[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 27 08:10:28 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eacff36b by security tracker role at 2021-01-27T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2021-3317 (KLog Server through 2.4.1 allows authenticated command injection. asyn ...)
+ TODO: check
+CVE-2021-3316
+ RESERVED
+CVE-2021-3315
+ RESERVED
+CVE-2021-3314
+ RESERVED
+CVE-2021-3313
+ RESERVED
+CVE-2021-3312
+ RESERVED
+CVE-2021-3311
+ RESERVED
+CVE-2021-3310
+ RESERVED
+CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process co ...)
+ TODO: check
+CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...)
+ TODO: check
+CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...)
+ TODO: check
+CVE-2021-26270
+ RESERVED
CVE-2021-3307
RESERVED
CVE-2021-3306
@@ -1509,7 +1533,7 @@ CVE-2021-3195 (bitcoind in Bitcoin Core through 0.21.0 can create a new file in
NOTE: https://github.com/bitcoin/bitcoin/issues/20866
CVE-2021-3194
RESERVED
-CVE-2021-3193 (Improper access and command validation in the Nagios Docker config wiz ...)
+CVE-2021-3193 (Improper access and command validation in the Nagios Docker Config Wiz ...)
NOT-FOR-US: Nagios XI
CVE-2021-3192
RESERVED
@@ -1586,7 +1610,7 @@ CVE-2021-25646
CVE-2019-25014
RESERVED
NOT-FOR-US: Istio
-CVE-2021-3308 [Xen: IRQ vector leak on x86]
+CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 throug ...)
- xen <unfixed> (bug #981052)
[buster] - xen <not-affected> (Vulnerable code introduced later)
[stretch] - xen <not-affected> (Vulnerable code introduced later)
@@ -2367,8 +2391,8 @@ CVE-2021-3167
RESERVED
CVE-2021-3166 (An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An at ...)
NOT-FOR-US: ASUS devices
-CVE-2021-3165
- RESERVED
+CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser acco ...)
+ TODO: check
CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. ...)
NOT-FOR-US: ChurchRota
CVE-2021-3163
@@ -2607,8 +2631,7 @@ CVE-2021-3158
RESERVED
CVE-2021-3157
RESERVED
-CVE-2021-3156 [Heap-based buffer overflow]
- RESERVED
+CVE-2021-3156 (Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privile ...)
{DSA-4839-1 DLA-2534-1}
- sudo 1.9.5p1-1.1
NOTE: https://www.sudo.ws/alerts/unescape_overflow.html
@@ -9008,8 +9031,8 @@ CVE-2021-3016
RESERVED
CVE-2021-3015
RESERVED
-CVE-2021-22159
- RESERVED
+CVE-2021-22159 (Insider Threat Management Windows Agent Local Privilege Escalation Vul ...)
+ TODO: check
CVE-2021-22158
RESERVED
CVE-2021-22157
@@ -11999,8 +12022,8 @@ CVE-2021-21285
RESERVED
CVE-2021-21284
RESERVED
-CVE-2021-21283
- RESERVED
+CVE-2021-21283 (Flarum is an open source discussion platform for websites. The "Flarum ...)
+ TODO: check
CVE-2021-21282
RESERVED
CVE-2021-21281
@@ -12009,8 +12032,8 @@ CVE-2021-21280
RESERVED
CVE-2021-21279
RESERVED
-CVE-2021-21278
- RESERVED
+CVE-2021-21278 (RSSHub is an open source, easy to use, and extensible RSS feed generat ...)
+ TODO: check
CVE-2021-21277
RESERVED
CVE-2021-21276
@@ -12023,8 +12046,8 @@ CVE-2021-21273
RESERVED
CVE-2021-21272 (ORAS is open source software which enables a way to push OCI Artifacts ...)
NOT-FOR-US: ORAS
-CVE-2021-21271
- RESERVED
+CVE-2021-21271 (Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middl ...)
+ TODO: check
CVE-2021-21270 (OctopusDSC is a PowerShell module with DSC resources that can be used ...)
NOT-FOR-US: OctopusDSC
CVE-2021-21269 (Keymaker is a Mastodon Community Finder based Matrix Community serverl ...)
@@ -21295,10 +21318,10 @@ CVE-2021-1073
RESERVED
CVE-2021-1072
RESERVED
-CVE-2021-1071
- RESERVED
-CVE-2021-1070
- RESERVED
+CVE-2021-1071 (NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1 ...)
+ TODO: check
+CVE-2021-1070 (NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and ...)
+ TODO: check
CVE-2021-1069 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
NOT-FOR-US: NVIDIA
CVE-2021-1068 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
@@ -34567,12 +34590,12 @@ CVE-2020-23778
RESERVED
CVE-2020-23777
RESERVED
-CVE-2020-23776
- RESERVED
+CVE-2020-23776 (A SSRF vulnerability exists in Winmail 6.5 in app.php in the key param ...)
+ TODO: check
CVE-2020-23775
RESERVED
-CVE-2020-23774
- RESERVED
+CVE-2020-23774 (A reflected XSS vulnerability exists in tohtml/convert.php of Winmail ...)
+ TODO: check
CVE-2020-23773
RESERVED
CVE-2020-23772
@@ -349775,8 +349798,8 @@ CVE-2013-2514
RESERVED
CVE-2013-2513
RESERVED
-CVE-2013-2512
- RESERVED
+CVE-2013-2512 (The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitra ...)
+ TODO: check
CVE-2013-2511
RESERVED
CVE-2013-2510
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eacff36b71a079fba92ae40dbaeb43e16536ceb4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eacff36b71a079fba92ae40dbaeb43e16536ceb4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210127/0a295b1d/attachment.html>
More information about the debian-security-tracker-commits
mailing list