[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Mar 12 08:10:24 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37e034d4 by security tracker role at 2021-03-12T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,170 @@
-CVE-2021-28153 [g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink]
+CVE-2021-3441
+	RESERVED
+CVE-2021-3440
+	RESERVED
+CVE-2021-3439
+	RESERVED
+CVE-2021-3438
+	RESERVED
+CVE-2021-3437
+	RESERVED
+CVE-2021-3436
+	RESERVED
+CVE-2021-28216
+	RESERVED
+CVE-2021-28215
+	RESERVED
+CVE-2021-28214
+	RESERVED
+CVE-2021-28213
+	RESERVED
+CVE-2021-28212
+	RESERVED
+CVE-2021-28211
+	RESERVED
+CVE-2021-28210
+	RESERVED
+CVE-2021-28209
+	RESERVED
+CVE-2021-28208
+	RESERVED
+CVE-2021-28207
+	RESERVED
+CVE-2021-28206
+	RESERVED
+CVE-2021-28205
+	RESERVED
+CVE-2021-28204
+	RESERVED
+CVE-2021-28203
+	RESERVED
+CVE-2021-28202
+	RESERVED
+CVE-2021-28201
+	RESERVED
+CVE-2021-28200
+	RESERVED
+CVE-2021-28199
+	RESERVED
+CVE-2021-28198
+	RESERVED
+CVE-2021-28197
+	RESERVED
+CVE-2021-28196
+	RESERVED
+CVE-2021-28195
+	RESERVED
+CVE-2021-28194
+	RESERVED
+CVE-2021-28193
+	RESERVED
+CVE-2021-28192
+	RESERVED
+CVE-2021-28191
+	RESERVED
+CVE-2021-28190
+	RESERVED
+CVE-2021-28189
+	RESERVED
+CVE-2021-28188
+	RESERVED
+CVE-2021-28187
+	RESERVED
+CVE-2021-28186
+	RESERVED
+CVE-2021-28185
+	RESERVED
+CVE-2021-28184
+	RESERVED
+CVE-2021-28183
+	RESERVED
+CVE-2021-28182
+	RESERVED
+CVE-2021-28181
+	RESERVED
+CVE-2021-28180
+	RESERVED
+CVE-2021-28179
+	RESERVED
+CVE-2021-28178
+	RESERVED
+CVE-2021-28177
+	RESERVED
+CVE-2021-28176
+	RESERVED
+CVE-2021-28175
+	RESERVED
+CVE-2021-28174
+	RESERVED
+CVE-2021-28173
+	RESERVED
+CVE-2021-28172
+	RESERVED
+CVE-2021-28171
+	RESERVED
+CVE-2021-28170
+	RESERVED
+CVE-2021-28169
+	RESERVED
+CVE-2021-28168
+	RESERVED
+CVE-2021-28167
+	RESERVED
+CVE-2021-28166
+	RESERVED
+CVE-2021-28165
+	RESERVED
+CVE-2021-28164
+	RESERVED
+CVE-2021-28163
+	RESERVED
+CVE-2021-28162
+	RESERVED
+CVE-2021-28161
+	RESERVED
+CVE-2021-28160
+	RESERVED
+CVE-2021-28159
+	RESERVED
+CVE-2021-28158
+	RESERVED
+CVE-2021-28157
+	RESERVED
+CVE-2021-28156
+	RESERVED
+CVE-2021-28155
+	RESERVED
+CVE-2021-28154 (** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 all ...)
+	TODO: check
+CVE-2021-28152
+	RESERVED
+CVE-2021-28151
+	RESERVED
+CVE-2021-28150
+	RESERVED
+CVE-2021-28149
+	RESERVED
+CVE-2021-28148
+	RESERVED
+CVE-2021-28147
+	RESERVED
+CVE-2021-28146
+	RESERVED
+CVE-2020-36282 (JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vuln ...)
+	TODO: check
+CVE-2020-36281 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFew ...)
+	TODO: check
+CVE-2020-36280 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixRea ...)
+	TODO: check
+CVE-2020-36279 (Leptonica before 1.80.0 allows a heap-based buffer over-read in raster ...)
+	TODO: check
+CVE-2020-36278 (Leptonica before 1.80.0 allows a heap-based buffer over-read in findNe ...)
+	TODO: check
+CVE-2020-36277 (Leptonica before 1.80.0 allows a denial of service (application crash) ...)
+	TODO: check
+CVE-2016-20009 (** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overfl ...)
+	TODO: check
+CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...)
 	- glib2.0 2.66.7-2 (bug #984969)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325
 CVE-2021-3435
@@ -21,8 +187,8 @@ CVE-2021-28145
 	RESERVED
 CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote a ...)
 	NOT-FOR-US: D-Link
-CVE-2021-28143
-	RESERVED
+CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated  ...)
+	TODO: check
 CVE-2021-28142
 	RESERVED
 CVE-2021-28141 (An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1 ...)
@@ -1157,10 +1323,10 @@ CVE-2021-27649
 	RESERVED
 CVE-2021-27648
 	RESERVED
-CVE-2021-27647
-	RESERVED
-CVE-2021-27646
-	RESERVED
+CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synolo ...)
+	TODO: check
+CVE-2021-27646 (Use After Free vulnerability in iscsi_snapshot_comm_core in Synology D ...)
+	TODO: check
 CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka glibc o ...)
 	- glibc <unfixed> (bug #983479)
 	[buster] - glibc <no-dsa> (Minor issue)
@@ -3596,8 +3762,8 @@ CVE-2021-26571 (The Baseboard Management Controller (BMC) firmware in HPE Apollo
 	NOT-FOR-US: HPE
 CVE-2021-26570 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
 	NOT-FOR-US: HPE
-CVE-2021-26569
-	RESERVED
+CVE-2021-26569 (Race Condition within a Thread vulnerability in iscsi_snapshot_comm_co ...)
+	TODO: check
 CVE-2021-26568
 	RESERVED
 CVE-2021-26567 (Use of unmaintained third party components vulnerability in faad in Sy ...)
@@ -12318,18 +12484,18 @@ CVE-2021-22716
 	RESERVED
 CVE-2021-22715
 	RESERVED
-CVE-2021-22714
-	RESERVED
-CVE-2021-22713
-	RESERVED
-CVE-2021-22712
-	RESERVED
-CVE-2021-22711
-	RESERVED
-CVE-2021-22710
-	RESERVED
-CVE-2021-22709
-	RESERVED
+CVE-2021-22714 (A CWE-119:Improper restriction of operations within the bounds of a me ...)
+	TODO: check
+CVE-2021-22713 (A CWE-119:Improper restriction of operations within the bounds of a me ...)
+	TODO: check
+CVE-2021-22712 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+	TODO: check
+CVE-2021-22711 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+	TODO: check
+CVE-2021-22710 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+	TODO: check
+CVE-2021-22709 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+	TODO: check
 CVE-2021-22708
 	RESERVED
 CVE-2021-22707
@@ -18265,8 +18431,8 @@ CVE-2021-20676
 	RESERVED
 CVE-2021-20675
 	RESERVED
-CVE-2021-20674
-	RESERVED
+CVE-2021-20674 (Untrusted search path vulnerability in Installer of MagicConnect Clien ...)
+	TODO: check
 CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 ...)
 	NOT-FOR-US: GROWI
 CVE-2021-20672 (Reflected cross-site scripting vulnerability due to insufficient verif ...)
@@ -19138,8 +19304,7 @@ CVE-2021-20263 (A flaw was found in the virtio-fs shared file system daemon (vir
 	NOTE: Introduced in https://git.qemu.org/?p=qemu.git;a=commit;h=725ca3313a5b9cbef89eaa1c728567684f37990a
 CVE-2021-20262 (A flaw was found in Keycloak 12.0.0 where re-authentication does not o ...)
 	NOT-FOR-US: Keycloak
-CVE-2021-20261
-	RESERVED
+CVE-2021-20261 (A race condition was found in the Linux kernels implementation of the  ...)
 	- linux 4.5.1-1
 	NOTE: https://git.kernel.org/linus/a0c80efe5956ccce9fe7ae5c78542578c07bc20a
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932150
@@ -24217,8 +24382,8 @@ CVE-2020-29047 (The wp-hotel-booking plugin through 1.10.2 for WordPress allows
 	NOT-FOR-US: wp-hotel-booking plugin for WordPress
 CVE-2020-29046
 	RESERVED
-CVE-2020-29045
-	RESERVED
+CVE-2020-29045 (The food-and-drink-menu plugin through 2.2.0 for WordPress allows remo ...)
+	TODO: check
 CVE-2020-29044
 	RESERVED
 CVE-2020-29043 (An issue was discovered in BigBlueButton through 2.2.29. When at attac ...)
@@ -37181,10 +37346,10 @@ CVE-2020-24986 (Concrete5 up to and including 8.5.2 allows Unrestricted Upload o
 	NOT-FOR-US: Concrete5
 CVE-2020-24985
 	RESERVED
-CVE-2020-24984
-	RESERVED
-CVE-2020-24983
-	RESERVED
+CVE-2020-24984 (An issue was discovered in Quadbase EspressReports ES 7 Update 9. It a ...)
+	TODO: check
+CVE-2020-24983 (An issue was discovered in Quadbase EspressReports ES 7 Update 9. An u ...)
+	TODO: check
 CVE-2020-24982
 	RESERVED
 CVE-2020-24981 (An Incorrect Access Control vulnerability exists in /ucms/chk.php in U ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e034d47fb03234786111ed13a452285260b764

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e034d47fb03234786111ed13a452285260b764
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210312/667822e9/attachment.htm>

More information about the debian-security-tracker-commits mailing list