[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 16 08:11:02 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
085d9a28 by security tracker role at 2021-03-16T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,25 @@
+CVE-2021-3444
+	RESERVED
+CVE-2021-28492
+	RESERVED
+CVE-2021-28491
+	RESERVED
+CVE-2021-28490
+	RESERVED
+CVE-2021-28489
+	RESERVED
+CVE-2021-28488
+	RESERVED
+CVE-2021-28487
+	RESERVED
+CVE-2021-28486
+	RESERVED
+CVE-2021-28485
+	RESERVED
+CVE-2021-28484
+	RESERVED
 CVE-2021-3443 [NULL pointer dereference in jp2_decode in jp2_dec.c]
+	RESERVED
 	- jasper <removed>
 	NOTE: https://github.com/jasper-software/jasper/issues/269
 	NOTE: https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b
@@ -1436,8 +1457,7 @@ CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2. The
 	NOT-FOR-US: Veritas
 CVE-2021-3419
 	REJECTED
-CVE-2021-3418
-	RESERVED
+CVE-2021-3418 (If certificates that signed grub are installed into db, grub can be bo ...)
 	- grub2 <not-affected> (Vulnerability specific to distributions using shim_lock)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933757
 CVE-2021-27875
@@ -2819,8 +2839,8 @@ CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Serv
 	NOT-FOR-US: Pelco Digital Sentry Server
 CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting environment, s ...)
 	NOT-FOR-US: Hestia Control Panel
-CVE-2021-27230
-	RESERVED
+CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Inj ...)
+	TODO: check
 CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim navigates ...)
 	{DLA-2562-1}
 	- mumble 1.3.4-1 (bug #982904)
@@ -3359,8 +3379,8 @@ CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9
 	NOT-FOR-US: Clustered Data ONTAP
 CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...)
 	NOT-FOR-US: Clustered Data ONTAP
-CVE-2021-26987
-	RESERVED
+CVE-2021-26987 (Element Plug-in for vCenter Server incorporates SpringBoot Framework.  ...)
+	TODO: check
 CVE-2021-26986
 	RESERVED
 CVE-2021-26985
@@ -7486,6 +7506,7 @@ CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a
 CVE-2021-3180
 	RESERVED
 CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10. ...)
+	{DLA-2594-1}
 	- tomcat9 9.0.43-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -8051,6 +8072,7 @@ CVE-2021-25124 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800
 CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9  ...)
 	NOT-FOR-US: HPE
 CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat versions ...)
+	{DLA-2594-1}
 	- tomcat9 9.0.43-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
@@ -10057,6 +10079,7 @@ CVE-2021-24124
 CVE-2021-24123
 	RESERVED
 CVE-2021-24122 (When serving resources from a network location using the NTFS file sys ...)
+	{DLA-2594-1}
 	- tomcat9 9.0.40-1 (unimportant)
 	- tomcat8 <removed> (unimportant)
 	- tomcat7 <removed> (unimportant)
@@ -10274,8 +10297,8 @@ CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessF
 	NOT-FOR-US: react-dev-utils
 CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook Gameroom d ...)
 	NOT-FOR-US: Facebook Gameroom
-CVE-2021-24029
-	RESERVED
+CVE-2021-24029 (A packet of death scenario is possible in mvfst via a specially crafte ...)
+	TODO: check
 CVE-2021-24028
 	RESERVED
 CVE-2021-24027
@@ -19838,20 +19861,15 @@ CVE-2021-20284
 	- binutils <unfixed> (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26931
 	NOTE: binutils not covered by security support
-CVE-2021-20283
-	RESERVED
+CVE-2021-20283 (The web service responsible for fetching other users' enrolled courses ...)
 	- moodle <removed>
-CVE-2021-20282
-	RESERVED
+CVE-2021-20282 (When creating a user account, it was possible to verify the account wi ...)
 	- moodle <removed>
-CVE-2021-20281
-	RESERVED
+CVE-2021-20281 (It was possible for some users without permission to view other users' ...)
 	- moodle <removed>
-CVE-2021-20280
-	RESERVED
+CVE-2021-20280 (Text-based feedback answers required additional sanitizing to prevent  ...)
 	- moodle <removed>
-CVE-2021-20279
-	RESERVED
+CVE-2021-20279 (The ID number user profile field required additional sanitizing to pre ...)
 	- moodle <removed>
 CVE-2021-20278
 	RESERVED
@@ -32493,8 +32511,8 @@ CVE-2020-27292
 	RESERVED
 CVE-2020-27291 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable t ...)
 	NOT-FOR-US: Delta Electronics CNCSoft-B
-CVE-2020-27290
-	RESERVED
+CVE-2020-27290 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an inf ...)
+	TODO: check
 CVE-2020-27289 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null poin ...)
 	NOT-FOR-US: Delta Electronics CNCSoft-B
 CVE-2020-27288 (An untrusted pointer dereference has been identified in the way TPEdit ...)
@@ -32509,16 +32527,16 @@ CVE-2020-27284 (TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds wr
 	NOT-FOR-US: Delta Electronics (Delta)
 CVE-2020-27283 (An attacker could send a specially crafted message to Crimson 3.1 (Bui ...)
 	NOT-FOR-US: Crimson
-CVE-2020-27282
-	RESERVED
+CVE-2020-27282 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML ...)
+	TODO: check
 CVE-2020-27281 (A stack-based buffer overflow may exist in Delta Electronics CNCSoft S ...)
 	NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
 CVE-2020-27280 (A use after free issue has been identified in the way ISPSoft(v3.12 an ...)
 	NOT-FOR-US: Delta Electronics (Delta)
 CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in the prot ...)
 	NOT-FOR-US: Crimson
-CVE-2020-27278
-	RESERVED
+CVE-2020-27278 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-c ...)
+	TODO: check
 CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointe ...)
 	NOT-FOR-US: Delta Electronics DOPSoft
 CVE-2020-27276 (SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the c ...)
@@ -43312,7 +43330,7 @@ CVE-2020-22429
 	RESERVED
 CVE-2020-22428
 	RESERVED
-CVE-2020-22427 (NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerabi ...)
+CVE-2020-22427 (** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution  ...)
 	NOT-FOR-US: Nagios XI
 CVE-2020-22426
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/085d9a289aa29af9c7b7982b078c6d86b54ee835

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/085d9a289aa29af9c7b7982b078c6d86b54ee835
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210316/31703a19/attachment.htm>

More information about the debian-security-tracker-commits mailing list