[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 25 20:10:38 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f2ad051f by security tracker role at 2021-03-25T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,12 +1,164 @@
-CVE-2021-29154
+CVE-2021-29231
+ RESERVED
+CVE-2021-29230
+ RESERVED
+CVE-2021-29229
+ RESERVED
+CVE-2021-29228
+ RESERVED
+CVE-2021-29227
+ RESERVED
+CVE-2021-29226
+ RESERVED
+CVE-2021-29225
+ RESERVED
+CVE-2021-29224
+ RESERVED
+CVE-2021-29223
+ RESERVED
+CVE-2021-29222
+ RESERVED
+CVE-2021-29221
+ RESERVED
+CVE-2021-29220
+ RESERVED
+CVE-2021-29219
+ RESERVED
+CVE-2021-29218
+ RESERVED
+CVE-2021-29217
+ RESERVED
+CVE-2021-29216
+ RESERVED
+CVE-2021-29215
+ RESERVED
+CVE-2021-29214
+ RESERVED
+CVE-2021-29213
+ RESERVED
+CVE-2021-29212
+ RESERVED
+CVE-2021-29211
+ RESERVED
+CVE-2021-29210
+ RESERVED
+CVE-2021-29209
+ RESERVED
+CVE-2021-29208
+ RESERVED
+CVE-2021-29207
+ RESERVED
+CVE-2021-29206
+ RESERVED
+CVE-2021-29205
+ RESERVED
+CVE-2021-29204
+ RESERVED
+CVE-2021-29203
+ RESERVED
+CVE-2021-29202
+ RESERVED
+CVE-2021-29201
+ RESERVED
+CVE-2021-29200
+ RESERVED
+CVE-2021-29199
+ RESERVED
+CVE-2021-29198
+ RESERVED
+CVE-2021-29197
+ RESERVED
+CVE-2021-29196
+ RESERVED
+CVE-2021-29195
+ RESERVED
+CVE-2021-29194
RESERVED
-CVE-2021-3467
+CVE-2021-29193
+ RESERVED
+CVE-2021-29192
+ RESERVED
+CVE-2021-29191
+ RESERVED
+CVE-2021-29190
+ RESERVED
+CVE-2021-29189
+ RESERVED
+CVE-2021-29188
+ RESERVED
+CVE-2021-29187
+ RESERVED
+CVE-2021-29186
+ RESERVED
+CVE-2021-29185
+ RESERVED
+CVE-2021-29184
+ RESERVED
+CVE-2021-29183
+ RESERVED
+CVE-2021-29182
+ RESERVED
+CVE-2021-29181
+ RESERVED
+CVE-2021-29180
+ RESERVED
+CVE-2021-29179
+ RESERVED
+CVE-2021-29178
+ RESERVED
+CVE-2021-29177
+ RESERVED
+CVE-2021-29176
+ RESERVED
+CVE-2021-29175
+ RESERVED
+CVE-2021-29174
+ RESERVED
+CVE-2021-29173
+ RESERVED
+CVE-2021-29172
+ RESERVED
+CVE-2021-29171
+ RESERVED
+CVE-2021-29170
+ RESERVED
+CVE-2021-29169
+ RESERVED
+CVE-2021-29168
+ RESERVED
+CVE-2021-29167
+ RESERVED
+CVE-2021-29166
+ RESERVED
+CVE-2021-29165
+ RESERVED
+CVE-2021-29164
+ RESERVED
+CVE-2021-29163
+ RESERVED
+CVE-2021-29162
+ RESERVED
+CVE-2021-29161
+ RESERVED
+CVE-2021-29160
+ RESERVED
+CVE-2021-29159
+ RESERVED
+CVE-2021-29158
+ RESERVED
+CVE-2021-29157
+ RESERVED
+CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger ...)
+ TODO: check
+CVE-2021-29155
RESERVED
+CVE-2021-29154
+ RESERVED
+CVE-2021-3467 (A NULL pointer dereference flaw was found in the way Jasper versions b ...)
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/268
NOTE: https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b
-CVE-2021-3466
- RESERVED
+CVE-2021-3466 (A flaw was found in libmicrohttpd in versions before 0.9.71. A missing ...)
- libmicrohttpd 0.9.71-1
[buster] - libmicrohttpd <not-affected> (Vulnerable code introduced later)
[stretch] - libmicrohttpd <not-affected> (Vulnerable code introduced later)
@@ -140,8 +292,8 @@ CVE-2021-29098
RESERVED
CVE-2021-29097
RESERVED
-CVE-2021-29096
- RESERVED
+CVE-2021-29096 (A use-after-free vulnerability when parsing a specially crafted file i ...)
+ TODO: check
CVE-2021-29095
RESERVED
CVE-2021-29094
@@ -450,8 +602,7 @@ CVE-2021-3452
RESERVED
CVE-2021-3451
RESERVED
-CVE-2021-3450 [CA certificate check bypass with X509_V_FLAG_X509_STRICT]
- RESERVED
+CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security checks of ...)
- openssl <unfixed>
[buster] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h)
[stretch] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h)
@@ -1063,8 +1214,8 @@ CVE-2021-28662
RESERVED
CVE-2021-28661
RESERVED
-CVE-2021-3449 [NULL pointer deref in signature_algorithms processing]
- RESERVED
+CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted renegoti ...)
+ {DSA-4875-1}
- openssl <unfixed>
- openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series)
NOTE: https://www.openssl.org/news/secadv/20210325.txt
@@ -1119,8 +1270,7 @@ CVE-2021-3447
- ansible <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349
NOTE: check, details on upstream status not yet clear
-CVE-2021-3446 [return of wrong initialization vector when certain symmetric ciphers are used]
- RESERVED
+CVE-2021-3446 (A flaw was found in libtpms in versions before 0.8.2. The commonly use ...)
- libtpms <unfixed>
NOTE: https://github.com/stefanberger/libtpms/commit/32c159ab53db703749a8f90430cdc7b20b00975e
CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOM ...)
@@ -1480,8 +1630,7 @@ CVE-2021-28485
RESERVED
CVE-2021-28484
RESERVED
-CVE-2021-3443 [NULL pointer dereference in jp2_decode in jp2_dec.c]
- RESERVED
+CVE-2021-3443 (A NULL pointer dereference flaw was found in the way Jasper versions b ...)
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/269
NOTE: https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b
@@ -4453,14 +4602,14 @@ CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has
NOT-FOR-US: Pelco Digital Sentry Server
CVE-2021-27196
RESERVED
-CVE-2021-27195
- RESERVED
-CVE-2021-27194
- RESERVED
-CVE-2021-27193
- RESERVED
-CVE-2021-27192
- RESERVED
+CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to and inc ...)
+ TODO: check
+CVE-2021-27194 (Cleartext transmission of sensitive information in Netop Vision Pro up ...)
+ TODO: check
+CVE-2021-27193 (Incorrect default permissions vulnerability in the API of Netop Vision ...)
+ TODO: check
+CVE-2021-27192 (Local privilege escalation vulnerability in Windows clients of Netop V ...)
+ TODO: check
CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable to den ...)
NOT-FOR-US: Node get-ip-range
CVE-2021-3408
@@ -5557,8 +5706,8 @@ CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1,
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
CVE-2021-26716 (Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS ...)
NOT-FOR-US: Emoncms
-CVE-2021-26715
- RESERVED
+CVE-2021-26715 (The OpenID Connect server implementation for MITREid Connect through 1 ...)
+ TODO: check
CVE-2021-26714
RESERVED
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1930888#c3
@@ -5849,10 +5998,10 @@ CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of QEMU.
[buster] - qemu <postponed> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
NOTE: https://bugs.launchpad.net/qemu/+bug/1914236
-CVE-2021-26597
- RESERVED
-CVE-2021-26596
- RESERVED
+CVE-2021-26597 (An issue was discovered in Nokia NetAct 18A. A remote user, authentica ...)
+ TODO: check
+CVE-2021-26596 (An issue was discovered in Nokia NetAct 18A. A malicious user can chan ...)
+ TODO: check
CVE-2021-26595 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
NOT-FOR-US: Directus
CVE-2021-26594 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
@@ -8928,12 +9077,12 @@ CVE-2021-25370
RESERVED
CVE-2021-25369
RESERVED
-CVE-2021-25368
- RESERVED
-CVE-2021-25367
- RESERVED
-CVE-2021-25366
- RESERVED
+CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allo ...)
+ TODO: check
+CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4.2.00. ...)
+ TODO: check
+CVE-2021-25366 (Improper access control in Samsung Internet prior to version 13.2.1.70 ...)
+ TODO: check
CVE-2021-25365
RESERVED
CVE-2021-25364
@@ -8954,20 +9103,20 @@ CVE-2021-25357
RESERVED
CVE-2021-25356
RESERVED
-CVE-2021-25355
- RESERVED
-CVE-2021-25354
- RESERVED
-CVE-2021-25353
- RESERVED
-CVE-2021-25352
- RESERVED
-CVE-2021-25351
- RESERVED
-CVE-2021-25350
- RESERVED
-CVE-2021-25349
- RESERVED
+CVE-2021-25355 (Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 ...)
+ TODO: check
+CVE-2021-25354 (Improper input check in Samsung Internet prior to version 13.2.1.46 al ...)
+ TODO: check
+CVE-2021-25353 (Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.121 ...)
+ TODO: check
+CVE-2021-25352 (Using PendingIntent with implicit intent in Bixby Voice prior to versi ...)
+ TODO: check
+CVE-2021-25351 (Improper Access Control in EmailValidationView in Samsung Account prio ...)
+ TODO: check
+CVE-2021-25350 (Information Exposure vulnerability in Samsung Account prior to version ...)
+ TODO: check
+CVE-2021-25349 (Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5. ...)
+ TODO: check
CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...)
NOT-FOR-US: Samsung Internet
CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to ...)
@@ -11923,7 +12072,7 @@ CVE-2021-23988
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988
CVE-2021-23987
RESERVED
- {DSA-4874-1}
+ {DSA-4874-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -11940,7 +12089,7 @@ CVE-2021-23985
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985
CVE-2021-23984
RESERVED
- {DSA-4874-1}
+ {DSA-4874-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -11953,7 +12102,7 @@ CVE-2021-23983
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983
CVE-2021-23982
RESERVED
- {DSA-4874-1}
+ {DSA-4874-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -11962,7 +12111,7 @@ CVE-2021-23982
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982
CVE-2021-23981
RESERVED
- {DSA-4874-1}
+ {DSA-4874-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -14939,8 +15088,8 @@ CVE-2021-22661 (Changing the password on the module webpage does not require the
NOT-FOR-US: ProSoft Technology
CVE-2021-22660
RESERVED
-CVE-2021-22659
- RESERVED
+CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a ...)
+ TODO: check
CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
NOT-FOR-US: Advantech iView
CVE-2021-22657
@@ -15265,8 +15414,8 @@ CVE-2021-22498 (XML External Entity Injection vulnerability in Micro Focus Appli
NOT-FOR-US: Micro Focus
CVE-2021-22497
RESERVED
-CVE-2021-22496
- RESERVED
+CVE-2021-22496 (Authentication Bypass Vulnerability in Micro Focus Access Manager Prod ...)
+ TODO: check
CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
NOT-FOR-US: Samsung mobile devices
CVE-2021-22494 (An issue was discovered in the fingerprint scanner on Samsung Note20 m ...)
@@ -16745,8 +16894,8 @@ CVE-2021-21785
RESERVED
CVE-2021-21784
RESERVED
-CVE-2021-21783
- RESERVED
+CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...)
+ TODO: check
CVE-2021-21782
RESERVED
CVE-2021-21781
@@ -21761,58 +21910,50 @@ CVE-2021-20219 (A denial of service vulnerability was found in n_tty_receive_cha
NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/16
CVE-2021-20218 (A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and ...)
NOT-FOR-US: fabric8io / kubernetes-client
-CVE-2021-20217
- RESERVED
+CVE-2021-20217 (A flaw was found in Privoxy in versions before 3.0.31. An assertion fa ...)
{DLA-2548-1}
- privoxy 3.0.31-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5bba5b89193fa2eeea51aa39fb6525c47b59a82a (3.0.31)
-CVE-2021-20216
- RESERVED
+CVE-2021-20216 (A flaw was found in Privoxy in versions before 3.0.31. A memory leak t ...)
{DLA-2548-1}
- privoxy 3.0.31-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=f431d61740cc03c1c5f6b7f9c7a4a8d0bedd70dd (3.0.31)
-CVE-2021-20215
- RESERVED
+CVE-2021-20215 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...)
{DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=064eac5fd0f693e94ec8b3a64d1d91e8fb7e8e66 (3.0.29)
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=fdee85c0bf3e2dbd7722ddc45e9ed912f02a2136 (3.0.29)
-CVE-2021-20214
- RESERVED
+CVE-2021-20214 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...)
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
[stretch] - privoxy <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=cf5640eb2a57197717758e225ad6e11cbaab1d6c (3.0.29)
-CVE-2021-20213
- RESERVED
+CVE-2021-20213 (A flaw was found in Privoxy in versions before 3.0.29. Dereference of ...)
{DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=75301323495579ff27bdaaea67e31e2df83475fc (3.0.29)
-CVE-2021-20212
- RESERVED
+CVE-2021-20212 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak if ...)
{DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5cfb7bc8feecc82eb161450faa572abf9be19cbb (3.0.29)
-CVE-2021-20211
- RESERVED
+CVE-2021-20211 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak whe ...)
{DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=245e1cf325bc957df6226c745b7ac3f67a97ea07 (3.0.29)
-CVE-2021-20210
- RESERVED
+CVE-2021-20210 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak in ...)
{DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
@@ -22372,8 +22513,7 @@ CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus ad
[buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
-CVE-2020-35502
- RESERVED
+CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks wh ...)
{DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
@@ -27869,8 +28009,8 @@ CVE-2021-1494
RESERVED
CVE-2021-1493
RESERVED
-CVE-2021-1492
- RESERVED
+CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...)
+ TODO: check
CVE-2021-1491
RESERVED
CVE-2021-1490
@@ -83935,18 +84075,18 @@ CVE-2020-6792 (When deriving an identifier for an email message, uninitialized m
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6792
CVE-2020-6791
RESERVED
-CVE-2020-6790
- RESERVED
-CVE-2020-6789
- RESERVED
-CVE-2020-6788
- RESERVED
-CVE-2020-6787
- RESERVED
-CVE-2020-6786
- RESERVED
-CVE-2020-6785
- RESERVED
+CVE-2020-6790 (Calling an executable through an Uncontrolled Search Path Element in t ...)
+ TODO: check
+CVE-2020-6789 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
+ TODO: check
+CVE-2020-6788 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
+ TODO: check
+CVE-2020-6787 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
+ TODO: check
+CVE-2020-6786 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
+ TODO: check
+CVE-2020-6785 (Loading a DLL through an Uncontrolled Search Path Element in Bosch BVM ...)
+ TODO: check
CVE-2020-6784
RESERVED
CVE-2020-6783
@@ -83973,8 +84113,8 @@ CVE-2020-6773
RESERVED
CVE-2020-6772
RESERVED
-CVE-2020-6771
- RESERVED
+CVE-2020-6771 (Loading a DLL through an Uncontrolled Search Path Element in Bosch IP ...)
+ TODO: check
CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...)
NOT-FOR-US: BVMS Mobile Video Service (BVMS MVS)
CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...)
@@ -97176,8 +97316,7 @@ CVE-2020-1948 (This vulnerability can affect all Dubbo users stay on version 2.7
NOT-FOR-US: Apache Dubbo
CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingS ...)
NOT-FOR-US: Apache ShardingSphere
-CVE-2020-1946 [OS Command Injection]
- RESERVED
+CVE-2020-1946 (In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf ...)
- spamassassin <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/3
NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793 (not public)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2ad051fd07a4f5d5b666a5847f06fc60a067d6a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2ad051fd07a4f5d5b666a5847f06fc60a067d6a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210325/fd0f5d4d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list