[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 26 20:10:32 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5cd7ea07 by security tracker role at 2021-03-26T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,27 @@
+CVE-2021-3471
+ RESERVED
+CVE-2021-3470
+ RESERVED
+CVE-2021-3469
+ RESERVED
+CVE-2021-3468
+ RESERVED
+CVE-2021-29262
+ RESERVED
+CVE-2021-29261
+ RESERVED
+CVE-2021-29260
+ RESERVED
+CVE-2021-29259
+ RESERVED
CVE-2021-29258
RESERVED
CVE-2021-29257
RESERVED
CVE-2021-29256
RESERVED
-CVE-2021-29255
- RESERVED
+CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credent ...)
+ TODO: check
CVE-2021-29254
RESERVED
CVE-2021-29253
@@ -2165,14 +2181,14 @@ CVE-2021-28252
RESERVED
CVE-2021-28251
RESERVED
-CVE-2021-28250
- RESERVED
-CVE-2021-28249
- RESERVED
-CVE-2021-28248
- RESERVED
-CVE-2021-28247
- RESERVED
+CVE-2021-28250 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ TODO: check
+CVE-2021-28249 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ TODO: check
+CVE-2021-28248 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ TODO: check
+CVE-2021-28247 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ TODO: check
CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
NOT-FOR-US: CA eHealth Performance Manager
CVE-2021-28245
@@ -7869,8 +7885,8 @@ CVE-2021-3277
RESERVED
CVE-2021-3276
RESERVED
-CVE-2021-3275
- RESERVED
+CVE-2021-3275 (Unauthenticated stored cross-site scripting (XSS) exists in multiple T ...)
+ TODO: check
CVE-2021-3274
RESERVED
CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the /nagiosxi/adm ...)
@@ -9127,14 +9143,14 @@ CVE-2021-25374
RESERVED
CVE-2021-25373
RESERVED
-CVE-2021-25372
- RESERVED
-CVE-2021-25371
- RESERVED
-CVE-2021-25370
- RESERVED
-CVE-2021-25369
- RESERVED
+CVE-2021-25372 (An improper boundary check in DSP driver prior to SMR Mar-2021 Release ...)
+ TODO: check
+CVE-2021-25371 (A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows a ...)
+ TODO: check
+CVE-2021-25370 (An incorrect implementation handling file descriptor in dpu driver pri ...)
+ TODO: check
+CVE-2021-25369 (An improper access control vulnerability in sec_log file prior to SMR ...)
+ TODO: check
CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allo ...)
NOT-FOR-US: Samsung
CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4.2.00. ...)
@@ -12130,7 +12146,7 @@ CVE-2021-23988
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988
CVE-2021-23987
RESERVED
- {DSA-4876-1 DSA-4874-1 DLA-2607-1}
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -12147,7 +12163,7 @@ CVE-2021-23985
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985
CVE-2021-23984
RESERVED
- {DSA-4876-1 DSA-4874-1 DLA-2607-1}
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -12160,7 +12176,7 @@ CVE-2021-23983
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983
CVE-2021-23982
RESERVED
- {DSA-4876-1 DSA-4874-1 DLA-2607-1}
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -12169,7 +12185,7 @@ CVE-2021-23982
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982
CVE-2021-23981
RESERVED
- {DSA-4876-1 DSA-4874-1 DLA-2607-1}
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
- firefox 87.0-1
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
@@ -12457,12 +12473,12 @@ CVE-2021-23892
RESERVED
CVE-2021-23891
RESERVED
-CVE-2021-23890
- RESERVED
-CVE-2021-23889
- RESERVED
-CVE-2021-23888
- RESERVED
+CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee ePolicy ...)
+ TODO: check
+CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
+ TODO: check
+CVE-2021-23888 (Unvalidated client-side URL redirect vulnerability in McAfee ePolicy O ...)
+ TODO: check
CVE-2021-23887
RESERVED
CVE-2021-23886
@@ -13846,8 +13862,8 @@ CVE-2021-3111 (The Express Entries Dashboard in Concrete5 8.5.4 allows stored XS
NOT-FOR-US: Concrete5
CVE-2021-3110 (The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL i ...)
NOT-FOR-US: PrestaShop
-CVE-2021-3109
- RESERVED
+CVE-2021-3109 (The custom menu item options page in SolarWinds Orion Platform before ...)
+ TODO: check
CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...)
NOT-FOR-US: MERCUSYS Mercury X18G devices
CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...)
@@ -14526,8 +14542,8 @@ CVE-2021-22888 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS v
TODO: check
CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) mode ...)
NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000
-CVE-2021-22886
- RESERVED
+CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...)
+ TODO: check
CVE-2021-22885
RESERVED
CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...)
@@ -15456,8 +15472,8 @@ CVE-2021-22508
RESERVED
CVE-2021-22507
RESERVED
-CVE-2021-22506
- RESERVED
+CVE-2021-22506 (Advance configuration exposing Information Leakage vulnerability in Mi ...)
+ TODO: check
CVE-2021-22505
RESERVED
CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...)
@@ -16143,8 +16159,7 @@ CVE-2021-22173 (Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 all
[stretch] - wireshark <not-affected> (Affected code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-01.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17124
-CVE-2021-22172
- RESERVED
+CVE-2021-22172 (Improper authorization in GitLab 12.8+ allows a guest user in a privat ...)
[experimental] - gitlab 13.6.6-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
@@ -18356,8 +18371,8 @@ CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, all
NOT-FOR-US: SAP
CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, allows mul ...)
NOT-FOR-US: SAP
-CVE-2020-35856
- RESERVED
+CVE-2020-35856 (SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by ...)
+ TODO: check
CVE-2020-35855
RESERVED
CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Bod ...)
@@ -18981,8 +18996,8 @@ CVE-2021-21405
RESERVED
CVE-2021-21404
RESERVED
-CVE-2021-21403
- RESERVED
+CVE-2021-21403 (In github.com/kongchuanhujiao/server before version 1.3.21 there is an ...)
+ TODO: check
CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before version 1 ...)
NOT-FOR-US: Jellyfin
CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in ansi C. ...)
@@ -20833,20 +20848,20 @@ CVE-2021-20685
RESERVED
CVE-2021-20684
RESERVED
-CVE-2021-20683
- RESERVED
-CVE-2021-20682
- RESERVED
-CVE-2021-20681
- RESERVED
+CVE-2021-20683 (Improper neutralization of JavaScript input in the blog article editin ...)
+ TODO: check
+CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with an admi ...)
+ TODO: check
+CVE-2021-20681 (Improper neutralization of JavaScript input in the page editing functi ...)
+ TODO: check
CVE-2021-20680
RESERVED
CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6 ...)
NOT-FOR-US: Fuji
CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro versions prior ...)
NOT-FOR-US: Paid Memberships Pro
-CVE-2021-20677
- RESERVED
+CVE-2021-20677 (UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIV ...)
+ TODO: check
CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
NOT-FOR-US: M-System
CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
@@ -21630,8 +21645,7 @@ CVE-2021-20291
RESERVED
CVE-2021-20290
RESERVED
-CVE-2021-20289
- RESERVED
+CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.F ...)
NOT-FOR-US: Keycloak
CVE-2021-20288
RESERVED
@@ -21642,13 +21656,11 @@ CVE-2021-20286 (A flaw was found in libnbd 1.7.3. An assertion failure in nbd_un
NOTE: https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html
NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/2216190ecbbd853648df6a3280c17b345b0907a0 (v1.6.2)
NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0 (v1.7.3)
-CVE-2021-20285 [Illegal memory access in canPack function in p_lx_elf.cpp]
- RESERVED
+CVE-2021-20285 (A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw ...)
- upx-ucl <unfixed> (unimportant)
NOTE: https://github.com/upx/upx/issues/421
NOTE: https://github.com/upx/upx/commit/3781df9da23840e596d5e9e8493f22666802fe6c
-CVE-2021-20284
- RESERVED
+CVE-2021-20284 (A flaw was found in GNU Binutils 2.35.1, where there is a heap-based b ...)
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26931
NOTE: binutils not covered by security support
@@ -21704,8 +21716,7 @@ CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion failure
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=2256d7b4d67dd9c364386877d5af59943433458b
-CVE-2021-20271
- RESERVED
+CVE-2021-20271 (A flaw was found in RPM's signature check functionality when reading a ...)
- rpm <unfixed> (bug #985308)
[bullseye] - rpm <no-dsa> (Minor issue)
[buster] - rpm <no-dsa> (Minor issue)
@@ -22081,8 +22092,7 @@ CVE-2021-20199 (Rootless containers run with Podman, receive all traffic with a
NOTE: ahead of time
CVE-2021-20198 (A flaw was found in the OpenShift Installer before version v0.9.0-mast ...)
NOT-FOR-US: OpenShift
-CVE-2021-20197
- RESERVED
+CVE-2021-20197 (There is an open race window when writing output in the following util ...)
[experimental] - binutils 2.35.50.20201209-1
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26945
@@ -22108,8 +22118,7 @@ CVE-2021-20194 (There is a vulnerability in the linux kernel versions higher tha
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1912683
NOTE: https://patchwork.kernel.org/project/netdevbpf/patch/20210122164232.61770-1-loris.reiff@liblor.ch/#23921223
-CVE-2021-20193 [Memory leak in read_header() in list.c]
- RESERVED
+CVE-2021-20193 (A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ...)
- tar 1.34+dfsg-1 (unimportant; bug #980525)
NOTE: https://savannah.gnu.org/bugs/?59897
NOTE: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
@@ -22492,8 +22501,7 @@ CVE-2020-35519
[buster] - linux 4.19.171-1
[stretch] - linux 4.9.258-1
NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/17
-CVE-2020-35518 [Information disclosure during the binding of a DN]
- RESERVED
+CVE-2020-35518 (When binding against a DN during authentication, the reply from 389-ds ...)
- 389-ds-base 1.4.4.10-1
[buster] - 389-ds-base <not-affected> (Vulnerable code introduced later)
[stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later)
@@ -22537,8 +22545,7 @@ CVE-2020-35510
CVE-2020-35509
RESERVED
NOT-FOR-US: Keycloak
-CVE-2020-35508
- RESERVED
+CVE-2020-35508 (A flaw possibility of race condition and incorrect initialization of t ...)
- linux 5.9.9-1
[buster] - linux 4.19.160-1
[stretch] - linux 4.9.246-1
@@ -24936,6 +24943,7 @@ CVE-2021-1871
RESERVED
CVE-2021-1870
RESERVED
+ {DSA-4877-1}
- webkit2gtk 2.30.6-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.6-1
@@ -25078,6 +25086,7 @@ CVE-2021-1802
RESERVED
CVE-2021-1801
RESERVED
+ {DSA-4877-1}
- webkit2gtk 2.30.6-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.6-1
@@ -25086,6 +25095,7 @@ CVE-2021-1800
RESERVED
CVE-2021-1799
RESERVED
+ {DSA-4877-1}
- webkit2gtk 2.30.6-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.6-1
@@ -25110,6 +25120,7 @@ CVE-2021-1790
RESERVED
CVE-2021-1789
RESERVED
+ {DSA-4877-1}
- webkit2gtk 2.30.6-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.6-1
@@ -25162,6 +25173,7 @@ CVE-2021-1766
RESERVED
CVE-2021-1765
RESERVED
+ {DSA-4877-1}
- webkit2gtk 2.30.6-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.6-1
@@ -25289,6 +25301,7 @@ CVE-2020-29624
RESERVED
CVE-2020-29623
RESERVED
+ {DSA-4877-1}
- webkit2gtk 2.30.6-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.6-1
@@ -25925,14 +25938,14 @@ CVE-2021-1631
RESERVED
CVE-2021-1630
RESERVED
-CVE-2021-1629
- RESERVED
-CVE-2021-1628
- RESERVED
-CVE-2021-1627
- RESERVED
-CVE-2021-1626
- RESERVED
+CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...)
+ TODO: check
+CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...)
+ TODO: check
+CVE-2021-1627 (MuleSoft is aware of a Server Side Request Forgery vulnerability affec ...)
+ TODO: check
+CVE-2021-1626 (MuleSoft is aware of a Remote Code Execution vulnerability affecting c ...)
+ TODO: check
CVE-2020-29477 (Invision Community 4.5.4 is affected by cross-site scripting (XSS) in ...)
NOT-FOR-US: Invision Community
CVE-2020-29476
@@ -27696,8 +27709,8 @@ CVE-2020-28697
RESERVED
CVE-2020-28696
RESERVED
-CVE-2020-28695
- RESERVED
+CVE-2020-28695 (Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices ...)
+ TODO: check
CVE-2020-28694
RESERVED
CVE-2020-28693 (An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an ...)
@@ -32127,6 +32140,7 @@ CVE-2020-27920
CVE-2020-27919
RESERVED
CVE-2020-27918 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4877-1}
- webkit2gtk 2.30.6-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.6-1
@@ -32555,8 +32569,7 @@ CVE-2020-27830 [Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2]
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/1
NOTE: https://git.kernel.org/linus/f0992098cadb4c9c6a00703b66cafe604e178fea
-CVE-2020-27829 [heap buffer overflow in coders/tiff.c]
- RESERVED
+CVE-2020-27829 (A heap based buffer overflow in coders/tiff.c may result in program cr ...)
- imagemagick 8:6.9.11.57+dfsg-1
[stretch] - imagemagick <not-affected> (vulnerable code was introduced later)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ee5059cd3ac8d82714a1ab1321399b88539abf0
@@ -37688,8 +37701,8 @@ CVE-2020-25842 (The encryption function of NHIServiSignAdapter fail to verify th
NOT-FOR-US: NHIServiSignAdapter
CVE-2020-25841
RESERVED
-CVE-2020-25840
- RESERVED
+CVE-2020-25840 (Cross-Site scripting vulnerability in Micro Focus Access Manager produ ...)
+ TODO: check
CVE-2020-25839 (NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected b ...)
NOT-FOR-US: NetIQ Identity Manager
CVE-2020-25838 (Unauthorized disclosure of sensitive information vulnerability in Micr ...)
@@ -50834,10 +50847,10 @@ CVE-2020-19628
RESERVED
CVE-2020-19627
RESERVED
-CVE-2020-19626
- RESERVED
-CVE-2020-19625
- RESERVED
+CVE-2020-19626 (Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows re ...)
+ TODO: check
+CVE-2020-19625 (Remote Code Execution Vulnerability in tests/support/stores/test_grid_ ...)
+ TODO: check
CVE-2020-19624
RESERVED
CVE-2020-19623
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd7ea07caff1b9823728f12cb6dc4cb81f89b22
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd7ea07caff1b9823728f12cb6dc4cb81f89b22
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210326/6c32e44d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list