[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 9 08:10:27 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7408d0d9 by security tracker role at 2021-03-09T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-28098
+	RESERVED
+CVE-2021-28097
+	RESERVED
+CVE-2021-28096
+	RESERVED
+CVE-2021-28095
+	RESERVED
+CVE-2021-28094
+	RESERVED
+CVE-2021-28093
+	RESERVED
+CVE-2021-28092
+	RESERVED
 CVE-2021-3424
 	RESERVED
 	NOT-FOR-US: Keycloak
@@ -9285,8 +9299,8 @@ CVE-2021-24035
 	RESERVED
 CVE-2021-24034
 	RESERVED
-CVE-2021-24033
-	RESERVED
+CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...)
+	TODO: check
 CVE-2021-24030
 	RESERVED
 CVE-2021-24029
@@ -13449,8 +13463,7 @@ CVE-2021-22136
 	RESERVED
 CVE-2021-22135
 	RESERVED
-CVE-2021-22134
-	RESERVED
+CVE-2021-22134 (A document disclosure flaw was found in Elasticsearch versions after 7 ...)
 	- elasticsearch <removed>
 CVE-2021-22133 (The Elastic APM agent for Go versions before 1.11.0 can leak sensitive ...)
 	NOT-FOR-US: Elastic APM agent
@@ -14720,22 +14733,22 @@ CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains
 	NOT-FOR-US: EMC
 CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Aut ...)
 	NOT-FOR-US: EMC Avamar Server
-CVE-2021-21510
-	RESERVED
+CVE-2021-21510 (Dell iDRAC8 versions prior to 2.75.100.75 contain a host header inject ...)
+	TODO: check
 CVE-2021-21509
 	RESERVED
 CVE-2021-21508
 	RESERVED
 CVE-2021-21507
 	RESERVED
-CVE-2021-21506
-	RESERVED
+CVE-2021-21506 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...)
+	TODO: check
 CVE-2021-21505
 	RESERVED
 CVE-2021-21504
 	RESERVED
-CVE-2021-21503
-	RESERVED
+CVE-2021-21503 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...)
+	TODO: check
 CVE-2021-21502 (Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of S ...)
 	NOT-FOR-US: Dell
 CVE-2021-21501
@@ -16266,12 +16279,12 @@ CVE-2021-21364
 	RESERVED
 CVE-2021-21363
 	RESERVED
-CVE-2021-21362
-	RESERVED
-CVE-2021-21361
-	RESERVED
-CVE-2021-21360
-	RESERVED
+CVE-2021-21362 (MinIO is an open-source high performance object storage service and it ...)
+	TODO: check
+CVE-2021-21361 (The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an inf ...)
+	TODO: check
+CVE-2021-21360 (Products.GenericSetup is a mini-framework for expressing the configure ...)
+	TODO: check
 CVE-2021-21359
 	RESERVED
 CVE-2021-21358
@@ -16282,8 +16295,8 @@ CVE-2021-21356
 	RESERVED
 CVE-2021-21355
 	RESERVED
-CVE-2021-21354
-	RESERVED
+CVE-2021-21354 (Pollbot is open source software which "frees its human masters from th ...)
+	TODO: check
 CVE-2021-21353 (Pug is an npm package which is a high-performance template engine. In  ...)
 	TODO: check
 CVE-2021-21352 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
@@ -16316,12 +16329,12 @@ CVE-2021-21339
 	RESERVED
 CVE-2021-21338
 	RESERVED
-CVE-2021-21337
-	RESERVED
-CVE-2021-21336
-	RESERVED
-CVE-2021-21335
-	RESERVED
+CVE-2021-21337 (Products.PluggableAuthService is a pluggable Zope authentication and a ...)
+	TODO: check
+CVE-2021-21336 (Products.PluggableAuthService is a pluggable Zope authentication and a ...)
+	TODO: check
+CVE-2021-21335 (In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-n ...)
+	TODO: check
 CVE-2021-21334
 	RESERVED
 	- containerd 1.4.4~ds1-1
@@ -19669,7 +19682,7 @@ CVE-2020-35513 (A flaw incorrect umask during file or directory modification in
 	[stretch] - linux <not-affected> (Vulnerable code introduce later)
 	NOTE: https://git.kernel.org/linus/880a3a5325489a143269a8e172e7563ebf9897bc
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1911309
-CVE-2020-35512 (A use-after-free flaw was found in D-Bus 1.12.20 when a system has mul ...)
+CVE-2020-35512 (A use-after-free flaw was found in D-Bus Development branch <= 1.13 ...)
 	- dbus 1.12.20-1
 	[buster] - dbus 1.12.20-0+deb10u1
 	[stretch] - dbus 1.10.32-0+deb9u1
@@ -29616,8 +29629,7 @@ CVE-2020-27839
 	RESERVED
 	- ceph <unfixed>
 	NOTE: https://tracker.ceph.com/issues/44591
-CVE-2020-27838
-	RESERVED
+CVE-2020-27838 (A flaw was found in keycloak in versions prior to 13.0.0. The client r ...)
 	NOT-FOR-US: Keycloak
 CVE-2020-27837 (A flaw was found in GDM in versions prior to 3.38.2.1. A race conditio ...)
 	- gdm3 3.38.2.1-1
@@ -30864,12 +30876,12 @@ CVE-2020-27578
 	RESERVED
 CVE-2020-27577
 	RESERVED
-CVE-2020-27576
-	RESERVED
-CVE-2020-27575
-	RESERVED
-CVE-2020-27574
-	RESERVED
+CVE-2020-27576 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XS ...)
+	TODO: check
+CVE-2020-27575 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vuln ...)
+	TODO: check
+CVE-2020-27574 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forge ...)
+	TODO: check
 CVE-2020-27573
 	RESERVED
 CVE-2020-27572



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7408d0d913fb849a8056b2af6576e21a7350dd34

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7408d0d913fb849a8056b2af6576e21a7350dd34
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210309/00416171/attachment.htm>

More information about the debian-security-tracker-commits mailing list