[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 3 20:10:31 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5334a3ea by security tracker role at 2021-03-03T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2021-27934
+ RESERVED
+CVE-2021-27933
+ RESERVED
+CVE-2021-27932
+ RESERVED
+CVE-2021-27931
+ RESERVED
+CVE-2021-27930
+ RESERVED
+CVE-2021-27929
+ RESERVED
+CVE-2021-27928
+ RESERVED
+CVE-2021-27927 (In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x befor ...)
+ TODO: check
+CVE-2021-27926
+ RESERVED
+CVE-2021-27925
+ RESERVED
+CVE-2021-27924
+ RESERVED
+CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+ TODO: check
+CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+ TODO: check
+CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+ TODO: check
+CVE-2021-27920
+ RESERVED
+CVE-2021-27919
+ RESERVED
+CVE-2021-27918
+ RESERVED
CVE-2021-3420
RESERVED
- newlib <unfixed> (bug #984446)
@@ -92,7 +126,7 @@ CVE-2021-27877 (An issue was discovered in Veritas Backup Exec before 21.2. It s
CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...)
NOT-FOR-US: Veritas
CVE-2021-3419 [net: rtl8139: stack-based buffer overflow induced by infinite recursion issue]
- RESERVED
+ REJECTED
- qemu <unfixed> (bug #984447)
[buster] - qemu <postponed> (Minor issue)
NOTE: https://bugs.launchpad.net/qemu/+bug/1910826
@@ -171,8 +205,8 @@ CVE-2021-27841
RESERVED
CVE-2021-27840
RESERVED
-CVE-2021-27839
- RESERVED
+CVE-2021-27839 (A CSV injection vulnerability found in Online Invoicing System (OIS) 4 ...)
+ TODO: check
CVE-2021-27838
RESERVED
CVE-2021-27837
@@ -1495,8 +1529,8 @@ CVE-2021-27217
RESERVED
CVE-2021-27216
RESERVED
-CVE-2021-27215
- RESERVED
+CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...)
+ TODO: check
CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution via YAML ...)
@@ -2439,8 +2473,8 @@ CVE-2021-26815
RESERVED
CVE-2021-26814
RESERVED
-CVE-2021-26813
- RESERVED
+CVE-2021-26813 (markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expr ...)
+ TODO: check
CVE-2021-26812
RESERVED
CVE-2021-26811
@@ -6145,8 +6179,8 @@ CVE-2021-25317
RESERVED
CVE-2021-25316
RESERVED
-CVE-2021-25315
- RESERVED
+CVE-2021-25315 (A Incorrect Implementation of Authentication Algorithm vulnerability i ...)
+ TODO: check
CVE-2021-25314
RESERVED
CVE-2021-25313
@@ -6357,8 +6391,8 @@ CVE-2021-25254
RESERVED
CVE-2021-25253
RESERVED
-CVE-2021-25252
- RESERVED
+CVE-2021-25252 (Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine ( ...)
+ TODO: check
CVE-2021-25251 (The Trend Micro Security 2020 and 2021 families of consumer products a ...)
NOT-FOR-US: Trend Micro
CVE-2021-25250
@@ -10403,8 +10437,8 @@ CVE-2021-23349
RESERVED
CVE-2021-23348
RESERVED
-CVE-2021-23347
- RESERVED
+CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 ...)
+ TODO: check
CVE-2021-23346
RESERVED
CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...)
@@ -11325,14 +11359,12 @@ CVE-2021-22886
RESERVED
CVE-2021-22885
RESERVED
-CVE-2021-22884
- RESERVED
+CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...)
{DSA-4863-1}
- nodejs 12.21.0~dfsg-1
[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
-CVE-2021-22883
- RESERVED
+CVE-2021-22883 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...)
{DSA-4863-1}
- nodejs 12.21.0~dfsg-1
[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
@@ -11355,10 +11387,10 @@ CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5,
NOTE: https://github.com/rails/rails/commit/879d02107b5b3eb7aeaad1cd1f259bb41f17286b (v6.0.3.5)
CVE-2021-22879
RESERVED
-CVE-2021-22878
- RESERVED
-CVE-2021-22877
- RESERVED
+CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site ...)
+ TODO: check
+CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...)
+ TODO: check
CVE-2021-22876
RESERVED
CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
@@ -11899,12 +11931,12 @@ CVE-2021-22685
RESERVED
CVE-2021-22684
RESERVED
-CVE-2021-22683
- RESERVED
+CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
+ TODO: check
CVE-2021-22682
RESERVED
-CVE-2021-22681
- RESERVED
+CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, ...)
+ TODO: check
CVE-2021-22680
RESERVED
CVE-2021-22679
@@ -11925,24 +11957,24 @@ CVE-2021-22672
RESERVED
CVE-2021-22671
RESERVED
-CVE-2021-22670
- RESERVED
+CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version ...)
+ TODO: check
CVE-2021-22669
RESERVED
CVE-2021-22668
RESERVED
CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the ...)
NOT-FOR-US: BB-ESWGP506-2SFP-T
-CVE-2021-22666
- RESERVED
+CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-bas ...)
+ TODO: check
CVE-2021-22665
RESERVED
CVE-2021-22664
RESERVED
CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...)
NOT-FOR-US: Cscape
-CVE-2021-22662
- RESERVED
+CVE-2021-22662 (A use after free issue has been identified in Fatek FvDesigner Version ...)
+ TODO: check
CVE-2021-22661 (Changing the password on the module webpage does not require the user ...)
NOT-FOR-US: ProSoft Technology
CVE-2021-22660
@@ -11989,8 +12021,8 @@ CVE-2021-22640
RESERVED
CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...)
NOT-FOR-US: Fuji Electric
-CVE-2021-22638
- RESERVED
+CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
+ TODO: check
CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...)
NOT-FOR-US: Fuji Electric
CVE-2021-22636
@@ -12889,8 +12921,8 @@ CVE-2021-22190
RESERVED
CVE-2021-22189
RESERVED
-CVE-2021-22188
- RESERVED
+CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...)
TODO: check
CVE-2021-22186
@@ -12901,8 +12933,8 @@ CVE-2021-22184
RESERVED
CVE-2021-22183
RESERVED
-CVE-2021-22182
- RESERVED
+CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2021-22181
RESERVED
CVE-2021-22180
@@ -13336,10 +13368,10 @@ CVE-2021-21981
RESERVED
CVE-2021-21980
RESERVED
-CVE-2021-21979
- RESERVED
-CVE-2021-21978
- RESERVED
+CVE-2021-21979 (In Bitnami Containers, all Laravel container versions prior to: 6.20.0 ...)
+ TODO: check
+CVE-2021-21978 (VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remot ...)
+ TODO: check
CVE-2021-21977
RESERVED
CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8. ...)
@@ -14501,7 +14533,7 @@ CVE-2020-36081
RESERVED
CVE-2020-36080
RESERVED
-CVE-2020-36079 (Zenphoto through 1.5.7 is affected by authenticated arbitrary file upl ...)
+CVE-2020-36079 (** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arb ...)
NOT-FOR-US: Zenphoto
CVE-2020-36078
RESERVED
@@ -15070,7 +15102,7 @@ CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a mal
NOT-FOR-US: SAP
CVE-2021-21477 (SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certa ...)
NOT-FOR-US: SAP
-CVE-2021-21476 (SAP UI5, versions - 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84. ...)
+CVE-2021-21476 (SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1 ...)
NOT-FOR-US: SAP
CVE-2021-21475 (Under specific circumstances SAP Master Data Management, versions - 71 ...)
NOT-FOR-US: SAP
@@ -18086,10 +18118,10 @@ CVE-2021-20444 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross
NOT-FOR-US: IBM
CVE-2021-20443 (IBM Maximo for Civil Infrastructure 7.6.2 includes executable function ...)
NOT-FOR-US: IBM
-CVE-2021-20442
- RESERVED
-CVE-2021-20441
- RESERVED
+CVE-2021-20442 (IBM Security Verify Bridge contains hard-coded credentials, such as a ...)
+ TODO: check
+CVE-2021-20441 (IBM Security Verify Bridge uses weaker than expected cryptographic alg ...)
+ TODO: check
CVE-2021-20440
RESERVED
CVE-2021-20439
@@ -18586,8 +18618,7 @@ CVE-2021-20234 [Memory leak in client induced by malicious server without CURVE/
NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123
-CVE-2021-20233
- RESERVED
+CVE-2021-20233 (A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() ...)
{DSA-4867-1}
- grub2 2.04-16
CVE-2021-20232
@@ -18625,8 +18656,7 @@ CVE-2021-20226 (A use-after-free flaw was found in the io_uring in Linux kernel,
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-001/
-CVE-2021-20225
- RESERVED
+CVE-2021-20225 (A flaw was found in grub2 in versions prior to 2.06. The option parser ...)
{DSA-4867-1}
- grub2 2.04-16
CVE-2021-20224
@@ -19060,8 +19090,8 @@ CVE-2021-20078
RESERVED
CVE-2021-20077
RESERVED
-CVE-2021-20076
- RESERVED
+CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were fou ...)
+ TODO: check
CVE-2021-20075 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for pr ...)
NOT-FOR-US: Racom's MIDGE Firmware
CVE-2021-20074 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users ...)
@@ -19879,8 +19909,8 @@ CVE-2020-35298
RESERVED
CVE-2020-35297
RESERVED
-CVE-2020-35296
- RESERVED
+CVE-2020-35296 (ThinkAdmin v6 has default administrator credentials, which allows atta ...)
+ TODO: check
CVE-2020-35295
RESERVED
CVE-2020-35294
@@ -23518,8 +23548,8 @@ CVE-2020-29049
RESERVED
CVE-2020-29048
RESERVED
-CVE-2020-29047
- RESERVED
+CVE-2020-29047 (The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote ...)
+ TODO: check
CVE-2020-29046
RESERVED
CVE-2020-29045
@@ -25546,8 +25576,8 @@ CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import
NOTE: https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
CVE-2020-28598
RESERVED
-CVE-2020-28597
- RESERVED
+CVE-2020-28597 (A predictable seed vulnerability exists in the password reset function ...)
+ TODO: check
CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...)
NOT-FOR-US: PrusaSlicer
CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() ...)
@@ -25558,8 +25588,8 @@ CVE-2020-28593
RESERVED
CVE-2020-28592
RESERVED
-CVE-2020-28591
- RESERVED
+CVE-2020-28591 (An out-of-bounds read vulnerability exists in the AMF File AMFParserCo ...)
+ TODO: check
CVE-2020-28590
RESERVED
CVE-2020-28589
@@ -29337,8 +29367,7 @@ CVE-2020-27780 (A flaw was found in Linux-Pam in versions prior to 1.5.1 in the
NOTE: https://github.com/linux-pam/linux-pam/issues/284
NOTE: Introduced by: https://github.com/linux-pam/linux-pam/commit/af0faf666c5008e54dfe43684f210e3581ff1bca (v1.5.0)
NOTE: Fixed by: https://github.com/linux-pam/linux-pam/commit/30fdfb90d9864bcc254a62760aaa149d373fd4eb
-CVE-2020-27779
- RESERVED
+CVE-2020-27779 (A flaw was found in grub2 in versions prior to 2.06. The cutmem comman ...)
{DSA-4867-1}
- grub2 2.04-16
CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...)
@@ -29539,8 +29568,7 @@ CVE-2020-27750 (A flaw was found in ImageMagick in MagickCore/colorspace-private
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1711
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a81ca9a1b46a96be83682af3389f0a6f3d0d389d
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c7038e710ad0204d6cb37a0229fc55f6f8a8662f
-CVE-2020-27749
- RESERVED
+CVE-2020-27749 (A flaw was found in grub2 in versions prior to 2.06. Variable names pr ...)
{DSA-4867-1}
- grub2 2.04-16
CVE-2020-27748 [local file inclusion vulnerability]
@@ -34918,8 +34946,7 @@ CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) m
NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 (private)
NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
-CVE-2020-25647
- RESERVED
+CVE-2020-25647 (A flaw was found in grub2 in versions prior to 2.06. During USB device ...)
{DSA-4867-1}
- grub2 2.04-16
CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. openssl_priva ...)
@@ -34977,8 +35004,7 @@ CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy
- resteasy3.0 <unfixed>
[buster] - resteasy3.0 <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042
-CVE-2020-25632
- RESERVED
+CVE-2020-25632 (A flaw was found in grub2 in versions prior to 2.06. The rmmod impleme ...)
{DSA-4867-1}
- grub2 2.04-16
CVE-2020-25631 (A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 ...)
@@ -55249,8 +55275,8 @@ CVE-2020-15939
RESERVED
CVE-2020-15938
RESERVED
-CVE-2020-15937
- RESERVED
+CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate version ...)
+ TODO: check
CVE-2020-15936
RESERVED
CVE-2020-15935
@@ -59540,8 +59566,7 @@ CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc.
[stretch] - ghostscript 9.26~dfsg-0+deb9u1
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ece5cbbd9979cd35737b00e68267762d72feb2ea
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702851
-CVE-2020-14372
- RESERVED
+CVE-2020-14372 (A flaw was found in grub2 in versions prior to 2.06, where it incorrec ...)
{DSA-4867-1}
- grub2 2.04-16
CVE-2020-14371
@@ -61911,8 +61936,7 @@ CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine o
NOT-FOR-US: Foxit
CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging functi ...)
NOT-FOR-US: FreyrSCADA IEC-60879-5-104 Server Simulator
-CVE-2020-13558
- RESERVED
+CVE-2020-13558 (A code execution vulnerability exists in the AudioSourceProviderGStrea ...)
{DSA-4854-1}
- webkit2gtk 2.30.5-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -61924,8 +61948,8 @@ CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP s
NOT-FOR-US: EIP Stack Group OpENer
CVE-2020-13555 (An exploitable local privilege elevation vulnerability exists in the f ...)
NOT-FOR-US: Advantech WebAccess/SCADA
-CVE-2020-13554
- RESERVED
+CVE-2020-13554 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ TODO: check
CVE-2020-13553 (An exploitable local privilege elevation vulnerability exists in the f ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2020-13552 (An exploitable local privilege elevation vulnerability exists in the f ...)
@@ -76790,8 +76814,8 @@ CVE-2020-8298
RESERVED
CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...)
NOT-FOR-US: Nextcloud Deck
-CVE-2020-8296
- RESERVED
+CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...)
+ TODO: check
CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...)
- nextcloud-server <itp> (bug #941708)
CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 1 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5334a3eaf88b2cc98d08a18bd159afe13380084d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5334a3eaf88b2cc98d08a18bd159afe13380084d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210303/05df1c67/attachment.htm>
More information about the debian-security-tracker-commits
mailing list