[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 29 21:10:26 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0edb38b6 by security tracker role at 2021-03-29T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3473
+ RESERVED
+CVE-2021-3472
+ RESERVED
+CVE-2021-29422
+ RESERVED
+CVE-2021-29421
+ RESERVED
+CVE-2021-29420
+ RESERVED
+CVE-2021-29419
+ RESERVED
+CVE-2021-29418
+ RESERVED
+CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...)
+ TODO: check
+CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...)
+ TODO: check
+CVE-2021-29415
+ RESERVED
+CVE-2021-29414
+ RESERVED
CVE-2021-29413
RESERVED
CVE-2021-29412
@@ -296,8 +318,8 @@ CVE-2021-29269
RESERVED
CVE-2021-29268
RESERVED
-CVE-2021-29267
- RESERVED
+CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...)
+ TODO: check
CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...)
- linux 5.10.26-1 (unimportant)
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -998,8 +1020,8 @@ CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security chec
- openssl1.0 <not-affected> (Vulnerable code introduced in 1.1.1h)
NOTE: https://www.openssl.org/news/secadv/20210325.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
-CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.l ...)
- {DLA-2606-1}
+CVE-2021-28957 (An XSS vulnerability was discovered in python-lxml's clean module vers ...)
+ {DSA-4880-1 DLA-2606-1}
- lxml 4.6.3-1 (bug #985643)
NOTE: https://bugs.launchpad.net/lxml/+bug/1888153
NOTE: https://github.com/lxml/lxml/pull/316
@@ -1041,10 +1063,10 @@ CVE-2021-28939
RESERVED
CVE-2021-28938
RESERVED
-CVE-2021-28937
- RESERVED
-CVE-2021-28936
- RESERVED
+CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...)
+ TODO: check
+CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...)
+ TODO: check
CVE-2021-28935
RESERVED
CVE-2021-28934
@@ -1577,14 +1599,14 @@ CVE-2021-28675
RESERVED
CVE-2021-28674
RESERVED
-CVE-2021-28673
- RESERVED
+CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...)
+ TODO: check
CVE-2021-28672
RESERVED
CVE-2021-28671
RESERVED
-CVE-2021-28670
- RESERVED
+CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...)
+ TODO: check
CVE-2021-28669
RESERVED
CVE-2021-28668
@@ -1621,6 +1643,7 @@ CVE-2021-28687 [HVM soft-reset crashes toolstack]
[stretch] - xen <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-368.html
CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...)
+ {DLA-2610-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7
@@ -2782,6 +2805,7 @@ CVE-2021-3429
NOTE: https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668
CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
RESERVED
+ {DLA-2610-1}
- linux 5.8.7-1
[buster] - linux 4.19.181-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786
@@ -3296,7 +3320,7 @@ CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-369.html
CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...)
- {DLA-2586-1}
+ {DLA-2610-1 DLA-2586-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE: https://xenbits.xen.org/xsa/advisory-367.html
@@ -3348,7 +3372,7 @@ CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 bef
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-25179
NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27
-CVE-2021-27927 (In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x befor ...)
+CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...)
- zabbix 1:5.0.8+dfsg-1
[stretch] - zabbix <no-dsa> (minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-18942
@@ -4611,18 +4635,18 @@ CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend
CVE-2021-27366
RESERVED
CVE-2021-27365 (An issue was discovered in the Linux kernel through 5.11.3. Certain iS ...)
- {DLA-2586-1}
+ {DLA-2610-1 DLA-2586-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE: https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee
NOTE: https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
CVE-2021-27364 (An issue was discovered in the Linux kernel through 5.11.3. drivers/sc ...)
- {DLA-2586-1}
+ {DLA-2610-1 DLA-2586-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
CVE-2021-27363 (An issue was discovered in the Linux kernel through 5.11.3. A kernel p ...)
- {DLA-2586-1}
+ {DLA-2610-1 DLA-2586-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
@@ -4648,8 +4672,8 @@ CVE-2021-27354
RESERVED
CVE-2021-27353
RESERVED
-CVE-2021-27352
- RESERVED
+CVE-2021-27352 (An open redirect vulnerability in Ilch CMS version 2.1.42 allows attac ...)
+ TODO: check
CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...)
- telegram-desktop 2.6.1-1
[buster] - telegram-desktop <not-affected> (Vulnerable code not present)
@@ -5593,17 +5617,17 @@ CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a gue
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-364.html
CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...)
- {DLA-2586-1}
+ {DLA-2610-1 DLA-2586-1}
- linux 5.10.19-1
[buster] - linux 4.19.177-1
NOTE: https://xenbits.xen.org/xsa/advisory-361.html
CVE-2021-26931 (An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as ...)
- {DLA-2586-1}
+ {DLA-2610-1 DLA-2586-1}
- linux 5.10.19-1
[buster] - linux 4.19.177-1
NOTE: https://xenbits.xen.org/xsa/advisory-362.html
CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16, as u ...)
- {DLA-2586-1}
+ {DLA-2610-1 DLA-2586-1}
- linux 5.10.19-1
[buster] - linux 4.19.177-1
NOTE: https://xenbits.xen.org/xsa/advisory-365.html
@@ -7104,6 +7128,7 @@ CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version
NOTE: Introduced by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e76617cbab018dd8f41fd6b4ec6740b5303f7e13
NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08
CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10 ...)
+ {DLA-2610-1}
- linux 5.10.13-1
[buster] - linux 4.19.177-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -10108,10 +10133,10 @@ CVE-2021-25146
RESERVED
CVE-2021-25145
RESERVED
-CVE-2021-25144
- RESERVED
-CVE-2021-25143
- RESERVED
+CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
+ TODO: check
+CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some ...)
+ TODO: check
CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
NOT-FOR-US: HPE
CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...)
@@ -13932,8 +13957,8 @@ CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-con
NOT-FOR-US: Node killport
CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...)
NOT-FOR-US: Node port-killer
-CVE-2021-23358
- RESERVED
+CVE-2021-23358 (The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 a ...)
+ TODO: check
CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...)
NOT-FOR-US: tyk/gateway
CVE-2021-23356 (This affects all versions of package kill-process-by-name. If (attacke ...)
@@ -17421,8 +17446,8 @@ CVE-2021-21729
RESERVED
CVE-2021-21728
RESERVED
-CVE-2021-21727
- RESERVED
+CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...)
+ TODO: check
CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...)
NOT-FOR-US: ZTE
CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with ...)
@@ -34977,10 +35002,12 @@ CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow to
CVE-2020-27172 (An issue was discovered in G-Data before 25.5.9.25 using Symbolic link ...)
NOT-FOR-US: G-Data
CVE-2020-27171 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
+ {DLA-2610-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/3
CVE-2020-27170 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
+ {DLA-2610-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/2
@@ -39705,10 +39732,10 @@ CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows
- libproxy 0.4.15-15 (bug #971394)
NOTE: https://github.com/libproxy/libproxy/issues/134
NOTE: https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0
-CVE-2020-25218
- RESERVED
-CVE-2020-25217
- RESERVED
+CVE-2020-25218 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...)
+ TODO: check
+CVE-2020-25217 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...)
+ TODO: check
CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...)
NOT-FOR-US: yWorks yEd Desktop
CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...)
@@ -41020,8 +41047,8 @@ CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for a
NOT-FOR-US: ArubaOS GRUB2 implementation (CVE specific to ArubaOS)
CVE-2020-24636
RESERVED
-CVE-2020-24635
- RESERVED
+CVE-2020-24635 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ TODO: check
CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...)
NOT-FOR-US: Aruba
CVE-2020-24633 (There are multiple buffer overflow vulnerabilities that could lead to ...)
@@ -81913,8 +81940,8 @@ CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered whe
NOT-FOR-US: DaviewIndy
CVE-2020-7851
RESERVED
-CVE-2020-7850
- RESERVED
+CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerabilit ...)
+ TODO: check
CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...)
NOT-FOR-US: uPrism.io CURIX
CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...)
@@ -144129,8 +144156,8 @@ CVE-2019-5319
RESERVED
CVE-2019-5318
RESERVED
-CVE-2019-5317
- RESERVED
+CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...)
+ TODO: check
CVE-2019-5316
RESERVED
CVE-2019-5315 (A command injection vulnerability is present in the web management int ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0edb38b61fb9fd2c95e81b44e7886c23e6d8ca4c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0edb38b61fb9fd2c95e81b44e7886c23e6d8ca4c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210329/7699f4ff/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list