[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 24 20:10:38 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
496069b1 by security tracker role at 2021-02-24T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-3415
+ RESERVED
+CVE-2021-27650
+ RESERVED
+CVE-2021-27649
+ RESERVED
+CVE-2021-27648
+ RESERVED
+CVE-2021-27647
+ RESERVED
+CVE-2021-27646
+ RESERVED
+CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka glibc o ...)
+ TODO: check
+CVE-2021-27644
+ RESERVED
CVE-2021-27643
RESERVED
CVE-2021-27642
@@ -2526,8 +2542,8 @@ CVE-2021-3357
RESERVED
CVE-2021-3356
RESERVED
-CVE-2021-3355
- RESERVED
+CVE-2021-3355 (A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to e ...)
+ TODO: check
CVE-2021-3354
RESERVED
CVE-2021-3353
@@ -8368,6 +8384,7 @@ CVE-2021-23979
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
CVE-2021-23978
RESERVED
+ {DSA-4862-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird <unfixed>
@@ -8392,6 +8409,7 @@ CVE-2021-23974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974
CVE-2021-23973
RESERVED
+ {DSA-4862-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird <unfixed>
@@ -8412,6 +8430,7 @@ CVE-2021-23970
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970
CVE-2021-23969
RESERVED
+ {DSA-4862-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird <unfixed>
@@ -8420,6 +8439,7 @@ CVE-2021-23969
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969
CVE-2021-23968
RESERVED
+ {DSA-4862-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird <unfixed>
@@ -10722,11 +10742,13 @@ CVE-2021-22885
RESERVED
CVE-2021-22884
RESERVED
+ {DSA-4863-1}
- nodejs <unfixed>
[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
CVE-2021-22883
RESERVED
+ {DSA-4863-1}
- nodejs <unfixed>
[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
@@ -11324,8 +11346,8 @@ CVE-2021-22669
RESERVED
CVE-2021-22668
RESERVED
-CVE-2021-22667
- RESERVED
+CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the ...)
+ TODO: check
CVE-2021-22666
RESERVED
CVE-2021-22665
@@ -12736,12 +12758,12 @@ CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1
NOT-FOR-US: vSphere Replication
CVE-2021-21975
RESERVED
-CVE-2021-21974
- RESERVED
-CVE-2021-21973
- RESERVED
-CVE-2021-21972
- RESERVED
+CVE-2021-21974 (OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESX ...)
+ TODO: check
+CVE-2021-21973 (The vSphere Client (HTML5) contains an SSRF (Server Side Request Forge ...)
+ TODO: check
+CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...)
+ TODO: check
CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...)
NOT-FOR-US: MikroTik RouterOS
CVE-2021-3013
@@ -13461,26 +13483,19 @@ CVE-2021-21624
RESERVED
CVE-2021-21623
RESERVED
-CVE-2021-21622
- RESERVED
+CVE-2021-21622 (Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does no ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21621
- RESERVED
+CVE-2021-21621 (Jenkins Support Core Plugin 2.72 and earlier provides the serialized u ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21620
- RESERVED
+CVE-2021-21620 (A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21619
- RESERVED
+CVE-2021-21619 (Jenkins Claim Plugin 2.18.1 and earlier does not escape the user displ ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21618
- RESERVED
+CVE-2021-21618 (Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21617
- RESERVED
+CVE-2021-21617 (A cross-site request forgery (CSRF) vulnerability in Jenkins Configura ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21616
- RESERVED
+CVE-2021-21616 (Jenkins Active Choices Plugin 2.5.2 and earlier does not escape refere ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21615 (Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the ...)
NOT-FOR-US: Jenkins
@@ -24823,8 +24838,8 @@ CVE-2020-28601
RESERVED
CVE-2020-28600
RESERVED
-CVE-2020-28599
- RESERVED
+CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import_stl.c ...)
+ TODO: check
CVE-2020-28598
RESERVED
CVE-2020-28597
@@ -30365,8 +30380,8 @@ CVE-2020-27226
RESERVED
CVE-2020-27225
RESERVED
-CVE-2020-27224
- RESERVED
+CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdown Prev ...)
+ TODO: check
CVE-2020-27223
RESERVED
CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...)
@@ -63273,8 +63288,8 @@ CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...)
NOT-FOR-US: UliCMS
CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall. ...)
NOT-FOR-US: UliCMS
-CVE-2020-12702
- RESERVED
+CVE-2020-12702 (Weak encryption in the Quick Pairing mode in the eWeLink mobile applic ...)
+ TODO: check
CVE-2020-12701
RESERVED
CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...)
@@ -65208,10 +65223,10 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d
NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue
NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This
NOTE: CVE is closely related to CVE-2020-1957.
-CVE-2020-11988
- RESERVED
-CVE-2020-11987
- RESERVED
+CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side request fo ...)
+ TODO: check
+CVE-2020-11987 (Apache Batik 1.13 is vulnerable to server-side request forgery, caused ...)
+ TODO: check
CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...)
- netbeans 12.1-1
[stretch] - netbeans <no-dsa> (Minor issue)
@@ -77330,8 +77345,8 @@ CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection
NOT-FOR-US: EFM ipTIME C200 IP Camera
CVE-2020-7847 (The ipTIME NAS product allows an arbitrary file upload vulnerability i ...)
TODO: check
-CVE-2020-7846
- RESERVED
+CVE-2020-7846 (Helpcom before v10.0 contains a file download and execution vulnerabil ...)
+ TODO: check
CVE-2020-7845 (Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerabi ...)
NOT-FOR-US: Spamsniper
CVE-2020-7844
@@ -77350,8 +77365,8 @@ CVE-2020-7838 (A arbitrary code execution vulnerability exists in the way that t
NOT-FOR-US: Smilegate STOVE Client
CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...)
NOT-FOR-US: ML Report Program
-CVE-2020-7836
- RESERVED
+CVE-2020-7836 (VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-ba ...)
+ TODO: check
CVE-2020-7835
RESERVED
CVE-2020-7834
@@ -84974,8 +84989,8 @@ CVE-2020-4933 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vuln
NOT-FOR-US: IBM
CVE-2020-4932
RESERVED
-CVE-2020-4931
- RESERVED
+CVE-2020-4931 (IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authe ...)
+ TODO: check
CVE-2020-4930
RESERVED
CVE-2020-4929
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/496069b1b2f2ce8f65026c01d2440801902ac6b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/496069b1b2f2ce8f65026c01d2440801902ac6b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210224/6b6eadbe/attachment.htm>
More information about the debian-security-tracker-commits
mailing list