[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Mar 13 08:10:32 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3487b7a0 by security tracker role at 2021-03-13T08:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2021-28358
+	RESERVED
+CVE-2021-28357
+	RESERVED
+CVE-2021-28356
+	RESERVED
+CVE-2021-28355
+	RESERVED
+CVE-2021-28354
+	RESERVED
+CVE-2021-28353
+	RESERVED
+CVE-2021-28352
+	RESERVED
+CVE-2021-28351
+	RESERVED
+CVE-2021-28350
+	RESERVED
+CVE-2021-28349
+	RESERVED
+CVE-2021-28348
+	RESERVED
+CVE-2021-28347
+	RESERVED
+CVE-2021-28346
+	RESERVED
+CVE-2021-28345
+	RESERVED
+CVE-2021-28344
+	RESERVED
+CVE-2021-28343
+	RESERVED
+CVE-2021-28342
+	RESERVED
+CVE-2021-28341
+	RESERVED
+CVE-2021-28340
+	RESERVED
+CVE-2021-28339
+	RESERVED
+CVE-2021-28338
+	RESERVED
+CVE-2021-28337
+	RESERVED
+CVE-2021-28336
+	RESERVED
+CVE-2021-28335
+	RESERVED
+CVE-2021-28334
+	RESERVED
+CVE-2021-28333
+	RESERVED
+CVE-2021-28332
+	RESERVED
+CVE-2021-28331
+	RESERVED
+CVE-2021-28330
+	RESERVED
+CVE-2021-28329
+	RESERVED
+CVE-2021-28328
+	RESERVED
+CVE-2021-28327
+	RESERVED
+CVE-2021-28326
+	RESERVED
+CVE-2021-28325
+	RESERVED
+CVE-2021-28324
+	RESERVED
+CVE-2021-28323
+	RESERVED
+CVE-2021-28322
+	RESERVED
+CVE-2021-28321
+	RESERVED
+CVE-2021-28320
+	RESERVED
+CVE-2021-28319
+	RESERVED
+CVE-2021-28318
+	RESERVED
+CVE-2021-28317
+	RESERVED
+CVE-2021-28316
+	RESERVED
+CVE-2021-28315
+	RESERVED
+CVE-2021-28314
+	RESERVED
+CVE-2021-28313
+	RESERVED
+CVE-2021-28312
+	RESERVED
+CVE-2021-28311
+	RESERVED
+CVE-2021-28310
+	RESERVED
+CVE-2021-28309
+	RESERVED
 CVE-2021-28308 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
 	TODO: check
 CVE-2021-28307 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
@@ -304,10 +404,10 @@ CVE-2021-28164
 	RESERVED
 CVE-2021-28163
 	RESERVED
-CVE-2021-28162
-	RESERVED
-CVE-2021-28161
-	RESERVED
+CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...)
+	TODO: check
+CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...)
+	TODO: check
 CVE-2021-28160
 	RESERVED
 CVE-2021-28159
@@ -554,8 +654,8 @@ CVE-2021-28094
 	RESERVED
 CVE-2021-28093
 	RESERVED
-CVE-2021-28092
-	RESERVED
+CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expr ...)
+	TODO: check
 CVE-2021-3424
 	RESERVED
 	NOT-FOR-US: Keycloak
@@ -568,6 +668,7 @@ CVE-2021-28089
 CVE-2020-36256
 	RESERVED
 CVE-2021-21381 (Flatpak is a system for building, distributing, and running sandboxed  ...)
+	{DSA-4868-1}
 	- flatpak 1.10.1-4 (bug #984859)
 	[stretch] - flatpak <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/flatpak/flatpak/issues/4146
@@ -2317,8 +2418,8 @@ CVE-2021-27292
 	RESERVED
 CVE-2021-27291
 	RESERVED
-CVE-2021-27290
-	RESERVED
+CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expre ...)
+	TODO: check
 CVE-2021-27289
 	RESERVED
 CVE-2021-27288
@@ -15311,8 +15412,8 @@ CVE-2021-21520
 	RESERVED
 CVE-2021-21519
 	RESERVED
-CVE-2021-21518
-	RESERVED
+CVE-2021-21518 (Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4. ...)
+	TODO: check
 CVE-2021-21517 (SRS Policy Manager 6.X is affected by an XML External Entity Injection ...)
 	NOT-FOR-US: SRS Policy Manager
 CVE-2021-21516
@@ -19496,7 +19597,7 @@ CVE-2021-20271
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
 CVE-2021-20270
 	RESERVED
-	{DLA-2590-1}
+	{DSA-4870-1 DLA-2590-1}
 	- pygments 2.7.1+dfsg-2 (bug #984664)
 	NOTE: https://github.com/pygments/pygments/issues/1625
 	NOTE: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333
@@ -20233,11 +20334,13 @@ CVE-2020-35526
 CVE-2020-35525
 	RESERVED
 CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the handling ...)
+	{DSA-4869-1}
 	- tiff 4.1.0+git201212-1
 	[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159
 CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in the tif_g ...)
+	{DSA-4869-1}
 	- tiff 4.1.0+git201212-1
 	[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
@@ -20516,10 +20619,10 @@ CVE-2021-20020
 	RESERVED
 CVE-2021-20019
 	RESERVED
-CVE-2021-20018
-	RESERVED
-CVE-2021-20017
-	RESERVED
+CVE-2021-20018 (A post-authenticated vulnerability in SonicWall SMA100 allows an attac ...)
+	TODO: check
+CVE-2021-20017 (A post-authenticated command injection vulnerability in SonicWall SMA1 ...)
+	TODO: check
 CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...)
 	NOT-FOR-US: SonicWall
 CVE-2021-20015
@@ -24423,7 +24526,7 @@ CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be bypassed via a brute-force
 	NOT-FOR-US: cPanel
 CVE-2020-29135 (cPanel before 90.0.17 has multiple instances of URL parameter injectio ...)
 	NOT-FOR-US: cPanel
-CVE-2020-29134 (TOTVS Fluig Platform allows directory traversal via a base64 encoded i ...)
+CVE-2020-29134 (The TOTVS Fluig platform allows path traversal through the parameter " ...)
 	NOT-FOR-US: TOTVS Fluig Luke
 CVE-2020-29133 (jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal  ...)
 	NOT-FOR-US: Coremail XT



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3487b7a06c8002220e3b4244787431ec9357a24f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3487b7a06c8002220e3b4244787431ec9357a24f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210313/a20e894f/attachment.htm>


More information about the debian-security-tracker-commits mailing list