[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 13 08:10:32 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3487b7a0 by security tracker role at 2021-03-13T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2021-28358
+ RESERVED
+CVE-2021-28357
+ RESERVED
+CVE-2021-28356
+ RESERVED
+CVE-2021-28355
+ RESERVED
+CVE-2021-28354
+ RESERVED
+CVE-2021-28353
+ RESERVED
+CVE-2021-28352
+ RESERVED
+CVE-2021-28351
+ RESERVED
+CVE-2021-28350
+ RESERVED
+CVE-2021-28349
+ RESERVED
+CVE-2021-28348
+ RESERVED
+CVE-2021-28347
+ RESERVED
+CVE-2021-28346
+ RESERVED
+CVE-2021-28345
+ RESERVED
+CVE-2021-28344
+ RESERVED
+CVE-2021-28343
+ RESERVED
+CVE-2021-28342
+ RESERVED
+CVE-2021-28341
+ RESERVED
+CVE-2021-28340
+ RESERVED
+CVE-2021-28339
+ RESERVED
+CVE-2021-28338
+ RESERVED
+CVE-2021-28337
+ RESERVED
+CVE-2021-28336
+ RESERVED
+CVE-2021-28335
+ RESERVED
+CVE-2021-28334
+ RESERVED
+CVE-2021-28333
+ RESERVED
+CVE-2021-28332
+ RESERVED
+CVE-2021-28331
+ RESERVED
+CVE-2021-28330
+ RESERVED
+CVE-2021-28329
+ RESERVED
+CVE-2021-28328
+ RESERVED
+CVE-2021-28327
+ RESERVED
+CVE-2021-28326
+ RESERVED
+CVE-2021-28325
+ RESERVED
+CVE-2021-28324
+ RESERVED
+CVE-2021-28323
+ RESERVED
+CVE-2021-28322
+ RESERVED
+CVE-2021-28321
+ RESERVED
+CVE-2021-28320
+ RESERVED
+CVE-2021-28319
+ RESERVED
+CVE-2021-28318
+ RESERVED
+CVE-2021-28317
+ RESERVED
+CVE-2021-28316
+ RESERVED
+CVE-2021-28315
+ RESERVED
+CVE-2021-28314
+ RESERVED
+CVE-2021-28313
+ RESERVED
+CVE-2021-28312
+ RESERVED
+CVE-2021-28311
+ RESERVED
+CVE-2021-28310
+ RESERVED
+CVE-2021-28309
+ RESERVED
CVE-2021-28308 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
TODO: check
CVE-2021-28307 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
@@ -304,10 +404,10 @@ CVE-2021-28164
RESERVED
CVE-2021-28163
RESERVED
-CVE-2021-28162
- RESERVED
-CVE-2021-28161
- RESERVED
+CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...)
+ TODO: check
+CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...)
+ TODO: check
CVE-2021-28160
RESERVED
CVE-2021-28159
@@ -554,8 +654,8 @@ CVE-2021-28094
RESERVED
CVE-2021-28093
RESERVED
-CVE-2021-28092
- RESERVED
+CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expr ...)
+ TODO: check
CVE-2021-3424
RESERVED
NOT-FOR-US: Keycloak
@@ -568,6 +668,7 @@ CVE-2021-28089
CVE-2020-36256
RESERVED
CVE-2021-21381 (Flatpak is a system for building, distributing, and running sandboxed ...)
+ {DSA-4868-1}
- flatpak 1.10.1-4 (bug #984859)
[stretch] - flatpak <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/flatpak/flatpak/issues/4146
@@ -2317,8 +2418,8 @@ CVE-2021-27292
RESERVED
CVE-2021-27291
RESERVED
-CVE-2021-27290
- RESERVED
+CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expre ...)
+ TODO: check
CVE-2021-27289
RESERVED
CVE-2021-27288
@@ -15311,8 +15412,8 @@ CVE-2021-21520
RESERVED
CVE-2021-21519
RESERVED
-CVE-2021-21518
- RESERVED
+CVE-2021-21518 (Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4. ...)
+ TODO: check
CVE-2021-21517 (SRS Policy Manager 6.X is affected by an XML External Entity Injection ...)
NOT-FOR-US: SRS Policy Manager
CVE-2021-21516
@@ -19496,7 +19597,7 @@ CVE-2021-20271
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
CVE-2021-20270
RESERVED
- {DLA-2590-1}
+ {DSA-4870-1 DLA-2590-1}
- pygments 2.7.1+dfsg-2 (bug #984664)
NOTE: https://github.com/pygments/pygments/issues/1625
NOTE: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333
@@ -20233,11 +20334,13 @@ CVE-2020-35526
CVE-2020-35525
RESERVED
CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the handling ...)
+ {DSA-4869-1}
- tiff 4.1.0+git201212-1
[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159
CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in the tif_g ...)
+ {DSA-4869-1}
- tiff 4.1.0+git201212-1
[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
@@ -20516,10 +20619,10 @@ CVE-2021-20020
RESERVED
CVE-2021-20019
RESERVED
-CVE-2021-20018
- RESERVED
-CVE-2021-20017
- RESERVED
+CVE-2021-20018 (A post-authenticated vulnerability in SonicWall SMA100 allows an attac ...)
+ TODO: check
+CVE-2021-20017 (A post-authenticated command injection vulnerability in SonicWall SMA1 ...)
+ TODO: check
CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...)
NOT-FOR-US: SonicWall
CVE-2021-20015
@@ -24423,7 +24526,7 @@ CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be bypassed via a brute-force
NOT-FOR-US: cPanel
CVE-2020-29135 (cPanel before 90.0.17 has multiple instances of URL parameter injectio ...)
NOT-FOR-US: cPanel
-CVE-2020-29134 (TOTVS Fluig Platform allows directory traversal via a base64 encoded i ...)
+CVE-2020-29134 (The TOTVS Fluig platform allows path traversal through the parameter " ...)
NOT-FOR-US: TOTVS Fluig Luke
CVE-2020-29133 (jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal ...)
NOT-FOR-US: Coremail XT
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3487b7a06c8002220e3b4244787431ec9357a24f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3487b7a06c8002220e3b4244787431ec9357a24f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210313/a20e894f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list