[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 12 20:10:51 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ef23a2c3 by security tracker role at 2021-03-12T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,187 @@
+CVE-2021-28308 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
+ TODO: check
+CVE-2021-28307 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
+ TODO: check
+CVE-2021-28306 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
+ TODO: check
+CVE-2021-28305 (An issue was discovered in the diesel crate before 1.4.6 for Rust. The ...)
+ TODO: check
+CVE-2021-28304
+ RESERVED
+CVE-2021-28303
+ RESERVED
+CVE-2021-28302 (A stack overflow in pupnp 1.16.1 can cause the denial of service throu ...)
+ TODO: check
+CVE-2021-28301
+ RESERVED
+CVE-2021-28300
+ RESERVED
+CVE-2021-28299
+ RESERVED
+CVE-2021-28298
+ RESERVED
+CVE-2021-28297
+ RESERVED
+CVE-2021-28296
+ RESERVED
+CVE-2021-28295
+ RESERVED
+CVE-2021-28294
+ RESERVED
+CVE-2021-28293
+ RESERVED
+CVE-2021-28292
+ RESERVED
+CVE-2021-28291
+ RESERVED
+CVE-2021-28290
+ RESERVED
+CVE-2021-28289
+ RESERVED
+CVE-2021-28288
+ RESERVED
+CVE-2021-28287
+ RESERVED
+CVE-2021-28286
+ RESERVED
+CVE-2021-28285
+ RESERVED
+CVE-2021-28284
+ RESERVED
+CVE-2021-28283
+ RESERVED
+CVE-2021-28282
+ RESERVED
+CVE-2021-28281
+ RESERVED
+CVE-2021-28280
+ RESERVED
+CVE-2021-28279
+ RESERVED
+CVE-2021-28278
+ RESERVED
+CVE-2021-28277
+ RESERVED
+CVE-2021-28276
+ RESERVED
+CVE-2021-28275
+ RESERVED
+CVE-2021-28274
+ RESERVED
+CVE-2021-28273
+ RESERVED
+CVE-2021-28272
+ RESERVED
+CVE-2021-28271
+ RESERVED
+CVE-2021-28270
+ RESERVED
+CVE-2021-28269
+ RESERVED
+CVE-2021-28268
+ RESERVED
+CVE-2021-28267
+ RESERVED
+CVE-2021-28266
+ RESERVED
+CVE-2021-28265
+ RESERVED
+CVE-2021-28264
+ RESERVED
+CVE-2021-28263
+ RESERVED
+CVE-2021-28262
+ RESERVED
+CVE-2021-28261
+ RESERVED
+CVE-2021-28260
+ RESERVED
+CVE-2021-28259
+ RESERVED
+CVE-2021-28258
+ RESERVED
+CVE-2021-28257
+ RESERVED
+CVE-2021-28256
+ RESERVED
+CVE-2021-28255
+ RESERVED
+CVE-2021-28254
+ RESERVED
+CVE-2021-28253
+ RESERVED
+CVE-2021-28252
+ RESERVED
+CVE-2021-28251
+ RESERVED
+CVE-2021-28250
+ RESERVED
+CVE-2021-28249
+ RESERVED
+CVE-2021-28248
+ RESERVED
+CVE-2021-28247
+ RESERVED
+CVE-2021-28246
+ RESERVED
+CVE-2021-28245
+ RESERVED
+CVE-2021-28244
+ RESERVED
+CVE-2021-28243
+ RESERVED
+CVE-2021-28242
+ RESERVED
+CVE-2021-28241
+ RESERVED
+CVE-2021-28240
+ RESERVED
+CVE-2021-28239
+ RESERVED
+CVE-2021-28238
+ RESERVED
+CVE-2021-28237
+ RESERVED
+CVE-2021-28236
+ RESERVED
+CVE-2021-28235
+ RESERVED
+CVE-2021-28234
+ RESERVED
+CVE-2021-28233
+ RESERVED
+CVE-2021-28232
+ RESERVED
+CVE-2021-28231
+ RESERVED
+CVE-2021-28230
+ RESERVED
+CVE-2021-28229
+ RESERVED
+CVE-2021-28228
+ RESERVED
+CVE-2021-28227
+ RESERVED
+CVE-2021-28226
+ RESERVED
+CVE-2021-28225
+ RESERVED
+CVE-2021-28224
+ RESERVED
+CVE-2021-28223
+ RESERVED
+CVE-2021-28222
+ RESERVED
+CVE-2021-28221
+ RESERVED
+CVE-2021-28220
+ RESERVED
+CVE-2021-28219
+ RESERVED
+CVE-2021-28218
+ RESERVED
+CVE-2021-28217
+ RESERVED
CVE-2021-3441
RESERVED
CVE-2021-3440
@@ -201,7 +385,7 @@ CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenti
NOT-FOR-US: D-Link
CVE-2021-28142
RESERVED
-CVE-2021-28141 (An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1 ...)
+CVE-2021-28141 (** DISPUTED ** An issue was discovered in Progress Telerik UI for ASP. ...)
NOT-FOR-US: Telerik
CVE-2021-28140
RESERVED
@@ -3792,7 +3976,7 @@ CVE-2021-26569 (Race Condition within a Thread vulnerability in iscsi_snapshot_c
NOT-FOR-US: Synology
CVE-2021-26568
RESERVED
-CVE-2021-26567 (Use of unmaintained third party components vulnerability in faad in Sy ...)
+CVE-2021-26567 (Stack-based buffer overflow vulnerability in frontend/main.c in faad2 ...)
NOT-FOR-US: Synology
CVE-2021-26566 (Insertion of sensitive information into sent data vulnerability in syn ...)
NOT-FOR-US: Synology
@@ -11214,8 +11398,8 @@ CVE-2021-23356
RESERVED
CVE-2021-23355
RESERVED
-CVE-2021-23354
- RESERVED
+CVE-2021-23354 (The package printf before 0.6.1 are vulnerable to Regular Expression D ...)
+ TODO: check
CVE-2021-23353 (This affects the package jspdf before 2.3.1. ReDoS is possible via the ...)
NOT-FOR-US: Node jspdf
CVE-2021-23352 (This affects the package madge before 4.0.1. It is possible to specify ...)
@@ -14699,8 +14883,8 @@ CVE-2021-21728
RESERVED
CVE-2021-21727
RESERVED
-CVE-2021-21726
- RESERVED
+CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...)
+ TODO: check
CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with ...)
NOT-FOR-US: ZTE
CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the product's im ...)
@@ -16653,8 +16837,8 @@ CVE-2021-21382
RESERVED
CVE-2021-21380
RESERVED
-CVE-2021-21379
- RESERVED
+CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2021-21377
@@ -16678,12 +16862,12 @@ CVE-2021-21370
RESERVED
CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible, Ethereum clien ...)
NOT-FOR-US: Hyperledger Besu
-CVE-2021-21368
- RESERVED
-CVE-2021-21367
- RESERVED
-CVE-2021-21366
- RESERVED
+CVE-2021-21368 (msgpack5 is a msgpack v5 implementation for node.js and the browser. I ...)
+ TODO: check
+CVE-2021-21367 (Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and be ...)
+ TODO: check
+CVE-2021-21366 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
+ TODO: check
CVE-2021-21365
RESERVED
CVE-2021-21364 (swagger-codegen is an open-source project which contains a template-dr ...)
@@ -17585,44 +17769,44 @@ CVE-2021-21087
RESERVED
CVE-2021-21086
RESERVED
-CVE-2021-21085
- RESERVED
+CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an Input Val ...)
+ TODO: check
CVE-2021-21084
RESERVED
CVE-2021-21083
RESERVED
-CVE-2021-21082
- RESERVED
+CVE-2021-21082 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...)
+ TODO: check
CVE-2021-21081
RESERVED
-CVE-2021-21080
- RESERVED
-CVE-2021-21079
- RESERVED
-CVE-2021-21078
- RESERVED
-CVE-2021-21077
- RESERVED
-CVE-2021-21076
- RESERVED
-CVE-2021-21075
- RESERVED
-CVE-2021-21074
- RESERVED
-CVE-2021-21073
- RESERVED
-CVE-2021-21072
- RESERVED
-CVE-2021-21071
- RESERVED
+CVE-2021-21080 (Adobe Connect version 11.0.7 (and earlier) is affected by a reflected ...)
+ TODO: check
+CVE-2021-21079 (Adobe Connect version 11.0.7 (and earlier) is affected by a reflected ...)
+ TODO: check
+CVE-2021-21078 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...)
+ TODO: check
+CVE-2021-21077 (Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based ...)
+ TODO: check
+CVE-2021-21076 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ TODO: check
+CVE-2021-21075 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ TODO: check
+CVE-2021-21074 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ TODO: check
+CVE-2021-21073 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ TODO: check
+CVE-2021-21072 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ TODO: check
+CVE-2021-21071 (Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Cor ...)
+ TODO: check
CVE-2021-21070
RESERVED
-CVE-2021-21069
- RESERVED
-CVE-2021-21068
- RESERVED
-CVE-2021-21067
- RESERVED
+CVE-2021-21069 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...)
+ TODO: check
+CVE-2021-21068 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...)
+ TODO: check
+CVE-2021-21067 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...)
+ TODO: check
CVE-2021-21066 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...)
NOT-FOR-US: Adobe
CVE-2021-21065 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...)
@@ -17643,8 +17827,8 @@ CVE-2021-21058 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier)
NOT-FOR-US: Adobe
CVE-2021-21057 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
NOT-FOR-US: Adobe
-CVE-2021-21056
- RESERVED
+CVE-2021-21056 (Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out- ...)
+ TODO: check
CVE-2021-21055 (Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) i ...)
NOT-FOR-US: Adobe
CVE-2021-21054 (Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of- ...)
@@ -19298,6 +19482,7 @@ CVE-2021-20271
RESERVED
CVE-2021-20270
RESERVED
+ {DLA-2590-1}
- pygments 2.7.1+dfsg-2 (bug #984664)
NOTE: https://github.com/pygments/pygments/issues/1625
NOTE: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333
@@ -19466,15 +19651,13 @@ CVE-2021-20233 (A flaw was found in grub2 in versions prior to 2.06. Setparam_pr
{DSA-4867-1}
- grub2 2.04-16
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
-CVE-2021-20232
- RESERVED
+CVE-2021-20232 (A flaw was found in gnutls. A use after free issue in client_send_para ...)
- gnutls28 3.7.1-1
[buster] - gnutls28 <no-dsa> (Minor issue)
[stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1151
-CVE-2021-20231
- RESERVED
+CVE-2021-20231 (A flaw was found in gnutls. A use after free issue in client sending k ...)
- gnutls28 3.7.1-1
[buster] - gnutls28 <no-dsa> (Minor issue)
[stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
@@ -86892,8 +87075,8 @@ CVE-2020-4833
RESERVED
CVE-2020-4832 (IBM PowerHA 7.2 could allow a local attacker to obtain sensitive infor ...)
NOT-FOR-US: IBM
-CVE-2020-4831
- RESERVED
+CVE-2020-4831 (IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expec ...)
+ TODO: check
CVE-2020-4830
RESERVED
CVE-2020-4829 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef23a2c33f10bcc140145ce4324d771552708b6b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef23a2c33f10bcc140145ce4324d771552708b6b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210312/67eb2934/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list