[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Feb 26 20:10:36 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
543d320c by security tracker role at 2021-02-26T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-27738
+	RESERVED
+CVE-2021-27737
+	RESERVED
+CVE-2020-35358
+	RESERVED
 CVE-2021-XXXX [P2P: Fix a corner case in peer addition based on PD Request]
 	- wpa 2:2.9.0-21
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3
@@ -1827,10 +1833,10 @@ CVE-2021-3402
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
 CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...)
 	NOT-FOR-US: 1Password SCIM Bridge
-CVE-2021-26904
-	RESERVED
-CVE-2021-26903
-	RESERVED
+CVE-2021-26904 (LMA ISIDA Retriever 5.2 allows SQL Injection. ...)
+	TODO: check
+CVE-2021-26903 (LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. ...)
+	TODO: check
 CVE-2021-26902
 	RESERVED
 CVE-2021-26901
@@ -8570,12 +8576,10 @@ CVE-2021-23981
 	RESERVED
 CVE-2021-23980
 	RESERVED
-CVE-2021-23979
-	RESERVED
+CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefox 85.  ...)
 	- firefox 86.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
-CVE-2021-23978
-	RESERVED
+CVE-2021-23978 (Mozilla developers reported memory safety bugs present in Firefox 85 a ...)
 	{DSA-4862-1 DLA-2575-1}
 	- firefox 86.0-1
 	- firefox-esr 78.8.0esr-1
@@ -8632,12 +8636,10 @@ CVE-2021-23967
 	RESERVED
 CVE-2021-23966
 	RESERVED
-CVE-2021-23965
-	RESERVED
+CVE-2021-23965 (Mozilla developers reported memory safety bugs present in Firefox 84.  ...)
 	- firefox 85.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965
-CVE-2021-23964
-	RESERVED
+CVE-2021-23964 (Mozilla developers reported memory safety bugs present in Firefox 84 a ...)
 	{DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
 	- firefox-esr 78.7.0esr-1
 	- firefox 85.0-1
@@ -9995,8 +9997,8 @@ CVE-2021-23347
 	RESERVED
 CVE-2021-23346
 	RESERVED
-CVE-2021-23345
-	RESERVED
+CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...)
+	TODO: check
 CVE-2021-23344
 	RESERVED
 CVE-2021-23343
@@ -11529,8 +11531,8 @@ CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validatio
 	NOT-FOR-US: Cscape
 CVE-2021-22662
 	RESERVED
-CVE-2021-22661
-	RESERVED
+CVE-2021-22661 (Changing the password on the module webpage does not require the user  ...)
+	TODO: check
 CVE-2021-22660
 	RESERVED
 CVE-2021-22659
@@ -12943,8 +12945,8 @@ CVE-2021-3012
 	RESERVED
 CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...)
 	NOT-FOR-US: NXP
-CVE-2021-3010
-	RESERVED
+CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS) vulnerabiliti ...)
+	TODO: check
 CVE-2021-3009
 	RESERVED
 CVE-2021-3008
@@ -15561,10 +15563,10 @@ CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (
 	NOT-FOR-US: Wire
 CVE-2021-21300
 	RESERVED
-CVE-2021-21298
-	RESERVED
-CVE-2021-21297
-	RESERVED
+CVE-2021-21298 (Node-Red is a low-code programming for event-driven applications built ...)
+	TODO: check
+CVE-2021-21297 (Node-Red is a low-code programming for event-driven applications built ...)
+	TODO: check
 CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before version 3.7.0 ...)
 	NOT-FOR-US: Fleet
 CVE-2021-21295
@@ -15628,10 +15630,10 @@ CVE-2021-21276 (Polr is an open source URL shortener. in Polr before version 2.3
 	NOT-FOR-US: Polr
 CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSR ...)
 	NOT-FOR-US: MediaWiki Report extention
-CVE-2021-21274
-	RESERVED
-CVE-2021-21273
-	RESERVED
+CVE-2021-21274 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+	TODO: check
+CVE-2021-21273 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+	TODO: check
 CVE-2021-21272 (ORAS is open source software which enables a way to push OCI Artifacts ...)
 	NOT-FOR-US: ORAS
 CVE-2021-21271 (Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middl ...)
@@ -19241,7 +19243,6 @@ CVE-2020-35360
 	RESERVED
 CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server  ...)
 	NOTE: Bogus issue, can be configured using MaxClientsPerIP in pure-ftpd.conf configuration file
-	RESERVED
 CVE-2020-35357
 	RESERVED
 CVE-2020-35356
@@ -23920,8 +23921,8 @@ CVE-2020-28648 (Improper input validation in the Auto-Discovery component of Nag
 	NOT-FOR-US: Nagios XI
 CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user could craf ...)
 	NOT-FOR-US: Progress MOVEit Transfer
-CVE-2020-28646
-	RESERVED
+CVE-2020-28646 (ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop  ...)
+	TODO: check
 CVE-2020-28645 (Deleting users with certain names caused system files to be deleted. R ...)
 	- owncloud <removed>
 CVE-2020-28644 (The CSRF (Cross Site Request Forgery) token check was improperly imple ...)
@@ -27597,8 +27598,8 @@ CVE-2020-28201
 	RESERVED
 CVE-2020-28200
 	RESERVED
-CVE-2020-28199
-	RESERVED
+CVE-2020-28199 (best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive  ...)
+	TODO: check
 CVE-2020-28198
 	RESERVED
 CVE-2020-28197
@@ -32939,8 +32940,8 @@ CVE-2020-26202
 	RESERVED
 CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak pass ...)
 	NOT-FOR-US: Askey
-CVE-2020-26200
-	RESERVED
+CVE-2020-26200 (A component of Kaspersky custom boot loader allowed loading of untrust ...)
+	TODO: check
 CVE-2020-26199 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...)
 	NOT-FOR-US: EMC
 CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a  ...)
@@ -36563,8 +36564,8 @@ CVE-2020-24688
 	RESERVED
 CVE-2020-24687
 	RESERVED
-CVE-2020-24686
-	RESERVED
+CVE-2020-24686 (The vulnerabilities can be exploited to cause the web visualization co ...)
+	TODO: check
 CVE-2020-24685 (An unauthenticated specially crafted packet sent by an attacker over t ...)
 	NOT-FOR-US: ABB
 CVE-2020-24684
@@ -121507,8 +121508,8 @@ CVE-2019-11686 (Western Digital SanDisk X300, X300s, X400, and X600 devices: A v
 	NOT-FOR-US: Western Digital
 CVE-2019-11685
 	RESERVED
-CVE-2019-11684
-	RESERVED
+CVE-2019-11684 (Improper Access Control in the RCP+ server of the Bosch Video Recordin ...)
+	TODO: check
 CVE-2019-11683 (udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel  ...)
 	- linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/4dd2b82d5adfbe0b1587ccad7a8f76d826120f37



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543d320cb6ace95012cff4d90608871b23e5f9c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543d320cb6ace95012cff4d90608871b23e5f9c5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210226/80a4ef3a/attachment.htm>

More information about the debian-security-tracker-commits mailing list