[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 16 20:10:40 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ab67182f by security tracker role at 2021-03-16T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,309 @@
+CVE-2021-3445
+ RESERVED
+CVE-2021-28644
+ RESERVED
+CVE-2021-28643
+ RESERVED
+CVE-2021-28642
+ RESERVED
+CVE-2021-28641
+ RESERVED
+CVE-2021-28640
+ RESERVED
+CVE-2021-28639
+ RESERVED
+CVE-2021-28638
+ RESERVED
+CVE-2021-28637
+ RESERVED
+CVE-2021-28636
+ RESERVED
+CVE-2021-28635
+ RESERVED
+CVE-2021-28634
+ RESERVED
+CVE-2021-28633
+ RESERVED
+CVE-2021-28632
+ RESERVED
+CVE-2021-28631
+ RESERVED
+CVE-2021-28630
+ RESERVED
+CVE-2021-28629
+ RESERVED
+CVE-2021-28628
+ RESERVED
+CVE-2021-28627
+ RESERVED
+CVE-2021-28626
+ RESERVED
+CVE-2021-28625
+ RESERVED
+CVE-2021-28624
+ RESERVED
+CVE-2021-28623
+ RESERVED
+CVE-2021-28622
+ RESERVED
+CVE-2021-28621
+ RESERVED
+CVE-2021-28620
+ RESERVED
+CVE-2021-28619
+ RESERVED
+CVE-2021-28618
+ RESERVED
+CVE-2021-28617
+ RESERVED
+CVE-2021-28616
+ RESERVED
+CVE-2021-28615
+ RESERVED
+CVE-2021-28614
+ RESERVED
+CVE-2021-28613
+ RESERVED
+CVE-2021-28612
+ RESERVED
+CVE-2021-28611
+ RESERVED
+CVE-2021-28610
+ RESERVED
+CVE-2021-28609
+ RESERVED
+CVE-2021-28608
+ RESERVED
+CVE-2021-28607
+ RESERVED
+CVE-2021-28606
+ RESERVED
+CVE-2021-28605
+ RESERVED
+CVE-2021-28604
+ RESERVED
+CVE-2021-28603
+ RESERVED
+CVE-2021-28602
+ RESERVED
+CVE-2021-28601
+ RESERVED
+CVE-2021-28600
+ RESERVED
+CVE-2021-28599
+ RESERVED
+CVE-2021-28598
+ RESERVED
+CVE-2021-28597
+ RESERVED
+CVE-2021-28596
+ RESERVED
+CVE-2021-28595
+ RESERVED
+CVE-2021-28594
+ RESERVED
+CVE-2021-28593
+ RESERVED
+CVE-2021-28592
+ RESERVED
+CVE-2021-28591
+ RESERVED
+CVE-2021-28590
+ RESERVED
+CVE-2021-28589
+ RESERVED
+CVE-2021-28588
+ RESERVED
+CVE-2021-28587
+ RESERVED
+CVE-2021-28586
+ RESERVED
+CVE-2021-28585
+ RESERVED
+CVE-2021-28584
+ RESERVED
+CVE-2021-28583
+ RESERVED
+CVE-2021-28582
+ RESERVED
+CVE-2021-28581
+ RESERVED
+CVE-2021-28580
+ RESERVED
+CVE-2021-28579
+ RESERVED
+CVE-2021-28578
+ RESERVED
+CVE-2021-28577
+ RESERVED
+CVE-2021-28576
+ RESERVED
+CVE-2021-28575
+ RESERVED
+CVE-2021-28574
+ RESERVED
+CVE-2021-28573
+ RESERVED
+CVE-2021-28572
+ RESERVED
+CVE-2021-28571
+ RESERVED
+CVE-2021-28570
+ RESERVED
+CVE-2021-28569
+ RESERVED
+CVE-2021-28568
+ RESERVED
+CVE-2021-28567
+ RESERVED
+CVE-2021-28566
+ RESERVED
+CVE-2021-28565
+ RESERVED
+CVE-2021-28564
+ RESERVED
+CVE-2021-28563
+ RESERVED
+CVE-2021-28562
+ RESERVED
+CVE-2021-28561
+ RESERVED
+CVE-2021-28560
+ RESERVED
+CVE-2021-28559
+ RESERVED
+CVE-2021-28558
+ RESERVED
+CVE-2021-28557
+ RESERVED
+CVE-2021-28556
+ RESERVED
+CVE-2021-28555
+ RESERVED
+CVE-2021-28554
+ RESERVED
+CVE-2021-28553
+ RESERVED
+CVE-2021-28552
+ RESERVED
+CVE-2021-28551
+ RESERVED
+CVE-2021-28550
+ RESERVED
+CVE-2021-28549
+ RESERVED
+CVE-2021-28548
+ RESERVED
+CVE-2021-28547
+ RESERVED
+CVE-2021-28546
+ RESERVED
+CVE-2021-28545
+ RESERVED
+CVE-2021-28544
+ RESERVED
+CVE-2021-28543 (Varnish varnish-modules before 0.17.1 allows remote attackers to cause ...)
+ TODO: check
+CVE-2021-28542
+ RESERVED
+CVE-2021-28541
+ RESERVED
+CVE-2021-28540
+ RESERVED
+CVE-2021-28539
+ RESERVED
+CVE-2021-28538
+ RESERVED
+CVE-2021-28537
+ RESERVED
+CVE-2021-28536
+ RESERVED
+CVE-2021-28535
+ RESERVED
+CVE-2021-28534
+ RESERVED
+CVE-2021-28533
+ RESERVED
+CVE-2021-28532
+ RESERVED
+CVE-2021-28531
+ RESERVED
+CVE-2021-28530
+ RESERVED
+CVE-2021-28529
+ RESERVED
+CVE-2021-28528
+ RESERVED
+CVE-2021-28527
+ RESERVED
+CVE-2021-28526
+ RESERVED
+CVE-2021-28525
+ RESERVED
+CVE-2021-28524
+ RESERVED
+CVE-2021-28523
+ RESERVED
+CVE-2021-28522
+ RESERVED
+CVE-2021-28521
+ RESERVED
+CVE-2021-28520
+ RESERVED
+CVE-2021-28519
+ RESERVED
+CVE-2021-28518
+ RESERVED
+CVE-2021-28517
+ RESERVED
+CVE-2021-28516
+ RESERVED
+CVE-2021-28515
+ RESERVED
+CVE-2021-28514
+ RESERVED
+CVE-2021-28513
+ RESERVED
+CVE-2021-28512
+ RESERVED
+CVE-2021-28511
+ RESERVED
+CVE-2021-28510
+ RESERVED
+CVE-2021-28509
+ RESERVED
+CVE-2021-28508
+ RESERVED
+CVE-2021-28507
+ RESERVED
+CVE-2021-28506
+ RESERVED
+CVE-2021-28505
+ RESERVED
+CVE-2021-28504
+ RESERVED
+CVE-2021-28503
+ RESERVED
+CVE-2021-28502
+ RESERVED
+CVE-2021-28501
+ RESERVED
+CVE-2021-28500
+ RESERVED
+CVE-2021-28499
+ RESERVED
+CVE-2021-28498
+ RESERVED
+CVE-2021-28497
+ RESERVED
+CVE-2021-28496
+ RESERVED
+CVE-2021-28495
+ RESERVED
+CVE-2021-28494
+ RESERVED
+CVE-2021-28493
+ RESERVED
CVE-2021-3444
RESERVED
CVE-2021-28492
@@ -1306,8 +1612,8 @@ CVE-2021-27940 (resources/public/js/orchestrator.js in openark orchestrator befo
NOT-FOR-US: openark
CVE-2021-27939
RESERVED
-CVE-2021-27938
- RESERVED
+CVE-2021-27938 (A vulnerability has been identified in the Silverstripe CMS 3 and 4 ve ...)
+ TODO: check
CVE-2021-27937
RESERVED
CVE-2021-27936
@@ -1435,7 +1741,7 @@ CVE-2021-27891 (SSH Tectia Client and Server before 6.4.19 on Windows have weak
NOT-FOR-US: SSH Tectia Client and Server
CVE-2021-27890 (SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties ...)
NOT-FOR-US: MyBB
-CVE-2021-27889 (Cross-site Scriptiong (XSS) vulnerability in MyBB before 1.8.26 via Ne ...)
+CVE-2021-27889 (Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nes ...)
NOT-FOR-US: MyBB
CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off ...)
NOT-FOR-US: ZendTo
@@ -5996,8 +6302,8 @@ CVE-2021-25918
RESERVED
CVE-2021-25917
RESERVED
-CVE-2021-25916
- RESERVED
+CVE-2021-25916 (Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 throu ...)
+ TODO: check
CVE-2021-25915 (Prototype pollution vulnerability in 'changeset' versions 0.0.1 throug ...)
NOT-FOR-US: changeset
CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0 ...)
@@ -7902,7 +8208,7 @@ CVE-2021-3158
RESERVED
CVE-2021-3157
RESERVED
-CVE-2021-3156 (Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privile ...)
+CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result in a ...)
{DSA-4839-1 DLA-2534-1}
- sudo 1.9.5p1-1.1
NOTE: https://www.sudo.ws/alerts/unescape_overflow.html
@@ -12760,8 +13066,8 @@ CVE-2021-22889
RESERVED
CVE-2021-22888
RESERVED
-CVE-2021-22887
- RESERVED
+CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) mode ...)
+ TODO: check
CVE-2021-22886
RESERVED
CVE-2021-22885
@@ -17728,16 +18034,13 @@ CVE-2021-21195
RESERVED
CVE-2021-21194
RESERVED
-CVE-2021-21193
- RESERVED
+CVE-2021-21193 (Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed ...)
- chromium 89.0.4389.90-1 (bug #985142)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21192
- RESERVED
+CVE-2021-21192 (Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389 ...)
- chromium 89.0.4389.90-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21191
- RESERVED
+CVE-2021-21191 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowe ...)
- chromium 89.0.4389.90-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21190 (Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 al ...)
@@ -25452,8 +25755,8 @@ CVE-2020-28901
RESERVED
CVE-2020-28900
RESERVED
-CVE-2020-28899
- RESERVED
+CVE-2020-28899 (The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does ...)
+ TODO: check
CVE-2020-28898
RESERVED
CVE-2020-28897
@@ -39650,10 +39953,10 @@ CVE-2020-24265 (An issue was discovered in tcpreplay tcpprep v4.3.3. There is a
- tcpreplay <unfixed> (bug #972890; unimportant)
NOTE: https://github.com/appneta/tcpreplay/issues/616
NOTE: Crash in CLI tool, no security impact
-CVE-2020-24264
- RESERVED
-CVE-2020-24263
- RESERVED
+CVE-2020-24264 (Portainer 1.24.1 and earlier is affected by incorrect access control t ...)
+ TODO: check
+CVE-2020-24263 (Portainer 1.24.1 and earlier is affected by an insecure permissions vu ...)
+ TODO: check
CVE-2020-24262
RESERVED
CVE-2020-24261
@@ -87419,10 +87722,10 @@ CVE-2020-4893 (IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1
NOT-FOR-US: IBM
CVE-2020-4892 (IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site sc ...)
NOT-FOR-US: IBM
-CVE-2020-4891
- RESERVED
-CVE-2020-4890
- RESERVED
+CVE-2020-4891 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 use ...)
+ TODO: check
+CVE-2020-4890 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 cou ...)
+ TODO: check
CVE-2020-4889 (IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local ...)
NOT-FOR-US: IBM
CVE-2020-4888 (IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 coul ...)
@@ -87499,8 +87802,8 @@ CVE-2020-4853
RESERVED
CVE-2020-4852
RESERVED
-CVE-2020-4851
- RESERVED
+CVE-2020-4851 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 cou ...)
+ TODO: check
CVE-2020-4850
RESERVED
CVE-2020-4849 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could ...)
@@ -95611,8 +95914,7 @@ CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927
NOTE: https://svn.apache.org/r1873905
NOTE: https://svn.apache.org/r1874191
-CVE-2020-1926
- RESERVED
+CVE-2020-1926 (Apache Hive cookie signature verification used a non constant time com ...)
NOT-FOR-US: Apache Hive
CVE-2020-1925 (Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperI ...)
NOT-FOR-US: Olingo
@@ -496223,7 +496525,7 @@ CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Se
NOT-FOR-US: Microsoft
CVE-2002-0185 (mod_python version 2.7.6 and earlier allows a module indirectly import ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2002-0184 (Heap-based buffer overflow in sudo before 1.6.6 may allow local users ...)
+CVE-2002-0184 (Sudo before 1.6.6 contains an off-by-one error that can result in a he ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0181 (Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HO ...)
NOT-FOR-US: Data pre-dating the Security Tracker
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab67182f00ebaea5532fc89c96ca09dc986109e6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab67182f00ebaea5532fc89c96ca09dc986109e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210316/1cd326f5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list