[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 11 08:10:29 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
33832a9f by security tracker role at 2021-03-11T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,37 @@
-CVE-2021-3427
+CVE-2021-3429
+ RESERVED
+CVE-2021-3428
+ RESERVED
+CVE-2021-28145
+ RESERVED
+CVE-2021-28144
+ RESERVED
+CVE-2021-28143
+ RESERVED
+CVE-2021-28142
+ RESERVED
+CVE-2021-28141
+ RESERVED
+CVE-2021-28140
+ RESERVED
+CVE-2021-28139
+ RESERVED
+CVE-2021-28138
+ RESERVED
+CVE-2021-28137
RESERVED
-CVE-2021-28132
+CVE-2021-28136
RESERVED
+CVE-2021-28135
+ RESERVED
+CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote attacke ...)
+ TODO: check
+CVE-2021-28133
+ RESERVED
+CVE-2021-3427
+ RESERVED
+CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows unauthenticated ...)
+ TODO: check
CVE-2021-28131
RESERVED
CVE-2021-28130
@@ -528,10 +558,10 @@ CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of servic
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
CVE-2021-27920
RESERVED
-CVE-2021-27919
- RESERVED
-CVE-2021-27918
- RESERVED
+CVE-2021-27919 (archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a den ...)
+ TODO: check
+CVE-2021-27918 (encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infin ...)
+ TODO: check
CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...)
- newlib <unfixed> (bug #984446)
[buster] - newlib <no-dsa> (Minor issue)
@@ -16407,23 +16437,22 @@ CVE-2021-21380
RESERVED
CVE-2021-21379
RESERVED
-CVE-2021-21378
- RESERVED
+CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2021-21377
RESERVED
CVE-2021-21376
RESERVED
-CVE-2021-21375
- RESERVED
+CVE-2021-21375 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2021-21374
RESERVED
CVE-2021-21373
RESERVED
CVE-2021-21372
RESERVED
-CVE-2021-21371
- RESERVED
+CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to pull Tena ...)
+ TODO: check
CVE-2021-21370
RESERVED
CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible, Ethereum clien ...)
@@ -16436,10 +16465,10 @@ CVE-2021-21366
RESERVED
CVE-2021-21365
RESERVED
-CVE-2021-21364
- RESERVED
-CVE-2021-21363
- RESERVED
+CVE-2021-21364 (swagger-codegen is an open-source project which contains a template-dr ...)
+ TODO: check
+CVE-2021-21363 (swagger-codegen is an open-source project which contains a template-dr ...)
+ TODO: check
CVE-2021-21362 (MinIO is an open-source high performance object storage service and it ...)
TODO: check
CVE-2021-21361 (The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an inf ...)
@@ -16496,8 +16525,7 @@ CVE-2021-21336 (Products.PluggableAuthService is a pluggable Zope authentication
NOT-FOR-US: Products.PluggableAuthService
CVE-2021-21335 (In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-n ...)
TODO: check
-CVE-2021-21334
- RESERVED
+CVE-2021-21334 (In containerd (an industry-standard container runtime) before versions ...)
- containerd 1.4.4~ds1-1
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
CVE-2021-21333
@@ -16689,8 +16717,8 @@ CVE-2021-21267
RESERVED
CVE-2021-21266 (openHAB is a vendor and technology agnostic open source automation sof ...)
NOT-FOR-US: openHAB
-CVE-2021-21265
- RESERVED
+CVE-2021-21265 (October is a free, open-source, self-hosted CMS platform based on the ...)
+ TODO: check
CVE-2021-21264
RESERVED
CVE-2021-21262
@@ -57714,8 +57742,8 @@ CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all dynam
CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an unquoted ...)
- veyon <not-affected> (Windows-specific)
NOTE: https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp
-CVE-2020-15260
- RESERVED
+CVE-2020-15260 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2020-15259 (ad-ldap-connector's admin panel before version 5.0.13 does not provide ...)
NOT-FOR-US: ad-ldap-connector
CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without checking ...)
@@ -94743,12 +94771,12 @@ CVE-2020-1902 (A user running a quick search on a highly forwarded message on Wh
NOT-FOR-US: WhatsApp
CVE-2020-1901 (Receiving a large text message containing URLs in WhatsApp for iOS pri ...)
NOT-FOR-US: WhatsApp
-CVE-2020-1900
- RESERVED
-CVE-2020-1899
- RESERVED
-CVE-2020-1898
- RESERVED
+CVE-2020-1900 (When unserializing an object with dynamic properties HHVM needs to pre ...)
+ TODO: check
+CVE-2020-1899 (The unserialize() function supported a type code, "S", which was meant ...)
+ TODO: check
+CVE-2020-1898 (The fb_unserialize function did not impose a depth limit for nested de ...)
+ TODO: check
CVE-2020-1897 (A use-after-free is possible due to an error in lifetime management in ...)
NOT-FOR-US: Facebook Proxygen
CVE-2020-1896 (A stack overflow vulnerability in Facebook Hermes ‘builtin apply ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33832a9f3d9037a7ca18dc89d5141b18f0b2b417
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33832a9f3d9037a7ca18dc89d5141b18f0b2b417
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210311/f71c4008/attachment.htm>
More information about the debian-security-tracker-commits
mailing list