[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 23 08:10:22 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
760d7373 by security tracker role at 2021-03-23T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,223 @@
+CVE-2021-3460
+ RESERVED
+CVE-2021-3459
+ RESERVED
+CVE-2021-3458
+ RESERVED
+CVE-2021-29082 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ TODO: check
+CVE-2021-29081 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2021-29080 (Certain NETGEAR devices are affected by password reset by an unauthent ...)
+ TODO: check
+CVE-2021-29079 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2021-29078 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2021-29077 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2021-29076 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2021-29075 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2021-29074 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2021-29073 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2021-29072 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2021-29071 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2021-29070 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2021-29069 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2021-29068 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ TODO: check
+CVE-2021-29067 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ TODO: check
+CVE-2021-29066 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ TODO: check
+CVE-2021-29065 (NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication ...)
+ TODO: check
+CVE-2021-29064
+ RESERVED
+CVE-2021-29063
+ RESERVED
+CVE-2021-29062
+ RESERVED
+CVE-2021-29061
+ RESERVED
+CVE-2021-29060
+ RESERVED
+CVE-2021-29059
+ RESERVED
+CVE-2021-29058
+ RESERVED
+CVE-2021-29057
+ RESERVED
+CVE-2021-29056
+ RESERVED
+CVE-2021-29055
+ RESERVED
+CVE-2021-29054
+ RESERVED
+CVE-2021-29053
+ RESERVED
+CVE-2021-29052
+ RESERVED
+CVE-2021-29051
+ RESERVED
+CVE-2021-29050
+ RESERVED
+CVE-2021-29049
+ RESERVED
+CVE-2021-29048
+ RESERVED
+CVE-2021-29047
+ RESERVED
+CVE-2021-29046
+ RESERVED
+CVE-2021-29045
+ RESERVED
+CVE-2021-29044
+ RESERVED
+CVE-2021-29043
+ RESERVED
+CVE-2021-29042
+ RESERVED
+CVE-2021-29041
+ RESERVED
+CVE-2021-29040
+ RESERVED
+CVE-2021-29039
+ RESERVED
+CVE-2021-29038
+ RESERVED
+CVE-2021-29037
+ RESERVED
+CVE-2021-29036
+ RESERVED
+CVE-2021-29035
+ RESERVED
+CVE-2021-29034
+ RESERVED
+CVE-2021-29033
+ RESERVED
+CVE-2021-29032
+ RESERVED
+CVE-2021-29031
+ RESERVED
+CVE-2021-29030
+ RESERVED
+CVE-2021-29029
+ RESERVED
+CVE-2021-29028
+ RESERVED
+CVE-2021-29027
+ RESERVED
+CVE-2021-29026
+ RESERVED
+CVE-2021-29025
+ RESERVED
+CVE-2021-29024
+ RESERVED
+CVE-2021-29023
+ RESERVED
+CVE-2021-29022
+ RESERVED
+CVE-2021-29021
+ RESERVED
+CVE-2021-29020
+ RESERVED
+CVE-2021-29019
+ RESERVED
+CVE-2021-29018
+ RESERVED
+CVE-2021-29017
+ RESERVED
+CVE-2021-29016
+ RESERVED
+CVE-2021-29015
+ RESERVED
+CVE-2021-29014
+ RESERVED
+CVE-2021-29013
+ RESERVED
+CVE-2021-29012
+ RESERVED
+CVE-2021-29011
+ RESERVED
+CVE-2021-29010
+ RESERVED
+CVE-2021-29009
+ RESERVED
+CVE-2021-29008
+ RESERVED
+CVE-2021-29007
+ RESERVED
+CVE-2021-29006
+ RESERVED
+CVE-2021-29005
+ RESERVED
+CVE-2021-29004
+ RESERVED
+CVE-2021-29003
+ RESERVED
+CVE-2021-29002
+ RESERVED
+CVE-2021-29001
+ RESERVED
+CVE-2021-29000
+ RESERVED
+CVE-2021-28999
+ RESERVED
+CVE-2021-28998
+ RESERVED
+CVE-2021-28997
+ RESERVED
+CVE-2021-28996
+ RESERVED
+CVE-2021-28995
+ RESERVED
+CVE-2021-28994
+ RESERVED
+CVE-2021-28993
+ RESERVED
+CVE-2021-28992
+ RESERVED
+CVE-2021-28991
+ RESERVED
+CVE-2021-28990
+ RESERVED
+CVE-2021-28989
+ RESERVED
+CVE-2021-28988
+ RESERVED
+CVE-2021-28987
+ RESERVED
+CVE-2021-28986
+ RESERVED
+CVE-2021-28985
+ RESERVED
+CVE-2021-28984
+ RESERVED
+CVE-2021-28983
+ RESERVED
+CVE-2021-28982
+ RESERVED
+CVE-2021-28981
+ RESERVED
+CVE-2021-28980
+ RESERVED
+CVE-2021-28979
+ RESERVED
+CVE-2021-28978
+ RESERVED
+CVE-2021-28977
+ RESERVED
+CVE-2021-28976
+ RESERVED
CVE-2021-3457
RESERVED
CVE-2021-3456
@@ -2382,6 +2602,7 @@ CVE-2021-27930
CVE-2021-27929
RESERVED
CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 before 10 ...)
+ {DLA-2605-1}
- mariadb-10.5 1:10.5.9-1
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
@@ -7078,18 +7299,18 @@ CVE-2021-25924
RESERVED
CVE-2021-25923
RESERVED
-CVE-2021-25922
- RESERVED
-CVE-2021-25921
- RESERVED
-CVE-2021-25920
- RESERVED
-CVE-2021-25919
- RESERVED
-CVE-2021-25918
- RESERVED
-CVE-2021-25917
- RESERVED
+CVE-2021-25922 (In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross- ...)
+ TODO: check
+CVE-2021-25921 (In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2021-25920 (In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Ac ...)
+ TODO: check
+CVE-2021-25919 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2021-25918 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2021-25917 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...)
+ TODO: check
CVE-2021-25916 (Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 throu ...)
NOT-FOR-US: Node patchmerge
CVE-2021-25915 (Prototype pollution vulnerability in 'changeset' versions 0.0.1 throug ...)
@@ -15169,8 +15390,8 @@ CVE-2021-22316
RESERVED
CVE-2021-22315
RESERVED
-CVE-2021-22314
- RESERVED
+CVE-2021-22314 (There is a local privilege escalation vulnerability in some versions o ...)
+ TODO: check
CVE-2021-22313
RESERVED
CVE-2021-22312
@@ -18378,8 +18599,8 @@ CVE-2021-21372
RESERVED
CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to pull Tena ...)
NOT-FOR-US: Tenable for Jira Cloud
-CVE-2021-21370
- RESERVED
+CVE-2021-21370 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ TODO: check
CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible, Ethereum clien ...)
NOT-FOR-US: Hyperledger Besu
CVE-2021-21368 (msgpack5 is a msgpack v5 implementation for node.js and the browser. I ...)
@@ -18402,50 +18623,50 @@ CVE-2021-21361 (The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains
NOT-FOR-US: gradle-vagrant-plugin
CVE-2021-21360 (Products.GenericSetup is a mini-framework for expressing the configure ...)
NOT-FOR-US: Products.GenericSetup
-CVE-2021-21359
- RESERVED
-CVE-2021-21358
- RESERVED
-CVE-2021-21357
- RESERVED
+CVE-2021-21359 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ TODO: check
+CVE-2021-21358 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ TODO: check
+CVE-2021-21357 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ TODO: check
CVE-2021-21356
RESERVED
-CVE-2021-21355
- RESERVED
+CVE-2021-21355 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ TODO: check
CVE-2021-21354 (Pollbot is open source software which "frees its human masters from th ...)
NOT-FOR-US: Pollbot
CVE-2021-21353 (Pug is an npm package which is a high-performance template engine. In ...)
NOT-FOR-US: Node pug
CVE-2021-21352 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
NOT-FOR-US: Anuko Time Tracker
-CVE-2021-21351
- RESERVED
-CVE-2021-21350
- RESERVED
-CVE-2021-21349
- RESERVED
-CVE-2021-21348
- RESERVED
-CVE-2021-21347
- RESERVED
-CVE-2021-21346
- RESERVED
-CVE-2021-21345
- RESERVED
-CVE-2021-21344
- RESERVED
-CVE-2021-21343
- RESERVED
-CVE-2021-21342
- RESERVED
-CVE-2021-21341
- RESERVED
-CVE-2021-21340
- RESERVED
-CVE-2021-21339
- RESERVED
-CVE-2021-21338
- RESERVED
+CVE-2021-21351 (XStream is a Java library to serialize objects to XML and back again. ...)
+ TODO: check
+CVE-2021-21350 (XStream is a Java library to serialize objects to XML and back again. ...)
+ TODO: check
+CVE-2021-21349 (XStream is a Java library to serialize objects to XML and back again. ...)
+ TODO: check
+CVE-2021-21348 (XStream is a Java library to serialize objects to XML and back again. ...)
+ TODO: check
+CVE-2021-21347 (XStream is a Java library to serialize objects to XML and back again. ...)
+ TODO: check
+CVE-2021-21346 (XStream is a Java library to serialize objects to XML and back again. ...)
+ TODO: check
+CVE-2021-21345 (XStream is a Java library to serialize objects to XML and back again. ...)
+ TODO: check
+CVE-2021-21344 (XStream is a Java library to serialize objects to XML and back again. ...)
+ TODO: check
+CVE-2021-21343 (XStream is a Java library to serialize objects to XML and back again. ...)
+ TODO: check
+CVE-2021-21342 (XStream is a Java library to serialize objects to XML and back again. ...)
+ TODO: check
+CVE-2021-21341 (XStream is a Java library to serialize objects to XML and back again. ...)
+ TODO: check
+CVE-2021-21340 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ TODO: check
+CVE-2021-21339 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ TODO: check
+CVE-2021-21338 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ TODO: check
CVE-2021-21337 (Products.PluggableAuthService is a pluggable Zope authentication and a ...)
NOT-FOR-US: Products.PluggableAuthService
CVE-2021-21336 (Products.PluggableAuthService is a pluggable Zope authentication and a ...)
@@ -28754,9 +28975,11 @@ CVE-2020-28434
RESERVED
CVE-2020-28433
RESERVED
-CVE-2020-28432 (All versions of package theme-core are vulnerable to Command Injection ...)
+CVE-2020-28432
+ REJECTED
NOT-FOR-US: Node theme-core
-CVE-2020-28431 (All versions of package wc-cmd are vulnerable to Command Injection via ...)
+CVE-2020-28431
+ REJECTED
NOT-FOR-US: Node wc-cmd
CVE-2020-28430 (All versions of package nuance-gulp-build-common are vulnerable to Com ...)
NOT-FOR-US: Node nuance-gulp-build-common
@@ -31435,7 +31658,6 @@ CVE-2020-27920
CVE-2020-27919
RESERVED
CVE-2020-27918 (A use after free issue was addressed with improved memory management. ...)
- RESERVED
- webkit2gtk 2.30.6-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.6-1
@@ -75482,7 +75704,7 @@ CVE-2020-9948 (A type confusion issue was addressed with improved memory handlin
- wpewebkit 2.30.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
CVE-2020-9947 (A use after free issue was addressed with improved memory management. ...)
- RESERVED
+ {DSA-4797-1}
- webkit2gtk 2.30.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.0-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/760d7373599660269680acedd221b02fdfe1ecf5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/760d7373599660269680acedd221b02fdfe1ecf5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210323/3f66de6b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list