[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 1 20:10:39 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b3b0b17 by security tracker role at 2021-03-01T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2021-3418
+ RESERVED
+CVE-2021-27875
+ RESERVED
+CVE-2021-27874
+ RESERVED
+CVE-2021-27873
+ RESERVED
+CVE-2021-27872
+ RESERVED
+CVE-2021-27871
+ RESERVED
+CVE-2021-27870
+ RESERVED
+CVE-2021-27869
+ RESERVED
+CVE-2021-27868
+ RESERVED
+CVE-2021-27867
+ RESERVED
+CVE-2021-27866
+ RESERVED
+CVE-2021-27865
+ RESERVED
+CVE-2021-27864
+ RESERVED
+CVE-2021-27863
+ RESERVED
+CVE-2021-27862
+ RESERVED
+CVE-2021-27861
+ RESERVED
+CVE-2021-27860
+ RESERVED
+CVE-2021-27859
+ RESERVED
+CVE-2021-27858
+ RESERVED
+CVE-2021-27857
+ RESERVED
+CVE-2021-27856
+ RESERVED
+CVE-2021-27855
+ RESERVED
+CVE-2021-27854
+ RESERVED
+CVE-2021-27853
+ RESERVED
+CVE-2021-27852
+ RESERVED
+CVE-2021-27851
+ RESERVED
+CVE-2021-27850
+ RESERVED
+CVE-2021-27849
+ RESERVED
+CVE-2021-27848
+ RESERVED
+CVE-2021-27847
+ RESERVED
+CVE-2021-27846
+ RESERVED
+CVE-2021-27845
+ RESERVED
+CVE-2021-27844
+ RESERVED
+CVE-2021-27843
+ RESERVED
+CVE-2021-27842
+ RESERVED
+CVE-2021-27841
+ RESERVED
+CVE-2021-27840
+ RESERVED
+CVE-2021-27839
+ RESERVED
+CVE-2021-27838
+ RESERVED
+CVE-2021-27837
+ RESERVED
+CVE-2021-27836
+ RESERVED
+CVE-2021-27835
+ RESERVED
+CVE-2021-27834
+ RESERVED
+CVE-2021-27833
+ RESERVED
+CVE-2021-27832
+ RESERVED
+CVE-2021-27831
+ RESERVED
+CVE-2021-27830
+ RESERVED
+CVE-2021-27829
+ RESERVED
+CVE-2021-27828
+ RESERVED
+CVE-2021-27827
+ RESERVED
+CVE-2021-27826
+ RESERVED
+CVE-2021-27825
+ RESERVED
+CVE-2021-27824
+ RESERVED
+CVE-2021-27823
+ RESERVED
+CVE-2021-27822
+ RESERVED
+CVE-2021-27821
+ RESERVED
+CVE-2021-27820
+ RESERVED
+CVE-2021-27819
+ RESERVED
+CVE-2021-27818
+ RESERVED
+CVE-2021-27817
+ RESERVED
+CVE-2021-27816
+ RESERVED
+CVE-2021-27815
+ RESERVED
+CVE-2021-27814
+ RESERVED
+CVE-2021-27813
+ RESERVED
+CVE-2021-27812
+ RESERVED
+CVE-2021-27811
+ RESERVED
+CVE-2021-27810
+ RESERVED
+CVE-2021-27809
+ RESERVED
+CVE-2021-27808
+ RESERVED
CVE-2021-27807
RESERVED
CVE-2021-27806
@@ -3376,8 +3514,8 @@ CVE-2018-25006
RESERVED
CVE-2018-25005
RESERVED
-CVE-2018-25004
- RESERVED
+CVE-2018-25004 (A user authorized to performing a specific type of query may trigger a ...)
+ TODO: check
CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9. ...)
[experimental] - libgcrypt20 1.9.1-1 (bug #981370)
- libgcrypt20 <not-affected> (Only affected 1.9)
@@ -3500,8 +3638,8 @@ CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield
NOT-FOR-US: GoDaddy node-config-shield
CVE-2021-26275
RESERVED
-CVE-2020-36240
- RESERVED
+CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...)
+ TODO: check
CVE-2020-36239
RESERVED
CVE-2020-36238
@@ -4352,8 +4490,8 @@ CVE-2021-25916
RESERVED
CVE-2021-25915
RESERVED
-CVE-2021-25914
- RESERVED
+CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0 ...)
+ TODO: check
CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version 1.0.0 throug ...)
NOT-FOR-US: Node set-or-get
CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0. ...)
@@ -4787,16 +4925,16 @@ CVE-2021-25835 (Cosmos Network Ethermint <= v0.4.0 is affected by a cross-cha
NOT-FOR-US: Cosmos Network Ethermint
CVE-2021-25834 (Cosmos Network Ethermint <= v0.4.0 is affected by a transaction rep ...)
NOT-FOR-US: Cosmos Network Ethermint
-CVE-2021-25833
- RESERVED
-CVE-2021-25832
- RESERVED
-CVE-2021-25831
- RESERVED
-CVE-2021-25830
- RESERVED
-CVE-2021-25829
- RESERVED
+CVE-2021-25833 (A file extension handling issue was found in [server] module of ONLYOF ...)
+ TODO: check
+CVE-2021-25832 (A heap buffer overflow vulnerability inside of BMP image processing wa ...)
+ TODO: check
+CVE-2021-25831 (A file extension handling issue was found in [core] module of ONLYOFFI ...)
+ TODO: check
+CVE-2021-25830 (A file extension handling issue was found in [core] module of ONLYOFFI ...)
+ TODO: check
+CVE-2021-25829 (An improper binary stream data handling issue was found in the [core] ...)
+ TODO: check
CVE-2021-25828
RESERVED
CVE-2021-25827
@@ -5865,8 +6003,7 @@ CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a
NOTE: https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17
CVE-2021-3180
RESERVED
-CVE-2021-25329
- RESERVED
+CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10. ...)
- tomcat9 9.0.43-1
- tomcat8 <removed>
- tomcat7 <removed>
@@ -6406,8 +6543,7 @@ CVE-2021-25124 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800
NOT-FOR-US: HPE
CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
NOT-FOR-US: HPE
-CVE-2021-25122
- RESERVED
+CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat versions ...)
- tomcat9 9.0.43-1
- tomcat8 <removed>
- tomcat7 <removed>
@@ -8751,7 +8887,7 @@ CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefo
- firefox 86.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
CVE-2021-23978 (Mozilla developers reported memory safety bugs present in Firefox 85 a ...)
- {DSA-4866-1 DSA-4862-1 DLA-2575-1}
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird 1:78.8.0-1
@@ -8771,7 +8907,7 @@ CVE-2021-23974 (The DOMParser API did not properly process '<noscript>' el
- firefox 86.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974
CVE-2021-23973 (When trying to load a cross-origin resource in an audio/video context ...)
- {DSA-4866-1 DSA-4862-1 DLA-2575-1}
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird 1:78.8.0-1
@@ -8788,7 +8924,7 @@ CVE-2021-23970 (Context-specific code was included in a shared jump table; resul
- firefox 86.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970
CVE-2021-23969 (As specified in the W3C Content Security Policy draft, when creating a ...)
- {DSA-4866-1 DSA-4862-1 DLA-2575-1}
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird 1:78.8.0-1
@@ -8796,7 +8932,7 @@ CVE-2021-23969 (As specified in the W3C Content Security Policy draft, when crea
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969
CVE-2021-23968 (If Content Security Policy blocked frame navigation, the full destinat ...)
- {DSA-4866-1 DSA-4862-1 DLA-2575-1}
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird 1:78.8.0-1
@@ -12826,8 +12962,8 @@ CVE-2021-22116
RESERVED
CVE-2021-22115
RESERVED
-CVE-2021-22114
- RESERVED
+CVE-2021-22114 (Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versio ...)
+ TODO: check
CVE-2021-22113 (Applications using the “Sensitive Headers” functionality i ...)
NOT-FOR-US: Spring Cloud Netflix Zuul
CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5. ...)
@@ -61177,7 +61313,7 @@ CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an
NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dba04c3488c4699f5afe96f66e448b1d447cf3fb (regression fix)
NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e67fda2dd6202ccec093fda561107ba14830a17 (regression fix)
NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=70b78d4e71494c90d2ccb40381336bc9b9a22f79 (regression fix)
-CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...)
+CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google Exposure Not ...)
NOT-FOR-US: Apple/Google Exposure Notification API
CVE-2020-13701
RESERVED
@@ -73513,8 +73649,7 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is
NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c
CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...)
- apache-spark <itp> (bug #802194)
-CVE-2020-9479
- RESERVED
+CVE-2020-9479 (When loading a UDF, a specially crafted zip file could allow files to ...)
NOT-FOR-US: Apache AsterixDB
CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...)
- libvirt 6.0.0-2 (low; bug #953078)
@@ -77435,8 +77570,8 @@ CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template pr
NOT-FOR-US: JFrog Artifactory
CVE-2020-7930
RESERVED
-CVE-2020-7929
- RESERVED
+CVE-2020-7929 (A user authorized to perform database queries may trigger denial of se ...)
+ TODO: check
CVE-2020-7928 (A user authorized to perform database queries may trigger a read overr ...)
- mongodb <removed>
[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b3b0b17bac3ec888624b509145666418e19c017
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b3b0b17bac3ec888624b509145666418e19c017
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210301/bf5f1af6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list