[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 15 20:10:28 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ca3c8252 by security tracker role at 2021-01-15T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2021-3159
+ RESERVED
+CVE-2021-25273
+ RESERVED
+CVE-2021-25272
+ RESERVED
+CVE-2021-25271
+ RESERVED
+CVE-2021-25270
+ RESERVED
+CVE-2021-25269
+ RESERVED
+CVE-2021-25268
+ RESERVED
+CVE-2021-25267
+ RESERVED
+CVE-2021-25266
+ RESERVED
+CVE-2021-25265
+ RESERVED
+CVE-2021-25264
+ RESERVED
+CVE-2021-25263
+ RESERVED
+CVE-2021-25262
+ RESERVED
+CVE-2021-25261
+ RESERVED
+CVE-2021-25260
+ RESERVED
+CVE-2021-25259
+ RESERVED
+CVE-2021-25258
+ RESERVED
+CVE-2021-25257
+ RESERVED
+CVE-2021-25256
+ RESERVED
+CVE-2021-25255
+ RESERVED
+CVE-2021-25254
+ RESERVED
+CVE-2021-25253
+ RESERVED
+CVE-2021-25252
+ RESERVED
+CVE-2021-25251
+ RESERVED
+CVE-2021-25250
+ RESERVED
+CVE-2021-25249
+ RESERVED
+CVE-2021-25248
+ RESERVED
+CVE-2021-25247
+ RESERVED
+CVE-2021-25246
+ RESERVED
+CVE-2021-25245
+ RESERVED
+CVE-2021-25244
+ RESERVED
+CVE-2021-25243
+ RESERVED
+CVE-2021-25242
+ RESERVED
+CVE-2021-25241
+ RESERVED
+CVE-2021-25240
+ RESERVED
+CVE-2021-25239
+ RESERVED
+CVE-2021-25238
+ RESERVED
+CVE-2021-25237
+ RESERVED
+CVE-2021-25236
+ RESERVED
+CVE-2021-25235
+ RESERVED
+CVE-2021-25234
+ RESERVED
+CVE-2021-25233
+ RESERVED
+CVE-2021-25232
+ RESERVED
+CVE-2021-25231
+ RESERVED
+CVE-2021-25230
+ RESERVED
+CVE-2021-25229
+ RESERVED
+CVE-2021-25228
+ RESERVED
+CVE-2021-25227
+ RESERVED
+CVE-2021-25226
+ RESERVED
+CVE-2021-25225
+ RESERVED
+CVE-2021-25224
+ RESERVED
+CVE-2021-25223
+ RESERVED
+CVE-2021-25222
+ RESERVED
+CVE-2021-25221
+ RESERVED
+CVE-2021-25220
+ RESERVED
+CVE-2021-25219
+ RESERVED
+CVE-2021-25218
+ RESERVED
+CVE-2021-25217
+ RESERVED
+CVE-2021-25216
+ RESERVED
+CVE-2021-25215
+ RESERVED
+CVE-2021-25214
+ RESERVED
+CVE-2021-25213
+ RESERVED
+CVE-2021-25212
+ RESERVED
+CVE-2021-25211
+ RESERVED
+CVE-2021-25210
+ RESERVED
+CVE-2021-25209
+ RESERVED
+CVE-2021-25208
+ RESERVED
+CVE-2021-25207
+ RESERVED
+CVE-2021-25206
+ RESERVED
+CVE-2021-25205
+ RESERVED
+CVE-2021-25204
+ RESERVED
+CVE-2021-25203
+ RESERVED
+CVE-2021-25202
+ RESERVED
+CVE-2021-25201
+ RESERVED
+CVE-2021-25200
+ RESERVED
+CVE-2021-25199
+ RESERVED
+CVE-2021-25198
+ RESERVED
+CVE-2021-25197
+ RESERVED
CVE-2021-3158
RESERVED
CVE-2021-3157
@@ -6285,18 +6441,17 @@ CVE-2021-22173
RESERVED
CVE-2021-22172
RESERVED
-CVE-2021-22171
- RESERVED
+CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...)
+ TODO: check
CVE-2021-22170
RESERVED
CVE-2021-22169
RESERVED
-CVE-2021-22168
- RESERVED
-CVE-2021-22167
- RESERVED
-CVE-2021-22166
- RESERVED
+CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...)
+ TODO: check
+CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
+CVE-2021-22166 (An attacker could cause a Prometheus denial of service in GitLab 13.7+ ...)
- gitlab <not-affected> (Only affects Gitlab 13.7.x)
NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
CVE-2021-22165
@@ -8691,10 +8846,10 @@ CVE-2020-35751
RESERVED
CVE-2020-35750
RESERVED
-CVE-2020-35749
- RESERVED
-CVE-2020-35748
- RESERVED
+CVE-2020-35749 (Directory traversal vulnerability in class-simple_job_board_resume_dow ...)
+ TODO: check
+CVE-2020-35748 (Cross-site scripting (XSS) vulnerability in models/list-table.php in t ...)
+ TODO: check
CVE-2020-35747
RESERVED
CVE-2020-35746
@@ -8714,6 +8869,7 @@ CVE-2020-35740 (HGiga MailSherlock does not validate specific URL parameters pro
CVE-2020-35739
RESERVED
CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack ...)
+ {DLA-2525-1}
- wavpack 5.3.0-2 (bug #978548)
[buster] - wavpack <no-dsa> (Minor issue)
NOTE: https://github.com/dbry/WavPack/issues/91
@@ -8727,8 +8883,8 @@ CVE-2020-35735 (Vidyo 02-09-/D allows clickjacking via the portal/ URI. ...)
NOT-FOR-US: Vidyo
CVE-2020-35734
RESERVED
-CVE-2020-35733
- RESERVED
+CVE-2020-35733 (An issue was discovered in Erlang/OTP before 23.2.2. The ssl applicati ...)
+ TODO: check
CVE-2020-35732
RESERVED
CVE-2020-35731
@@ -9378,8 +9534,8 @@ CVE-2021-21239
RESERVED
CVE-2021-21238
RESERVED
-CVE-2021-21237
- RESERVED
+CVE-2021-21237 (Git LFS is a command line extension for managing large files with Git. ...)
+ TODO: check
CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter base ...)
- cairosvg <unfixed> (bug #979597)
[buster] - cairosvg <not-affected> (Vulnerable code introduced in 2.0.0rc6)
@@ -11658,7 +11814,7 @@ CVE-2021-20191
CVE-2021-20190
RESERVED
CVE-2021-20189
- RESERVED
+ REJECTED
CVE-2021-20188
RESERVED
CVE-2021-20187
@@ -21662,67 +21818,49 @@ CVE-2021-0225
RESERVED
CVE-2021-0224
RESERVED
-CVE-2021-0223
- RESERVED
+CVE-2021-0223 (A local privilege escalation vulnerability in telnetd.real of Juniper ...)
NOT-FOR-US: Juniper
-CVE-2021-0222
- RESERVED
+CVE-2021-0222 (A vulnerability in Juniper Networks Junos OS allows an attacker to cau ...)
NOT-FOR-US: Juniper
-CVE-2021-0221
- RESERVED
+CVE-2021-0221 (In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway ...)
NOT-FOR-US: Juniper
-CVE-2021-0220
- RESERVED
-CVE-2021-0219
- RESERVED
+CVE-2021-0220 (The Junos Space Network Management Platform has been found to store sh ...)
+ TODO: check
+CVE-2021-0219 (A command injection vulnerability in install package validation subsys ...)
NOT-FOR-US: Juniper
-CVE-2021-0218
- RESERVED
+CVE-2021-0218 (A command injection vulnerability in the license-check daemon of Junip ...)
NOT-FOR-US: Juniper
-CVE-2021-0217
- RESERVED
+CVE-2021-0217 (A vulnerability in processing of certain DHCP packets from adjacent cl ...)
NOT-FOR-US: Juniper
CVE-2021-0216
RESERVED
-CVE-2021-0215
- RESERVED
+CVE-2021-0215 (On Juniper Networks Junos EX series, QFX Series and SRX branch series ...)
NOT-FOR-US: Juniper
CVE-2021-0214
RESERVED
CVE-2021-0213
RESERVED
-CVE-2021-0212
- RESERVED
+CVE-2021-0212 (An Information Exposure vulnerability in Juniper Networks Contrail Net ...)
NOT-FOR-US: Juniper
-CVE-2021-0211
- RESERVED
+CVE-2021-0211 (An improper check for unusual or exceptional conditions in Juniper Net ...)
NOT-FOR-US: Juniper
-CVE-2021-0210
- RESERVED
+CVE-2021-0210 (An Information Exposure vulnerability in J-Web of Juniper Networks Jun ...)
NOT-FOR-US: Juniper
-CVE-2021-0209
- RESERVED
+CVE-2021-0209 (In Juniper Networks Junos OS Evolved an attacker sending certain valid ...)
NOT-FOR-US: Juniper
-CVE-2021-0208
- RESERVED
+CVE-2021-0208 (An improper input validation vulnerability in the Routing Protocol Dae ...)
NOT-FOR-US: Juniper
-CVE-2021-0207
- RESERVED
+CVE-2021-0207 (An improper interpretation conflict of certain data between certain so ...)
NOT-FOR-US: Juniper
-CVE-2021-0206
- RESERVED
+CVE-2021-0206 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...)
NOT-FOR-US: Juniper
-CVE-2021-0205
- RESERVED
+CVE-2021-0205 (When the "Intrusion Detection Service" (IDS) feature is configured on ...)
NOT-FOR-US: Juniper
-CVE-2021-0204
- RESERVED
+CVE-2021-0204 (A sensitive information disclosure vulnerability in delta-export confi ...)
NOT-FOR-US: Juniper
-CVE-2021-0203
- RESERVED
+CVE-2021-0203 (On Juniper Networks EX and QFX5K Series platforms configured with Redu ...)
NOT-FOR-US: Juniper
-CVE-2021-0202
- RESERVED
+CVE-2021-0202 (On Juniper Networks MX Series and EX9200 Series platforms with Trio-ba ...)
NOT-FOR-US: Juniper
CVE-2021-0201
RESERVED
@@ -25661,8 +25799,7 @@ CVE-2020-26416 (Information disclosure in Advanced Search component of GitLab EE
- gitlab <not-affected> (Specific to EE)
CVE-2020-26415 (Information about the starred projects for private user profiles was e ...)
- gitlab 13.4.7-1
-CVE-2020-26414
- RESERVED
+CVE-2020-26414 (An issue has been discovered in GitLab affecting all versions starting ...)
[experimental] - gitlab 13.5.6-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
@@ -25902,6 +26039,7 @@ CVE-2020-26300
CVE-2020-26299
RESERVED
CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In Redcarpet befo ...)
+ {DSA-4831-1 DLA-2526-1}
- ruby-redcarpet 3.5.1-1 (bug #980057)
NOTE: https://github.com/advisories/GHSA-q3wr-qw3g-3p4h
NOTE: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
@@ -29840,14 +29978,14 @@ CVE-2020-24643
RESERVED
CVE-2020-24642
RESERVED
-CVE-2020-24641
- RESERVED
-CVE-2020-24640
- RESERVED
-CVE-2020-24639
- RESERVED
-CVE-2020-24638
- RESERVED
+CVE-2020-24641 (In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Fo ...)
+ TODO: check
+CVE-2020-24640 (There is a vulnerability caused by insufficient input validation that ...)
+ TODO: check
+CVE-2020-24639 (There is a vulnerability caused by unsafe Java deserialization that al ...)
+ TODO: check
+CVE-2020-24638 (Multiple authenticated remote command executions are possible in Airwa ...)
+ TODO: check
CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for an atta ...)
NOT-FOR-US: ArubaOS GRUB2 implementation (CVE specific to ArubaOS)
CVE-2020-24636
@@ -46958,8 +47096,8 @@ CVE-2020-16257 (Winston 1.5.4 devices are vulnerable to command injection via th
NOT-FOR-US: Winston devices
CVE-2020-16256 (The API on Winston 1.5.4 devices is vulnerable to CSRF. ...)
NOT-FOR-US: Winston devices
-CVE-2020-16255
- RESERVED
+CVE-2020-16255 (ownCloud (Core) before 10.5 allows XSS in login page 'forgot password. ...)
+ TODO: check
CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...)
NOT-FOR-US: Chartkick gem
CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...)
@@ -97364,8 +97502,8 @@ CVE-2019-16963
RESERVED
CVE-2019-16962 (Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a ...)
NOT-FOR-US: Zoho ManageEngine Desktop Central
-CVE-2019-16961
- RESERVED
+CVE-2019-16961 (SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. ...)
+ TODO: check
CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file wit ...)
NOT-FOR-US: SolarWinds
CVE-2019-16959 (SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Fo ...)
@@ -115099,6 +115237,7 @@ CVE-2019-11499 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submiss
[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115758.html
CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack t ...)
+ {DLA-2525-1}
- wavpack 5.1.0-6 (low; bug #927903)
[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
NOTE: https://github.com/dbry/WavPack/issues/67
@@ -119667,6 +119806,7 @@ CVE-2019-9889 (In Vanilla before 2.6.4, a flaw exists within the getSingleIndex
CVE-2019-9888
RESERVED
CVE-2019-1010319 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...)
+ {DLA-2525-1}
- wavpack 5.1.0-7 (low; bug #932061)
[buster] - wavpack <no-dsa> (Minor issue)
NOTE: https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe
@@ -119674,6 +119814,7 @@ CVE-2019-1010319 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Unin
CVE-2019-1010318
REJECTED
CVE-2019-1010317 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...)
+ {DLA-2525-1}
- wavpack 5.1.0-7 (low; bug #932060)
[buster] - wavpack <no-dsa> (Minor issue)
NOTE: https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b
@@ -119681,6 +119822,7 @@ CVE-2019-1010317 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Unin
CVE-2019-1010316 (pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. Th ...)
NOT-FOR-US: pyxtrlock
CVE-2019-1010315 (WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The i ...)
+ {DLA-2525-1}
- wavpack 5.1.0-6 (low)
NOTE: https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc
NOTE: https://github.com/dbry/WavPack/issues/65
@@ -143850,10 +143992,12 @@ CVE-2018-19842 (getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allo
NOTE: https://github.com/radare/radare2/commit/66191f780863ea8c66ace4040d0d04a8842e8432
NOTE: https://github.com/radare/radare2/issues/12239
CVE-2018-19841 (The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a ...)
+ {DLA-2525-1}
- wavpack 5.1.0-5 (bug #915565)
NOTE: https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b
NOTE: https://github.com/dbry/WavPack/issues/54
CVE-2018-19840 (The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPac ...)
+ {DLA-2525-1}
- wavpack 5.1.0-5 (bug #915564)
NOTE: https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51
NOTE: https://github.com/dbry/WavPack/issues/53
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3c82525990309c6c9b82b80c29aaea959b2e5d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3c82525990309c6c9b82b80c29aaea959b2e5d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210115/16351deb/attachment.html>
More information about the debian-security-tracker-commits
mailing list