVE-2021-27362 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Vio ...)
NOT-FOR-US: WPG plugin for IrfanView
CVE-2021-27361
@@ -464,8 +498,8 @@ CVE-2021-27140 (An issue was discovered on FiberHome HG6245D devices through RP2
NOT-FOR-US: FiberHome devices
CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
NOT-FOR-US: FiberHome devices
-CVE-2021-27138
- RESERVED
+CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of uni ...)
+ TODO: check
CVE-2021-27137
RESERVED
CVE-2021-27136
@@ -490,8 +524,8 @@ CVE-2021-27126
RESERVED
CVE-2021-27125
RESERVED
-CVE-2021-27124
- RESERVED
+CVE-2021-27124 (SQL injection in the expertise parameter in search_result.php in Docto ...)
+ TODO: check
CVE-2021-27123
RESERVED
CVE-2021-27122
@@ -552,8 +586,8 @@ CVE-2021-27099
RESERVED
CVE-2021-27098
RESERVED
-CVE-2021-27097
- RESERVED
+CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...)
+ TODO: check
CVE-2021-27096
RESERVED
CVE-2021-27095
@@ -974,8 +1008,8 @@ CVE-2021-26913 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows una
NOT-FOR-US: NetMotion Mobility
CVE-2021-26912 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...)
NOT-FOR-US: NetMotion Mobility
-CVE-2021-26911
- RESERVED
+CVE-2021-26911 (core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL ...)
+ TODO: check
CVE-2021-26909
RESERVED
CVE-2021-26908
@@ -1388,8 +1422,7 @@ CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query be
NOT-FOR-US: LinkedIn Oncall
CVE-2021-26721
RESERVED
-CVE-2021-26720
- RESERVED
+CVE-2021-26720 (avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is ...)
- avahi 0.8-4
[buster] - avahi <no-dsa> (Minor issue; will be fixed via point release)
[stretch] - avahi <postponed> (fix in next DLA - removal of .sh script)
@@ -1508,8 +1541,8 @@ CVE-2021-3398
RESERVED
CVE-2021-3397
RESERVED
-CVE-2021-3396
- RESERVED
+CVE-2021-3396 (OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1 ...)
+ TODO: check
CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...)
{DSA-4847-1 DLA-2552-1}
- connman 1.36-2.1
@@ -4101,7 +4134,7 @@ CVE-2021-3197
RESERVED
CVE-2021-3196
RESERVED
-CVE-2021-3195 (bitcoind in Bitcoin Core through 0.21.0 can create a new file in an ar ...)
+CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a ne ...)
- bitcoin <unfixed>
NOTE: https://github.com/bitcoin/bitcoin/issues/20866
CVE-2021-3194
@@ -12597,6 +12630,7 @@ CVE-2021-21704
CVE-2021-21703
RESERVED
CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...)
+ {DSA-4856-1}
- php8.0 8.0.2-1
- php7.4 7.4.15-1
- php7.3 <removed>
@@ -33579,8 +33613,8 @@ CVE-2020-25607
RESERVED
CVE-2020-25606 (The AWV component of Mitel MiCollab before 9.2 could allow an attacker ...)
NOT-FOR-US: Mitel
-CVE-2020-25605
- RESERVED
+CVE-2020-25605 (Cleartext transmission of sensitive information in Agora Video SDK pri ...)
+ TODO: check
CVE-2020-25604 (An issue was discovered in Xen through 4.14.x. There is a race conditi ...)
{DSA-4769-1}
- xen 4.14.0+80-gd101b417b7-1
@@ -62005,8 +62039,8 @@ CVE-2020-12880 (An issue was discovered in Pulse Policy Secure (PPS) and Pulse C
NOT-FOR-US: Pulse
CVE-2020-12879
RESERVED
-CVE-2020-12878
- RESERVED
+CVE-2020-12878 (Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate pr ...)
+ TODO: check
CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...)
NOT-FOR-US: Veritas
CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...)
@@ -72842,8 +72876,8 @@ CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 att
NOTE: https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a
CVE-2020-9307 (Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a deni ...)
NOT-FOR-US: Hirschmann OS2, RSP, and RSPE devices
-CVE-2020-9306
- RESERVED
+CVE-2020-9306 (Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of ...)
+ TODO: check
CVE-2020-9305
RESERVED
CVE-2020-9304
@@ -74466,8 +74500,7 @@ CVE-2020-8627
RESERVED
CVE-2020-8626
RESERVED
-CVE-2020-8625 [A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack]
- RESERVED
+CVE-2020-8625 (BIND servers are vulnerable if they are running an affected version an ...)
- bind9 1:9.16.12-1 (bug #983004)
NOTE: https://kb.isc.org/v1/docs/cve-2020-8625
NOTE: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.28/patches
@@ -78320,6 +78353,7 @@ CVE-2020-7073
CVE-2020-7072
RESERVED
CVE-2020-7071 (In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when ...)
+ {DSA-4856-1}
- php8.0 8.0.1-1
- php7.4 7.4.14-1
- php7.3 <removed>
@@ -78328,7 +78362,7 @@ CVE-2020-7071 (In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0,
NOTE: Fixed in PHP 8.0.1, 7.4.14, 7.3.26
NOTE: PHP Bug: https://bugs.php.net/77423
CVE-2020-7070 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...)
- {DLA-2397-1}
+ {DSA-4856-1 DLA-2397-1}
- php7.4 7.4.11-1
- php7.3 <removed>
- php7.0 <removed>
@@ -78336,6 +78370,7 @@ CVE-2020-7070 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x
NOTE: PHP Bug: https://bugs.php.net/79699
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6559fe912661ca5ce5f0eeeb591d928451428ed0
CVE-2020-7069 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...)
+ {DSA-4856-1}
- php7.4 7.4.11-1
- php7.3 <removed>
- php7.0 <not-affected> (Affected code not present)
@@ -78343,7 +78378,7 @@ CVE-2020-7069 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x
NOTE: PHP Bug: https://bugs.php.net/79601
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0216630ea2815a5789a24279a1211ac398d4de79
CVE-2020-7068 (In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below ...)
- {DLA-2345-1}
+ {DSA-4856-1 DLA-2345-1}
- php7.4 7.4.9-1
- php7.3 <removed>
- php7.0 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/498db59cb25601fc85dc20ffd05805bcc680d36c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/498db59cb25601fc85dc20ffd05805bcc680d36c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210218/357c6f75/attachment.html>
More information about the debian-security-tracker-commits
mailing list