[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 22 20:11:36 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88c5371b by security tracker role at 2021-03-22T20:11:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,32 @@
-CVE-2021-28972 [PCI: rpadlpar: Fix potential drc_name corruption in store functions]
+CVE-2021-3457
+ RESERVED
+CVE-2021-3456
+ RESERVED
+CVE-2021-28975
+ RESERVED
+CVE-2021-28974
+ RESERVED
+CVE-2021-28973
+ RESERVED
+CVE-2021-28970
+ RESERVED
+CVE-2021-28969
+ RESERVED
+CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in ...)
+ TODO: check
+CVE-2021-28967
+ RESERVED
+CVE-2021-28966
+ RESERVED
+CVE-2021-28965
+ RESERVED
+CVE-2021-28972 (In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5. ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/cc7a0bb058b85ea03db87169c60c7cfdd5d34678
-CVE-2021-28971 [perf/x86/intel: Fix a crash caused by zero PEBS status]
+CVE-2021-28971 (In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/d88d05a9e0b6d9356e97129d4ff9942d765f46ea
-CVE-2021-28964 [btrfs: fix race when cloning extent buffer during rewind of an old root]
+CVE-2021-28964 (A race condition was discovered in get_old_root in fs/btrfs/ctree.c in ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
CVE-2021-28962
@@ -1748,14 +1770,11 @@ CVE-2021-28150
RESERVED
CVE-2021-28149
RESERVED
-CVE-2021-28148
- RESERVED
+CVE-2021-28148 (One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x ...)
- grafana <removed>
-CVE-2021-28147
- RESERVED
+CVE-2021-28147 (The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x bef ...)
- grafana <removed>
-CVE-2021-28146
- RESERVED
+CVE-2021-28146 (The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an ...)
- grafana <removed>
CVE-2020-36282 (JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vuln ...)
NOT-FOR-US: JMS Client for RabbitMQ
@@ -2270,8 +2289,7 @@ CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary
NOT-FOR-US: SonLogger
CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any user perm ...)
NOT-FOR-US: SonLogger
-CVE-2021-27962
- RESERVED
+CVE-2021-27962 (Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4. ...)
- grafana <removed>
CVE-2021-27961
RESERVED
@@ -3114,14 +3132,14 @@ CVE-2021-27598
RESERVED
CVE-2021-27597
RESERVED
-CVE-2021-27596
- RESERVED
-CVE-2021-27595
- RESERVED
-CVE-2021-27594
- RESERVED
-CVE-2021-27593
- RESERVED
+CVE-2021-27596 (When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) fil ...)
+ TODO: check
+CVE-2021-27595 (When a user opens manipulated Portable Document Format (.PDF) files re ...)
+ TODO: check
+CVE-2021-27594 (When a user opens manipulated Windows Bitmap (.BMP) files received fro ...)
+ TODO: check
+CVE-2021-27593 (When a user opens manipulated Graphics Interchange Format (.GIF) files ...)
+ TODO: check
CVE-2021-27592 (When a user opens manipulated Universal 3D (.U3D) files received from ...)
NOT-FOR-US: SAP
CVE-2021-27591 (When a user opens manipulated Portable Document Format (.PDF) format f ...)
@@ -3307,7 +3325,7 @@ CVE-2021-27508
RESERVED
CVE-2021-27507
RESERVED
-CVE-2021-27506 (In Stormshield Network Security (SNS) 1.0 through 4.2.0, the parsing o ...)
+CVE-2021-27506 (The ClamAV Engine (Version 0.103.1 and below) embedded in Storsmshield ...)
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-27505
RESERVED
@@ -3753,8 +3771,8 @@ CVE-2021-27310
RESERVED
CVE-2021-27309
RESERVED
-CVE-2021-27308
- RESERVED
+CVE-2021-27308 (A cross-site scripting (XSS) vulnerability in the admin login panel in ...)
+ TODO: check
CVE-2021-27307
RESERVED
CVE-2021-27306 (An improper access control vulnerability in the JWT plugin in Kong Gat ...)
@@ -5447,8 +5465,8 @@ CVE-2021-26580
RESERVED
CVE-2021-26579
RESERVED
-CVE-2021-26578
- RESERVED
+CVE-2021-26578 (A potential security vulnerability has been identified in HPE Network ...)
+ TODO: check
CVE-2021-26577 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
NOT-FOR-US: HPE
CVE-2021-26576 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
@@ -6167,8 +6185,7 @@ CVE-2021-26297
RESERVED
CVE-2021-26296 (In the default configuration, Apache MyFaces Core versions 2.2.0 to 2. ...)
NOT-FOR-US: Apache MyFaces
-CVE-2021-26295
- RESERVED
+CVE-2021-26295 (Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthen ...)
NOT-FOR-US: Apache OFBiz
CVE-2021-3333 (Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). W ...)
NOT-FOR-US: Open-AudIT
@@ -8837,8 +8854,8 @@ CVE-2021-25267
RESERVED
CVE-2021-25266
RESERVED
-CVE-2021-25265
- RESERVED
+CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...)
+ TODO: check
CVE-2021-25264
RESERVED
CVE-2021-25263
@@ -15138,10 +15155,10 @@ CVE-2021-22323
RESERVED
CVE-2021-22322
RESERVED
-CVE-2021-22321
- RESERVED
-CVE-2021-22320
- RESERVED
+CVE-2021-22321 (There is a use-after-free vulnerability in a Huawei product. A module ...)
+ TODO: check
+CVE-2021-22320 (There is a denial of service vulnerability in Huawei products. A modul ...)
+ TODO: check
CVE-2021-22319
RESERVED
CVE-2021-22318
@@ -15158,12 +15175,12 @@ CVE-2021-22313
RESERVED
CVE-2021-22312
RESERVED
-CVE-2021-22311
- RESERVED
-CVE-2021-22310
- RESERVED
-CVE-2021-22309
- RESERVED
+CVE-2021-22311 (There is an improper permission assignment vulnerability in Huawei Man ...)
+ TODO: check
+CVE-2021-22310 (There is an information leakage vulnerability in some huawei products. ...)
+ TODO: check
+CVE-2021-22309 (There is insecure algorithm vulnerability in Huawei products. A module ...)
+ TODO: check
CVE-2021-22308
RESERVED
CVE-2021-22307 (There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7 ...)
@@ -16900,7 +16917,7 @@ CVE-2020-36146
RESERVED
CVE-2020-36145
RESERVED
-CVE-2020-36144 (Redash 8.0.0 is affected by LDAP Injection. There is an authentication ...)
+CVE-2020-36144 (Redash 8.0.0 is affected by LDAP Injection. There is an information le ...)
NOT-FOR-US: Redash
CVE-2020-36143
RESERVED
@@ -17692,10 +17709,10 @@ CVE-2021-21440
RESERVED
CVE-2021-21439
RESERVED
-CVE-2021-21438
- RESERVED
-CVE-2021-21437
- RESERVED
+CVE-2021-21438 (Agents are able to see linked FAQ articles without permissions (define ...)
+ TODO: check
+CVE-2021-21437 (Agents are able to see linked Config Items without permissions, which ...)
+ TODO: check
CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...)
NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...)
@@ -28547,8 +28564,8 @@ CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versio
[stretch] - node-xmlhttprequest-ssl <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935
NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
-CVE-2020-28501
- RESERVED
+CVE-2020-28501 (This affects the package es6-crawler-detect before 3.1.3. No limitatio ...)
+ TODO: check
CVE-2020-28500 (Lodash versions prior to 4.17.21 are vulnerable to Regular Expression ...)
- node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086)
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
@@ -34776,6 +34793,7 @@ CVE-2020-26799
CVE-2020-26798
RESERVED
CVE-2020-26797 (Mediainfo before version 20.08 has a heap buffer overflow vulnerabilit ...)
+ {DLA-2603-1}
- libmediainfo 20.09+dfsg-2 (bug #985554)
[buster] - libmediainfo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mediainfo/bugs/1154/
@@ -37368,7 +37386,7 @@ CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 21
CVE-2020-25688 (A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two ...)
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM)
CVE-2020-25687 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...)
- {DSA-4844-1}
+ {DSA-4844-1 DLA-2604-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
@@ -37393,22 +37411,22 @@ CVE-2020-25685 (A flaw was found in dnsmasq before version 2.83. When getting a
NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2d765867c597db18be9d876c9c17e2c0fe1953cd
NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2024f9729713fd657d65e64c2e4e471baa0a3e5b
CVE-2020-25684 (A flaw was found in dnsmasq before version 2.83. When getting a reply ...)
- {DSA-4844-1}
+ {DSA-4844-1 DLA-2604-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=257ac0c5f7732cbc6aa96fdd3b06602234593aca
CVE-2020-25683 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...)
- {DSA-4844-1}
+ {DSA-4844-1 DLA-2604-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
CVE-2020-25682 (A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerabili ...)
- {DSA-4844-1}
+ {DSA-4844-1 DLA-2604-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
CVE-2020-25681 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...)
- {DSA-4844-1}
+ {DSA-4844-1 DLA-2604-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
@@ -59418,6 +59436,7 @@ CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup u
[stretch] - hylafax <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/
CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based b ...)
+ {DLA-2603-1}
- libmediainfo 20.09+dfsg-1 (low; bug #967073)
[buster] - libmediainfo <no-dsa> (Minor issue)
[jessie] - libmediainfo <no-dsa> (Minor issue)
@@ -75948,7 +75967,7 @@ CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are
[buster] - weechat <no-dsa> (Minor issue)
[stretch] - weechat <no-dsa> (Minor issue)
NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d
-CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affe ...)
+CVE-2020-9759 (A Vulnerability of LG Electronic web OS TV Emulator could allow an att ...)
{DLA-2157-1}
- weechat 2.7.1-1
[buster] - weechat <no-dsa> (Minor issue)
@@ -77286,10 +77305,10 @@ CVE-2020-9215
RESERVED
CVE-2020-9214
RESERVED
-CVE-2020-9213
- RESERVED
-CVE-2020-9212
- RESERVED
+CVE-2020-9213 (There is a denial of service vulnerability in some huawei products. In ...)
+ TODO: check
+CVE-2020-9212 (There is a vulnerability in some version of USG9500 that the device im ...)
+ TODO: check
CVE-2020-9211
RESERVED
CVE-2020-9210
@@ -77300,8 +77319,8 @@ CVE-2020-9208 (There is an information leak vulnerability in iManager NetEco 600
NOT-FOR-US: Huawei
CVE-2020-9207 (There is an improper authentication vulnerability in some verisons of ...)
NOT-FOR-US: Huawei
-CVE-2020-9206
- RESERVED
+CVE-2020-9206 (The eUDC660 product has a resource management vulnerability. An attack ...)
+ TODO: check
CVE-2020-9205 (There has a CSV injection vulnerability in ManageOne 8.0.1. An attacke ...)
NOT-FOR-US: Huawei
CVE-2020-9204
@@ -88547,8 +88566,8 @@ CVE-2020-4884
RESERVED
CVE-2020-4883
RESERVED
-CVE-2020-4882
- RESERVED
+CVE-2020-4882 (IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Reques ...)
+ TODO: check
CVE-2020-4881 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
NOT-FOR-US: IBM
CVE-2020-4880
@@ -125654,12 +125673,14 @@ CVE-2019-11375 (Msvod v10 has a CSRF vulnerability to change user information vi
CVE-2019-11374 (74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the ...)
NOT-FOR-US: 74CMS
CVE-2019-11373 (An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer ...)
+ {DLA-2603-1}
[experimental] - libmediainfo 19.04+dfsg-1
- libmediainfo 18.12-2 (low; bug #927672)
[jessie] - libmediainfo <no-dsa> (Minor issue)
NOTE: https://github.com/MediaArea/MediaInfoLib/pull/1111
NOTE: https://sourceforge.net/p/mediainfo/bugs/1101/
CVE-2019-11372 (An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test ...)
+ {DLA-2603-1}
[experimental] - libmediainfo 19.04+dfsg-1
- libmediainfo 18.12-2 (low; bug #927672)
[jessie] - libmediainfo <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88c5371bb0a117dc02150b07a423aaf3b8d5c961
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88c5371bb0a117dc02150b07a423aaf3b8d5c961
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210322/43947806/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list