[Git][security-tracker-team/security-tracker][master] automatic update

Thu Feb 25 20:10:31 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a1c76b0 by security tracker role at 2021-02-25T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2021-3417
+	RESERVED
+CVE-2021-3416
+	RESERVED
+CVE-2021-27736
+	RESERVED
+CVE-2021-27735
+	RESERVED
+CVE-2021-27734
+	RESERVED
+CVE-2021-27733
+	RESERVED
+CVE-2021-27732
+	RESERVED
+CVE-2021-27731
+	RESERVED
+CVE-2021-27730
+	RESERVED
+CVE-2021-27729
+	RESERVED
+CVE-2021-27728
+	RESERVED
+CVE-2021-27727
+	RESERVED
+CVE-2021-27726
+	RESERVED
+CVE-2021-27725
+	RESERVED
+CVE-2021-27724
+	RESERVED
 CVE-2021-27723
 	RESERVED
 CVE-2021-27722
@@ -438,7 +468,7 @@ CVE-2021-27511
 	RESERVED
 CVE-2021-27510
 	RESERVED
-CVE-2020-36254
+CVE-2020-36254 (scp.c in Dropbear before 2020.79 mishandles the filename of . or an em ...)
 	- dropbear 2020.79-1
 	NOTE: https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff
 CVE-2020-36253
@@ -840,8 +870,8 @@ CVE-2021-27332
 	RESERVED
 CVE-2021-27331
 	RESERVED
-CVE-2021-27330
-	RESERVED
+CVE-2021-27330 (Triconsole Datepicker Calendar <3.77 is affected by cross-site scri ...)
+	TODO: check
 CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...)
 	NOT-FOR-US: Friendica
 CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Trave ...)
@@ -4311,8 +4341,8 @@ CVE-2021-3275
 	RESERVED
 CVE-2021-3274
 	RESERVED
-CVE-2021-3273
-	RESERVED
+CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the /nagiosxi/adm ...)
+	TODO: check
 CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-b ...)
 	- jasper <removed>
 	NOTE: https://github.com/jasper-software/jasper/issues/259
@@ -8541,7 +8571,7 @@ CVE-2021-23979
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
 CVE-2021-23978
 	RESERVED
-	{DSA-4862-1}
+	{DSA-4862-1 DLA-2575-1}
 	- firefox 86.0-1
 	- firefox-esr 78.8.0esr-1
 	- thunderbird <unfixed>
@@ -8566,7 +8596,7 @@ CVE-2021-23974
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974
 CVE-2021-23973
 	RESERVED
-	{DSA-4862-1}
+	{DSA-4862-1 DLA-2575-1}
 	- firefox 86.0-1
 	- firefox-esr 78.8.0esr-1
 	- thunderbird <unfixed>
@@ -8587,7 +8617,7 @@ CVE-2021-23970
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970
 CVE-2021-23969
 	RESERVED
-	{DSA-4862-1}
+	{DSA-4862-1 DLA-2575-1}
 	- firefox 86.0-1
 	- firefox-esr 78.8.0esr-1
 	- thunderbird <unfixed>
@@ -8596,7 +8626,7 @@ CVE-2021-23969
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969
 CVE-2021-23968
 	RESERVED
-	{DSA-4862-1}
+	{DSA-4862-1 DLA-2575-1}
 	- firefox 86.0-1
 	- firefox-esr 78.8.0esr-1
 	- thunderbird <unfixed>
@@ -8964,8 +8994,8 @@ CVE-2021-23835 (An issue was discovered in flatCore before 2.0.0 build 139. A lo
 	NOT-FOR-US: flatCore CMS
 CVE-2021-3125
 	RESERVED
-CVE-2021-3124
-	RESERVED
+CVE-2021-3124 (Stored cross-site scripting (XSS) in form field in robust.systems prod ...)
+	TODO: check
 CVE-2021-3123
 	RESERVED
 CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers per ...)
@@ -15519,6 +15549,7 @@ CVE-2021-21310 (NextAuth.js (next-auth) is am open source authentication solutio
 	NOT-FOR-US: NextAuth.js
 CVE-2021-21309
 	RESERVED
+	{DLA-2576-1}
 	- redis 5:6.0.11-1 (bug #983446)
 	[buster] - redis <no-dsa> (Minor issue)
 	NOTE: https://github.com/redis/redis/pull/8522
@@ -15696,6 +15727,7 @@ CVE-2021-21240 (httplib2 is a comprehensive HTTP client library for Python. In h
 	NOTE: https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc (v0.19.0)
 	NOTE: https://github.com/httplib2/httplib2/pull/182
 CVE-2021-21239 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...)
+	{DLA-2577-1}
 	- python-pysaml2 6.5.1-1 (bug #980772)
 	NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62
 	NOTE: https://github.com/IdentityPython/pysaml2/commit/751dbf50a51131b13d55989395f9b115045f9737
@@ -16276,12 +16308,12 @@ CVE-2021-21068
 	RESERVED
 CVE-2021-21067
 	RESERVED
-CVE-2021-21066
-	RESERVED
-CVE-2021-21065
-	RESERVED
-CVE-2021-21064
-	RESERVED
+CVE-2021-21066 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...)
+	TODO: check
+CVE-2021-21065 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...)
+	TODO: check
+CVE-2021-21064 (Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path t ...)
+	TODO: check
 CVE-2021-21063 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-21062 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
@@ -17803,10 +17835,10 @@ CVE-2021-20330
 	RESERVED
 CVE-2021-20329
 	RESERVED
-CVE-2021-20328
-	RESERVED
-CVE-2021-20327
-	RESERVED
+CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...)
+	TODO: check
+CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...)
+	TODO: check
 CVE-2021-20326
 	RESERVED
 CVE-2021-20325
@@ -29906,8 +29938,8 @@ CVE-2020-27545
 	RESERVED
 CVE-2020-27544
 	RESERVED
-CVE-2020-27543
-	RESERVED
+CVE-2020-27543 (The restify-paginate package 0.0.5 for Node.js allows remote attackers ...)
+	TODO: check
 CVE-2020-27542 (Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection.  ...)
 	NOT-FOR-US: Rostelecom CS-C2SHW
 CVE-2020-27541 (Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. Agen ...)
@@ -38997,8 +39029,8 @@ CVE-2020-23536
 	RESERVED
 CVE-2020-23535
 	RESERVED
-CVE-2020-23534
-	RESERVED
+CVE-2020-23534 (A server-side request forgery (SSRF) vulnerability in Upgrade.php of g ...)
+	TODO: check
 CVE-2020-23533
 	RESERVED
 CVE-2020-23532
@@ -76932,8 +76964,8 @@ CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition
 	NOTE: https://github.com/horde/gollem/commit/a73bef1aef27d4cbfc7b939c2a81dea69aabb083
 CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...)
 	NOT-FOR-US: Ruckus
-CVE-2020-8032
-	RESERVED
+CVE-2020-8032 (A Insecure Temporary File vulnerability in the packaging of cyrus-sasl ...)
+	TODO: check
 CVE-2020-8031 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
 	- open-build-service <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1178880
@@ -197740,7 +197772,7 @@ CVE-2017-1000437 (Creolabs Gravity 1.0 contains a stack based buffer overflow in
 CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redir ...)
 	NOT-FOR-US: Wordpress plugin Furikake
 CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run with pyth ...)
-	{DLA-1410-1}
+	{DLA-2577-1 DLA-1410-1}
 	- python-pysaml2 4.5.0-2 (bug #886423)
 	NOTE: https://github.com/rohe/pysaml2/issues/451
 	NOTE: Fixed by: https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a1c76b0474205d6d817702b3b63e73b1af6822e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a1c76b0474205d6d817702b3b63e73b1af6822e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210225/8ef74742/attachment.htm>
