[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 23 20:10:40 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
22b90e9a by security tracker role at 2021-03-23T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3461
+ RESERVED
+CVE-2021-29092
+ RESERVED
+CVE-2021-29091
+ RESERVED
+CVE-2021-29090
+ RESERVED
+CVE-2021-29089
+ RESERVED
+CVE-2021-29088
+ RESERVED
+CVE-2021-29087
+ RESERVED
+CVE-2021-29086
+ RESERVED
+CVE-2021-29085
+ RESERVED
+CVE-2021-29084
+ RESERVED
+CVE-2021-29083
+ RESERVED
CVE-2021-3460
RESERVED
CVE-2021-3459
@@ -1268,8 +1290,7 @@ CVE-2021-28494
RESERVED
CVE-2021-28493
RESERVED
-CVE-2021-3444 [bpf: Fix truncation handling for mod32 dst reg wrt zero]
- RESERVED
+CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle mod32 des ...)
- linux 5.10.19-1
NOTE: https://git.kernel.org/linus/9b00f1b78809309163dda2d044d9e94a3c0248a3
NOTE: https://www.openwall.com/lists/oss-security/2021/03/23/2
@@ -2500,8 +2521,8 @@ CVE-2021-27971
RESERVED
CVE-2021-27970
RESERVED
-CVE-2021-27969
- RESERVED
+CVE-2021-27969 (Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "wi ...)
+ TODO: check
CVE-2021-27968
RESERVED
CVE-2021-27967
@@ -3491,18 +3512,18 @@ CVE-2021-27533
RESERVED
CVE-2021-27532
RESERVED
-CVE-2021-27531
- RESERVED
-CVE-2021-27530
- RESERVED
-CVE-2021-27529
- RESERVED
-CVE-2021-27528
- RESERVED
-CVE-2021-27527
- RESERVED
-CVE-2021-27526
- RESERVED
+CVE-2021-27531 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ TODO: check
+CVE-2021-27530 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ TODO: check
+CVE-2021-27529 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ TODO: check
+CVE-2021-27528 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ TODO: check
+CVE-2021-27527 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ TODO: check
+CVE-2021-27526 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ TODO: check
CVE-2021-27525
RESERVED
CVE-2021-27524
@@ -3993,10 +4014,10 @@ CVE-2021-27312
RESERVED
CVE-2021-27311
RESERVED
-CVE-2021-27310
- RESERVED
-CVE-2021-27309
- RESERVED
+CVE-2021-27310 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "langua ...)
+ TODO: check
+CVE-2021-27309 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module ...)
+ TODO: check
CVE-2021-27308 (A cross-site scripting (XSS) vulnerability in the admin login panel in ...)
NOT-FOR-US: 4images
CVE-2021-27307
@@ -5650,8 +5671,7 @@ CVE-2021-3393 [postgres: information leak in error message]
- postgresql-11 <removed>
[buster] - postgresql-11 <no-dsa> (Minor issue)
NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
-CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests]
- RESERVED
+CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of QEMU. This ...)
- qemu <unfixed> (bug #984449)
[buster] - qemu <postponed> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
@@ -13163,10 +13183,10 @@ CVE-2021-23364
RESERVED
CVE-2021-23363
RESERVED
-CVE-2021-23362
- RESERVED
+CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to Regular Exp ...)
+ TODO: check
CVE-2021-23361
- RESERVED
+ REJECTED
CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-controlle ...)
NOT-FOR-US: Node killport
CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...)
@@ -13365,8 +13385,8 @@ CVE-2021-23276
RESERVED
CVE-2021-23275
RESERVED
-CVE-2021-23274
- RESERVED
+CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Ga ...)
+ TODO: check
CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...)
NOT-FOR-US: TIBCO
CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...)
@@ -18578,8 +18598,8 @@ CVE-2021-21403
RESERVED
CVE-2021-21402
RESERVED
-CVE-2021-21401
- RESERVED
+CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in ansi C. ...)
+ TODO: check
CVE-2021-21400
RESERVED
CVE-2021-21399
@@ -18624,10 +18644,10 @@ CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime servi
NOT-FOR-US: XWiki
CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2021-21377
- RESERVED
-CVE-2021-21376
- RESERVED
+CVE-2021-21377 (OMERO.web is open source Django-based software for managing microscopy ...)
+ TODO: check
+CVE-2021-21376 (OMERO.web is open source Django-based software for managing microscopy ...)
+ TODO: check
CVE-2021-21375 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
@@ -21281,8 +21301,7 @@ CVE-2021-20271
[buster] - rpm <no-dsa> (Minor issue)
[stretch] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
-CVE-2021-20270
- RESERVED
+CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lea ...)
{DSA-4870-1 DLA-2590-1}
- pygments 2.7.1+dfsg-2 (bug #984664)
NOTE: https://github.com/pygments/pygments/issues/1625
@@ -21507,8 +21526,7 @@ CVE-2021-20228 [basic.py no_log with fallback option]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002
NOTE: https://github.com/ansible/ansible/pull/73487
NOTE: Mark ansible/2.10.7-1 fixing which is moving the code to ansible-base
-CVE-2021-20227
- RESERVED
+CVE-2021-20227 (A flaw was found in SQLite's SELECT query functionality (src/select.c) ...)
- sqlite3 3.34.1-1
[buster] - sqlite3 <not-affected> (Introduced in 3.33)
[stretch] - sqlite3 <not-affected> (Introduced in 3.33)
@@ -21529,8 +21547,7 @@ CVE-2021-20224
RESERVED
CVE-2021-20223
RESERVED
-CVE-2021-20222
- RESERVED
+CVE-2021-20222 (A flaw was found in keycloak. The new account console in keycloak can ...)
NOT-FOR-US: Keycloak
CVE-2021-20221 [GIC: out-of-bound heap buffer access via an interrupt ID field]
RESERVED
@@ -21543,8 +21560,7 @@ CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-20
- undertow <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1923133
TODO: CVE for incomplete fix for CVE-2020-10687 but not clear if affected any Debian released version
-CVE-2021-20219 [improper synchronization in flush_to_ldisc() can lead to DoS]
- RESERVED
+CVE-2021-20219 (A denial of service vulnerability was found in n_tty_receive_char_spec ...)
- linux <not-affected> (Red Hat specific issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/10
NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/16
@@ -28849,8 +28865,8 @@ CVE-2020-28505
RESERVED
CVE-2020-28504
RESERVED
-CVE-2020-28503
- RESERVED
+CVE-2020-28503 (The package copy-props before 2.0.5 are vulnerable to Prototype Pollut ...)
+ TODO: check
CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versions of ...)
- node-xmlhttprequest 1.8.0-1
[stretch] - node-xmlhttprequest <end-of-life> (Nodejs in stretch not covered by security support)
@@ -39195,7 +39211,7 @@ CVE-2020-25099
CVE-2020-25098
RESERVED
CVE-2020-25097 (An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. D ...)
- {DLA-2598-1}
+ {DSA-4873-1 DLA-2598-1}
- squid 4.13-8 (bug #985068)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
@@ -67589,8 +67605,8 @@ CVE-2020-12485 (The frame touch module does not make validity judgments on param
NOT-FOR-US: Vivo
CVE-2020-12484
RESERVED
-CVE-2020-12483
- RESERVED
+CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components, and the a ...)
+ TODO: check
CVE-2020-12482
RESERVED
CVE-2020-12481
@@ -82233,8 +82249,8 @@ CVE-2020-7348
RESERVED
CVE-2020-7347
RESERVED
-CVE-2020-7346
- RESERVED
+CVE-2020-7346 (Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP ...)
+ TODO: check
CVE-2020-7345
RESERVED
CVE-2020-7344
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b90e9abe32a5b6877879b76c379fc8b4b4b702
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b90e9abe32a5b6877879b76c379fc8b4b4b702
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210323/836ddb81/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list