[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 24 20:10:31 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
51bab48e by security tracker role at 2021-03-24T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2021-3467
+ RESERVED
+CVE-2021-3466
+ RESERVED
+CVE-2021-3465
+ RESERVED
+CVE-2021-29153
+ RESERVED
+CVE-2021-29152
+ RESERVED
+CVE-2021-29151
+ RESERVED
+CVE-2021-29150
+ RESERVED
+CVE-2021-29149
+ RESERVED
+CVE-2021-29148
+ RESERVED
+CVE-2021-29147
+ RESERVED
+CVE-2021-29146
+ RESERVED
+CVE-2021-29145
+ RESERVED
+CVE-2021-29144
+ RESERVED
+CVE-2021-29143
+ RESERVED
+CVE-2021-29142
+ RESERVED
+CVE-2021-29141
+ RESERVED
+CVE-2021-29140
+ RESERVED
+CVE-2021-29139
+ RESERVED
+CVE-2021-29138
+ RESERVED
+CVE-2021-29137
+ RESERVED
+CVE-2021-29136
+ RESERVED
+CVE-2021-29135
+ RESERVED
+CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when ...)
+ TODO: check
CVE-2021-3464
RESERVED
CVE-2021-3463
@@ -215,24 +261,24 @@ CVE-2021-29035
RESERVED
CVE-2021-29034
RESERVED
-CVE-2021-29033
- RESERVED
-CVE-2021-29032
- RESERVED
-CVE-2021-29031
- RESERVED
-CVE-2021-29030
- RESERVED
-CVE-2021-29029
- RESERVED
-CVE-2021-29028
- RESERVED
-CVE-2021-29027
- RESERVED
-CVE-2021-29026
- RESERVED
-CVE-2021-29025
- RESERVED
+CVE-2021-29033 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ TODO: check
+CVE-2021-29032 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ TODO: check
+CVE-2021-29031 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ TODO: check
+CVE-2021-29030 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ TODO: check
+CVE-2021-29029 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ TODO: check
+CVE-2021-29028 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ TODO: check
+CVE-2021-29027 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ TODO: check
+CVE-2021-29026 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ TODO: check
+CVE-2021-29025 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ TODO: check
CVE-2021-29024
RESERVED
CVE-2021-29023
@@ -277,8 +323,8 @@ CVE-2021-29004
RESERVED
CVE-2021-29003
RESERVED
-CVE-2021-29002
- RESERVED
+CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 e ...)
+ TODO: check
CVE-2021-29001
RESERVED
CVE-2021-29000
@@ -393,6 +439,7 @@ CVE-2021-3451
CVE-2021-3450
RESERVED
CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.l ...)
+ {DLA-2606-1}
- lxml 4.6.3-1 (bug #985643)
NOTE: https://bugs.launchpad.net/lxml/+bug/1888153
NOTE: https://github.com/lxml/lxml/pull/316
@@ -1660,8 +1707,8 @@ CVE-2021-28363 (The urllib3 library 1.26.x before 1.26.4 for Python omits SSL ce
NOTE: Support for HTTPS request via HTTPS proxies only introduced in 1.26.0.
NOTE: In Debian urllib3 does require SSL certificate validation by default (since 1.3-3)
NOTE: with the 02_require-cert-verification.patch patch (Cf. #686872).
-CVE-2021-28362
- RESERVED
+CVE-2021-28362 (An issue was discovered in Contiki through 3.0. When sending an ICMPv6 ...)
+ TODO: check
CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit (SPDK) ...)
NOT-FOR-US: Storage Performance Development Kit
CVE-2021-28360
@@ -4087,18 +4134,18 @@ CVE-2021-27322
RESERVED
CVE-2021-27321
RESERVED
-CVE-2021-27320
- RESERVED
-CVE-2021-27319
- RESERVED
+CVE-2021-27320 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...)
+ TODO: check
+CVE-2021-27319 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...)
+ TODO: check
CVE-2021-27318 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...)
NOT-FOR-US: Doctor Appointment System
CVE-2021-27317 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...)
NOT-FOR-US: Doctor Appointment System
-CVE-2021-27316
- RESERVED
-CVE-2021-27315
- RESERVED
+CVE-2021-27316 (Blind SQL injection in contactus.php in doctor appointment system 1.0 ...)
+ TODO: check
+CVE-2021-27315 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...)
+ TODO: check
CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an ...)
NOT-FOR-US: doctor appointment system
CVE-2021-27313
@@ -11844,6 +11891,7 @@ CVE-2021-23988
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988
CVE-2021-23987
RESERVED
+ {DSA-4874-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -11860,6 +11908,7 @@ CVE-2021-23985
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985
CVE-2021-23984
RESERVED
+ {DSA-4874-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -11872,6 +11921,7 @@ CVE-2021-23983
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983
CVE-2021-23982
RESERVED
+ {DSA-4874-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -11880,6 +11930,7 @@ CVE-2021-23982
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982
CVE-2021-23981
RESERVED
+ {DSA-4874-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -15788,10 +15839,10 @@ CVE-2021-22195
RESERVED
CVE-2021-22194
RESERVED
-CVE-2021-22193
- RESERVED
-CVE-2021-22192
- RESERVED
+CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
+CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 ...)
- wireshark 3.4.4-1
[buster] - wireshark <postponed> (Minor issue, can be fixed along in future update)
@@ -15808,13 +15859,11 @@ CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions st
- gitlab <unfixed>
CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...)
- gitlab 13.2.3-2
-CVE-2021-22186
- RESERVED
+CVE-2021-22186 (An authorization issue in GitLab CE/EE version 9.4 and up allowed a gr ...)
[experimental] - gitlab 13.7.8+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
-CVE-2021-22185
- RESERVED
+CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8 and up ...)
- gitlab <not-affected> (Only affects 13.8)
NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
CVE-2021-22184
@@ -15829,14 +15878,14 @@ CVE-2021-22181
RESERVED
CVE-2021-22180
RESERVED
-CVE-2021-22179
- RESERVED
-CVE-2021-22178
- RESERVED
+CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab ...)
+ TODO: check
+CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2021-22177
RESERVED
-CVE-2021-22176
- RESERVED
+CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2021-22175
RESERVED
CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...)
@@ -15861,8 +15910,7 @@ CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab P
- gitlab <unfixed>
CVE-2021-22170
RESERVED
-CVE-2021-22169
- RESERVED
+CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...)
- gitlab <not-affected> (Specific to EE)
NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...)
@@ -22839,8 +22887,8 @@ CVE-2020-35339 (In 74cms version 5.0.1, there is a remote code execution vulnera
NOT-FOR-US: 74cms
CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...)
NOT-FOR-US: Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server
-CVE-2020-35337
- RESERVED
+CVE-2020-35337 (ThinkSAAS before 3.38 contains a SQL injection vulnerability through a ...)
+ TODO: check
CVE-2020-35336
RESERVED
CVE-2020-35335
@@ -58720,8 +58768,8 @@ CVE-2020-15810 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_10.patch
-CVE-2020-15809
- RESERVED
+CVE-2020-15809 (spxmanage on certain SpinetiX devices allows requests that access unin ...)
+ TODO: check
CVE-2020-15808
RESERVED
CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted ...)
@@ -81285,8 +81333,8 @@ CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATF
NOT-FOR-US: TOBESOFT XPLATFORM
CVE-2020-7840
RESERVED
-CVE-2020-7839
- RESERVED
+CVE-2020-7839 (In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability c ...)
+ TODO: check
CVE-2020-7838 (A arbitrary code execution vulnerability exists in the way that the St ...)
NOT-FOR-US: Smilegate STOVE Client
CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...)
@@ -88752,8 +88800,8 @@ CVE-2020-5017 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local
NOT-FOR-US: IBM
CVE-2020-5016 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
NOT-FOR-US: IBM
-CVE-2020-5015
- RESERVED
+CVE-2020-5015 (IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Stora ...)
+ TODO: check
CVE-2020-5014 (IBM DataPower Gateway V10 and V2018 could allow a local attacker with ...)
NOT-FOR-US: IBM
CVE-2020-5013
@@ -98291,22 +98339,17 @@ CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code Executio
NOT-FOR-US: Netis WF2419
CVE-2019-19355 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
-CVE-2019-19354
- RESERVED
+CVE-2019-19354 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
-CVE-2019-19353
- RESERVED
+CVE-2019-19353 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
-CVE-2019-19352
- RESERVED
+CVE-2019-19352 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
CVE-2019-19351 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
-CVE-2019-19350
- RESERVED
+CVE-2019-19350 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
-CVE-2019-19349
- RESERVED
+CVE-2019-19349 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
CVE-2019-19348 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51bab48eff5ec62af1600803cb8e0d2a433e9669
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51bab48eff5ec62af1600803cb8e0d2a433e9669
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210324/7b77cfae/attachment.htm>
More information about the debian-security-tracker-commits
mailing list