[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 17 20:10:36 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df4dec6f by security tracker role at 2021-03-17T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3449
+ RESERVED
+CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...)
+ TODO: check
+CVE-2021-28659
+ RESERVED
+CVE-2021-28658
+ RESERVED
+CVE-2021-28657
+ RESERVED
+CVE-2021-28656
+ RESERVED
+CVE-2021-28655
+ RESERVED
+CVE-2021-28654
+ RESERVED
+CVE-2021-28653
+ RESERVED
+CVE-2021-28652
+ RESERVED
+CVE-2021-28651
+ RESERVED
CVE-2021-XXXX [shib service provide phishing]
- shibboleth-sp 3.2.1+dfsg1-1 (bug #985405)
NOTE: https://shibboleth.net/community/advisories/secadv_20210317.txt
@@ -27,6 +49,7 @@ CVE-2021-28646
CVE-2021-28645
RESERVED
CVE-2017-20002 (The Debian shadow package before 4.5-1 for Shadow incorrectly lists pt ...)
+ {DLA-2596-1}
- shadow 1:4.5-1 (bug #914957)
NOTE: Introduced in attempt to address #830255 in 1:4.4-2
CVE-2021-3445
@@ -3079,10 +3102,10 @@ CVE-2021-27294
RESERVED
CVE-2021-27293
RESERVED
-CVE-2021-27292
- RESERVED
-CVE-2021-27291
- RESERVED
+CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression ...)
+ TODO: check
+CVE-2021-27291 (In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming ...)
+ TODO: check
CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expre ...)
- node-ssri <unfixed>
NOTE: https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf
@@ -13193,10 +13216,10 @@ CVE-2021-22862 (An improper access control vulnerability was identified in GitHu
NOT-FOR-US: GitHub Enterprise
CVE-2021-22861 (An improper access control vulnerability was identified in GitHub Ente ...)
NOT-FOR-US: GitHub Enterprise
-CVE-2021-22860
- RESERVED
-CVE-2021-22859
- RESERVED
+CVE-2021-22860 (EIC e-document system does not perform completed identity verification ...)
+ TODO: check
+CVE-2021-22859 (The users’ data querying function of EIC e-document system does ...)
+ TODO: check
CVE-2021-22858 (Attackers can access the CGE account management function without privi ...)
NOT-FOR-US: CGE
CVE-2021-22857 (The CGE page with download function contains a Directory Traversal vul ...)
@@ -20644,7 +20667,7 @@ CVE-2021-20201 [Client initiated renegotiation denial of service]
NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
NOTE: https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
CVE-2021-20200
- RESERVED
+ REJECTED
NOTE: Red Hat duplicate assignment for CVE-2020-29369, should be rejected, contacted CNA
CVE-2021-20199 (Rootless containers run with Podman, receive all traffic with a source ...)
- libpod 3.0.0~rc2+dfsg1-2
@@ -21445,12 +21468,12 @@ CVE-2020-35457 (** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow,
NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2197
NOTE: Upstream position is that it is not realistically a security issue.
-CVE-2020-35456
- RESERVED
-CVE-2020-35455
- RESERVED
-CVE-2020-35454
- RESERVED
+CVE-2020-35456 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...)
+ TODO: check
+CVE-2020-35455 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...)
+ TODO: check
+CVE-2020-35454 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...)
+ TODO: check
CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorre ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-35452
@@ -25875,8 +25898,8 @@ CVE-2020-28875
RESERVED
CVE-2020-28874 (reset-password.php in ProjectSend before r1295 allows remote attackers ...)
NOT-FOR-US: ProjectSend
-CVE-2020-28873
- RESERVED
+CVE-2020-28873 (Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability b ...)
+ TODO: check
CVE-2020-28872
RESERVED
CVE-2020-28871 (Remote code execution in Monitorr v1.7.6m in upload.php allows an unau ...)
@@ -53559,8 +53582,7 @@ CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomc
NOTE: https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29 (8.5.60)
CVE-2020-17526 (Incorrect Session Validation in Apache Airflow Webserver versions prio ...)
- airflow <itp> (bug #819700)
-CVE-2020-17525 [Remote unauthenticated denial-of-service in Subversion mod_authz_svn]
- RESERVED
+CVE-2020-17525 (Subversion's mod_authz_svn module will crash if the server is using in ...)
{DSA-4851-1}
- subversion 1.14.1-1 (bug #982464)
NOTE: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
@@ -53748,8 +53770,8 @@ CVE-2020-17459
RESERVED
CVE-2020-17458 (A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via th ...)
NOT-FOR-US: MultiUx
-CVE-2020-17457
- RESERVED
+CVE-2020-17457 (Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticate ...)
+ TODO: check
CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...)
NOT-FOR-US: SEOWON INTECH
CVE-2020-17455
@@ -57643,67 +57665,67 @@ CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 a
CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. The cook ...)
NOT-FOR-US: Gradle Enterprise
CVE-2020-15766
- RESERVED
+ REJECTED
CVE-2020-15765
- RESERVED
+ REJECTED
CVE-2020-15764
- RESERVED
+ REJECTED
CVE-2020-15763
- RESERVED
+ REJECTED
CVE-2020-15762
- RESERVED
+ REJECTED
CVE-2020-15761
- RESERVED
+ REJECTED
CVE-2020-15760
- RESERVED
+ REJECTED
CVE-2020-15759
- RESERVED
+ REJECTED
CVE-2020-15758
- RESERVED
+ REJECTED
CVE-2020-15757
- RESERVED
+ REJECTED
CVE-2020-15756
- RESERVED
+ REJECTED
CVE-2020-15755
- RESERVED
+ REJECTED
CVE-2020-15754
- RESERVED
+ REJECTED
CVE-2020-15753
- RESERVED
+ REJECTED
CVE-2020-15752
- RESERVED
+ REJECTED
CVE-2020-15751
- RESERVED
+ REJECTED
CVE-2020-15750
- RESERVED
+ REJECTED
CVE-2020-15749
- RESERVED
+ REJECTED
CVE-2020-15748
- RESERVED
+ REJECTED
CVE-2020-15747
- RESERVED
+ REJECTED
CVE-2020-15746
- RESERVED
+ REJECTED
CVE-2020-15745
- RESERVED
+ REJECTED
CVE-2020-15744
RESERVED
CVE-2020-15743
- RESERVED
+ REJECTED
CVE-2020-15742
RESERVED
CVE-2020-15741
- RESERVED
+ REJECTED
CVE-2020-15740
- RESERVED
+ REJECTED
CVE-2020-15739
RESERVED
CVE-2020-15738
- RESERVED
+ REJECTED
CVE-2020-15737
- RESERVED
+ REJECTED
CVE-2020-15736
- RESERVED
+ REJECTED
CVE-2020-15735
RESERVED
CVE-2020-15734
@@ -57719,7 +57741,7 @@ CVE-2020-15730
CVE-2020-15729
RESERVED
CVE-2020-15728
- RESERVED
+ REJECTED
CVE-2020-15727
RESERVED
CVE-2020-15726
@@ -58927,13 +58949,13 @@ CVE-2020-15300 (SuiteCRM through 7.11.13 has an Open Redirect in the Documents m
CVE-2020-15299 (A reflected Cross-Site Scripting (XSS) Vulnerability in the KingCompos ...)
NOT-FOR-US: KingComposer plugin for WordPress
CVE-2020-15298
- RESERVED
+ REJECTED
CVE-2020-15297 (Insufficient validation in the Bitdefender Update Server and BEST Rela ...)
NOT-FOR-US: Bitdefender
CVE-2020-15296
- RESERVED
+ REJECTED
CVE-2020-15295
- RESERVED
+ REJECTED
CVE-2020-15294 (Compiler Optimization Removal or Modification of Security-critical Cod ...)
NOT-FOR-US: Bitdefender
CVE-2020-15293 (Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, Int ...)
@@ -58941,27 +58963,27 @@ CVE-2020-15293 (Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLin
CVE-2020-15292 (Lack of validation on data read from guest memory in IntPeGetDirectory ...)
NOT-FOR-US: Bitdefender
CVE-2020-15291
- RESERVED
+ REJECTED
CVE-2020-15290
- RESERVED
+ REJECTED
CVE-2020-15289
- RESERVED
+ REJECTED
CVE-2020-15288
- RESERVED
+ REJECTED
CVE-2020-15287
- RESERVED
+ REJECTED
CVE-2020-15286
- RESERVED
+ REJECTED
CVE-2020-15285
- RESERVED
+ REJECTED
CVE-2020-15284
RESERVED
CVE-2020-15283
RESERVED
CVE-2020-15282
- RESERVED
+ REJECTED
CVE-2020-15281
- RESERVED
+ REJECTED
CVE-2020-15280
RESERVED
CVE-2020-15279
@@ -61558,7 +61580,7 @@ CVE-2020-14360 (A flaw was found in the X.Org Server before version 1.20.10. An
CVE-2020-14359 (A vulnerability was found in all versions of keycloak, where on using ...)
NOT-FOR-US: Keycloak
CVE-2020-14358
- RESERVED
+ REJECTED
CVE-2020-14357
REJECTED
CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...)
@@ -62718,6 +62740,7 @@ CVE-2020-13961 (Strapi before 3.0.2 could allow a remote authenticated attacker
CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have t ...)
NOT-FOR-US: D-Link
CVE-2020-13959 (The default error page for VelocityView in Apache Velocity Tools prior ...)
+ {DLA-2597-1}
- velocity-tools <unfixed> (bug #985221)
NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/2
NOTE: Fixed by: https://github.com/apache/velocity-tools/commit/e141828a4eb03e4b0224535eed12b5c463a24152
@@ -62781,6 +62804,7 @@ CVE-2020-13938
CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2 ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2020-13936 (An attacker that is able to modify Velocity templates may execute arbi ...)
+ {DLA-2595-1}
- velocity 1.7-6 (bug #985220)
NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/1
NOTE: Fixed by: https://github.com/apache/velocity-engine/commit/1ba60771d23dae7e6b3138ae6bee09cf6f9d2485
@@ -62818,8 +62842,7 @@ CVE-2020-13926 (Kylin concatenates and executes a Hive SQL in Hive CLI or beelin
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2020-13925 (Similar to CVE-2020-1956, Kylin has one more restful API which concate ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
-CVE-2020-13924
- RESERVED
+CVE-2020-13924 (In Apache Ambari versions 2.6.2.2 and earlier, malicious users can con ...)
NOT-FOR-US: Apache Ambari
CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...)
NOT-FOR-US: Apache OFBiz
@@ -79281,7 +79304,7 @@ CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 th
NOTE: https://github.com/uclouvain/openjpeg/issues/1231
NOTE: https://github.com/rouault/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074 (v2.4.0)
CVE-2020-8111
- RESERVED
+ REJECTED
CVE-2020-8110 (A vulnerability has been discovered in the ceva_emu.cvd module that re ...)
NOT-FOR-US: Bitdefender
CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that results ...)
@@ -79291,7 +79314,7 @@ CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Sec
CVE-2020-8107
RESERVED
CVE-2020-8106
- RESERVED
+ REJECTED
CVE-2020-8105
RESERVED
CVE-2020-8104
@@ -226416,6 +226439,7 @@ CVE-2017-12426 (GitLab Community Edition (CE) and Enterprise Edition (EE) before
NOTE: The CVE is for the issue when importing a project via crafted SSH URLs,
NOTE: which becomes ineffective with a fixed git version itself.
CVE-2017-12424 (In shadow before 4.5, the newusers tool could be made to manipulate in ...)
+ {DLA-2596-1}
- shadow 1:4.5-1 (bug #756630)
[jessie] - shadow <no-dsa> (Minor issue)
[wheezy] - shadow <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4dec6f0cf19efe0d61f9c2dd866d4d083cf291
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4dec6f0cf19efe0d61f9c2dd866d4d083cf291
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210317/46e002dc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list