[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 27 20:10:38 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
75e9d0ac by security tracker role at 2021-01-27T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...)
+ TODO: check
+CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...)
+ TODO: check
+CVE-2021-3324
+ RESERVED
+CVE-2021-3323
+ RESERVED
+CVE-2021-3322
+ RESERVED
+CVE-2021-3321
+ RESERVED
+CVE-2021-3320
+ RESERVED
+CVE-2021-3319
+ RESERVED
+CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...)
+ TODO: check
+CVE-2021-26274
+ RESERVED
+CVE-2021-26273
+ RESERVED
CVE-2021-XXXX [glibc: assertion failure in ISO-2022-JP-3 module]
- glibc <unfixed> (bug #981198)
[buster] - glibc <no-dsa> (Minor issue)
@@ -372,10 +394,10 @@ CVE-2021-26120
RESERVED
CVE-2021-26119
RESERVED
-CVE-2021-26118
- RESERVED
-CVE-2021-26117
- RESERVED
+CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...)
+ TODO: check
+CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use anony ...)
+ TODO: check
CVE-2021-26116
RESERVED
CVE-2021-26115
@@ -937,8 +959,8 @@ CVE-2021-3274
RESERVED
CVE-2021-3273
RESERVED
-CVE-2021-3272
- RESERVED
+CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-b ...)
+ TODO: check
CVE-2021-3271 (PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS ca ...)
NOT-FOR-US: PressBooks
CVE-2021-3270
@@ -2358,13 +2380,11 @@ CVE-2021-3176
RESERVED
CVE-2021-3175
RESERVED
-CVE-2021-25312 [HTCONDOR-2021-0001]
- RESERVED
+CVE-2021-25312 (HTCondor before 8.9.11 allows a user to submit a job as another user o ...)
- condor <undetermined>
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0001.html
TODO: check details, as according to advisory specific versions are mentioned
-CVE-2021-25311 [HTCONDOR-2021-0002]
- RESERVED
+CVE-2021-25311 (condor_credd in HTCondor before 8.9.11 allows Directory Traversal outs ...)
- condor <undetermined>
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html
TODO: check details, according to advisory, only affects versions starting at 8.9.7 but details are not clear
@@ -5188,6 +5208,7 @@ CVE-2021-23965
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965
CVE-2021-23964
RESERVED
+ {DSA-4840-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird <unfixed>
@@ -5208,6 +5229,7 @@ CVE-2021-23961
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961
CVE-2021-23960
RESERVED
+ {DSA-4840-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird <unfixed>
@@ -5236,6 +5258,7 @@ CVE-2021-23955
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955
CVE-2021-23954
RESERVED
+ {DSA-4840-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird <unfixed>
@@ -5244,6 +5267,7 @@ CVE-2021-23954
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23954
CVE-2021-23953
RESERVED
+ {DSA-4840-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird <unfixed>
@@ -8049,12 +8073,12 @@ CVE-2021-22657
RESERVED
CVE-2021-22656
RESERVED
-CVE-2021-22655
- RESERVED
+CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...)
+ TODO: check
CVE-2021-22654
RESERVED
-CVE-2021-22653
- RESERVED
+CVE-2021-22653 (Multiple out-of-bounds write issues have been identified in the way th ...)
+ TODO: check
CVE-2021-22652
RESERVED
CVE-2021-22651
@@ -8077,12 +8101,12 @@ CVE-2021-22643
RESERVED
CVE-2021-22642
RESERVED
-CVE-2021-22641
- RESERVED
+CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the ...)
+ TODO: check
CVE-2021-22640
RESERVED
-CVE-2021-22639
- RESERVED
+CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...)
+ TODO: check
CVE-2021-22638
RESERVED
CVE-2021-22637
@@ -10698,8 +10722,8 @@ CVE-2020-36014
RESERVED
CVE-2020-36013
RESERVED
-CVE-2020-36012
- RESERVED
+CVE-2020-36012 (Stored XSS vulnerability in BDTASK Multi-Store Inventory Management Sy ...)
+ TODO: check
CVE-2020-36011 (A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart ...)
NOT-FOR-US: QDOCS Smart Hospital Management System
CVE-2020-36010
@@ -14154,8 +14178,8 @@ CVE-2021-20359
RESERVED
CVE-2021-20358
RESERVED
-CVE-2021-20357
- RESERVED
+CVE-2021-20357 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+ TODO: check
CVE-2021-20356
RESERVED
CVE-2021-20355
@@ -25145,6 +25169,7 @@ CVE-2020-27748 [local file inclusion vulnerability]
CVE-2020-27747 (An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973 ...)
NOT-FOR-US: Click Studios Passwordstate
CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Informa ...)
+ {DSA-4841-1}
- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
- slurm-llnl <removed> (bug #974722)
[stretch] - slurm-llnl <no-dsa> (Minor issue)
@@ -25153,6 +25178,7 @@ CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive I
NOTE: https://github.com/SchedMD/slurm/commit/07309deb45c33e735e191faf9dd31cca1054a15c
NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix
CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflo ...)
+ {DSA-4841-1}
- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
- slurm-llnl <removed> (bug #974721)
[stretch] - slurm-llnl <no-dsa> (Minor issue)
@@ -27219,6 +27245,7 @@ CVE-2020-26977 (By attempting to connect a website using an unresponsive port, a
- firefox <not-affected> (Android specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26977
CVE-2020-26976 (When a HTTPS pages was embedded in a HTTP page, and there was a servic ...)
+ {DSA-4840-1}
- firefox 84.0-1
- firefox-esr 78.7.0esr-1
- thunderbird <unfixed>
@@ -35445,26 +35472,26 @@ CVE-2020-23363
RESERVED
CVE-2020-23362
RESERVED
-CVE-2020-23361
- RESERVED
-CVE-2020-23360
- RESERVED
-CVE-2020-23359
- RESERVED
+CVE-2020-23361 (phpList 3.5.3 allows type juggling for login bypass because == is used ...)
+ TODO: check
+CVE-2020-23360 (oscommerce v2.3.4.1 has a functional problem in user registration and ...)
+ TODO: check
+CVE-2020-23359 (WeBid 1.2.2 admin/newuser.php has an issue with password rechecking du ...)
+ TODO: check
CVE-2020-23358
RESERVED
CVE-2020-23357
RESERVED
-CVE-2020-23356
- RESERVED
-CVE-2020-23355
- RESERVED
+CVE-2020-23356 (dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type ju ...)
+ TODO: check
+CVE-2020-23355 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/use ...)
+ TODO: check
CVE-2020-23354
RESERVED
CVE-2020-23353
RESERVED
-CVE-2020-23352
- RESERVED
+CVE-2020-23352 (Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP l ...)
+ TODO: check
CVE-2020-23351
RESERVED
CVE-2020-23350
@@ -50220,27 +50247,27 @@ CVE-2020-16116 (In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archi
NOTE: https://kde.org/info/security/advisory-20200730-1.txt
NOTE: https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f
CVE-2020-16115
- RESERVED
+ REJECTED
CVE-2020-16114
- RESERVED
+ REJECTED
CVE-2020-16113
- RESERVED
+ REJECTED
CVE-2020-16112
- RESERVED
+ REJECTED
CVE-2020-16111
- RESERVED
+ REJECTED
CVE-2020-16110
- RESERVED
+ REJECTED
CVE-2020-16109
- RESERVED
+ REJECTED
CVE-2020-16108
- RESERVED
+ REJECTED
CVE-2020-16107
- RESERVED
+ REJECTED
CVE-2020-16106
- RESERVED
+ REJECTED
CVE-2020-16105
- RESERVED
+ REJECTED
CVE-2020-16104 (SQL Injection vulnerability in Enterprise Data Interface of Gallagher ...)
NOT-FOR-US: Gallagher Command Centre Server
CVE-2020-16103 (Type confusion in Gallagher Command Centre Server allows a remote atta ...)
@@ -59558,6 +59585,7 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-
CVE-2020-12694
RESERVED
CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...)
+ {DSA-4841-1}
- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
- slurm-llnl <removed> (bug #961406)
[stretch] - slurm-llnl <no-dsa> (Minor issue)
@@ -79565,10 +79593,10 @@ CVE-2020-5430
REJECTED
CVE-2020-5429
REJECTED
-CVE-2020-5428
- RESERVED
-CVE-2020-5427
- RESERVED
+CVE-2020-5428 (In applications using Spring Cloud Task 2.2.4.RELEASE and below, may b ...)
+ TODO: check
+CVE-2020-5427 (In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5 ...)
+ TODO: check
CVE-2020-5426 (Scheduler for TAS prior to version 1.4.0 was permitting plaintext tran ...)
NOT-FOR-US: Vmware
CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x v ...)
@@ -81125,8 +81153,8 @@ CVE-2020-4969 (IBM Security Identity Governance and Intelligence 5.2.6 could all
NOT-FOR-US: IBM
CVE-2020-4968 (IBM Security Identity Governance and Intelligence 5.2.6 uses weaker th ...)
NOT-FOR-US: IBM
-CVE-2020-4967
- RESERVED
+CVE-2020-4967 (IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive inf ...)
+ TODO: check
CVE-2020-4966 (IBM Security Identity Governance and Intelligence 5.2.6 does not set t ...)
NOT-FOR-US: IBM
CVE-2020-4965
@@ -81155,8 +81183,8 @@ CVE-2020-4954
RESERVED
CVE-2020-4953
RESERVED
-CVE-2020-4952
- RESERVED
+CVE-2020-4952 (IBM Security Guardium 11.2 could allow an authenticated user to gain r ...)
+ TODO: check
CVE-2020-4951
RESERVED
CVE-2020-4950
@@ -81329,8 +81357,8 @@ CVE-2020-4867
RESERVED
CVE-2020-4866
RESERVED
-CVE-2020-4865
- RESERVED
+CVE-2020-4865 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+ TODO: check
CVE-2020-4864 (IBM Resilient SOAR V38.0 could allow an attacker on the internal net w ...)
NOT-FOR-US: IBM
CVE-2020-4863
@@ -81349,8 +81377,8 @@ CVE-2020-4857
RESERVED
CVE-2020-4856
RESERVED
-CVE-2020-4855
- RESERVED
+CVE-2020-4855 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+ TODO: check
CVE-2020-4854 (IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded cr ...)
NOT-FOR-US: IBM
CVE-2020-4853
@@ -81419,18 +81447,18 @@ CVE-2020-4822
RESERVED
CVE-2020-4821
RESERVED
-CVE-2020-4820
- RESERVED
+CVE-2020-4820 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site ...)
+ TODO: check
CVE-2020-4819
RESERVED
CVE-2020-4818
RESERVED
CVE-2020-4817
RESERVED
-CVE-2020-4816
- RESERVED
-CVE-2020-4815
- RESERVED
+CVE-2020-4816 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacke ...)
+ TODO: check
+CVE-2020-4815 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to ...)
+ TODO: check
CVE-2020-4814
RESERVED
CVE-2020-4813
@@ -81481,17 +81509,17 @@ CVE-2020-4791
RESERVED
CVE-2020-4790
RESERVED
-CVE-2020-4789
- RESERVED
+CVE-2020-4789 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...)
+ TODO: check
CVE-2020-4788 (IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local ...)
{DLA-2483-1}
- linux 5.9.11-1
[buster] - linux 4.19.160-1
[stretch] - linux <ignored> (powerpc architectures not included in LTS)
-CVE-2020-4787
- RESERVED
-CVE-2020-4786
- RESERVED
+CVE-2020-4787 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...)
+ TODO: check
+CVE-2020-4786 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...)
+ TODO: check
CVE-2020-4785 (IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1. ...)
NOT-FOR-US: IBM
CVE-2020-4784
@@ -81806,8 +81834,8 @@ CVE-2020-4630
RESERVED
CVE-2020-4629 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
NOT-FOR-US: IBM
-CVE-2020-4628
- RESERVED
+CVE-2020-4628 (IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a re ...)
+ TODO: check
CVE-2020-4627 (IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS ...)
NOT-FOR-US: IBM
CVE-2020-4626 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive infor ...)
@@ -81968,8 +81996,8 @@ CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to exe
NOT-FOR-US: IBM
CVE-2020-4548 (IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input ...)
NOT-FOR-US: IBM
-CVE-2020-4547
- RESERVED
+CVE-2020-4547 (IBM Jazz Foundation products could allow a remote attacker to hijack t ...)
+ TODO: check
CVE-2020-4546 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
NOT-FOR-US: IBM
CVE-2020-4545 (IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbi ...)
@@ -82014,8 +82042,8 @@ CVE-2020-4526 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cros
NOT-FOR-US: IBM
CVE-2020-4525 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
NOT-FOR-US: IBM
-CVE-2020-4524
- RESERVED
+CVE-2020-4524 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+ TODO: check
CVE-2020-4523
RESERVED
CVE-2020-4522 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
@@ -82684,8 +82712,8 @@ CVE-2020-4191 (IBM Security Guardium 11.1 uses weaker than expected cryptographi
NOT-FOR-US: IBM
CVE-2020-4190 (IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credent ...)
NOT-FOR-US: IBM
-CVE-2020-4189
- RESERVED
+CVE-2020-4189 (IBM Security Guardium 11.2 discloses sensitive information in the resp ...)
+ TODO: check
CVE-2020-4188 (IBM Security Guardium 10.6 and 11.1 may use insufficiently random numb ...)
NOT-FOR-US: IBM
CVE-2020-4187 (IBM Security Guardium 11.1 could disclose sensitive information on the ...)
@@ -86166,6 +86194,7 @@ CVE-2019-19730
CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...)
NOT-FOR-US: bsjon-objectid node module
CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --u ...)
+ {DSA-4841-1}
- slurm-llnl 19.05.5-1
[stretch] - slurm-llnl <no-dsa> (Minor issue)
[jessie] - slurm-llnl <ignored> (Minor issue, fix introduces regression, upstream refuses access to bug tracker)
@@ -106622,6 +106651,7 @@ CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x befor
NOTE: https://github.com/ansible/ansible/pull/65423
NOTE: https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md
CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible Community ...)
+ {DLA-2535-1}
- ansible 2.9.4+dfsg-1 (low)
[buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable module first bundled in 2.0)
@@ -106956,7 +106986,7 @@ CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ...)
- {DLA-2202-1}
+ {DLA-2535-1 DLA-2202-1}
- ansible 2.8.6+dfsg-1 (low; bug #942188)
[buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373
@@ -121501,6 +121531,7 @@ CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a
NOTE: https://github.com/ansible/ansible/pull/63351
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...)
+ {DLA-2535-1}
- ansible 2.8.6+dfsg-1 (bug #933005)
[buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords)
@@ -121722,7 +121753,7 @@ CVE-2019-10158 (A flaw was found in Infinispan through version 9.4.14.Final. An
CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.3 did ...)
NOT-FOR-US: Keycloak
CVE-2019-10156 (A flaw was discovered in the way Ansible templating was implemented in ...)
- {DLA-1923-1}
+ {DLA-2535-1 DLA-1923-1}
- ansible 2.8.3+dfsg-1 (low; bug #930065)
[buster] - ansible <no-dsa> (Minor issue)
NOTE: https://github.com/ansible/ansible/pull/57188
@@ -234972,6 +235003,7 @@ CVE-2017-7482 (In the Linux kernel before version 4.12, Kerberos 5 tickets decod
- linux 4.11.11-1
NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
CVE-2017-7481 (Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark loo ...)
+ {DLA-2535-1}
- ansible 2.3.1.0+dfsg-1 (bug #862666)
[jessie] - ansible <not-affected> (vulnerable code introduced in version 2.x)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450018
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75e9d0acd725bfbb495beed25b6aa67092e8ace1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75e9d0acd725bfbb495beed25b6aa67092e8ace1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210127/ac911f82/attachment.html>
More information about the debian-security-tracker-commits
mailing list