[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Mar 8 20:10:36 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
adc0edfb by security tracker role at 2021-03-08T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3424
+	RESERVED
+CVE-2021-28091
+	RESERVED
+CVE-2021-28090
+	RESERVED
+CVE-2021-28089
+	RESERVED
+CVE-2020-36256
+	RESERVED
 CVE-2021-XXXX [Arbitrary file read/write without permissions]
 	- flatpak 1.10.1-4
 	NOTE: https://github.com/flatpak/flatpak/issues/4146
@@ -1864,8 +1874,8 @@ CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode
 	NOT-FOR-US: WPG plugin for IrfanView
 CVE-2021-27223
 	RESERVED
-CVE-2021-27222
-	RESERVED
+CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote authenticat ...)
+	TODO: check
 CVE-2021-27221
 	RESERVED
 CVE-2021-27220
@@ -2878,8 +2888,8 @@ CVE-2021-26790
 	RESERVED
 CVE-2021-26789
 	RESERVED
-CVE-2021-26788
-	RESERVED
+CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected b ...)
+	TODO: check
 CVE-2021-26787
 	RESERVED
 CVE-2021-26786
@@ -10827,7 +10837,7 @@ CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expr
 	NOTE: https://github.com/PrismJS/prism/issues/2583
 CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local FIle In ...)
 	NOT-FOR-US: Pimcore
-CVE-2021-23339 (This affects all versions of package com.typesafe.akka:akka-http-core. ...)
+CVE-2021-23339 (This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of  ...)
 	NOT-FOR-US: com.typesafe.akka:akka-http-core
 CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...)
 	NOT-FOR-US: qlib
@@ -16329,18 +16339,18 @@ CVE-2021-21330 (aiohttp is an asynchronous HTTP client/server framework for asyn
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg
 	NOTE: https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25
 	NOTE: https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b
-CVE-2021-21329
-	RESERVED
+CVE-2021-21329 (RATCF is an open-source framework for hosting Cyber-Security Capture t ...)
+	TODO: check
 CVE-2021-21328 (Vapor is a web framework for Swift. In Vapor before version 4.40.1, th ...)
 	NOT-FOR-US: Vapor
-CVE-2021-21327
-	RESERVED
-CVE-2021-21326
-	RESERVED
-CVE-2021-21325
-	RESERVED
-CVE-2021-21324
-	RESERVED
+CVE-2021-21327 (GLPI is an open-source asset and IT management software package that p ...)
+	TODO: check
+CVE-2021-21326 (GLPI is an open-source asset and IT management software package that p ...)
+	TODO: check
+CVE-2021-21325 (GLPI is an open-source asset and IT management software package that p ...)
+	TODO: check
+CVE-2021-21324 (GLPI is an open-source asset and IT management software package that p ...)
+	TODO: check
 CVE-2021-21323 (Brave is an open source web browser with a focus on privacy and securi ...)
 	- brave-browser <itp> (bug #864795)
 CVE-2021-21322 (fastify-http-proxy is an npm package which is a fastify plugin for pro ...)
@@ -29699,7 +29709,7 @@ CVE-2020-27818 (A flaw was found in the check_chunk_name() function of pngcheck-
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011
 	NOTE: Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
 CVE-2020-27817
-	RESERVED
+	REJECTED
 CVE-2020-27816 (The elasticsearch-operator does not validate the namespace where kiban ...)
 	NOT-FOR-US: OpenShift Elasticsearch operator
 CVE-2020-27815
@@ -34616,7 +34626,7 @@ CVE-2020-25904
 	RESERVED
 CVE-2020-25903
 	RESERVED
-CVE-2020-25902 (Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripti ...)
+CVE-2020-25902 (** DISPUTED ** Blackboard Collaborate Ultra 20.02 is affected by a cro ...)
 	NOT-FOR-US: Blackboard Collaborate Ultra
 CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to r ...)
 	NOT-FOR-US: Spiceworks
@@ -39160,8 +39170,8 @@ CVE-2020-23969
 	RESERVED
 CVE-2020-23968 (Ilex International Sign&go Workstation Security Suite 7.1 allows e ...)
 	NOT-FOR-US: Ilex International Sign&go Workstation Security Suite
-CVE-2020-23967
-	RESERVED
+CVE-2020-23967 (Dr.Web Security Space versions 11 and 12 allow elevation of privilege  ...)
+	TODO: check
 CVE-2020-23966
 	RESERVED
 CVE-2020-23965
@@ -86053,8 +86063,8 @@ CVE-2020-5016
 	RESERVED
 CVE-2020-5015
 	RESERVED
-CVE-2020-5014
-	RESERVED
+CVE-2020-5014 (IBM DataPower Gateway V10 and V2018 could allow a local attacker with  ...)
+	TODO: check
 CVE-2020-5013
 	RESERVED
 CVE-2020-5012
@@ -86275,8 +86285,8 @@ CVE-2020-4905 (IBM Financial Transaction Manager for SWIFT Services for Multipla
 	NOT-FOR-US: IBM
 CVE-2020-4904 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
 	NOT-FOR-US: IBM
-CVE-2020-4903
-	RESERVED
+CVE-2020-4903 (IBM API Connect V10 and V2018 could allow an attacker who has intercep ...)
+	TODO: check
 CVE-2020-4902
 	RESERVED
 CVE-2020-4901
@@ -86694,8 +86704,8 @@ CVE-2020-4697 (IBM Jazz Foundation products are vulnerable to cross-site scripti
 	NOT-FOR-US: IBM
 CVE-2020-4696 (IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session a ...)
 	NOT-FOR-US: IBM
-CVE-2020-4695
-	RESERVED
+CVE-2020-4695 (IBM API Connect V10 is impacted by insecure communications during data ...)
+	TODO: check
 CVE-2020-4694
 	RESERVED
 CVE-2020-4693 (IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc0edfb5f7f24da7f1237b33753af32aa35555d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc0edfb5f7f24da7f1237b33753af32aa35555d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210308/4a9db22a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list